Kaspersky Administration Kit 8.0 REFERENCE GUIDE

Transcription

1 Kaspersky Administration Kit 8.0 REFERENCE GUIDE P R O G R A M V E R S I O N : 8. 0 C R I T I C A L F I X 1

2 Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers regarding this software product. Reproduction or distribution of any materials in any format, including translations, is allowed only with the written permission of Kaspersky Lab. This document, and graphic images related to it, may only be used for informational, non-commercial, and personal purposes. Kaspersky Lab reserves the right to amend this document without additional notification. You can find the latest version of this document at the Kaspersky Lab website, at Kaspersky Lab shall not be liable for the content, quality, relevance, or accuracy of any materials used in this document for which the rights are held by third parties, or for any potential or actual losses associated with the use of these materials. This document uses registered trademarks and service marks which are the property of their respective owners. Revision date: 2/3/ Kaspersky Lab ZAO. All Rights Reserved

3 CONTENTS KASPERSKY ADMINISTRATION KIT... 8 Distribution package... 8 Services for registered users... 8 Obtaining information about the application... 9 Information sources for further research... 9 Contacting the Technical Support Service Discussing Kaspersky Lab's applications on the web forum Purpose of the document Application features Hardware and software requirements Application structure What's new LAUNCHING THE APPLICATION QUICK START WIZARD Step 1. Adding a license Step 2. Network Discovery Step 3. Configuring notification settings Step 4. Configuring anti-virus protection Step 5. Downloading updates Step 6. Completing the wizard MANAGING ADMINISTRATION SERVERS Connection to the Administration Server The utility for selecting the Administration Server service account (klsrvswch) Disconnecting from Server Switching between Servers Adding a Server to the console tree Granting rights to use a Server Removing a Server from the console tree Viewing and changing Administration Server settings Configuring Administration Server settings General guidelines for relocation of computers Compatibility with Cisco Network Admission Control (NAC) Configuring Integration with Cisco Network Admission Control (NAC) Traffic limit Slave Administration Servers Adding a slave Server Configuring the connection of the slave Server to the master Server Viewing administration groups of a slave Administration Server Connecting to the Administration Server via Internet MANAGING ADMINISTRATION GROUPS Adding, moving and deleting a group Creating the structure of administration groups The structure of groups based on the Windows network domains and workgroups Group structure based on Active Directory

4 R E F E R E N C E G U I D E Group structure based on the content of the text file Viewing information about a group Viewing and changing group settings General settings Granting rights to work with a group Conditions that determine computer status Monitoring of client computer activity Automatic installation of applications on client computers Creating the list of Update Agents REMOTE MANAGEMENT OF APPLICATIONS Managing policies Creating a policy Displaying inherited policy in the nested group results pane Viewing and configuring policy settings Activating a policy Activating a policy based on an event Policy for mobile user Deleting a policy Copying a policy Configuring the Network Agent's policy Configuring the settings of the Administration Server policy Exporting a policy Importing a policy Policies conversion Local application settings Viewing application settings Configuring Network Agent MANAGING THE OPERATION OF APPLICATIONS Creating a group task Creating an Administration Server task Creating a task for specific computers Viewing and changing task settings Creating a local task Displaying an inherited group task in the results pane of a nested group Automatic operating system loading on the client computers before task execution Turning off the computer after the task execution Restricting time for the task execution Exporting a task Importing a task Tasks conversion Starting and stopping tasks manually Pausing / resuming tasks manually Monitoring task execution Viewing results of the task execution stored on the Administration Server Configuring the event filter for a group task Configuring event filter for a selected computer Removing a filter

5 C O N T E N T S CLIENT COMPUTERS Adding computers to group Viewing information about a client computer Viewing client system information Administration Server change task Client computer management task Turning on the client computer Shutting down the client computer Restarting the client computer Sending a message to the user of the client computer Connecting the client computer to the Administration Server manually. The klmover.exe utility Client-to-Administration Server connection check frequency Verifying connection of the client computer to Administration Server manually. The klnagchk.exe utility Checking the connection between the client computer and the Administration Server using the Check connection action Remote diagnostics of client computers utility (klactgui) Enabling and disabling trace, downloading the trace file Downloading application settings Downloading event logs Launching the diagnostics and downloading the results of its operation Starting, restarting and stopping the applications REPORTS AND NOTIFICATIONS Creating a report template Viewing statistics Creating a statistics page Changing the set of statistics pages Creating an information panel Changing the set of information panels Viewing and editing report templates Generating and viewing reports Reports delivery task Administration Servers hierarchy reports Restricting the number of records included in reports Notification limit Notifications notification Use NET SEND Notification using the executable file to run KASPERSKY ADMINISTRATION KIT TASKS TASKS FOR SPECIFIC COMPUTERS EVENT AND COMPUTER SELECTIONS Event selections Viewing Kaspersky Administration Kit event log stored on the Administration Server Creating an event selection Customizing an event selection Saving information about events to file Deleting events

6 R E F E R E N C E G U I D E Computer selections Viewing a computer selection Creating a computer selection Configuring a computer selection UNASSIGNED COMPUTERS Network Discovery Viewing and changing the settings for Windows network polling Viewing and modifying Active Directory group properties Viewing and modifying the settings for IP subnet polling Viewing and changing domain settings Creating an IP subnet Viewing and modifying the IP subnet settings Viewing and modifying the Active Directory group properties UPDATE Creating the task of downloading updates to the repository Adding an updates source Configuring connection to the update servers Determining the updates list Configuring other update task settings Testing of downloaded updates Viewing downloaded updates Automatic distribution of updates Automatic distribution of updates to the client computers Automatic distribution of updates to the slave Servers Automatic installation of updates to program modules Creating the list of Update Agents and configuring the agents Update Agent statistics The task of downloading updates by the Update Agents MANAGING LICENSES Viewing information about installed licenses Installing a license Running the license installation task creation wizard Creating and viewing report on licenses Obtaining license using activation code Automatic distribution of license REPOSITORIES Installation packages Quarantine Viewing the properties of a quarantined object Removing an object from Quarantine Scanning the Quarantine folder on the client computer Restoring an object from the Quarantine Saving an object from the Quarantine to disk Backup Viewing the properties of an object placed into the Backup Removing an object from the Backup Restoring the object from the Backup

7 C O N T E N T S Saving an object from the Backup to disk Unprocessed files Disinfecting the object from the Unprocessed files folder Saving the object from the Unprocessed files folder to disk Removing the object from the Unprocessed files folder Application registry ADDITIONAL FEATURES Monitoring anti-virus protection status using system registry data Mobile users Creating a profile for the mobile users Creating the Network Agent switching rule Adding a condition to the rule Search Detecting computers Searching for administration groups Searching for the slave Administration Servers Data backup Data backup task Data backup and restoration utility klbackup Tracking virus outbreaks Enabling virus outbreak detection Changing the application policy when a Virus outbreak event is registered Automation of the Kaspersky Administration Kit operation (klakaut) Custom tools Configuring interface REFERENCE INFORMATION Context menu Results pane Statuses of computers, tasks and policies GLOSSARY KASPERSKY LAB INDEX

8 KASPERSKY ADMINISTRATION KIT Kaspersky Administration Kit provides a centralized solution for managing corporate network anti-virus security systems based on Kaspersky Lab applications included in Kaspersky Open Space Security products. Kaspersky Administration Kit supports all network configurations that use the TCP/IP protocol. The application is a tool for corporate network administrators and anti-virus security officers. IN THIS SECTION Distribution package... 8 Services for registered users... 8 Obtaining information about the application... 9 Purpose of the document Application features Hardware and software requirements Application structure What's new DISTRIBUTION PACKAGE The product is provided free of charge with all Kaspersky Lab applications included in the Kaspersky Open Space Security kit (retail). It is also available for download from the Kaspersky Lab website ( SERVICES FOR REGISTERED USERS Kaspersky Lab offers a large service package, enabling its legal users to enjoy all available features of the application. If you purchase licenses for a Kaspersky Lab product included in Kaspersky Open Space Security, you become a registered user of Kaspersky Administration Kit. During the license validity period, you are entitled to: hourly updates of the application database and program modules of that software product; phone or consultation on matters related to the installation, configuration and operation of the anti-virus application; When you contact the Technical Support Service, please provide information about your license for the Kaspersky Lab application with which Kaspersky Administration Kit is being used. notifications about releases of new Kaspersky Lab software products and about new viruses that appear worldwide. This service is provided to users who subscribe to the Kaspersky Lab newsletter at the web site of the Technical Support Service at Kaspersky Lab does not provide support on issues related to the operation and use of your operating system or 8

9 K A S P E R S K Y A D M I N I S T R A T I O N K IT other technologies. OBTAINING INFORMATION ABOUT THE APPLICATION If you have any questions regarding purchasing, installing or using Kaspersky Administration Kit, answers are readily available. Kaspersky Lab provides various sources of information about the application. You can choose the most suitable, according to the importance and urgency of your question. IN THIS SECTION Information sources for further research... 9 Contacting the Technical Support Service Discussing Kaspersky Lab's applications on the web forum INFORMATION SOURCES FOR FURTHER RESEARCH You can view the following sources of information about the application: the application's page on Kaspersky Lab's website; the application's Knowledge Base page on the Technical Support Service website; electronic help system; documentation. The application's page at the Kaspersky Lab website This page will provide you with general information about the application's features and options. The application's Knowledge Base page at the Technical Support Service website This page contains articles by the Technical Support Service. These articles contain useful information, recommendations, and the Frequently Asked Questions (FAQ) page, and cover purchasing, installing and using the application. The articles are sorted by subject, such as "License management", "Database updates", and "Troubleshooting". The articles aim to answer questions about not only this application but other Kaspersky Lab products as well. They may also contain news from the Technical Support Service. The electronic help system The application installation package includes full help files, which contain step by step descriptions of the application's features. To open the help file, select Kaspersky Administration Kit help system in the console Help menu. If you have a question about a specific application window, you can use context-sensitive help. 9

10 R E F E R E N C E G U I D E To open context-sensitive help, in the corresponding window, press the Help button or the F1 key. Documentation The documentation supplied with the application aims to provide all the information you will require. It includes the following documents: Administrator's Guide describes the purpose, basic concepts, features and general schemes for using Kaspersky Administration Kit. Deployment Guide contains a description of the installation procedures for the components of Kaspersky Administration Kit as well as remote installation of applications in computer networks using simple configuration. Getting Started guide gives a step by step guide to anti-virus security administrators, enabling them to start using Kaspersky Administration Kit quickly, and to deploy Kaspersky Lab's anti-virus applications across a managed network. Reference Guide contains an overview of Kaspersky Administration Kit, and step by step descriptions of its features. The documents are supplied in PDF format in Kaspersky Administration Kit's distribution package (installation CD). You can download the documentation files from the application's page at Kaspersky Lab's website. CONTACTING THE TECHNICAL SUPPORT SERVICE You can obtain information about the application from the Technical Support Service, by phone or on the Internet. When contacting the Technical Support Service, you will need to provide information about the license for the Kaspersky Lab product with which you are using the application. The Technical Support Service will answer any questions related to the installation and use of the application that are not covered in help topics. If your computer has been infected, they will help you to neutralize the consequences of malware activity. Before contacting the Technical Support Service, please read the support rules for Kaspersky Lab's products Technical Support by You can send your question to the Technical Support Service by filling out a Helpdesk web form for client questions at You can ask your question in Russian, English, German, French or Spanish. To send an request, you should specify your customer ID, which you received while registering at the Technical Support Service's website, and the corresponding password. If you are not yet a registered user of Kaspersky Lab's applications, you can fill out a registration form ( During registration you will need to enter either your application's activation code, or the key file. The Technical Support service will respond to your request in your Personal Cabinet and to the address you specified in your request. In the website's request form, please describe the problem you have encountered. In the mandatory fields, specify: Request type. Questions which users often ask divided into separate topics, for example: "Problems with Setup / Remove application" or "Virus disinfection". If you do not find an appropriate topic, select "General question". 10

11 K A S P E R S K Y A D M I N I S T R A T I O N K IT Application name and version number. Request description. Describe the problem you encountered in as much detail as possible. Customer ID and password. Enter the client number and the password you received when you registered at the Technical Support Service's website. address. The Technical Support Service will reply to your question at this address. Technical support by phone If you have an urgent problem, you can call your local Technical Support Service. Before contacting Russianspeaking ( or international ( Technical Support, please have the necessary information (listed at about your computer to hand. This will let our specialists help you more quickly. DISCUSSING KASPERSKY LAB'S APPLICATIONS ON THE WEB FORUM If your question does not require an immediate answer, you can discuss it with Kaspersky Lab's experts and other users in our forum at In this forum you can view existing topics, leave your comments, create new topics and use the search engine. PURPOSE OF THE DOCUMENT This Guide contains the purpose of Kaspersky Administration Kit and step by step descriptions of the features it offers. The basic concepts and general schemes for working with the application are described in the Kaspersky Administration Kit Administrator's Guide. APPLICATION FEATURES The application enables the corporate network administrator to: Perform remote installation and removal of Kaspersky Lab applications across the network in a centralized manner. This feature enables the administrator to copy the required set of Kaspersky Lab applications to a selected computer, and then install these applications remotely on the network computers. Remotely manage Kaspersky Lab applications in a centralized manner. The administrator can create a multilevel anti-virus protection system, and manage the operation of all applications from his workstation. This is particularly important for larger companies whose local network consists of a large number of computers that may be located in several separate buildings or offices. This feature includes: creating the hierarchy of Administration Servers; joining hosts into administration groups based on the functions performed by the computers and on the set of applications installed on them; configuring the application settings in a centralized way by creating and applying policies; configuring the application settings for particular individual computers; managing the operation of applications in a centralized manner by creating and running group tasks and tasks for sets of computers and the Administration Server; building individual schemes for the application's operation by creating and running tasks for a set of computers from different administration groups. 11

12 R E F E R E N C E G U I D E Automatically update the anti-virus database and application modules on computers. This feature can update the anti-virus databases for all installed Kaspersky Lab applications in a centralized manner, rather than each computer accessing Kaspersky Lab's Internet updates server for each individual update. Updating can be performed automatically according to the schedule set up by the administrator. The administrator can monitor distribution of updates to client computers. Receive reports using a dedicated system. This feature can collect statistics about the operation of all installed Kaspersky Lab applications in a centralized manner, and create reports based on the statistics. The administrator can create a cumulative network report about application operation, or reports about the operation of all applications installed on individual computers. Use events notification system. Delivery of notifications. The administrator can create a list of events which occur when applications are running about which he or she wants to be notified. The list of such events may include, for example, detection of a new virus, an error that occurred due to incorrect termination of the database updating on a computer, or detection of a new computer on the network. Manage licenses. This feature allows the administrator to install licenses for all installed Kaspersky Lab applications in a centralized manner, to monitor the observance of the license agreement (that is, that the number of applications operating in the network is less than or equal to the number of licenses) and the expiration date. HARDWARE AND SOFTWARE REQUIREMENTS Administration Server Software requirements: Microsoft Data Access Components (MDAC) 2.8 or higher. MSDE 2000 with installed Service Pack 3, or Microsoft SQL Server 2000 with installed Service Pack 3 or higher, or MySQL Enterprise and , or Microsoft SQL 2005 or higher; or Microsoft SQL Express 2005 or higher, Microsoft SQL Express 2008, Microsoft SQL It is recommended to use Microsoft SQL 2005 with Service Pack 2, Microsoft SQL Express 2005 with Service Pack 2 and later versions. Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 deployed in the Server Core mode; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. When using Microsoft Windows 2000 with Service Pack 4 installed, it is necessary to install the following updates for Microsoft Windows before deploying Administration Server: 1) Update Rollup 1 for Windows 2000 SP4 (KB891861); 2) Security Update for Windows 2000 (KB835732). Hardware requirements: Intel Pentium III 800 MHz or higher; 256 MB RAM; 1GB of available disk space. 12

13 K A S P E R S K Y A D M I N I S T R A T I O N K IT Administration Console Software requirements: Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Home Edition with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. Microsoft Management Console 1.2 or higher. Work with Microsoft Windows 2000 requires Microsoft Internet Explorer 6.0. Work with Microsoft Windows 7 E Edition and Microsoft Windows 7 N Edition requires Microsoft Internet Explorer 8.0 or higher. Hardware requirements: Intel Pentium III 800 MHz or higher; 256 MB RAM; 70 MB of available disk space. Network Agent Software requirements: For Windows systems: Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 deployed in the Server Core mode; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. For Novell systems: Novell NetWare 6 SP5 or higher; Novell NetWare 6.5 SP7 or higher. For Linux systems: The supported version of the operating system is determined by the requirement of the compatible Kaspersky Lab application installed on the client computer. Hardware requirements: For Windows systems: Intel Pentium 233 MHz or higher; RAM size - 32 MB; 20 MB of available disk space. 13

14 R E F E R E N C E G U I D E For Novell systems: Intel Pentium 233 MHz or higher; RAM size - 32 MB; Available disk space - 32 MB. For Linux systems: Intel Pentium 133 MHz or higher; RAM size - 64 MB; 100 MB of available disk space. Update Agent Software requirements for Windows systems: Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. Hardware requirements for Windows systems: Intel Pentium III 800 MHz or higher; 256 MB RAM; 500 MB of available disk space. APPLICATION STRUCTURE Kaspersky Administration Kit includes three major components: Administration Server (hereinafter also referred to as the Server) performs the functions of centralized storage of information about Kaspersky Lab applications installed in the corporate network and about the management of these applications. Network Agent (hereinafter also referred to as the Agent) coordinates interaction between the Administration Server and Kaspersky Lab applications installed on a specific network node (a workstation or a server). This component supports all Windows applications included in Kaspersky Open Space Security products. Separate versions of Network Agent exist for Kaspersky Lab's Novell and Unix applications. Administration Console (hereinafter also referred to as the Console) provides a user interface to the administration services of the Administration Server and Network Agent. The management module is implemented as a snap-in for the Microsoft Management Console (MMC). The Administration Console allows connection to the remote Administration Server via Internet. 14

15 K A S P E R S K Y A D M I N I S T R A T I O N K IT WHAT'S NEW Changes introduced in Kaspersky Administration Kit 8.0 as compared with Kaspersky Administration Kit 6.0: A simplified application installation mode has been introduced. Several accounts can be specified in a remote deployment task. The application kit now includes the distribution package of MS SQL 2005 Express: it is installed automatically if standard setup is selected. Support for SNMP monitoring of basic parameters of anti-virus protection in corporate LAN has been added. The possibility of creating a standalone installation package for Kaspersky Lab applications has been added. User interface of the product has been redesigned significantly: the results panel, reports layout, and information panels. Capability to collect information about the applications installed on the client computers has been added (applications registry) (see section "Applications registry" on page 291). System of access rights has been redesigned and extended. Support for Microsoft NAP has been added. The possibility of switching mobile clients between administration servers has been added. Criteria for switching clients between the mobile and regular policies have been extended. Capabilities for automatic relocation of computers to administration groups have been extended (see section "General guidelines for relocation of computers" on page 53). Capability to create the administration groups based on Active Directory has been added (see section "Group structure based on Active Directory" on page 69). New reports and the capability to create custom reporting systems have been added, and information displayed in reports has been extended (see section "Reports and notifications" on page 189). The possibility of exporting reports to PDF and XML (Excel) formats has been added. The possibility of collecting detailed data during the creation of summary reports has been added. Data caching functionality for generation of summary reports including information from slave Administration Servers has been implemented. Support for two sets of columns in the Administration Console has been added, and the set of columns has been extended. New columns for the list of computers have been added: "Restart", "Status description", "Network Agent version", "Protection version", "Database version", and "Turn-on time". New criteria have been added which are used to create computer statuses (see section "Statuses of computers, tasks and policies" on page 340). New selections of computers created by default have been added, capability to create selections of computers using data from the slave Administration Servers has been added (see section "Computer selections" on page 230). Capability to maintain a list of administrator comments has been added (see section "Viewing client system information" on page 154). 15

16 R E F E R E N C E G U I D E Capability to view the current user sessions on a computer and user contact information has been added (see section "Viewing client system information" on page 154). Graphical interface for the klbackup utility has been added (see section "Data backup" on page 318). Files of policies and group tasks are distributed using multi-address IP delivery (see section "Creating the list of Update Agents and configuring the agents" on page 270). Wake On LAN functionality is available for clients in subnetworks other than the Administration Server subnet and in the event of manual task launch (see section "Turning on the client computer" on page 164). Restart settings for client computers can be specified in the properties of a remote deployment task. Functionality for limiting the notifications sent within a specified time interval has been modified. Now the limitations are separate for each individual type of events (see section "Notification limit" on page 214). Functionality for searching for groups and slave Administration Servers by Server hierarchy has been added (see section "Search" on page 306). The Update Agents Statistics has been extended. The task for removal of external applications can now remove several applications at once. Utility has been developed for preparation of computers included in a workgroup for remote deployment. Functionality for retrieval of updates necessary for an application immediately after the creation of its installation package has been implemented. When downloading updates, programs already connected to slave Administration Servers are taken into account. Classification of possible errors returned by the application deployment subsystem has been introduced and guidelines for troubleshooting typical problems have been added. A mechanism for automatic application of update modules of the administration system components has been added. 16

17 LAUNCHING THE APPLICATION To open the application, select the Kaspersky Administration Kit in the Kaspersky Administration Kit program group on the standard Start Programs menu. This program group is created only on the administrator's workstation, when the Administration Console is installed. 17

18 QUICK START WIZARD The Wizard can configure the minimum settings for centralized management of anti-virus protection. The wizard opens at the first connection to an Administration Server established after installation. IN THIS SECTION Step 1. Adding a license Step 2. Network Discovery Step 3. Configuring notification settings Step 4. Configuring anti-virus protection Step 5. Downloading updates Step 6. Completing the wizard STEP 1. ADDING A LICENSE During this stage, the method of adding a license for the applications (see the figure below) that will be managed by the administrator using Kaspersky Administration Kit should be selected. Figure 1. Selecting the method of adding a license Select the method of adding a license: 18

19 Q U I C K S T A R T W I Z A R D Enter activation code you will be asked to specify the code obtained when you purchased a commercial version of the application (see the figure below). Figure 2. Entering the activation code If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field. 19

20 R E F E R E N C E G U I D E Load from key file you will be asked to specify the key file (see the figure below). Figure 3. Selecting the key file If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field. Add license later. A license can be installed later using the license installation task (see section "Installing a license" on page 281). 20

21 Q U I C K S T A R T W I Z A R D STEP 2. NETWORK DISCOVERY During this stage the computer network is polled, and computers within this network are identified (see the figure below). Based on the results of this scan, a service group Unassigned computers is formed together with its Domains, Active Directory and IP subnets subfolders. The information obtained will be used to automatically create the administration groups. Figure 4. The Quick Start Wizard window. Network Discovery To view the structure of the computer network, use the Detected computers link. Click the View Kaspersky Administration Kit introduction link to view the description of the main features offered by Kaspersky Administration Kit. 21

22 R E F E R E N C E G U I D E STEP 3. CONFIGURING NOTIFICATION SETTINGS During the next stage you will have to configure the settings for delivery of notifications generated by Kaspersky Lab applications. Figure 5. Configuring delivery of notifications If the SMTP server uses authorization, check the Use ESMTP authorization box and fill in the User name, Password and Confirm password fields. These settings will be used as the default settings for application policies. To check the correctness of the specified settings, press the Test button. This will open a test notification sending window. In the event of errors, detailed error information will be displayed in it. STEP 4. CONFIGURING ANTI-VIRUS PROTECTION During this stage, you should configure the anti-virus protection system (see the figure below). The Quick Start Wizard creates an anti-virus protection system for the client computers within administration groups, using Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. In this case, the Administration Server creates a policy and defines a minimum set of tasks for the highest hierarchy level of Kaspersky Anti-Virus 6.0 for Windows Workstations MP4, as well as downloading updates and data backup. The objects created by the Wizard are displayed in the console tree: the policies for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows Servers MP4 in the Policies folder of the Managed computers group under the names Protection policy - Windows Workstations and Protection policy - Windows Servers, and with the default settings; the tasks for updating the anti-virus database for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows Servers MP4 in the Group tasks folder of the Managed computers group under the names Update Windows Servers and Update Windows Workstations, and with the default settings; 22

23 Q U I C K S T A R T W I Z A R D on-demand scanning tasks for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows Servers MP4 in the Group tasks folder of the Managed computers group under the names Virus Scan Windows Workstations and Virus Scan Windows Servers, and with the default settings; downloading updates to the repository in the Kaspersky Administration Kit tasks folder under the name Download updates to repository, and with the default settings; the Administration Server data backup task in the Kaspersky Administration Kit tasks folder under the name Administration Server data backup, and with the default settings. A policy for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 is not created if a policy for that application already exists in the Managed computers folder. If group tasks for the Managed computers group and the Download updates to repository with these names already exist, they are not created either. Figure 6. Configuring anti-virus protection The wizard window displays the process of creating the tasks and the policies. If errors occur, an error message will be displayed on the screen. 23

24 R E F E R E N C E G U I D E STEP 5. DOWNLOADING UPDATES During this step the wizard downloads updates to the repository by the Administration Server: the task defines the list of files for download and downloads them (see the figure below). Figure 7. Configuring retrieval of updates You don't need to wait for completion of the updates retrieval task. The downloading of updates will continue using the Download updates to the repository task (see section "Determining the updates list" on page 261). 24

25 Q U I C K S T A R T W I Z A R D STEP 6. COMPLETING THE WIZARD When the Quick Start Wizard completes, you will be invited to start the deployment of anti-virus protection. You can use this wizard to install the Network Agent. If you do not wish to install applications immediately after the Quick Start Wizard completion, uncheck the Start deployment box (see the figure below). Figure 8. Completing the Quick Start Wizard A detailed description of how to work with the Remote Install Wizard is provided in the Deployment Guide. 25

26 MANAGING ADMINISTRATION SERVERS The Administration Server is a computer on which the Administration Server component is installed. A corporate network can include several such Servers. The following operations are supported for the Administration Servers: connection / disconnection; adding / removal from the console tree; switching between the Administration Servers; building an Administration Servers hierarchy; creation and configuration of tasks for delivery of reports, updating and backup copying. IN THIS SECTION Connection to the Administration Server The utility for selecting the Administration Server service account (klsrvswch) Disconnecting from Server Switching between Servers Adding a Server to the console tree Granting rights to use a Server Removing a Server from the console tree Viewing and changing Administration Server settings Slave Administration Servers Connecting to the Administration Server via Internet CONNECTION TO THE ADMINISTRATION SERVER To connect to an Administration Server, select the node corresponding to the required Administration Server in the console tree. After this, the Administration Console tries to connect to the Administration Server. If there are several Administration Servers on your network, the Console will connect to the server it last connected to during the previous Kaspersky Administration Kit session. When the application is launched for the first time after installation, it is assumed that the Administration Server and Administration Console are running on the same computer. Therefore, the Administration Console will try to detect the Administration Server on this computer. If the Server is not found, you will be asked to specify the Server address manually in the Connection settings dialog box (see the figure below). Enter the required Server address in the Server address field. You can enter either the IP address or the computer name in the Windows network. 26

27 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S To connect to the Administration Server through a port that differs from the default one, enter <Server name>:<port> in the Server address field. Figure 9. Connecting to the Administration Server Press the Advanced button to show or hide the following advanced connection settings: Use SSL connection. Check this box to transmit data between the Administration Server and Administration Console via the Secure Sockets Layer protocol (SSL). Uncheck this box if you do not want to communicate via SSL. However, this will lower the security of data transmissions against modification or interceptions. Use data compression. Check this box to increase the rate of data transfer between the Administration Console and the Server, by decreasing the amount of information being transferred and hence lowering the load on the Administration Server. Enabling this setting will increase the load on the central processor of the computer which is hosting the Administration Console. Use proxy server. Check this box if you want to connect to the Administration Server via a proxy server (see the figure above). Enter the address for connecting to the proxy server in the Address field. Fill in the User name and Password fields if user authorization is required to access this proxy server. When the connection settings have been confirmed, the Administration Console verifies the user's rights to connect to the Administration Server. If the secure connection is SSL-enabled, the Administration Console authenticates the Administration Server before verifying user rights. When you connect to the server for the first time, and also if the server certificate for this session differs from your local copy, a request to connect to the server and receive a new certificate will be displayed (see the figure below). Select one of the following: I want to connect to the server and download the certificate from it to connect to the Administration Server and receive a new certificate. I want to specify the certificate file location specify the Server certificate manually. In that case, select the certificate file using the Select button. The certificate file has the extension.cer, and is located in the Cert subfolder of the Kaspersky Administration Kit program folder specified during application installation. The Console will attempt to re-authenticate the server using the certificate you specified. 27

28 R E F E R E N C E G U I D E You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure access settings for the Server. Figure 10. Request to connect to the Administration Server User rights are verified using the Windows user authentication procedure. If the user is not authorized to access the Administration Server, i.e. he/she is not an operator (KLOperators) or administrator of Kaspersky Administration Kit (KLAdmins), he/she will be asked to register to access the Administration Server (see the figure below). In the corresponding form, specify a user account (name and password) which has Kaspersky Administration Kit operator or administrator rights. Figure 11. Registering a user to access the Administration Server If the connection to the Administration Server has been established successfully, the structure of this Server's folders and its settings appear in the console tree. THE UTILITY FOR SELECTING THE ADMINISTRATION SERVER SERVICE ACCOUNT (KLSRVSWCH) You can use this utility to specify an account for launching the Administration Server service on this computer (see the figure below). Launch the utility and select one of the two following options: Local System account the Administration Server will start using the Local System account and its credentials. 28

29 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Correct operation of Kaspersky Administration Kit requires that the account used to start the Administration Server should have the administrator's rights on the resource where the Administration Server database is hosted. Specified account the Administration Server will start using the account included in a domain. In this case the Administration Server will initiate all operations using the credentials of that account. Use the Find now button to select the user whose account will be used and enter the password. If the domain user account is selected as an account for launching the Administration Server, you will be asked to define this user and specify the password for his/her account. Figure 12. Selecting account When using the SQL-server in the Windows authentication mode, the user account should be provided with an access to the database. The user account should be the owner of the Kaspersky Anti-Virus database. By default, the dbo scheme must be used. DISCONNECTING FROM SERVER To disconnect from an Administration Server: 1. In the console tree, select the node corresponding to the Administration Server that should be disconnected. 2. Open the context menu. 3. Select the Disconnect from Administration Server command. 29

30 R E F E R E N C E G U I D E SWITCHING BETWEEN SERVERS If several Administration Servers have been added to the console tree, you can switch between those servers while working with them. To switch to another Administration Server: 1. Select in the console tree the node under the necessary Server name. 2. Open the context menu and select the Connect to Administration Server command. In the Connection settings window that opens, enter the name of the Server, which you intend to manage, and specify the necessary settings for connection to the server (see section "Connecting to Server" on page 26). If you have no Kaspersky Administration Kit operator or administrator rights, access to the Administration Server will be denied. Figure 13. Connecting to the Administration Server 3. Press the OK button to complete switching between the Servers. If the connection to the Server has been established successfully, the contents of the corresponding node will be updated. ADDING A SERVER TO THE CONSOLE TREE To add a new Administration Server to the console tree: 1. In the main Kaspersky Administration Kit application window select the Kaspersky Administration Kit node. 2. Open the context menu and select the New Administration Server command. This will create a new node with the name Kaspersky Administration Server - <Computer name> (Not connected) in the console tree. Use this node to connect to any other Administration Server installed on the network. 30

31 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S GRANTING RIGHTS TO USE A SERVER To grant rights to work with an Administration Server: 1. In the main Kaspersky Administration Kit application window select the node corresponding to the required Administration Server in the console tree, open its context menu and select the Properties command. 2. In the Administration Server <Computer name> Properties window that opens (see the figure below), switch to the Security tab. Figure 14. Granting rights to access the Administration Server Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the View Configuring interface menu and enable the option to Display security settings tabs. The upper part of the tab contains the list of users registered on the computer hosting the Administration Console. The lower part contains the list of possible permissions: All: includes all permissions (see below). Reading: connection to the Administration Server; viewing the structure of Administration Server folders; 31

32 R E F E R E N C E G U I D E Writing: viewing parameter values of policies and tasks; generation of reports. creation of administration groups, addition of child groups and client computers to them; creating and configuring policies, and tasks for groups and computer selections; centralized management of applications, receiving reports about their operation using services provided by the Administration Server, the Network Agent and the Administration Console components. Execution: starting and stopping of existing tasks for groups, specific computers and Administration Server. Modify access privileges: granting to users, and groups of users, access rights to the functionality of Kaspersky Administration Kit. Edit event log settings. Edit notification settings. Remote install of Kaspersky Lab applications. Remote install of external applications: preparation of installation packages and remote installation of thirdparty applications and Kaspersky Lab applications on client computers. Edit Administration Server hierarchy settings. Saving network lists content: copying files from the backup storage, quarantine and files for postponed disinfection from client computers to the computer where the Administration Console is installed. Creating tunnels: creating a tunneled connection between a computer with the installed Administration Console and a client computer. To assign specific rights: 1. Select a group of users. 2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked. 3. In the Deny column check the boxes next to the permissions that must not be provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked. You can add a new group or a new user using the Add button. You can only add users, or groups of users, which are registered within the domain or on the computer. To remove a user or a group, select the corresponding object in the list and press the Remove button. The group of Kaspersky Administration Kit administrators (KLAdmins) cannot be removed. 4. Once settings are configured, click Apply or OK. REMOVING A SERVER FROM THE CONSOLE TREE To remove an Administration Server from the console tree: 1. Select the node corresponding to the required Administration Server in the console tree. 32

33 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S 2. Open the context menu. 3. Select the Delete command. VIEWING AND CHANGING ADMINISTRATION SERVER SETTINGS The links in the task pane of the Administration Server allow fast access to the following server features: installation of anti-virus protection; organization of administration groups; configuration of update, protection and scanning settings; viewing of statistics and configuration of notifications. You can use the Administration Server properties window to view its parameters and modify them as necessary. To open the Server properties window: 1. Select the necessary Server in the console tree. 2. Open the context menu. 3. Select the Properties command. The window that opens contains a set of tabs, on which you can view and configure the following settings: connection to the Administration Server (see section "Connecting to the Administration Server" on page 26); hierarchy of Servers; delivery of notifications (see section "Viewing and configuring policy settings" on page 85); registration of events (see section "Viewing and configuring policy settings" on page 85); relocation of computers (see section "General guidelines for relocation of computers" on page 53); traffic limit for IP ranges and IP subnetworks (see section "Traffic limit" on page 59); configuring the Virus outbreak event (see section "Tracking virus outbreaks" on page 325); granting rights to access the Administration Server (see section "Granting rights to use a Server" on page 31). CONFIGURING ADMINISTRATION SERVER SETTINGS To view the Administration Server settings: 1. Select the node corresponding to the required Administration Server in the console tree. 2. Open the context menu and select the Properties command. This will open the <Administration Server name> Properties dialog containing the General, Events, Settings, Virus outbreak, Traffic, Cisco NAC, Computer relocation and the Security tabs. 33

34 R E F E R E N C E G U I D E The General tab (see the figure below) contains the following information: name of the component (Administration Server) and the computer name within the Windows network on which this component is installed; version number of the installed application. Figure 15. Viewing the Administration Server properties. The General tab Clicking the Advanced link opens a window containing the following information: Path to the shared folder used for storing application deployment files and the updates downloaded from the update source to the Administration Server. You can change the location of the shared folder using the Modify button. 34

35 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S The Administration Server operation statistics hyperlink is used to open the window which displays general statistics about the Administration Server. Figure 16. Administration Server properties. The Advanced window Click the Information about the Administration Server plug-in link to view the plug-in properties (see the figure below). This window displays the following information: Name and full path to the plug-in file. File version. Information about the manufacturer (Kaspersky Lab) and copyright information. 35

36 R E F E R E N C E G U I D E Date and time of the management plug-in file creation. Figure 17. The properties of the application plug-in window 36

37 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Using the Information about the plug-ins installed for the application link, you can open a window that contains the list of plug-ins installed on the Administration Server (see the figure below). For each plug-in the application name and plug-in versions are provided. By pressing the Information button in this window you can view detailed information about the selected application management plug-in. Figure 18. The list of application management plug-ins installed on the Administration Server Clicking the Current database information link opens the current database properties window (see the figure below) containing the following information: name of the database server used; name of the database service use occurrence; 37

38 R E F E R E N C E G U I D E database name. Figure 19. Viewing information about the database To open the settings window for Administration Servers hierarchy (see the figure below), press the Settings button in the Administration Servers hierarchy section. In this window you can: Specify whether this Administration Server is a slave server by checking This Administration Server is a slave server in the server hierarchy box. Specify the address and port of the master Administration Server in the Address field. Specify or modify the path to the master Administration Server certificate using the Select button. Set proxy server parameters to connect to the master Administration Server. These settings cannot be modified if the current Administration Server policy does not have the option to Allow hierarchy settings modification on slave servers checked. 38

39 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Figure 20. Configuring the slave Administration Server's connection to the master Administration Server The Settings tab (see the figure below) contains the Administration Server settings. The Administration Server connection settings group of fields contains port numbers through which the following connections are established: Connection to the Administration Server. The default port number is but if this port is in use, you can change it. Secure connection to the Administration Server using SSL protocol. By default, port will be used. Connection of mobile devices to the Administration Server. The default port number is To enable this port on the Administration Server, check the Open port for mobile devices box. You can also use the corresponding field to specify the maximum number of events stored in the database on the Administration Server. In the Computer visibility timeout (min) field of the Computer visibility on the network group, you can specify the time during which a client computer will be considered visible in the network after it was disconnected from the Administration Server. The default interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive. You can modify the value, if necessary. 39

40 R E F E R E N C E G U I D E These parameters can be redefined, if necessary. Figure 21. Viewing the Administration Server properties. The Settings tab The Events tab (see the figure below) contains the parameters that determine the rules for handling runtime Administration Server events. For the Administration Server, as well as for other Kaspersky Lab applications managed via Kaspersky Administration Kit, events can have one of the four severity levels: Critical event, Error, Warning, and Info. The list below shows events included in each severity level: Critical event: The license restriction for this license has been exceeded. For example, the client computer on which the license is installed, exceeds the restriction on the number of computers specified in it. Virus outbreak - virus activity in administration groups exceeds the preset limit. The response of the Administration Server to the Virus outbreak event is extremely important, especially during virus outbreaks or increased risk of virus attacks. Connection with client computer lost (unable to establish connection with the Network Agent installed on the client computer). 40

41 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Host status is Critical - a computer with settings matching the status Critical has been detected within the network. Figure 22. Viewing the Administration Server properties. The Events tab Error: No free space on hard drive - there is no free space on the disk where the Administration Server saves operational information. The shared folder is not available - the shared folder containing updates of the anti-virus database and application modules is unavailable. The Administration Server information database is unavailable. There is no space in the Administration Server information database. An error occurred while copying updates to the specified folder. Warning: License restriction for the key is exceeded. The computer has remained inactive in the network for too long. Conflict of computer names - the uniqueness of client names within one hierarchical level is violated. Volumes are almost full - little or no free space is left on the hard drives. 41

42 R E F E R E N C E G U I D E Info. There is little free space in the Administration Server information database. Host status is Warning - a computer with settings matching the Warning status has been detected within the network. Disconnected from the master Administration Server. Disconnected from the slave Administration Server. Incompatible application was installed. The number of clients using the license is over 90% of the maximum number allowed in the license. New computer is found - network polling has found a new client. Client computer was automatically added to group - a new client has been automatically included in a group in accordance with the Unassigned computers group settings. This client computer has been inactive for too long and is removed from the group. Connection to the slave Administration Server is established. Connection to the master Administration Server is established. Monitored application from the applications registry has been installed. Updates are copied successfully to the specified folder. Audit: Connection to the Administration Server. Audit: Object modified. Audit: Object status modified. Audit: Group settings modified. Event handling rules are defined separately for each severity level. 1. Select the event importance level from the drop-down list: Critical, Error, Warning or Info. 2. Events corresponding to the selected severity level will be displayed in the table below. The list of events is specific to each application. For more information about events, see the application documentation. Select the types of events to be recorded using the Shift and Ctrl keys on your keyboard. Click the Select All button to select all event types. 3. Then click the Properties button for the selected event types. 4. To record event information in event logs, check the following boxes in the Event registration section (see the figure below): On Administration Server for (days) box to make the Administration Server log application events that occur on all clients in the group in a centralized manner. In the field on the right, specify the number of days during which the server will store information. When the specified period has elapsed, the entry corresponding to this event will be deleted. You can view event logs stored on the Administration Server through the Administration Console on the administrator workstation. It is shown in the Events folder of the console tree. In the event log on client computer to save information about events locally in the Windows Event Log of each client computer. 42

43 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S In the event log on Administration Server to enable centralized logging of all application events on all clients in this group in the specified Administration Server's Windows Event Log. The information in Windows event logs can be viewed using Displays client computer events, a standard Windows event management tool. Figure 23. Editing event properties 5. To enable notification about selected events, specify the notification methods by checking appropriate columns in the Event notification section: Notify by . Notify through NET SEND. Notification using NET SEND is not available in Microsoft Windows Vista and later versions. Notify by running executable or script. Notify via SNMP. Notify via SNMP is configured directly in the application working with SNMP. 43

44 R E F E R E N C E G U I D E To configure notifications, use the Settings link and in the window that opens (see the figure below) define the settings. Figure 24. Configuring event notifications In the upper part of the window select the notification method that you wish to modify. If the Use Administration Server settings box is checked, the values specified on the Notification tab under the Administration Server properties are used by default. To modify notification settings, uncheck the Use Administration Server settings box and select the following from the drop-down list: (see the figure above). Under this option: In the Recipient field, specify the address of the notification recipient. Several addresses may be entered as a list separated by commas or semicolons. In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows network name can be used); In the SMTP server port field, specify the SMTP server connection port number (the default is port 25); 44

45 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S The sender and subject for the message that will be delivered as a notification. To do this, press the Properties button and in the window that opens (see the figure below), fill in the Subject field. In the lower entry field, specify the address which will be used as a sender's address. In the same window, enter User name, Password, and Confirm password in the relevant fields if ESMTP authorization is being used. Figure 25. Configuring notification settings. Specifying the Sender and Subject 45

46 R E F E R E N C E G U I D E NET SEND (see the figure below). Under this option, use the field below to enter recipient host addresses for network notifications. An IP address or a Windows network name may also be used. Several addresses may be entered as a list separated by commas or semicolons. For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers. Figure 26. Configuring notifications. Notification using NET SEND Executable file to run (see the figure below). Under this option, use the Select button to select an executable module to run when an event occurs. 46

47 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Executable environment variable names are the same as the names of placeholders used to create the message text (see below). Figure 27. Configuring notifications. Notification using executable files Enter the message which will be delivered as notification in the Notification message section at the bottom of the window (see the figure above). If the Use Administration Server settings box is checked, the message text specified on the Notification tab of the Administration Server settings will be used by default. To modify the message, uncheck the Use Administration Server settings box and enter a new message. The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button. Event severity; From computer; Domain; Event; Event description; Time raised; Task name; Application; 47

48 R E F E R E N C E G U I D E Version number; IP-address; IP address of the connection. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed in it. Figure 28. Configuring notification settings. Sending a test notification The message which will be delivered as a notification. To do this, create a template in the Notification text section. The notification text may include information about the event recorded. Enter appropriate placeholders (see section "Viewing and configuring policy settings" on page 85), by selecting them from the drop-down list accessible by clicking the button. The sender and subject for the message that will be delivered as a notification. To do this, click the Settings button and in the window that opens, enter the necessary settings (see section "Viewing and configuring policy settings" on page 85). These are the default policy settings used in Kaspersky Lab applications. On the Virus outbreak tab (see the figure below) you can set the maximum number of viruses found within a certain time interval after which new detected virus instances will be considered a Virus outbreak event. The property is important during virus outbreak periods since it enables administrators to react in a timely manner to occurring virus outbreak threats. Check the desired application types: Anti-virus for workstations and file servers. 48

49 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S Perimeter defense anti-virus. Mail system anti-virus. Set the virus activity threshold for each application type which when exceeded will trigger a Virus outbreak event: In the Viruses field the number of viruses found within by the applications of that type. In the in (min) field time during which the specified number of viruses was detected. Figure 29. Viewing the Administration Server properties. The Virus outbreak tab 49

50 R E F E R E N C E G U I D E Click the Configure policies to activate on "Virus outbreak" event link to open the Policy activation window (see the figure below), and create a list of policies to be used by applications as active policies on "Virus outbreak" event in administration groups. To do this, use the Add or Remove buttons. Figure 30. Configuring policies to activate on virus outbreak 50

51 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S The Security tab is used (see the figure below) to configure the rights to access the Administration Server (see section "Granting rights to use a Server" on page 31). Figure 31. Granting rights to access the Administration Server 51

52 R E F E R E N C E G U I D E The Cisco NAC tab (see the figure below) contains parameters required for the integration of Kaspersky Administration Kit and Cisco Network Admission Control (NAC). This provides a mapping between client antivirus protection conditions and Cisco NAC statuses. Figure 32. Viewing the Administration Server properties. The Cisco NAC tab This tab does not appear if the Kaspersky Lab Cisco NAC Posture Validation Server component was not installed together with the Administration Server (for details please refer to the Kaspersky Administration Kit Deployment Guide). In the upper field select one of the Cisco NAC statuses: Healthy, Checkup, Quarantine or Infected. The table below contains the anti-virus protection conditions which are mapped to the above statuses using checkboxes. Threshold values may be modified for some conditions. Select a condition in the Condition column and use the Modify button to open an editing window (see the figure below). Define the necessary settings in this window in the Value field. 52

53 M A N A G I NG A D M I N I S T R A T I O N S E R V E R S In the PVS port number field specify the number of the policy server port (Posture Validation Server) used to exchange data with the Cisco server. The default port number is Figure 33. Editing computer antivirus protection status selection conditions GENERAL GUIDELINES FOR RELOCATION OF COMPUTERS You can use the Computer relocation tab (see the figure below) to specify the rules for relocation of network computers to specified administration groups. 53

54 R E F E R E N C E G U I D E The order of rules in the Computer relocation rule list section determines a rule's application priority. To delete or move a rule in the list, use the corresponding buttons to the right. Figure 34. The Administration Server properties window. The Computer relocation tab To review or modify the settings of an existing rule, press the Properties button. 54

55 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S To add a rule, press the Add button. Use the displayed window (see the figure below) to enter the following rule settings: Figure 35. The properties window of a rule for computer relocation. The General tab On the General tab specify: name of the rule; group to which computers will be moved in accordance with the rule; rule application order: Run once for each computer, if the rule must be applied to each host only once. Run once for each computer then at every Network Agent install on computer. Rule works permanently. If computers already included in administration groups must not be relocated to other groups in accordance with the rule, check the Move only computers not added to administration groups box. To apply a rule during the operation, check the Enable rule box. Use the Network tab to specify the criteria that a computer must comply with to be relocated to the selected administration group: Computer name in the Windows network. Domain. 55

56 R E F E R E N C E G U I D E Computer domain name. DNS domain. If a computer IP address must be within a certain IP range, check the IP address range box and specify the upper and lower values of the range. If IP address to connect to server is considered while the computer is running, check the corresponding box and specify the upper and lower values of the range, which must include the connection IP address. Check the Computer is in IP subnet box and press the Select button to specify the IP subnet to which the host must belong. IP-ranges are selected from the list of ranges contained in the Unassigned computers folder of the console tree. Use the Active Directory tab to perform the following actions: If a computer must belong to a specific Active Directory unit, check the Computer is located in Active Directory organization unit box and press the Select button to select the Active Directory group. Active Directory organization units are selected from the list of groups displayed in the Unassigned computers folder. To process computers included in nested organization units, check the Computer is member of Active Directory group box. Use the Applications tab to select the following from the drop-down lists: criteria of the presence of the Network Agent running on the computer: Installed or Not installed; version of the operating system that must be installed on the computer. For criteria, which should not be considered in a rule, uncheck their corresponding boxes and leave their fields empty. A host will be moved to an administration group if it matches all the criteria defined in a rule. To apply created rules, press OK. If you wish to forcibly apply the rule, irrespective of the applied rules, select the necessary rule and press the Force button. If several rules described above apply to the same computer, the top priority will belong to the Active Directory group rule, then the rule for IP subnets will follow, and then the domain rule. COMPATIBILITY WITH CISCO NETWORK ADMISSION CONTROL (NAC) Kaspersky Administration Kit allows the administrator to associate the conditions of computer anti-virus protection and the security statuses assigned by Cisco Network Admission Control (NAC). 56

57 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S To ensure that the corresponding status is assigned to the client computer: 1. Select the Administration Server in the console tree and select Properties from its context menu. This will open the Server settings configuration window. Switch to the Cisco NAC tab (see the figure below). Figure 36. The Cisco NAC tab 2. Select a Cisco NAC host state from the drop-down list: Healthy, Checkup, Quarantine or Infected. 3. Check the necessary boxes in the table below to select the anti-virus protection conditions that are mapped to the above statuses. The Healthy status is only assigned if all the selected conditions are met; the Checkup, Quarantine or Infected statuses apply if at least one of the selected conditions is fulfilled. Threshold values may be modified for some conditions. Select a condition in the Condition column and use the Modify button to open an editing window (see the figure below). Figure 37. The Edit condition window 57

58 R E F E R E N C E G U I D E 4. Use the PVS port number field to set the Posture Validation Server port used for communication with the Cisco server. The default port number is Click Apply or OK to complete the configuration. CONFIGURING INTEGRATION WITH CISCO NETWORK ADMISSION CONTROL (NAC) To configure a mapping between Cisco NAC statuses and anti-virus protection conditions: 1. Select in the console tree the node corresponding to the necessary Administration Server, open the context menu and use the Properties command. This will open the Administration Server <server name> Properties dialog window. 2. Open the Cisco NAC tab (see the figure below). 3. In the upper field, select one of the Cisco NAC statuses: Healthy, Checkup, Quarantine or Infected. 4. Check the anti-virus protection conditions mapping by the status in question. If necessary, change the threshold values for conditions (see section "Viewing and configuring policy settings" on page 85). 5. In the PVS port number field specify the port of the policy server (Posture Validation Server) used to exchange data with the Cisco server. Figure 38. Viewing the Administration Server properties. The Cisco NAC tab 58

59 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S TRAFFIC LIMIT To decrease the network load, you can restrict the rate of data transfer to an Administration Server for individual IP subnets and IP ranges. Maximum allowed data transfer rates and the interval for which they should apply are specified in rules. The rules are listed in the Traffic tab of the Administration Server properties window. To add a rule, press the Add button and use the displayed window to specify its parameters: 1. In the IP address range to limit traffic section select the method used to define a subnet or range: Specify range as address and network mask and enter the subnet parameters in the Subnet address and Subnet mask fields. Specify IP range as start and end addresses and enter the range boundaries in the Start and End fields. 2. Use the Traffic limit section to specify: Borders of the time interval during which the traffic limitation will be enabled in the Time period field. Maximum value of the data transfer rate for information upload to Administration Server in the Limit (KB/s); the limitation will be enabled during the time interval specified in the Time period field. Maximum value of the data transfer rate during time other than the period defined in the Traffic limit the remainder of the time (KB/s) field, if traffic intensity must be restricted all the time. When the rule settings have been edited, the rule appears in the list. The name of the rule is generated automatically based on the data that defines the range of IP addresses. If the limits of the IP range, addresses or subnet mask in the rule properties are modified, the rule name in the list changes in accordance with the new values. To delete a rule, select it in the list and press the Remove button. To view or modify the settings of an existing rule, select it in the list and press the Properties button. SLAVE ADMINISTRATION SERVERS Administration Servers can be arranged a "master server slave server" type hierarchy. Each Administration Server can have several slave Administration Servers on different nesting levels. The nesting level for slave servers is not limited. The administration groups of the master Server will then include the contents of the administration groups of all slave Servers. ADDING A SLAVE SERVER To add a slave Administration Server: 1. Select in the administration group the Administration Servers node, open the context menu and select the New Administration Server command. A wizard will start. Follow the wizard's instructions. 2. Specify the network address of the slave Administration Server. In this case, the master Administration Server will connect to the slave Server and transfer all properties, including the network address of the master Administration Server and certificate of the master Administration Server. 3. In the next window of the wizard, specify the name of the slave Administration Server. The new Administration Server will be displayed under this name in the administration group. The name must be unique within one level of the hierarchy. 59

60 R E F E R E N C E G U I D E If you specified the Server address during the previous step, the Slave Administration Server display name field will contain the following value: Administration Server <computer name>, where <computer name> stands for the name of the host specified in the address, which must be added as a slave Server. 4. If you have not defined the slave Administration Server address earlier, use the Select button to specify the path to the Administration Server certificate. 5. If you have previously specified the slave Server's address, specify the settings for connecting the slave Administration Server to the master Server. Specify the address of the master Administration Server. You can use either its IP address or the computer's name in the Windows network as the computer's address. If a proxy server is used for connection, configure the connection settings in the Proxy server settings group of fields. Check the Use proxy server box. Enter the proxy server address in the Address field. Fill in the fields User name, Password and Confirm password if user authentication is required to access the proxy server. If the address of the slave server has not been specified, this step will be skipped. 6. Please wait until the following operations have been completed: Connection of the Administration Console to the slave Server. Information about the slave Server is added to the master Administration Server's database. If you have defined the slave Administration Server address earlier, enter in the displayed prompt the information of an account (user name and password) that is authorized to connect to the computer, which you plan to use as a slave Server. The settings used to connect the slave Administration Server to the master Server are configured. If the slave Server's address has not been specified, you will have to perform the following actions manually after the wizard completes: connect the Administration Console to the slave Server; configure the connection between the slave Administration Server and the master Server. 7. Press the Next button. The progress of the action will be displayed in the wizard window. If errors occur, an error message will be displayed. 8. In the last wizard window press the Finish button. When the wizard completes, the master Administration Server will add information about the slave Server to its database. The icon and the name of the slave Server will appear in the Administration Servers folder within the corresponding administration group. CONFIGURING THE CONNECTION OF THE SLAVE SERVER TO THE MASTER SERVER To configure the connection of a slave Server to the master Administration Server: 1. Add the slave Administration Server to the console tree (see section "Adding a Server to the console tree", on page 30) as a managed Administration Server. 2. Select the Administration Server and use the Properties command of the context menu to open its properties window. 60

61 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S 3. In the Administration Server <Computer name> Properties window that opens, on the General tab, click on the Advanced link. In the window that opens press the Settings button in the Administration Servers hierarchy section. 4. In the next Master Administration Server settings window that opens (see the figure below), check the box This Administration Server is a slave server in the server hierarchy. Then in the block of parameters below specify: Address of the master Administration Server. You can use either its IP address or the computer's name in the Windows network as the computer's address. Certificate of the master Administration Server. The path to the certificate file can be specified using the Select button. If you are connecting via a proxy server, check the Use proxy server box. Enter the address for connecting to the proxy server in the Address field. Fill in the fields User name, Password and Confirm password if user authentication is required to access the proxy server. 5. To confirm the settings, press the OK or Apply button. As a result, the slave Administration Server will connect to the master Server and will receive from it all the policies and tasks for the group to which the slave Server now belongs. You can then connect to the slave Server via the master Server from the Administration Server node. Figure 39. Configuring the slave Administration Server's connection to the master Administration Server 61

62 R E F E R E N C E G U I D E VIEWING ADMINISTRATION GROUPS OF A SLAVE ADMINISTRATION SERVER To view the administration groups of a slave Administration Server via the master Server, connect the Console to the slave server: 1. In the console tree of the master Administration Server, select the Administration Servers node in the folder of the required group. 2. In the Administration Servers node select the required slave Server. 3. Open the context menu and select the Connect to Administration Server command. The Administration console will reflect the structure of the administration groups of the slave Administration Server. Then you can view the structure of the groups (see section "Viewing information about groups" on page 73). The slave Administration Server inherits from the master Server all the group tasks and policies of the group to which it belongs. Inherited policies and tasks are indicated on the slave Server as follows: The icon will be displayed next to the names of the policy inherited from the master Administration Server (the regular policy icon is ). The settings of the inherited policy will not be accessible for changes on the slave Server on shut down. The settings that are specified as not modifiable in the inherited policy are indicated by the "locked" icon application policies on the slave Server, and use values specified in the inherited policy. in all Values of the settings that are not "locked" in the inherited policy are indicated by the "unlocked" icon ( ). If the setting is specified as modifiable in the slave Server policy, it can be changed in the application settings (see section "Viewing and configuring policy settings" on page 85) and task settings (see section "Viewing and changing task settings" on page 130). The icon will be displayed next to the names of group tasks inherited from the master Administration Server (the regular task icon is ). The policies and tasks received by the slave Administration Server from the master Administration Server cannot be modified. The Administration Server tasks and the tasks for specific computers are not transferred to slave Servers. To manage a slave Administration Server via the Console of the master Server, add a computer on which the slave Administration Server is installed to the console tree as a new Server (see section "Adding a slave Server" on page 59), and switch to the node corresponding to this Server. CONNECTING TO THE ADMINISTRATION SERVER VIA INTERNET To connect to an Administration Server via Internet, the following requirements should be satisfied: The Administration Server in the main office should have an external IP address, and the incoming ports and should be open on it. The external IP address of the master Administration Server should be specified during the installation of the Network Agent to remote office computers. If an installation package is used for installation, the external IP address is specified manually in the properties of this package on the Settings tab. 62

63 M A N A G I N G A D M I N I S T R A T I O N S E R V E R S The Network Agent should be installed on remote office computers first. To establish a connection between a client computer and the Administration Server, the Server sends a special packet to the Network Agent through port If port on the remote client computer is not accessible (closed in the settings, Network Agent policies, behind a firewall or inaccessible because of network structure peculiarities), if the administrator is fulfilling real time operations, on the General tab check the Do not disconnect from the Administration Server box in the properties of the client computer. The real-time operations include the following actions: starting / stopping the application (without using the application start/stop task); starting / stopping the local tasks; viewing statistics on the application operation; forcing synchronization. After this option is enabled, wait for synchronization with the remote client computer. This box can be checked simultaneously for up to 100 client computers. Furthermore, the capability to send a packet from the Administration Server to the Network Agent via port can accelerate operations such as distribution of policies, group tasks, licenses, etc. 63

64 MANAGING ADMINISTRATION GROUPS The Administration Server and the hosts in the corporate network (client computers) interact using the Network Agent. This component must be installed on all computers running the Kaspersky Lab applications managed via Kaspersky Administration Kit. Client computers may be combined into administration groups (groups) in accordance with the corporate structure. The following settings can be defined for client computers within a single group: common application settings (through policies); common operation mode of the applications (through creation of group tasks). The administrator can create a hierarchy of Servers and groups with any nesting level if that can simplify the management of installed applications. A single hierarchy level can include slave Administration Servers, groups and client computers. IN THIS SECTION Adding, moving and deleting a group Creating the structure of administration groups Viewing information about a group Viewing and changing group settings ADDING, MOVING AND DELETING A GROUP To create a group: 1. In the console tree, open the Managed computers. 2. Select the folder corresponding to the group which should include the new group. If you create a group at the highest hierarchy level, select the Managed computers folder. 3. Open the context menu and use the New Group command or the Create a subgroup link in the task pane. 4. Enter the group name in the window that opens (see the figure below) and press the OK button. 64

65 M A N A G I N G A D M I N I S T R A T I O N G R O U P S A new subfolder with the specified name will appear in the Managed computers folder in the console tree. This new folder will automatically contain the following nested folders: Policies, Group tasks, Administration Servers, and Client computers. They will be filled during the definition of group policies, the creation of group tasks and the addition of slave Administration Servers. Figure 40. Creating a group To change a group name: Select the group folder in the console tree, open its context menu and select the Properties command or click the Group properties link in the task pane. In the <Group name> Properties window that opens, rename the group using the General tab (see the figure below). You cannot rename the Managed computers folder because it is an in-built element of the Administration Console. Figure 41. Viewing the group properties. The General tab 65

66 R E F E R E N C E G U I D E To move a group to another folder of the console tree: Select the folder to move and use the standard Cut / Paste commands of the context menu or drag it with the mouse. To delete a group: Select the group folder in the console tree and use the Delete command. A group can only be deleted if it does not contain slave Servers, nested groups or client computers. CREATING THE STRUCTURE OF ADMINISTRATION GROUPS Kaspersky Administration Kit can create a structure of administration groups based on: the Windows network domains and workgroups (see section "The structure of groups based on the Windows network domains and workgroups" on page 67). Active Directory (see section "Group structure based on Active Directory" on page 69). the content of the text file (see section "Group structure based on the content of the text file" on page 71). If for some reason a computer is not registered in the Unassigned computers group during the creation of a group structure (if it is turned off or disconnected from the network), it will not be added to the logical network. You can do this later manually. Creating a group structure using the wizard does not disturb network integrity: new groups are added, but do not replace the existing groups. A client computer that has already been assigned to an existing group will not be added again because the Unassigned computers group displays computers that are not included in the logical network. 66

67 M A N A G I N G A D M I N I S T R A T I O N G R O U P S THE STRUCTURE OF GROUPS BASED ON THE WINDOWS NETWORK DOMAINS AND WORKGROUPS To create a structure of administration groups based on the Windows network domains and workgroups: 1. Open the context menu of the Managed computers folder and select All tasks Create groups structure. This will open the group structure creating wizard (see the figure below). Press the Next button. Figure 42. Group structure creation wizard 2. In the window that opens, select Microsoft Windows Domains and Workgroups (see the figure below). 67

68 R E F E R E N C E G U I D E The group structure will be created based on the information about the structure of Windows network domains obtained during the last network polling and the Unassigned computers presented in the group. Press the Next button. Figure 43. Determining the group creation method 3. In the following window select the group and press the Browse button located next to the Target group field. This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such a group does not exist, create a new one by pressing the Create group button and select it. The specified group will be created automatically in the Managed computers group. Press the Next button. 4. In the next wizard window, press the Finish button to complete the administration group task creation. 68

69 M A N A G I N G A D M I N I S T R A T I O N G R O U P S GROUP STRUCTURE BASED ON ACTIVE DIRECTORY To create a structure of administration groups based on Active Directory: 1. Open the context menu of the Managed computers folder and select All tasks Create groups structure. This will open the group structure creating wizard (see the figure below). Press the Next button. Figure 44. Group structure creation wizard 2. In the window that opens, select Active Directory (see the figure below). 69

70 R E F E R E N C E G U I D E The group structure will be created based on the information about the network structure of Active Directory units obtained during the last polling of the network and the Unassigned computers presented in the group. Press the Next button. Figure 45. Determining the group creation method 3. In the following window select the group and press the Browse button located next to the Target group field. This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such a group does not exist, create a new one by pressing the Create group button and select it. The specified group will be created automatically in the Managed computers group. Select the source Active Directory organization unit by pressing the Browse button located next to the Source Active Directory organization unit field. Press the Next button. 4. In the next wizard window, press the Finish button to complete the administration group task creation. 70

71 M A N A G I N G A D M I N I S T R A T I O N G R O U P S GROUP STRUCTURE BASED ON THE CONTENT OF THE TEXT FILE To create a group structure based on the content of the text file: 1. Open the context menu of the Managed computers folder and select All tasks Create groups structure. This will open the group structure creating wizard (see the figure below). Press the Next button. Figure 46. Group structure creation wizard 2. In the window that opens, select the Text file item (see the figure below). 71

72 R E F E R E N C E G U I D E The group structure will be created in accordance with the text file created by the administrator. If you select this option, during the next step of the wizard select a group to which the nested subgroups would be added and specify the text file containing the group structure. Figure 47. Determining the group creation method 3. In the next window: Select a group and press the Browse button located next to the Target group field. This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such group does not exist, create a new one by pressing the New group button and select it. The specified group will be created automatically in the Managed computers group. Specify the file based on which the hierarchy will be created for the group specified using the Target group field. To do this, click the Browse button located next to the Text file with group names field, and select the text file created earlier according to the following rules: The name of each new group must begin with a new line; and the delimiter must begin with a line break. Blank lines will be ignored during the creation of the file. Example: Office 1 Office 2 Office 3 Three groups of the first hierarchy level will be created in the target group. The name of the nested group should be entered using a slash (/). Example: 72

73 M A N A G I N G A D M I N I S T R A T I O N G R O U P S Office 1/Division 1/Department 1/Group 1 Four subgroups nested into each other will be created in the target group. In order to create several nested groups of the same hierarchy level, you should specify the "full path to the group". Example: Office 1/Division 1/Department 1 Office 1/Division 2/Department 1 Office 1/Division 3/Department 1 Office 1/Division 4/Department 1 One group of first hierarchy level Office 1 will be created in the destination group; this group will include four nested groups of the same hierarchy level "Division 1", "Division 2", "Division 3", and "Division 4". Each of these groups will include one more group - "Department 1". Press the Next button. 4. In the next wizard window, press the Finish button to complete the administration group task creation. VIEWING INFORMATION ABOUT A GROUP To view information about the structure of a group: 1. Open the Managed computers. 2. Select the folder with the name of the required group. A list of objects included in this group will be displayed in the results pane. You can also expand the corresponding branch of the console tree. To view information about group policies, select the Policies folder. If policies have been defined for the group, they will be displayed in the console tree, otherwise the folder will be empty. To view information about group tasks, select the Group tasks folder. If tasks have been defined for the group, they will be displayed in the console tree, otherwise the folder will be empty. To work with slave Administration Servers, select the Administration Servers folder. To work with clusters and arrays of servers, select the Clusters and server arrays folder. This folder will be displayed in the console tree only if the cluster is included in the logical network. The items listed above depend on the user interface settings. To view the list of client computers, select the Client computers folder. The list of client computers will be displayed in the results pane. 73

74 R E F E R E N C E G U I D E Administration Console information updates automatically for objects of the console tree and information panel diagrams only. To update the data in the results pane, use one of the following options: the F5 key, the Refresh item in the context menu, or the Refresh link in the task pane. VIEWING AND CHANGING GROUP SETTINGS To view or change group settings: 1. Open the Managed computers folder in the console tree. 2. Select the necessary group. 3. Open the context menu. 4. Select the Properties command. This will open the group properties window that contains a set of tabs, which you can use to view and change the security options and the settings for communication with client computers; establish the procedure for interaction with the Administration Server, and specify the set of conditions determining the computer status. To open the group properties window, you can also click the Group properties link in the task pane. GENERAL SETTINGS You can view and edit the group name on the General tab (see the figure below): The name must be unique within one level of the folder or group hierarchy. You cannot rename the Managed computers folder because it is an in-built element of the Administration Console. This tab also displays the following information: Parent group: the name of the group that includes this group. For the groups at the highest hierarchy level this field contains the name of the Administration Server associated with this group. Contains: statistics on the group structure the number of nested groups and total number of client computers, including client computers in nested groups. Created: the date when the group was created. Modified: the date when the name or attributes of the group were last modified. If the group name and group properties have not been modified since their creation, the value is <Unknown>. 74

75 M A N A G I N G A D M I N I S T R A T I O N G R O U P S The Reset button in the Detected virus counter section allows you to clear the counter of detected viruses for all client computers in a group. Figure 48. Viewing the group properties. The General tab 75

76 R E F E R E N C E G U I D E GRANTING RIGHTS TO WORK WITH A GROUP The Security tab (see the figure below) is intended for configuration of access to an administration group. Figure 49. Granting rights to access the Administration Group By default, the rights to work with a group are inherited from the Administration Server properties (see section "Granting rights to use a Server" on page 31), where the rights to work with all objects managed by the Server are defined. To configure individual access rights for an administration group that are different from those specified in the Administration Server settings, uncheck the Inherit box. The upper part of the tab contains the list of users registered on the computer hosting the Administration Console. The lower part contains the list of possible permissions: All: includes all permissions (see below). Reading: Writing: connection to the Administration Server; viewing the structure of Administration Server folders; viewing the values of applications' policies, tasks, and settings. creation of administration groups, addition of child groups and client computers to them; 76

77 M A N A G I N G A D M I N I S T R A T I O N G R O U P S installation of the Network Agent component on client computers; updating the version of applications installed on client computers; creation of policies and tasks for groups and for individual computers, and configuring the application settings; centralized management of applications, receiving reports about their operation using services provided by the Administration Server, the Network Agent and the Administration Console components. Execution: starting and stopping of existing tasks for groups, specific computers and Administration Server. Modify access privileges: granting to users, and groups of users, access rights to the functionality of Kaspersky Administration Kit. Edit event log settings. Edit notification settings. Remote install of Kaspersky Lab applications. Remote install of external applications: preparation of installation packages and remote install of third-party applications to the client computers. Edit Administration Server hierarchy settings. Saving network lists content: copying files from the backup storage, quarantine and files for postponed disinfection from client computers to the computer where the Administration Console is installed. Creating tunnels: creating a tunneled connection between a computer with the installed Administration Console and a client computer. To assign specific rights: 1. Select a group of users. 2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check the All box, all the boxes will automatically be checked. 3. In the Deny column check the boxes next to the permissions that must not be provided to members of that group. If you check the All box, all the boxes will automatically be checked. You can add a new group or a new user using the Add button. You can add only users, or groups of users, which are registered within the domain. To remove a user or a group, select the corresponding object in the list and press the Remove button. The group of Kaspersky Administration Kit administrators (KLAdmins) cannot be removed. CONDITIONS THAT DETERMINE COMPUTER STATUS Use the Computer status properties window of the Administration Server's policy (see the figure below) to specify criteria for determining whether a client computer will be assigned one of the statuses, Critical or Warning. If the client computer does not match any of the conditions listed, it will be assigned the status OK. Threshold values may be modified for some conditions. To change the value, double click a condition in the Condition column to open the editing window. 77

78 R E F E R E N C E G U I D E For example, you can specify the maximum number of days during which the client computer has not connected to the Administration Server. After this period, the computer will be assigned the status Critical. Figure 50. Configuring the client computer's status diagnostics If the computer status is OK, then an icon will be displayed next to its name, for example in the task pane of the main application window. If the computer has the status Warning, an amber icon will be displayed. If the computer status has the status Critical, a red icon will be displayed. The criteria for determining the status of the client computer are defined in the settings at the level of the parent group, and are inherited by all administration groups. To configure individual criteria for a group, uncheck the Inherit box and configure the settings (for the top hierarchy level the Inherit box is inactive). Clicking the link Computer visibility on the network opens the Computer visibility window. In the Computer visibility timeout (min) field of the window that opens, you can specify the time during which a client computer will be considered visible in the network after it was disconnected from the Administration Server. The default interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive. If necessary, you can modify this value in the Kaspersky Administration Kit policy settings (see section "Configuring the settings of the Administration Server policy" on page 102). 78

79 M A N A G I N G A D M I N I S T R A T I O N G R O U P S MONITORING OF CLIENT COMPUTER ACTIVITY Use the Client computers properties window of the administration group (see the figure below) to specify the following parameters: Figure 51. The group properties window. The Client computers tab The Client computer activity in the network section specifies how the Administration Server reacts to the inactivity of client computers of this group: If you wish the Kaspersky Administration Kit administrator to be notified after a period of inactivity, check the Notify the administrator if the computer is not active for longer than (days) box and specify the number of days in the field to the right of the box. When the period expires, the Administration Server will perform the necessary actions. Notification shall be performed in accordance with the settings specified in the properties of the Administration Server (see section "Viewing and changing Administration Server settings" on page 33). If you want inactive client computers to be deleted from the group, check the Delete the computer from the group if it is not active for longer than (days) box and specify the number of days in the field to the right of the box. Once the specified period has expired, the client computer will be automatically deleted from the group and moved to the Unassigned computers group. Specify the settings for inheriting values, specified on this tab: Inherit from parent group to ensure that the specified values are inherited from the group of the previous hierarchy level. If this box is checked, the settings on the tab cannot be changed. 79

80 R E F E R E N C E G U I D E Force inheritance in child groups to ensure that the specified values are distributed to subgroups. If this box is checked, in the child groups properties the settings specified on the tab will be locked for modification. AUTOMATIC INSTALLATION OF APPLICATIONS ON CLIENT COMPUTERS On the Automatic installation tab you can specify which installation packages should be used for automatic remote installation of Kaspersky Lab applications to client computers that have recently been added to the group. If a package is used, the box corresponding to its name is selected. To prevent automatic deployment of an application, uncheck its box next to the name of the corresponding installation package. By default, no software is automatically installed. For all installation packages for which boxes are checked, remote deployment group tasks under the name Installation <Name of the selected installation package> will be created. You can run these tasks manually. To automatically install Kaspersky Lab applications on new computers running the Microsoft Windows 98 / ME operating systems, install the Network Agent on these computers in advance. Figure 52. The group properties window. The Automatic installation tab If some installation packages of one application were selected for automatic installation, the installation task will be created for the most recent application version only. 80

81 M A N A G I N G A D M I N I S T R A T I O N G R O U P S CREATING THE LIST OF UPDATE AGENTS The Update Agents tab (see the figure below) is used to create a list of computers (see section "Creating the list of Update Agents and configuring the agents" on page 270), which are used within a group to distribute updates, installation packages and group tasks and policies. Figure 53. Creating the list of Update Agents 81

82 REMOTE MANAGEMENT OF APPLICATIONS Kaspersky Administration Kit enables remote management of the applications installed on the computers within administration groups and corporate networks. The applications are managed via: the creation of policies regulating the configuration of operation settings for the applications installed on client computers; creation and launch of tasks (see section "Managing the operation of applications" on page 115), designed for administration groups, the Administration Server or selected computers; configuration of local settings for the applications installed on individual network computers. IN THIS SECTION Managing policies Local application settings MANAGING POLICIES Application settings on client computers are centrally configured through definition of policies. Policies created for applications within a group appear in the corresponding folder of the console tree. The name of each policy is preceded by an icon indicating its status (see section "Statuses of computers, tasks and policies" on page 340). CREATING A POLICY To create a new policy for a group: 1. In the console tree, select the group for which you want to create a policy, select the Policies subfolder, open the context menu and use the Create Policy command, or click the Create a new policy link in the task pane. A wizard will start. Follow the wizard's instructions. Use the links Create a new Kaspersky Anti-Virus for Windows Workstations policy and Create a new Kaspersky Anti-Virus for Windows Servers policy in the task pane to create the policies for the corresponding applications. You will then not have to specify the application in the policy configuration wizard. 2. You must specify the policy name and select the application for which this policy is being created. The policy name is assigned in a standard manner. If a policy with this name already exists, the (1) ending will be automatically added to the end of the name of the new policy. 82

83 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Select an application from the drop-down list (see the figure below). The drop-down list includes all applications that have their administration plug-ins installed on the administrator's workstation. Figure 54. Selecting an application for policy creation 3. Use the displayed window (see the figure below) to specify the policy status. Select one of the following: Active policy. The policy being created will be used as the application's current policy. Inactive policy. The policy will be saved in the Policies folder. If required, it can be activated (see section "Activating a policy" on page 95). Mobile user policy. This policy will be applied after you disconnect the computer from the corporate network. This type of policy is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. 83

84 R E F E R E N C E G U I D E Several policies can be created in a group for one application, but only one policy can be active. Activating a new policy makes the previously active policy inactive. Figure 55. Policy creation wizard. Activating the policy 4. Then, you must specify the general settings for the policy and edit settings for the selected application (see the figure below). You can lock policy settings for nested groups, application settings, or task settings. Policy settings that can be locked are marked with the icon change to.. To lock a setting, click this icon. The icon will A policy has a higher priority compared with the local settings only if it prohibits modification of parameters (are locked ). When creating a policy, you can specify a minimum set of parameters required for application to run. All other settings are set to the default values applied during the local installation of the application. You can modify the policy by editing it (see section "Viewing and configuring policy settings" on page 85). 84

85 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S For details on configuring policy settings for the applications, please refer to their corresponding documentation. Figure 56. Creating a policy for Kaspersky Anti-Virus for Windows Workstations 1. In the last wizard window press the Finish button. Once a policy is created, the parameters which may not be modified are applied on clients for which the policy was created (are "locked" ). DISPLAYING INHERITED POLICY IN THE NESTED GROUP RESULTS PANE To display inherited policies in the Policies folder of a child group: 1. Select the Policies folder of a nested group in the console tree. 2. Open the context menu, select View, and check the Inherited policies box. This will display inherited policies in the console tree with the icon. You can view the inherited policies properties. While policy inheritance is enabled, inherited policies can only be edited within the group under which they were created. VIEWING AND CONFIGURING POLICY SETTINGS To view group settings or modify them: 1. In the console tree, open the Policies folder of the administration group that you wish to configure. 2. Select the necessary policy. 3. Open the context menu and choose the Properties command. 85

86 R E F E R E N C E G U I D E To navigate quickly to the policy properties, select it in the console tree and use the Edit policy link in the Actions section of the task pane. This will open the <Policy name> properties window with several tabs in which you can configure a policy for an application. The contents of the tabs are specific to each application, and their description is provided in the documentation for the applications. The General, Events, and Settings policy configuration tabs are common for all applications. The General tab (see the figure below) contains the following policy information: policy name; the application for which the policy is created (for example, Kaspersky Administration Kit); policy creation date and time; date and time of the last policy modification; policy status; information about the results of policy enforcement. Figure 57. The policy properties window You can use the tab to: change the policy name; view the results of policy enforcement; 86

87 R E M O T E M A N A G E M E N T O F A P P L I C A T I ONS access and configure the additional settings by clicking the Advanced link. The Enforcing the policy on the client computers section also contains reference information about the results of policy application on the client computers within the selected group, indicating the number of computers: for which the policy was defined; where the policy was enforced; where the policy enforcement failed. To update the information about the results of policy enforcement, press the Refresh button. Detailed information about the results of policy enforcement on each client is available in the window (see the figure below) accessed by pressing the Details button. The window displays a table that has the following columns: Computer client name. Domain name of the domain to which the client belongs. Status the policy status, which may have one of the following values: Modified settings for this policy have been changed on the Administration Server, but they were not yet synchronized with the client computer; Finished the policy for an application on this computer has been successfully applied; Pending the policy for an application on this computer has not been applied yet; Failed the policy for an application on this computer has failed (the computer was turned off, disconnected, the application did not run, or was not installed, etc.). Date date and time when the event occurred. Figure 58. Information about policy enforcement on clients of one group 87

88 R E F E R E N C E G U I D E Local parameters are modified automatically based on the settings selected when a policy is first applied on a client computer. After a policy is deleted or revoked, the application will continue working with the settings specified in the policy. The settings may subsequently be modified manually. Applying a policy to a large number of clients will significantly increase the load on the Administration Server and the amount of network traffic. To access and configure the additional policy settings, click the Advanced link. To define policy status, in the window that opens (see the figure below) in the Policy status section, select one of the following options: Active policy; Mobile user policy; Inactive policy. To enable inheritance, i.e. prohibit modification of "locked" policy settings in the configuration of child policies, check the Inherit settings from parent policy box. To disable inheritance, uncheck the Inherit settings from parent policy box. To force inheritance of settings in child policies, enable the checkbox next to the corresponding item. After changes in a policy are applied, the following steps will be performed: specified values will be distributed to the policies of nested administration groups, i.e. to the child policies; the Inherit settings from parent policy box will be checked in child policies; the values of the settings in child policies will remain "locked" until the Force inheritance of settings in child policies box is checked. Figure 59. Configuring additional policy settings 88

89 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S The Events tab (see the figure below) represents the information on events that are fixed in the application operation. The event types are divided into three groups according to their severity level. Figure 60. Editing a policy. The Events tab Immediately after the policy has been created, the values on the Events tab will match the default application settings. The settings are specific to each Kaspersky Lab application, and more information about them is available in user guides for each application. If necessary, you can change the policy settings. For all Kaspersky Lab applications, events related to anti-virus protection may have the following severity levels: Critical (e.g., virus outbreak). Error (e.g., a shared folder is inaccessible). Warning (e.g., a client computer has been invisible on the Windows network for a long time). Info (e.g., a new client computer was found). Event handling rules are defined separately for each severity level. 1. Select the event importance level from the drop-down list: Critical, Error, Warning or Info. 2. Events corresponding to the selected severity level will be displayed in the table below. The list of events is specific to each application. For more information about events, see the application documentation. Select the types of events to be recorded using the Shift and Ctrl keys on your keyboard. Click the Select All button to select all event types. 3. Then click the Properties button for the selected event types. 89

90 R E F E R E N C E G U I D E 4. To record event information in event logs, check the following boxes in the Event registration section (see the figure below): On Administration Server for (days) box to make the Administration Server log application events that occur on all clients in the group in a centralized manner. In the field on the right, specify the number of days during which the server will store information. When the specified period has elapsed, the entry corresponding to this event will be deleted. You can view event logs stored on the Administration Server through the Administration Console on the administrator workstation. It is shown in the Events folder of the console tree. In the event log on client computer to save information about events locally in the Windows Event Log of each client computer. In the event log on Administration Server to enable centralized logging of all application events on all clients in this group in the specified Administration Server's Windows Event Log. The information in Windows event logs can be viewed using Displays client computer events, a standard Windows event management tool. Figure 61. Editing event properties 5. To enable notification about selected events, specify the notification methods by checking appropriate columns in the Event notification section: Notify by . Notify through NET SEND. Notification using NET SEND is not available in Microsoft Windows Vista and later versions. Notify by running executable or script. 90

91 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Notify via SNMP. Notify via SNMP is configured directly in the application working with SNMP. To configure notifications, use the Settings link and in the window that opens (see the figure below) define the settings. Figure 62. Configuring event notifications In the upper part of the window select the notification method that you wish to modify. If the Use Administration Server settings box is checked, the values specified on the Notification tab under the Administration Server properties are used by default. To modify notification settings, uncheck the Use Administration Server settings box and select the following from the drop-down list: (see the figure above). Under this option: In the Recipient field, specify the address of the notification recipient. Several addresses may be entered as a list separated by commas or semicolons. In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows network name can be used); In the SMTP server port field, specify the SMTP server connection port number (the default is port 25); 91

92 R E F E R E N C E G U I D E The sender and subject for the message that will be delivered as a notification. To do this, press the Properties button and in the window that opens (see the figure below), fill in the Subject field. In the lower entry field, specify the address which will be used as a sender's address. In the same window, enter User name, Password, and Confirm password in the relevant fields if ESMTP authorization is being used. Figure 63. Configuring notification settings. Specifying the Sender and Subject 92

93 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S NET SEND (see the figure below). Under this option, use the field below to enter recipient host addresses for network notifications. An IP address or a Windows network name may also be used. Several addresses may be entered as a list separated by commas or semicolons. For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers. Figure 64. Configuring notifications. Notification using NET SEND Executable file to run (see the figure below). Under this option, use the Select button to select an executable module to run when an event occurs. 93

94 R E F E R E N C E G U I D E Executable environment variable names are the same as the names of placeholders used to create the message text (see below). Figure 65. Configuring notifications. Notification using executable files Enter the message which will be delivered as notification in the Notification message section at the bottom of the window (see the figure above). If the Use Administration Server settings box is checked, the message text specified on the Notification tab of the Administration Server settings will be used by default. To modify the message, uncheck the Use Administration Server settings box and enter a new message. The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button. Event severity; From computer; Domain; Event; Event description; Time raised; Task name; Application; 94

95 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Version number; IP-address; IP address of the connection. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed in it. Figure 66. Configuring notification settings. Sending a test notification ACTIVATING A POLICY For the policy to become active: 1. Select the required policy in the console tree. 2. Open the context menu and select the Properties command or use the Edit policy link in the Actions section of the task pane. 3. Select the General tab (see the figure below) in the <Policy name> Properties application policy configuration window. 4. Click the Advanced link to open the advanced settings window. In the Policy status section select Active policy. To deactivate a policy, select Inactive policy. 95

96 R E F E R E N C E G U I D E To change the policy status quickly, use the Active policy and Inactive policy links in the task pane of the selected policy. Figure 67. The policy properties window ACTIVATING A POLICY BASED ON AN EVENT To activate a policy automatically when a certain event occurs, in the Administration Server settings configured on the Virus outbreak the policy must be included in the corresponding list (see section "Changing the application policy when a Virus outbreak event is registered" on page 328). If you activate a policy by event, you can return to the previous policy manually only. POLICY FOR MOBILE USER This policy type is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. To configure the enforcement of a policy when a client computer disconnects from the corporate network: 1. Select the required policy in the console tree, open its context menu and choose Properties. 96

97 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S 2. Select the General tab (see the figure below) in the Properties: <Policy name> application policy configuration window. Figure 68. The policy properties window 3. Click the Advanced link to open the additional policy settings window (see the figure below). Figure 69. Additional policy settings window 97

98 R E F E R E N C E G U I D E 4. In the Policy status section select Mobile user policy. DELETING A POLICY To delete a policy: Select the necessary policy in the Policies folder within the console tree and use the Remove command from the context menu or the Remove policy link in the task pane. COPYING A POLICY To copy a policy: 1. Select the Policies folder in the results pane and use the Copy command from the context menu. 2. Go to the Policies folder of the required group (or remain in the same folder) and use the Paste command from the context menu. An active policy becomes inactive when copied. If required, you can make this policy active (see section "Activating a policy" on page 95). As a result, the policy will be copied with all its settings and applied to the computers within the group into which it was copied. If a policy with the same name exists in the folder, the _1 ending will be automatically added to its name. CONFIGURING THE NETWORK AGENT'S POLICY You can define the following parameters in the Settings window (see the figure below) while creating a policy for the Network Agent: In the Event log group use the Maximum size of event log, MB field to define maximum disk space that the events log will be allowed to occupy. 98

99 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S In the Application uninstallation password group press the Modify button and enter the password. This password must be specified in the task of remote uninstallation of the Network Agent. Figure 70. Creating a Network Agent policy. The Settings window 99

100 R E F E R E N C E G U I D E In the Repositories window specify the options for the system of collecting information about the applications installed on computers within a group and objects in repositories. To reflect the information about applications in the applications registry (see section "Applications registry" on page 291), check the Information about installed applications box. To display information about objects placed in repositories by applications of version 6.0 MP3, in the corresponding folders of the Repositories folder, check the Quarantined objects and Backup objects boxes. Figure 71. Creating a Network Agent policy. The Repositories window In the Network window (see the figure below) you can specify the settings for connection to an Administration Server. In the Connect to the Administration Server field specify the following: In the Synchronization interval (min) field specify the time interval (in minutes) between attempts to synchronize data of the client computers and the Administration Server. Check the Use SSL connection box if you wish the connection to be secure (using SSL protocol). Check the Compress network traffic box to increase the rate of the data transfer by the Network Agent, by decreasing the amount of the information transferred and hence decreasing the load on the Administration Server. If you enable this setting, the load on the central processor of the client computer may be increased. 100

101 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S In the Network Agent port field, allow the Administration Server connection to the client computers using a UDP port, and define the port number. To open the connection via the UDP port, check the Use UDP port box and enter the port number in the UDP port number field. By default, port will be used; but if required, you can change it. Only decimal notation is allowed. Figure 72. Creating a Network Agent policy. The Network window When editing the policy for the Network Agent, you can make changes on the General, Events, Settings, Repositories and Network tabs. 101

102 R E F E R E N C E G U I D E In addition to the values configured in the policy creation wizard, on the Network tab (see the figure below) you can also check the Open Network Agent ports in Microsoft Windows Firewall box. This will cause the UDP port required to support Network Agent to be added to the Microsoft Windows firewall exception list. Figure 73. Editing a Network Agent policy. The Network tab CONFIGURING THE SETTINGS OF THE ADMINISTRATION SERVER POLICY When creating a policy for the Administration Server, specify Kaspersky Administration Kit in the application selection window. Then, using the Settings window (see the figure below), you can configure general settings for the Administration Server. In the Administration Server connection settings field: The number of the port used to connect to the Administration Server. The default port number is If this port is already in use, you can change it; The number of the port for secure connection to the Administration Server using SSL protocol. By default, port will be used. 102

103 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Specify the required value in the Maximum number of events stored in the database field. The default value is 400,000 records. Figure 74. Creating an Administration Server policy. The Settings window In the Scan network window (see the figure below) you can specify how the Administration Server updates its information about the Windows network structure: To enable automatic network polling, check the Allow scan box in the Windows network group. To enable automatic polling of IP subnets, check the Allow scan box in the IP subnetworks group. The Administration Server will poll the network with the period specified in the Scan interval (min) field. The default interval between polls is 420 minutes. 103

104 R E F E R E N C E G U I D E To allow automatic network polling using the Active Directory structure, check the Allow scan box in the Active Directory group. Figure 75. Creating an Administration Server policy. The Scan network window In addition to the values configured during policy creation, additional policy parameters may be modified. 104

105 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Use the Computer visibility timeout (min) field on the Settings tab (see the figure below) to specify the time during which the client computer will be considered visible to the network after the connection with the Administration Server has been lost. The default for this interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive. Figure 76. Editing an Administration Server policy. The Settings tab On the Scan network tab (see the figure below) you can define the following settings: Intervals for Windows network polling: Full scan time (min). Complete information about computers in the network will be updated with the specified interval. The default interval between polls is 60 minutes. Quick scan time (min). Information about the list of computers connected to the network will be updated with the specified frequency. The default interval between polls is 15 minutes. Intervals for IP subnets polling. To do this, use the appropriate block in the Scan interval (min) field to specify the required value. The default interval between polls is 420 minutes. 105

106 R E F E R E N C E G U I D E Intervals for network polling in accordance with the Active Directory structure. To do this, use the appropriate block in the Scan interval (min) field to specify the required value. The default interval between polls is 60 minutes. Figure 77. Editing an Administration Server policy. The Scan network tab The Virus outbreak tab is used to specify when the Virus outbreak event will be raised for each anti-virus application type. The settings on this tab are identical to those in the corresponding tab of the Administration Server properties window. The Cisco NAC tab may be used to define a mapping between anti-virus protection conditions and Cisco NAC statuses. The settings on this tab are identical to those in the corresponding tab of the Administration Server properties window. 106

107 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S You can use the Administration Servers hierarchy tab (see the figure below) to allow or prohibit editing of the server hierarchy settings. If Allow hierarchy settings modification on slave servers is unchecked, slave Administration Server administrators will not be able to edit hierarchy settings specified on the master Server. Figure 78. Editing an Administration Server policy. The Administration Servers hierarchy tab EXPORTING A POLICY To export a policy: 1. In the console tree, select the required group. 2. Select the Policies subfolder. In the results pane, you will see a list of all policies created for this group. 3. Select the necessary policy. 4. Open the context menu and select the Export command or use the Export policy to file link in the task pane. 5. In the displayed window specify the name and path for the destination file. Click the Save button. IMPORTING A POLICY To import a policy: 1. In the console tree, select the required group. 107

108 R E F E R E N C E G U I D E 2. Select its Policies subfolder. 3. Open the context menu and select the All tasks Import command or use the Import policy from a file link in the task pane of the Policies folder. 4. In the window that opens, specify the path to the source file containing the required policy. Click the Open button. The added policy will appear in the console tree. POLICIES CONVERSION Using Kaspersky Administration Kit, you can convert the policies of the previous version of Kaspersky Lab applications to the current version. This may be useful, for example, when you install the Administration Server 8.0 on a computer with the Administration Server 6.0 installed. This procedure is performed using the Policies and tasks conversion wizard. To convert application policies and / or tasks: 1. In the console tree, select the Administration Server, for which you wish to convert policies and / or tasks. 2. In the context menu, select All tasks Policies and tasks conversion wizard. A wizard will start. Follow the wizard's instructions. 3. In the Application name field (see the figure below), specify the application version. After the wizard completes, the policies and tasks will be converted for work in the specified version of the application. Figure 79. Selecting an application for conversion 108

109 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S 4. In the next wizard window (see the figure below), check boxes next to the policies, for which you wish to perform the conversion. Pressing the Next button will perform the policies conversion. Figure 80. Selecting policies for conversion 5. In the next wizard window (see the figure below), check boxes next to the tasks, for which you wish to perform the conversion. Pressing the button Next will perform the tasks conversion. Figure 81. Selecting tasks for conversion 109

110 R E F E R E N C E G U I D E The wizard will create new policies and tasks that use the policies and tasks settings of the previous version. LOCAL APPLICATION SETTINGS The Kaspersky Administration Kit administration system allows remote management of local application settings on remote computers via the Administration Console. The application settings can be used to define individual values for applications on each client computer within a group. VIEWING APPLICATION SETTINGS To view application settings and configure them as necessary: 1. In the Managed computers folder select the folder with the name of the group that includes the required client computer. 2. Select the Client computers folder. 3. In the results pane select the computer for which you need to modify the application settings, and use the Properties command from the context menu. This will open the <Computer name> Properties dialog containing several tabs in the main program window. 4. Open the Applications tab (see the figure below). This contains a table of all Kaspersky Lab applications installed on the client computer and brief information about each of them. 5. Select the required application. You can: View the list of application-related events (see section "Event selections" on page 223) that occurred on the client computer and were registered on the Administration Server, using the Events button. See the current statistics on application operation using the Statistics button. This information is requested by the Administration Server from the client computer. If there is no connection, a corresponding error message will be displayed. 110

111 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S View general information about the application and configure its settings, using the Properties button in the <Application name> application properties window. Figure 82. Viewing client computer properties. The Applications tab The <Application name> application properties window contains several tabs. The information is provided based on the data received during the last client synchronization session with the Administration Server. The contents of the tabs are specific to each application, and their description is provided in the corresponding documentation. The General, Licenses, and Events tabs are common for all applications. 111

112 R E F E R E N C E G U I D E On the General tab (see the figure below), you can view general information about the application, installed updates, start or stop the application, and check the settings of the plug-in for this application installed on the administrator's workstation by clicking the Plug-in information hyperlink. Figure 83. Viewing client computer properties. The General tab The Licenses tab contains detailed information about the current and reserve licenses installed for the application (see the figure below). The Current license section displays information about the current key: Serial number the license serial number. Type the type of installed license (for example, commercial or trial); Activation date license activation date (the date when it was activated); Expiration date expiration date for the license; License period license validity period; Limit computers count restrictions imposed by the license. The Reserve license group of fields displays information about the backup license: Serial number the license serial number. Type the type of installed license (for example, commercial); License period license validity period; 112

113 R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S Limit computers count restrictions imposed by the license. The Events tab (see the figure below) contains parameters that determine the rules for handling events raised by an application running on a client computer. You can view them and make the necessary changes. This tab is identical to the corresponding tab of the policy settings configuration window (see section "Viewing and configuring policy settings" on page 85). CONFIGURING NETWORK AGENT To view the settings of the Network Agent installed on the client computer: 1. Select the client computer in the results pane, open its context menu and select the Properties command. 2. In the dialog window that opens, select the Application tab. 3. In the list of applications installed on the client computer, select the Network Agent and press the Properties button. When you are configuring the Network Agent, in addition to the General (see the figure below) and Events tabs, the window also contains the Settings, Repositories, and Network tabs. The options displayed on these tabs are identical to those on the Network Agent's policy configuration window (see section "Configuring the Network Agent's policy" on page 98). Figure 84. The Network Agent configuration window. The General tab 113

114 R E F E R E N C E G U I D E The Network Agent installed on the Server's computer cannot access the Network tab (see the figure below). You cannot configure the settings for connection to the Administration Server; these settings are hardwired because these components are installed on the same computer. Figure 85. Network Agent settings configuration window (if the Network Agent is installed with the Administration Server) 114

115 MANAGING THE OPERATION OF APPLICATIONS Applications installed on client computers of the administration groups and computer network are managed by creating and launching the tasks which carry out all basic functions: installation of applications, installation of licenses, file scanning, application database and module update, etc. Tasks are subdivided into the following types: group tasks running on all client computers within an administration group; Kaspersky Administration Kit tasks running on the Administration Server; tasks for specific computers running on a small number of computers that are not put into a separate group; local tasks created and running on an individual client computer. The created tasks are displayed in the appropriate folder of the console tree. The icon indicating the task status is displayed next to its name (see section "Statuses of computers, tasks and policies" on page 340). 115

116 R E F E R E N C E G U I D E IN THIS SECTION Creating a group task Creating an Administration Server task Creating a task for specific computers Viewing and changing task settings Creating a local task Displaying an inherited group task in the results pane of a nested group Automatic operating system loading on the client computers before task execution Turning off the computer after the task execution Restricting time for the task execution Exporting a task Importing a task Tasks conversion Starting and stopping tasks manually Pausing / resuming tasks manually Monitoring task execution Viewing results of the task execution stored on the Administration Server Configuring the event filter for a group task Configuring event filter for a selected computer Removing a filter CREATING A GROUP TASK To create a group task: 1. In the console tree, select the group for which you want to create the task. 2. Select its Group tasks subfolder. 3. Open the context menu and use the Create Task command or the Create a new task link in the task pane. A wizard will start. Follow the wizard's instructions. 4. Specify the task name. If a task with the specified name already exists in the group, the _1 suffix will be automatically added to the end of the name. 116

117 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S 5. Then, select the application for which you want to create a task, and define the task type (see the figure below). Figure 86. Creating a task. Selecting an application and defining task type To select an application for which a task is to be created, select the corresponding node in the suggested tree. The list includes all Kaspersky Lab applications that have their Console Plug-ins installed on the administrator's workstation. To specify the task type, select one of the child nodes for the selected application. 117

118 R E F E R E N C E G U I D E 6. You will then be prompted to configure the task according to the selected application (see the figure below). Some settings are set by default. For details about task configuration, see documentation for a specific application. Figure 87. Task configuration 7. Then, create the task start schedule. Use the Scheduled start drop-down list to select the necessary mode for task launch and configure the task schedule in the group of fields corresponding to the selected mode: Every N hours; Every N minutes; Daily; Weekly; Monthly; Once; Manually manual launch from the main window of Kaspersky Administration Kit using the Start command of the context menu or the Run a task link in the task pane; After application update after every update of the application database; At application start; Immediately start the task immediately (after the wizard finishes); When new updates are downloaded to the repository automatically after the Administration Server downloads the updates; On virus outbreak; 118

119 M ANA G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S On completing another task. This is the list of all scheduling modes available for Kaspersky Administration Kit tasks. Some of the listed options may not be available depending on the task type. The tasks for applications, which can be managed via Kaspersky Administration Kit, can have extra scheduling modes. You can find more information about schedule options in the corresponding user guides. If you set up the task to start Every N hours (see the figure below), specify the following: The task start frequency in the Every field and the start date and time for the task in the Plan for field. For example, if you entered 2 in the Every field and entered August 3, :00:00 PM in the Plan for field, the task will start every two hours starting at 3 p.m. on August 3, The default frequency value is set at 6, and the default start date and time for the task is automatically set to the current system date and time of your computer. The procedure for the task to start if the client computer is unavailable (turned off, disconnected from the network, etc.) or if the application is not open at the time specified by the schedule. Check the Run missed tasks box to make the system attempt to start the task the next time the application is opened on this client computer. For Manually, Once, and Immediately the task will be started immediately after the computer connects to the network. If this box is not checked (default), only scheduled tasks will be started on the client computers, and for Manually, Once, and Immediately - on hosts visible on the network only. A variation of the scheduled time during which the task will be started on the client computers. This capability is provided to spread the load caused by simultaneous calls made to the Administration Server by numerous client computers when the task is launched. 119

120 R E F E R E N C E G U I D E Check the Randomize the task start with interval (min) box and specify the time (in minutes) so that the client computers call the Administration Server within some interval after the task is started, rather than simultaneously. By default, this box is unchecked. Figure 88. Scheduling a task to start Every N hours If you set up the task to start Every N minutes (see the figure below), specify the following: The task start frequency in the Every field and the start date and time for the task in the Plan for field. For example, if you entered 10 in the Every field and entered August 3, :00:00 PM in the Plan for field, the task will start every ten minutes starting at 3 p.m. on August 3, The default frequency value is set at 30, and the default start date and time for the task is automatically set to the current system date and time of your computer. An action if a client computer is temporarily unavailable at the task start. 120

121 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 89. Scheduling a task to start Every N minutes If you set up the task to start Daily (see the figure below), specify the following: The frequency of task startups in the Every and Start time fields. For example, if the value of the Every field is 2 and the value of the Start time field is 3:00:00 PM, the task will start once every two days at 3 p.m. The default value for the field is 2, and the current system time is automatically set as the default task start time. An action if a client computer is temporarily unavailable at the task start. 121

122 R E F E R E N C E G U I D E For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 90. Scheduling a task to start daily If you set up the task to start Weekly (see the figure below), specify the following: The frequency of task startups in the Every and Start time fields. By default, the following values are set in these fields: Sunday, 6:00:00 PM. You can change them. For example, if the value in the Every field is Sunday and the value in the Start time field is 3:00:00 PM, the task will start every Sunday at 3 PM. An action if a client computer is temporarily unavailable at the task start. 122

123 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 91. Scheduling a task to start every week If you set up the task to start Monthly (see the figure below), specify the following: The frequency of task by selecting the date and time to start the task. For example, if the value in the Every field is 20 and the value in the Start time field is 3:00:00 PM, the task will start on the 20th day of every month at 3 p.m. The default value in the Every field is 1 and the current system time is set in the Start time field. An action if a client computer is temporarily unavailable at the task start. 123

124 R E F E R E N C E G U I D E For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 92. Scheduling a task to start every month If you set the task to start Once (see the figure below), specify the following: The date of the task launch in the Run on field and the launch time in the Start time field. The values of these fields are set automatically and correspond to the current system date and time. You can change them. An action if a client computer is temporarily unavailable at the task start. 124

125 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 93. Scheduling a task to start once If you set the task to start Manually (see the figure below), at application start or immediately after a task is created, specify: An action if a client computer is temporarily unavailable at the task start. 125

126 R E F E R E N C E G U I D E For deviation from the scheduled time during which the task will be started on the client computers, see above. Figure 94. Setting a task to start manually If you define a task to start On completing another task (see the figure below), specify: The task after which the current task should start. Use the Select button in the Task name field to select the required task. Specify exit status for the selected task in the Execution result field: Completed successfully or Error. 126

127 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S An action if a client computer is temporarily unavailable at the task start. Figure 95. Task start following completion of another task If a task is expected to start On virus outbreak (see the figure below), specify: Application types for which the Virus outbreak event can start a task. Check the boxes next to the required application types. 127

128 R E F E R E N C E G U I D E An action if a client computer is temporarily unavailable at the task start. Figure 96. Task triggering by virus outbreak detection After you finish with the wizard, the task you created will be added to the Group tasks folder of the corresponding group and displayed in the console tree. If necessary, you can modify task settings (see section "Viewing and changing task settings" on page 130). CREATING AN ADMINISTRATION SERVER TASK To create an Administration Server task: 1. In the console tree, select the Kaspersky Administration Kit tasks folder. 2. Open the context menu and choose the Create Task command. 3. Specify the task name. If a task with the specified name already exists in the group, the _1 suffix will be automatically added to the end of the name. 4. Select the type of the task being created (see the figure below). Three types of tasks are supported for the Administration Server: Report Delivery; Administration Server data backup; Download updates to the repository. 128

129 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S If the backup or update task has already been created for the Administration Server, it does not appear in the task type selection window. For these types, just one task of each type is allowed. Figure 97. Creating an Administration Server task. Selecting the task type 5. Configure the task being created in accordance with the selected type. Some settings are set by default. Information about creation and configuration of tasks can be found in the corresponding sections for: reports delivery (see section "Reports delivery task" on page 208); backup data copying (see section "Data backup task" on page 319); receiving updates (see section "Creating the task of downloading of updates to the repository" on page 253). 6. Define the schedule for the Administration Server task similarly to the group task schedule (see section "Creating a group task" on page 116). After the wizard completes, the task you created will be added to the Kaspersky Administration Kit tasks folder and displayed in the console tree. To navigate quickly to the Administration Server task creation window, you can use the corresponding links in the task pane of the Kaspersky Administration Kit tasks folder. CREATING A TASK FOR SPECIFIC COMPUTERS To create a task for specific computers, select the Tasks for specific computers folder in the console tree, open the context menu and use the Create Task command. 129

130 R E F E R E N C E G U I D E This will start the task creation wizard which is similar to the wizard for creating group tasks (see section "Creating a group task" on page 116). It has one additional stage when you should select clients that will be associated with the task, which you want to create (see the figure below). Figure 98. Creating a task for specific computers. Defining clients on which this task will be executed Select the computers within the corporate network on which you want the task to be executed. You can select either computers from different folders or all the computers in a folder. You can select hosts added into administration groups or not included in such groups. To navigate quickly to creating a task for specific computers, use the Create a new task link in the task pane of the Tasks for specific computers folder. The tasks of this type will only be executed on the specified clients. If new client computers are added to the group you selected, the task will not be performed on those hosts. You should either create a new task or make appropriate changes to the current task settings. After the wizard completes, the task you created will be added to the Tasks for specific computers folder in the console tree and displayed in the results pane. With global tasks, you can perform all the operations available for group tasks. VIEWING AND CHANGING TASK SETTINGS To view and modify task settings, perform one of the following actions: For a group task, choose a target group in the console tree, navigate to its Group tasks subfolder and select the desired task. Then, open the context menu and select the Properties command or use the Edit task link in the task pane. To modify the settings of a task for specific computers, in the console tree, select the Tasks for specific computers folder and then the necessary task, open the context menu and use the Properties command or click the Edit task link in the task pane. 130

131 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S To modify the settings of an Administration Server task, in the console tree, select the Kaspersky Administration Kit tasks folder and then the necessary task, open the context menu and use the Properties command or click the Edit task link in the task pane. This will open the <Task name> Properties window with the following tabs: General, Settings, Account, Schedule, and Notification. The properties window of the task for specific computers will also contain the Client computers tab. The <Task name> Properties window shows either the default settings for a task of this type or the last modified settings. You can view the actual settings for this task in the <Computer name> Properties window of an individual client computer on the Tasks tab. The General tab (see the figure below) contains the following general task information: task name, which you can change, if necessary; application for which the task is created (for example, Kaspersky Anti-Virus for Windows Workstations); application version number; task type; task creation date and time; the last command performed manually (Start, Stop, Pause, Resume). The bottom of this tab shows statistics about the results of task execution on the client computers for which the task is defined. To view the details of task execution on client computers, click the Results button. Figure 99. Editing task settings. The General tab 131

132 R E F E R E N C E G U I D E The tab also contains command buttons which may be used to control task execution manually: start, stop, pause, and resume. To copy the task to the slave Servers, check the Send to slave Administration Servers box. The Settings tab (see the figure below) contains application-specific task settings. For information about this tab, refer to the corresponding documentation. Figure 100. Editing task properties. The Settings tab On the Account tab (see the figure below), specify the account that will be used to run the task. You can select one of the following options: Default account. In this case the task will run under the account of the application that will perform this task. Specified account. If you select this option, enter the account (user name and password) that has the appropriate access rights. For example, for on-demand scans, the account should have access rights to the scanned object; for update tasks the account should be able to access the shared folder on the Administration Server or be authorized on the proxy server. 132

133 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S This will avoid problems with on-demand scan and update tasks when the user running a task does not have the required access rights. Figure 101. Editing task properties. The Account tab On the Schedule tab (see the figure below), you can change task scheduling options. Click the Advanced link to: configure automatic startup of the operating system (see section "Automatic operating system loading on the client computers before task execution" on page 139) on the computers turned off at the time when the task is launched; configure the computer to be turned off (see section "Turning off the computer after the task execution" on page 139) after the task is completed; restrict the duration of task execution (see section "Restricting time for the task execution" on page 139). 133

134 R E F E R E N C E G U I D E The content of the Schedule tab and its operation are identical to those available in the schedule settings configuration window that opens when you create a task (see section "Creating a group task" on page 116). Figure 102. Editing task properties. The Schedule tab On the Notification tab (see the figure below), you can edit the settings for sending notifications about task performance results: In the Store task history group of fields, specify where the task history will be stored. To do this, check the box: Store events locally to store information locally on each client. This option is only available for Kaspersky Anti-Virus 5.0 for Windows File Servers MP4. On Administration Server for (days) to store task history, sent from all clients, centrally on the Administration Server. In the field to the right, specify the time interval for which the task history will be stored on the server. When the specified period has elapsed, the information will be deleted from the server. In the event log on client computer to save information about events locally in the Windows Event Log of each client computer. In the event log on Administration Server to enable centralized logging of all application events on all clients in this group in the specified Administration Server's Windows Event Log. Use the same field to specify which events are to be logged: Save all events; Save events related to task execution progress; 134

135 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S Save execution result only. In the Notify administrator group, specify the method that will be used to notify the administrator (or other users) about task results. Click the Settings button to configure the notification parameters. To do this, check one or more of the following boxes: Send send notifications through a mail server. Use NET SEND send network notifications using the NET SEND service. For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers. Run executable run a program or an executable when the event is raised. Settings are configured as in the event properties under the Notification tab. The settings specified in the Administration Server settings are used by default (see section "Configuring Administration Server settings" on page 33). Check the Notify of errors only box to be notified about errors only. Figure 103. Editing task properties. The Notification tab 135

136 R E F E R E N C E G U I D E Properties of the tasks for specific computers also contain the Client computers tab (see the figure below). It displays a list of client computers which will perform the task. You can add and remove clients from the list. Figure 104. Editing a task for specific computers. The Client computers tab CREATING A LOCAL TASK To create a local task for a client computer: 1. In the Managed computers folder select the folder with the name of the group that includes the required client computer. 2. In the results pane, select the computer that will perform the task being created, and use the Properties command of the context menu. 136

137 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S After this, the <Computer name> Properties window will appear in the main application window (see the figure below). Figure 105. Viewing client computer properties. The General tab 137

138 R E F E R E N C E G U I D E 3. Open the Tasks tab (see the figure below). It shows all tasks created for this client computer. To create a new local task, click the Add button. To configure the task settings, click the Properties button. Figure 106. Creating a local task. The Tasks tab For instructions on how to create and configure a local task, see the documentation for the corresponding applications. DISPLAYING AN INHERITED GROUP TASK IN THE RESULTS PANE OF A NESTED GROUP To display inherited tasks in the Group tasks folder of a child group: 1. Select the Group tasks folder in the results pane of the nested group. 2. Open the context menu, select the View option, and check the Inherited tasks box. This will display the inherited group tasks in the results pane marked with the icon. You can view inherited group task properties. Inherited group tasks may only be edited in a group under which they were created. 138

139 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S AUTOMATIC OPERATING SYSTEM LOADING ON THE CLIENT COMPUTERS BEFORE TASK EXECUTION To ensure that the task is executed on computers that are turned off at the time specified in the schedule: 1. On the Schedule tab of the task configuration window, press the Advanced button. 2. In the window that opens (see the figure below), check the Activate computer before the task is launched by the Wake On LAN function (min) box, and specify the required time. Figure 107. The Advanced window As a result, the operating system of the computer will start up before the task is launched. Automatic startup of the operating system is only available on computers supporting the Wake on LAN function. TURNING OFF THE COMPUTER AFTER THE TASK EXECUTION To turn off the computer after the task is completed: 1. On the Schedule tab of the task configuration window, press the Advanced button. 2. In the window that opens check the Turn off computer after task is completed box. RESTRICTING TIME FOR THE TASK EXECUTION To restrict the duration of task execution: 1. On the Schedule tab of the task configuration window, press the Advanced button. 2. In the window that opens check the Stop if the task is taking longer than (min) and specify the time period in minutes after which the task will be stopped. 139

140 R E F E R E N C E G U I D E EXPORTING A TASK Rights of the local users will not be exported. To export a group task to a file: 1. In the console tree, open the Managed computers folder in the console tree and select the required group. 2. Open its Group tasks subfolder and select the necessary task. 3. Open the context menu and select the All tasks Export command or use the Export task link in the task pane. 4. In the window that opens, specify the name of the file where the task will be saved and its location. Click the Save button. To export a task for specific computers: 1. In the console tree, open the Tasks for specific computers folder and select the required task. 2. Open the context menu and select the All tasks Export command or use the Export task link in the task pane. 3. In the window that opens, specify the name of the file where the task will be saved and its location. Click the Save button. Kaspersky Administration Kit tasks cannot be exported. IMPORTING A TASK To import a group task from a file: 1. Open the Managed computers folder in the console tree and select the required group. 2. Select its Group tasks subfolder. 3. Open the context menu and select the All tasks Import command or use the Import task from file link in the results pane. 4. In the window that opens, specify the path to the source file containing the required task. Click the Open button. To import a task for specific computers: 1. In the console tree, select the Tasks for specific computers. 2. Open the context menu and select the All tasks Import command or use the Import task from file link in the results pane. 3. In the window that opens, specify the path to the source file containing the required task. Click the Open button. As a result, the new task will appear in the selected tasks folder within the console tree. If the selected folder already contains a task with the name matching the name of the imported task, a numerical suffix will be appended to the task. Kaspersky Administration Kit tasks cannot be imported. 140

141 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S TASKS CONVERSION Using Kaspersky Administration Kit, you can convert the tasks of the previous version of Kaspersky Lab applications to the current version. To do this, use the Policies and tasks conversion wizard (see section "Policies conversion" on page 108). STARTING AND STOPPING TASKS MANUALLY To start or stop a task manually: 1. Select the target task (for a group or for specific computers) in the results pane. 2. Open the context menu and choose the Start or Stop command. For quick access to the operation, you can click the Run the task link or Stop the task link in the results pane, or press the Start or Stop button in the task properties window (see section "Viewing and changing task settings" on page 130). PAUSING / RESUMING TASKS MANUALLY To pause or resume a running task, select the target task (for a group or for specific computers) in the results pane, open the context menu and choose the Pause or Resume command. To perform the same operations, use the task properties window (see section "Viewing and changing task settings" on page 130) on the General tab using the Start, Stop, Pause or Resume buttons. Tasks are launched on a client only if the corresponding application is running. When the application is not running, all running tasks are cancelled. 141

142 R E F E R E N C E G U I D E MONITORING TASK EXECUTION To start monitoring the task execution, open the settings window (see section "Viewing and changing task settings" on page 130) for the task you need and switch to the General tab (see the figure below). Figure 108. Editing task settings. The General tab The following information will be displayed in the lower part of the General tab: Modified number of computers for which the task settings have been modified on the Administration Server or a command was sent, but the changes have not yet been synchronized with the client computer. Scheduled number of computers for which this task is scheduled and synchronized with the Administration Server. Paused number of computers on which this task is paused. Running number of computers on which this task is running. Completed number of computers on which this task has been completed successfully. Completed with an error number of computers on which the task failed. Similar information for each task is displayed in the main program window when you are viewing the properties of a group task or a task for specific computers. 142

143 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S VIEWING RESULTS OF THE TASK EXECUTION STORED ON THE ADMINISTRATION SERVER To view the results of task execution stored on the Administration Server, open the settings window (see section "Viewing and changing task settings" on page 130) for the task you need and switch to the General tab and press the Results button. This will open the Task results window (see the figure below). The upper part of the window contains the list of client computers for which this task is defined. The following information is displayed: Client computer name of the client computer for which the task is assigned. Group the name of the administration group that contains the client computer. Status the current task status. Time the date and time when the last event occurred. Description detailed description of the current task status on the client computer. The lower part of the window displays the results of the task execution on the selected client computer: Status all changes in the task status. Time date and time when each event occurred. Description detailed description of each event. Information contained in the window includes data from the slave Administration Servers. Use the Refresh button to update information in the tables. Figure 109. Viewing results of the task execution stored on the Administration Server To view task performance results for each client computer, open the <Computer name> Properties window using the Results button on the Tasks tab. You will see information stored on the Administration Server. Viewing task results stored locally on a client computer is only available during work with Kaspersky Anti-Virus 5.0 for Windows File Servers MP4; it is performed through the Administration Console installed locally on this host. 143

144 R E F E R E N C E G U I D E CONFIGURING THE EVENT FILTER FOR A GROUP TASK To configure a filter for information displayed in the Task results: 1. Use the Filter command from the context menu of the list of client computers. This will open the filter settings window (see the figure below). Configure the filter settings. 2. Select the event characteristics and task execution results that must be displayed after the filter has been applied, using the Events tab: Select the event importance level from the drop-down list. To display task results, select the required task status in the Task results field. To collect information about results of the last task launch only, check the Show only last results of the task box. To restrict the amount of information to be displayed after the filter has been applied, check the Restrict the number of displayed events box and indicate the maximum number of rows to be included in the table. Figure 110. Configuring an event filter. The Events tab 3. Using the Computers tab (see the figure below), define the hosts where the events and task execution results included in the selection must be registered. You can use the following parameters: 144

145 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S Computer name. Computer name in the Windows network. Administration group. DNS domain. Windows domain. IP address range. To do this, check the corresponding box and enter the initial and final IP addresses of computers. Figure 111. Configuring an event filter. The Computers tab 4. Using the Time tab (see the figure below), define the time of event occurrence and task execution results. You can select the following options: During a period - to define fixed dates for the beginning and end of the period. To specify the dates, select Events on in the From and To fields respectively and enter the exact date and time. If all recorded information is required, select First event and Last event. For recent days to specify the number of days. In this case the time interval will be calculated starting with the time of list creation. 145

146 R E F E R E N C E G U I D E For example, if the field contains 2 days, and the list is created on June 24 at 3.00 pm, then it will include the data for the period since 3.00 pm of June 22 until 3.00 pm June 24. Figure 112. Configuring an event filter. The Time tab 5. After you have finished configuring settings for the filter, press the OK button. As a result, only the data that complies with the specified settings will be displayed in the Task results window. CONFIGURING EVENT FILTER FOR A SELECTED COMPUTER To configure a filter for information displayed for a selected computer: 1. In the context menu of the computer, select the Events command. 2. In the Events window that opens, press the Filter button. 3. In the filter configuration window, specify filter settings on the Events (see the figure below) and Time tabs. Select the event characteristics and task execution results that must be displayed after the filter has been applied, using the Events tab: In the Application name field, select the name of the application that should register the required events. Specify the Version number of the application. 146

147 M A N A G I N G T H E O P E R A T I O N O F A P P L I C A T I O N S Specify the Task name which resulted in the event. Select the event importance level from the drop-down list in the Severity field. For each application event types are defined that may occur during its operation. Each event has a characteristic that reflects its importance level. Events of the same type may be assigned different severity levels depending on the situation in which the event occurred. To configure the filter to include only events of a specific type, check the Events box and check boxes next to the names of the required types. If the event type is not specified, all types of events will be displayed. To ensure that the execution results for tasks with a certain status are displayed, check the Results of performing tasks box and select the required task status. To collect information about results of the last task launch only, check the Show only last results of the task box. To restrict the amount of information to be displayed after the filter has been applied, check the Restrict the number of displayed events box and indicate the maximum number of rows to be included in the table. Figure 113. Configuring an event filter. The Events tab Using the Time tab, configure settings similarly to the settings for a group task (see section "Configuring the event filter for a group task" on page 144). The Computers tab is not provided as the filter is configured for a selected computer only. 147

148 R E F E R E N C E G U I D E 4. After you have finished configuring the filter, press the OK button. As a result, only data that complies with the specified settings will be displayed in the Events window. REMOVING A FILTER To remove a filter, use the Remove filter command from the context menu. 148

149 CLIENT COMPUTERS The client computers included in an administration group are displayed in the table on the results pane of the Client computers subfolder. IN THIS SECTION Adding computers to group Viewing information about a client computer Viewing client system information Administration Server change task Client computer management task Sending a message to the user of the client computer Connecting the client computer to the Administration Server manually. The klmover.exe utility Client-to-Administration Server connection check frequency Remote diagnostics of client computers utility (klactgui) ADDING COMPUTERS TO GROUP To add one or several computers to a specific administration group: 1. Open the Managed computers. 2. Select the group folder to which you wish to add the client computers. If you are adding a computer to the highest hierarchy level, select the Managed computers folder. 3. Select the Client computers folder. 4. Open the context menu and select the New Computer command. 5. A wizard will start. Follow its instructions to add client computers and build the list of hosts to be added to the groups. If you have selected automatic addition of computers (the Automatically, based on Administration Server data option), then the list of computers will be generated using the data that the Administration Server receives while polling the corporate Windows network, IP subnets or Active Directory groups. In that case the window for selection of hosts contains the Unassigned computers folder. Select computers to be included in the group. You can select computers from different folders, or select the entire folder. If you selected the manual method for adding computers, you will be asked to create the list of computers to be included in the group. You can either create the list of addresses in the wizard window using the Add and Remove buttons, or import the list from a text file using the Import button. You can use either an IP address (or a range of IP addresses), or computer names on the Windows network as the computer's address. To import the list from a file, specify a.txt file with the list of addresses of computers that are being added. Each address must be specified in a separate line. 149

150 R E F E R E N C E G U I D E In case of manual computer addition (as data entered by the administrator) the reliability and validity of the information is checked to prevent name conflicts and ensure that only unique names are used. If the Administration Server database contains information about the presence of a computer in the Windows network, the computer will be included in the group. To navigate quickly to the wizard for adding computers to the console tree, open the Managed computers folder, select the group to which you wish to add the client computer and click the Add computers to the group link in the Group structure management section of the Groups tab in the task pane. Once the wizard completes successfully, the computers will be included in the group and will be displayed in the results pane under names determined by the Administration Server. A computer can also be automatically added in the main application window of Kaspersky Administration Kit by dragging the computer from the Unassigned computers folder and dropping it in the appropriate administration group. VIEWING INFORMATION ABOUT A CLIENT COMPUTER To view information about a client computer included in an administration group: 1. In the Managed computers folder select the folder with the name of the group that includes the required client computer and open the Client computers folder. The list of clients in this group will be displayed in the results pane. 2. Select the required client and use the Properties command of the context menu. The <Computer name> Properties window containing several tabs (see the figure below) will appear in the main program window. 150

151 C L I E N T C O M P U T E R S To find the client computer you need, you can use the Search function (see section "Search" on page 306). Figure 114. Viewing client computer properties. The General tab On the General tab (see the figure above) you can: view the network settings of client computers. edit the host name in the administration group. The host name is generally assigned by the Administration Server and coincides with the computer name on the Microsoft Windows network. enter your own description for the computer. define the connection settings with the Administration Server by using the Do not disconnect from the Administration Server box. If this box is checked, the connection between the Administration Server and the client computer is uninterrupted. If this box is unchecked (default value), the client computer will only connect to the Administration Server to synchronize the data or to transfer the information. Permanent connection should only be established with the most important client computers because Administration Server supports no more than 1500 simultaneous connections. view system information in the System information window (see section "Viewing client system information" on page 154), that opens by clicking the System information link. The window contains information about hardware and software of the client host and users connected to that computer. The information displayed on the tab reflects data received during the last synchronization session. The Protection tab (see the figure below) shows the current status of anti-virus protection on a client computer. You can view the following data: 151

152 R E F E R E N C E G U I D E Computer status the status of the client computer assigned according to the diagnostics criteria of the computer's anti-virus protection, and the criteria regarding the computer network activity level, set by the administrator. The field below the status value lists the conditions which determined the client computer's current status. Real-time protection status current status of anti-virus protection. Last full scan date date and time of the last anti-virus scan of the client computer. Viruses found total number of viruses detected on the client computer (the counter of detected viruses) since the installation of anti-virus application (first scan) or since the last time the virus counter was reset. To reset the counter, click the Reset button. Figure 115. Viewing client computer properties. The Protection tab 152

153 C L I E N T C O M P U T E R S The Applications tab (see the figure below) lists all the Kaspersky Lab applications installed on the client computer. You can view general information about an application, manage its performance, and configure its settings (see section "Local application settings" on page 110). Figure 116. Viewing client computer properties. The Applications tab 153

154 R E F E R E N C E G U I D E On the Tasks tab (see the figure below), you can manage tasks for client computers (view existing tasks, delete and create new tasks, start and stop them, change task settings, and view task performance results). The information about tasks reflects the data received during the last client-server synchronization session. The Administration Server polls the client for the current task status. If connection fails, the status is not displayed. Figure 117. Viewing client computer properties. The Tasks tab VIEWING CLIENT SYSTEM INFORMATION The System information window contains detailed system information of client computers including the following tabs: General (see the figure below). 154

155 C L I E N T C O M P U T E R S This tab displays information about the client computer operating system and hardware. Figure 118. The client system information window. The General tab Applications registry (see the figure below). This tab displays a list of programs installed on the client computer. Check the Display incompatible security applications only box to show in the list of applications only those security applications that are incompatible with Kaspersky Lab applications. 155

156 R E F E R E N C E G U I D E To display installed updates in the list, check the Show updates box. Figure 119. The client system information window. The Applications registry tab 156

157 C L I E N T C O M P U T E R S To review information about an individual application, select it in the list and click the Properties button. The window displayed after that (see the figure below) will contain information about the application generated from the registry data. Figure 120. The application properties information window Sessions (see the figure below). This tab contains information about current work sessions of the client computer. In accordance with the data received from the client computer, the table contains the following information about each session: Name; Participant's Name; Account; 157

158 R E F E R E N C E G U I D E . Figure 121. The client system information window. The Sessions tab Comments (see the figure below). 158

159 C L I E N T C O M P U T E R S You can use this tab to add, view and edit comments. Comments can include any information about the client computer that you might need. For convenience you can also define the importance level. Figure 122. The client system information window. The Comments tab To add a new comment, click the Add button and use the displayed window (see the figure below) to: select the comment importance level in the drop-down list: Information, Critical, Warning. 159

160 R E F E R E N C E G U I D E enter the comment in the Comment text. The initial words of the entered text will appear in the Text column of the comments list (see the figure above). Figure 123. Making a new comment if the comment is related to an individual user of the computer, check the Specify user box and then press the Select button to select the user from the suggested list in the window that opens (see the figure below). Figure 124. Editing a comment. Selecting a user To view in the list only the users registered on that computer, check the Display only logged on users box. If this box is unchecked, the list will contain all users registered on the computers within the administration group. 160

161 C L I E N T C O M P U T E R S ADMINISTRATION SERVER CHANGE TASK To create an Administration Server change task: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) managing the computers being transferred. 2. Run the wizard to create a group task (see section "Creating a group task" on page 116) or create a task for specific computers (see section "Creating a task for specific computers" on page 129). 3. During selection of the application and definition of the task type (see the figure below) choose: Kaspersky Administration Kit, open the Advanced folder and select the Change Kaspersky Administration Server task. Figure 125. Selecting the application to be installed 161

162 R E F E R E N C E G U I D E 4. At the next stage (see the figure below), specify the settings that will be used by the Network Agent installed on client computers to connect to the new Server. Figure 126. Specifying the Server and selecting the certificate In the Administration Server connection settings group of fields: Specify the address of the Administration Server managing the administration groups to which the client computers are to be moved. You can use either its IP address or the computer's name in the Windows network as the computer's address. Specify the port number to be used for connection to the new Administration Server. The default port number is Specify the port number to be used for secure connection to the new Administration Server (using the SSL protocol). The default port number is Check the Use proxy server box if connection to the Administration Server is established through the proxy server. Enter the proxy server address in the Proxy address field. Fill in the User name and Password fields if user authorization is required to access this proxy server. 162

163 C L I E N T C O M P U T E R S Task settings configured at this stage can be modified on the Settings tab (see the figure below) of the task property window (see section "Viewing and changing task settings" on page 130). Figure 127. Viewing the Administration Server change task settings Furthermore, in this window in the Administration Server certificate section, using the Select button, you can also specify the certificate file for authentication on the new Administration Server. The certificate file is klserver.cer, and it is located on the Administration Server where computers are being moved, in the Cert subfolder of the program folder specified during installation of Kaspersky Administration Kit. You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure access settings for the Server. 5. If you are creating a task for specific computers, you will have to create a list of client computers (see section "Creating a task for specific computers" on page 129) which will run the task. When the task successfully completes, these computers will be moved to the administration groups of the Administration Server specified in the task settings, and placed in the Unassigned computers group. If a group task is used, all client computers of the specified group will be connected to the new Administration Server. The Administration Server change task will not be executed for the client computer which hosts Administration Server. 6. During the final step create the schedule (see section "Creating a group task" on page 116) for running this task. 163

164 R E F E R E N C E G U I D E CLIENT COMPUTER MANAGEMENT TASK Kaspersky Administration Kit provides a capability to remotely manage the client computers using the following tasks: Turn on the computer (see section "Turning on the client computer" on page 164). Shut down the computer (see section "Shutting down the client computer" on page 167). Restart the computer (see section "Restarting the client computer" on page 170). TURNING ON THE CLIENT COMPUTER To Turn on the computer: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) managing the client computers. 2. Run the wizard to create a group task (see section "Creating a group task" on page 116) or create a task for specific computers (see section "Creating a task for specific computers" on page 129). 3. Select the type of the task (see the figure below). To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the Advanced folder and select Manage client computer. 4. Press the Next button in order to proceed with creating the client computer management task. Figure 128. Selecting the task type 164

165 C L I E N T C O M P U T E R S 5. Select Turn on the computer in the Settings window (see the figure below). Figure 129. Task settings 6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the Next button. Figure 130. Computer selection 165

166 R E F E R E N C E G U I D E 7. Create the task launch schedule (see section "Creating a group task" on page 116) (see the figure below). Press the Next button. Figure 131. Scheduling task launch 8. Click the Finish button to complete task creation (see the figure below). Figure 132. Completing task creation 166

167 C L I E N T C O M P U T E R S SHUTTING DOWN THE CLIENT COMPUTER To Shut down the computer: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) managing the client computers. 2. Run the wizard to create a group task (see section "Creating a group task" on page 116) or create a task for specific computers (see section "Creating a task for specific computers" on page 129). 3. Select the type of the task (see the figure below). To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the Advanced folder and select Manage client computer. 4. Press the Next button in order to proceed with creating the client computer management task. Figure 133. Selecting the task type 167

168 R E F E R E N C E G U I D E 5. Select Shut down the computer in the Settings window (see the figure below). Figure 134. Task settings If you do not want the server to request task performance confirmation from the client computer, uncheck the Prompt user for confirmation box in the lower window part (by default, this box is checked). Using the Repeat the prompt regularly in (min), specify the interval (in minutes) in which Kaspersky Administration Kit will prompt the user to confirm the shutdown (the default interval is 10 minutes). In the Force shutdown after (min) field enter the interval after which the Administration Server will perform the restart (see the figure below). Press the Next button. 168

169 C L I E N T C O M P U T E R S 6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the Next button. Figure 135. Computer selection 7. Create the task launch schedule (see section "Creating a group task" on page 116) (see the figure below). Press the Next button. Figure 136. Scheduling task launch 169

170 R E F E R E N C E G U I D E 8. Click the Finish button to complete task creation (see the figure below). Figure 137. Completing task creation RESTARTING THE CLIENT COMPUTER To Restart the computer: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) managing the client computers. 2. Run the wizard to create a group task (see section "Creating a group task" on page 116) or create a task for specific computers (see section "Creating a task for specific computers" on page 129). 3. Select the type of the task (see the figure below). To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the Advanced folder and select Manage client computer. 170

171 C L I E N T C O M P U T E R S 4. Press the Next button in order to proceed with creating the client computer management task. Figure 138. Selecting the task type 5. Select Restart the computer in the Settings window (see the figure below). Figure 139. Task settings 171

172 R E F E R E N C E G U I D E If you do not want the server to request task performance confirmation from the client computer, uncheck the Prompt user for confirmation box in the lower window part (by default, this box is checked). Using the Repeat the prompt regularly in (min), specify the interval (in minutes) in which Kaspersky Administration Kit will prompt the user to confirm the restart (the default interval is 10 minutes). In the Force restart after (min) field enter the interval after which the Administration Server will perform the restart (see the figure below). Press the Next button. 6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the Next button. Figure 140. Computer selection 172

173 C L I E N T C O M P U T E R S 7. Create the task launch schedule (see section "Creating a group task" on page 116) (see the figure below). Press the Next button. Figure 141. Scheduling task launch 8. Click the Finish button to complete task creation (see the figure below). Figure 142. Completing task creation 173

174 R E F E R E N C E G U I D E SENDING A MESSAGE TO THE USER OF THE CLIENT COMPUTER To send a message to the user: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) managing the client computer. 2. Run the wizard to create a group task (see section "Creating a group task" on page 116) or create a task for specific computers (see section "Creating a task for specific computers" on page 129). 3. In the Task type wizard window, open the Kaspersky Administration Kit node, and then the Advanced nested folder. 4. In the task list select Message (see the figure below) and press the Next button. Figure 143. Message for the user 174

175 C L I E N T C O M P U T E R S 5. Enter the text of the message which will be displayed on the screen of the user's computer. The text can contain the links, using which the user will be able to go to the respective resource (see the figure below). Press the Next button. Figure 144. User message text 175

176 R E F E R E N C E G U I D E 6. Select computers in the administration groups (see the figure below) on which the task will be started. Press the Next button. Figure 145. Computer selection 7. Create the task launch schedule (see section "Creating a group task" on page 116) (see the figure below). Press the Next button. Figure 146. Scheduling task launch 176

177 C L I E N T C O M P U T E R S 8. Click the Finish button to complete task creation (see the figure below). Figure 147. Completing task creation CONNECTING THE CLIENT COMPUTER TO THE ADMINISTRATION SERVER MANUALLY. THE KLMOVER.EXE UTILITY To connect a client computer to an Administration Server manually: From the command line on the client computer, start the klmover.exe utility included in the distribution package of the Network Agent. After the installation of the Network Agent, this utility is located in the root of the destination folder specified during the installation of the component, and when run from the command line, it can perform the following actions, depending on the keys used: Connects the Network Agent to the Administration Server using the parameters supplied. Logs the results of the operation in the events log file, or displays them on the screen. Utility command line syntax: klmover [-logfile <file name>] [-address <server address>] [-pn <port number>] [-ps <SSL port number>] [-nossl] [-cert <path to certificate file>] [-silent] [-dupfix] The command line parameters are as follows: -logfile <filename> record the results of the program's operation in the log file. By default the information will be stored in the file stdout.tx. If the modifier is not used, the results and error messages will be printed to the screen. 177

178 R E F E R E N C E G U I D E -address <server address> the address of the Administration Server for connection. The address can be represented by IP address, NetBIOS or DNS name of the computer. -pn <port number> number of the port that will be used for an unsecured connection to the Administration Server. The default value is ps <SSL port number> number of the port that will be used for a secured connection to the Administration Server using the Secure Sockets Layer (SSL) protocol. By default, port will be used. -nossl use an unsecured connection to the Administration Server; if no modifier is used, a secure connection between the Network Agent and Administration Server will be established using the SSL protocol. -cert <full path to the certificate file> use the specified certificate file for authentication when accessing the new Administration Server. If no modifier is used, the Network Agent will receive the certificate on its first connection to the Administration Server. -silent launch the utility in non-interactive mode. This modifier can be useful, for instance, when launching the utility from the startup script when registering the user. -dupfix this modifier is used if the Network Agent was installed using a method other than the regular installation from a distribution package. For example, it could have been restored from a disk image. 178

179 CLIENT-TO-ADMINISTRATION SERVER CONNECTION CHECK FREQUENCY Kaspersky Administration Kit can check the connection between the client computer and the Administration Server using: klnagchk.exe utility; the Check connection action. The klnagchk.exe utility provides detailed information about the client computer connection settings. The Check connection action checks host availability for the Administration Server. IN THIS SECTION Verifying connection of the client computer to Administration Server manually. The klnagchk.exe utility Checking the connection between the client computer and the Administration Server using the Check connection action VERIFYING CONNECTION OF THE CLIENT COMPUTER TO ADMINISTRATION SERVER MANUALLY. THE KLNAGCHK.EXE UTILITY To verify connection of the client computer to the Administration Server using the klnagchk.exe utility, on the client computer start the klnagchk.exe utility included in the distribution package of the Network Agent from the command line. After the installation of the Network Agent, this utility is located in the root of the destination folder specified during installation of the application, and when run from the command line, it can perform the following actions, depending on the keys used: outputs to the screen or records in the log file the connection parameters used by the Network Agent installed on the client computer to connect to the Administration Server; outputs to the screen or in the log file the statistics about operation of the Network Agent since its last launch, and the results of this utility operation; attempts to connect the Network Agent to the Administration Server; if the connection could not be established, sends an ICMP packet to verify the status of the computer on which the Administration Server is installed. Utility command line syntax: klnagchk [-logfile <file name>] [-sp] [-savecert <path to the certificate file>] [- restart] The command line parameters are as follows: -logfile <filename> log the connection parameters used by Network Agent to connect to the Administration Server and the results of the utility operation. By default the information will be stored in the stdout.tx. file. If the modifier is not used, the parameters, results and error messages will be printed to the screen. 179

180 R E F E R E N C E G U I D E -sp display the password used to authenticate the user on the proxy server. This parameter is used if connection to the Administration Server is performed using a proxy server. -savecert <filename> save the certificate used to access the Administration Server in the specified file. -restart restart the Network Agent after the utility has completed. CHECKING THE CONNECTION BETWEEN THE CLIENT COMPUTER AND THE ADMINISTRATION SERVER USING THE CHECK CONNECTION ACTION To check connection between the client computer and the Administration Server using the Check connection action: 1. Select a client computer or a slave Administration Server. 2. Select Check connection in its context menu. This will open a window containing information about availability of the computer. Operability of the Network Agent is determined based on the information about the client computer available to the Administration Server. REMOTE DIAGNOSTICS OF CLIENT COMPUTERS UTILITY (KLACTGUI) The klactgui utility is designed to perform the following operations on the remote computer: Enabling and disabling trace, changing the trace level, and downloading the trace file (see section "Enabling and disabling trace, downloading the trace file" on page 181). Downloading application settings (on page 183). Downloading event logs (on page 185). Launching the diagnostics and downloading the results of its operation (see section "Launching the diagnostics and downloading the results of its operation" on page 185). Starting and stopping the applications (see section "Starting and stopping the applications" on page 187). To work with the utility: 1. Install the utility to any computer. To do this, unpack the downloaded archive and run the klactgui_ru.msi (or klactgui_en.msi) file. The utility files are saved to the C:\Program Files\Kaspersky Lab\klactgui directory. The utility is uninstalled using standard tools of the operating system. Launch the utility using the menu Start Programs klactgui or open the context menu of the client computer and select Custom tools (on page 330) Remote diagnostics. 2. To connect to the computer, in the main utility window perform the following actions (see the figure below): Select the Access using Microsoft Windows network option. 180

181 C L I E N T C O M P U T E R S In the Computer field enter the name of the computer from which information should be collected. Specify the account for connecting to the computer: Connect as current user connection will be established under the account of the current user. Use provided user name and password to connect connect under the specified account. When selecting this option, specify the User name and Password of the required account. Connection should be established under the account of the local administrator. Figure 148. Connecting to the computer 3. After specifying the necessary data for connection, press the Enter button. 4. In the window that opens perform the necessary operations and download the necessary files. The utility saves the files downloaded from client computers to the desktop of the computer from which it has been launched. ENABLING AND DISABLING TRACE, DOWNLOADING THE TRACE FILE To enable or disable trace: 1. Connect to the required computer. 181

182 R E F E R E N C E G U I D E 2. In the tree select the application, the trace for which you need to collect, and in the left part of the window follow the Enable trace link (see the figure below). Figure 149. Enabling trace Enabling and disabling trace for applications using self-protection methods is only possible when they are accessed using the Administration Server. In some cases, the product and the corresponding task should be restarted to enable trace of the Kaspersky Anti-Virus. You can disable Kaspersky Anti-Virus using Kaspersky Administration Kit (the client computer properties the Applications tab), and enable it with this utility (the Launch the program link appears in the left part of the window if Kaspersky Anti-Virus is disabled). 182

183 C L I E N T C O M P U T E R S 3. After enabling trace, the trace files appear as its subparagraphs. To download a trace, select the required file and in the left part of the window follow the Download file link to download the entire file (see the figure below). For big files, there is an option of downloading the last parts of the trace only. Figure 150. Downloading the trace file You can also delete the selected file. However, deleting files is available only after disabling trace. 4. To disable trace, select the application and in the left part of the window follow the Disable trace link. DOWNLOADING APPLICATION SETTINGS To download application settings: 1. Connect to the required computer. 2. In the tree select the computer name and in the left part of the window follow the link: Load system information to receive complete information about the client computer system. 183

184 R E F E R E N C E G U I D E Load application settings to download the settings of Kaspersky Lab applications installed on this computer. Generate process memory dump to generate and download the dump of the specified application (see the figure below). Figure 151. Generating process memory dump In the window that opens specify the executable file for which the memory dump file should be generated (see the figure below). Figure 152. Generating process memory dumps Start utility to download the specified utility to the remote computer, to launch it on that computer and download the results of its operation. 184

185 C L I E N T C O M P U T E R S DOWNLOADING EVENT LOGS To download an event log: 1. Connect to the required computer. 2. In the Event logs folder select the required log and in the left part of the window follow the Download Kaspersky Event Log link (see the figure below). Figure 153. Downloading event log LAUNCHING THE DIAGNOSTICS AND DOWNLOADING THE RESULTS OF ITS OPERATION To launch the diagnostics for an application: 1. Connect to the required computer. 185

186 R E F E R E N C E G U I D E 2. In the tree select the required application and in the left part of the window follow the Run diagnostics link (see the figure below). Figure 154. Running the diagnostics 186

187 C L I E N T C O M P U T E R S 3. After creating the diagnostics report you can download it by following the Download file link (see the figure below). Figure 155. Downloading the diagnostics report STARTING, RESTARTING AND STOPPING THE APPLICATIONS Starting, restarting and stopping the applications is only possible through the Administration Server. To start, restart or stop the application: 1. Connect to the required computer. 2. In the tree select the required application and in the left part of the window follow the link (see the figure below): Stop application. Restart application. Start application. 187

188 R E F E R E N C E G U I D E Depending on the action selected, the application will be started, stopped or restarted. Figure 156. Starting, restarting and stopping the application 188

189 REPORTS AND NOTIFICATIONS Information about the status of anti-virus protection system can be presented in reports. Reports are generated based on the data stored on the Administration Server, and can be created: for a selection of client computers; for computers of a specific administration group; for a set of client computers from different administration groups; for all the computers on the network (available for the deployment report). The application includes a set of standard report templates; it also supports creation of user-defined templates. Reports can be viewed in the Reports and notifications folder of the console tree. Besides operations with reports, the Reports and notifications folder allows access to the configuration of general notification settings for an Administration Server. IN THIS SECTION Creating a report template Viewing statistics Viewing and editing report templates Generating and viewing reports Reports delivery task Administration Servers hierarchy reports Restricting the number of records included in reports Notification limit Notifications CREATING A REPORT TEMPLATE To create a new report template: 1. Select the Reports and notifications folder and use the New Report Template command. A wizard will start. 2. Specify the template name. If a template with this name already exists, the (1) ending will be automatically added to the new template name. 3. Choose the report type. The following steps will depend on your choice. 4. Specify the reporting period (see the figure below). You can define fixed reporting dates or leave the end date open. In the second case, the program will use the current system date as the end date for the report. You can also select the For recent days option and specify the number of days in the field to the right. In that case the time interval will be calculated starting with the time of report creation. E.g., if the field contains 2 days, and the 189

190 R E F E R E N C E G U I D E report is created on June 24 at 3.00 pm, then it will include the data for the period since 3.00 pm of June 22 until 3.00 pm June 24. This step is skipped for reports reflecting the state on the date of their generation - for example, for reports on the current anti-virus protection. Figure 157. Creating a report template. Defining the reporting period 5. Specify objects for which you want to create the report (see the figure below). I want to create a report for a group create a report for client computers included in an administration group. I want to create a report for a list of computers create a report for client computers from different administration groups. 190

191 R E P O R T S A N D N O T I F I C A T I O N S Report on a selection of client computers create a report for a selection of client computers. Figure 158. Creating a report template. Selecting objects to be reported. 6. Then, in accordance with the report type chosen during the previous step, specify the group, the set of client computers or selection of client computers for which you want to create a report (see the figure below). Complete the wizard. Figure 159. Creating a report template. Selecting client computers. 191

192 R E F E R E N C E G U I D E After you complete the wizard, the new template will be added to the Reports and notifications folder in the console tree and displayed in the results pane. The template can be used to create and view reports. VIEWING STATISTICS In Kaspersky Administration Kit graphic presentation of the information reflecting the status of the anti-virus protection system can be found on the Statistics tab of the Reports and notifications folder. The tab can consist of several pages; each of them includes information panels that provide statistical information in convenient and understandable format. Information panels are represented as tables or (pie or bar) charts, making comparison of various data easier and clearly demonstrating the relation between them. The data in information panels is constantly updated to reflect the current status of anti-virus protection. The Statistics tab lets the administrator view the statistical data about the current status of the protection, updates, antivirus statistics, general statistics, etc. An extended results pane is available for the Statistics tab (see the figure below). Figure 160. Results pane of the Statistics tab Administrators can change the displayed pages, the number of information panels and the presentation method. In order to modify the settings used to display the statistical data, use the following buttons: 192

193 R E P O R T S A N D N O T I F I C A T I O N S configure the list of pages; configure the statistics page; the button is located next to the page name; configure settings for separate panel display; the button is located next to the panel name; and collapse or expand an information panel; print the statistics page. CREATING A STATISTICS PAGE In Kaspersky Administration Kit you can create customized statistics pages which contain only the necessary information panels. To add an information panel to the page: 1. Press the button in the top right corner of the Statistics tab. This will open the tab settings configuration window (see the figure below). Figure 161. Configuring the tab settings 193

194 R E F E R E N C E G U I D E 2. Press the Add button located in the Statistics window. This will open the new page settings window (see the figure below). Figure 162. The new page settings window 3. Configure the page settings: Specify the following settings on the General tab: page name; number of columns in information panels. On the Informational panels tab create a collection of information panels (see section "Creating an information panel" on page 196). 4. Press the OK button to complete creation of the page. 194

195 R E P O R T S A N D N O T I F I C A T I O N S CHANGING THE SET OF STATISTICS PAGES In order to change the list of the statistics pages: 1. Press the button in the top right corner of the Statistics tab. This will open the tab settings configuration window (see the figure below). Figure 163. Configuring the tab settings 2. Select the page heading. You can change the list of pages using the following buttons: Add add pages to the tab; Properties change the page settings; delete page; and change the order of pages on the tab. 195

196 R E F E R E N C E G U I D E CREATING AN INFORMATION PANEL To add an information panel to the page: 1. Click the button, located next to the name of the page. This will open the page settings configuration window (see the figure below). Figure 164. The page settings window 196

197 R E P O R T S A N D N O T I F I C A T I O N S 2. Press the Add button located on the Information panels page settings configuration window. This opens the New information panel window (see the figure below) containing the list of information panel types. Figure 165. The New information panel window 197

198 R E F E R E N C E G U I D E 3. Select the type of the information panel being created from the list (see the figure above). The list of types is inbuilt and cannot be changed. Press the OK button. This opens the information panel settings window (see the figure below). Figure 166. The General tab 4. Specify the information panel settings: Specify the following settings on the General tab (see the figure above): name of information panel; data collection frequency (days). The day count begins from the moment of panel creation. 198

199 R E P O R T S A N D N O T I F I C A T I O N S On the View tab (see the figure below) select the information display type (table or diagrams) by selecting the required value from the drop-down list, and specify the settings corresponding to this type. Figure 167. The View tab On the Computers tab select the hosts, information about which should appear in the panel. Editing the Computers tab is not available for all information panels. Press the OK button to complete configuration of the information panel settings. 5. Press the OK button to finish adding the information panel. 199

200 R E F E R E N C E G U I D E CHANGING THE SET OF INFORMATION PANELS To change the set of information panels: 1. Click the button, located next to the name of the page. This will open the page settings configuration window (see the figure below). Figure 168. Page settings configuration 2. Select the Informational panels tab. 3. Select the heading of the information panel. You can change the list of panels by using the following buttons: Add add the information panels to the page; Properties change the settings of the information panel; delete an information panel; and change the order of information panels on the page. 200

201 R E P O R T S A N D N O T I F I C A T I O N S VIEWING AND EDITING REPORT TEMPLATES To view or modify a report template, connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) and open the Reports and notifications folder in the console tree. A list of existing report templates will then be displayed in the results pane. Select the necessary template and use the Properties command from the context menu. This will open the <Report template name> Properties window. The tabs displayed in this window depend on the specific report type. The General tab (see the figure below) contains the following key information. You can: change the name of the report template; view the name of the template type, its description, date and time of its creation and the latest change to the settings; restrict the number of records included in the report (see section "Restricting the number of records included in reports" on page 212); check the Print version box so that the report created will be displayed in a format suitable for printing; enable utilization of data from slave Administration Servers (see section "Administration Servers hierarchy reports" on page 211) using the Configure settings for Administration Server hierarchy link. Figure 169. The report template settings window. The General tab 201

202 R E F E R E N C E G U I D E The Details fields tab (see the figure below) is used to define the fields included in the report's detailed field table, together with the record sorting order, and filter settings. Figure 170. The report template settings window. The Details fields tab To create the list of fields, use the Add and Remove buttons. The field order may be changed with the Move Up and Move Down buttons. To modify the sorting order in a field and to specify filtering, use the Edit button. Use the displayed window (see the figure below) to enter the following settings: to set the sorting order for records in the selected field, check Sort report field values and select Ascending or Descending; 202

203 R E P O R T S A N D N O T I F I C A T I O N S to use records in the filter field, check the Filter field values box and specify the necessary criteria in the fields below. Each report field has its own set of filtering criteria. Figure 171. Selecting the order of sorting report fields 203

204 R E F E R E N C E G U I D E On the Summary fields tab (see the figure below), fields that form a table with summary data included in the report are defined as well as the sort order of the records in those fields. The settings on this tab (except for filtration) are identical to the settings on the Details fields tab. Figure 172. The report template settings window. The Summary fields tab 204

205 R E P O R T S A N D N O T I F I C A T I O N S The Totals tab (see the figure below) contains calculated (summed up) fields of the report. To delete an object from the report template, select it in the Selected fields list and press the Remove button. To add a field to the report template, select it in the All fields list and press the Add button. Figure 173. The report template settings window. The Totals tab The Group tab displays the group, information about which is included in the report. Its settings are similar to those provided in the corresponding window in the report template creation wizard. Click the Apply or OK button to apply the settings. GENERATING AND VIEWING REPORTS To generate a report and view it in the results pane of the Administration Console: 1. Connect to the Administration Server (see section "Managing Administration Servers" on page 26). 2. Open the Reports and notifications folder containing the list of report templates in the console tree. 3. Select the necessary template in the console tree. The corresponding generated report will appear in the results pane. The report contents correspond to the selected template (see the figure below) and can include the following items: the type and name of the report, brief report description and reporting period, and information about the objects for which this report was created; the graphical diagram displaying the most typical report data; 205

206 R E F E R E N C E G U I D E the table with cumulative report data (calculated report fields); the table with detailed report data. Figure 174. Viewing a report in the results pane To save a generated report to disk and view it in a browser: 1. Select the necessary template in the console tree (see above). 2. Open the context menu and select the Save command. 3. In the wizard that opens press the Next button. 206

207 R E P O R T S A N D N O T I F I C A T I O N S 4. In the following window specify the path to the folder, to which you wish to save the report file, and in the dropdown menu select the format, in which you wish to save the report (see the figure below). Press the Next button. Figure 175. Saving a report. Selecting the folder for saving to disk 5. In the final wizard window check the Open the report folder box and press the Finish button (see the figure below). Figure 176. Saving a report. Completing the wizard 207

208 R E F E R E N C E G U I D E 6. This will open the folder to which you have saved the report file. REPORTS DELIVERY TASK The reports delivery task is generated automatically if the settings were defined during the installation of Kaspersky Administration Kit. To create report delivery task: 1. In the console tree select the Kaspersky Administration Kit tasks folder in the console tree, open its context menu and select the New Task command. 2. Create an Administration Server task (see section "Creating an Administration Server task" on page 128). Then select the following settings: 3. Select Report delivery (see the figure below) as the task type. Figure 177. Creating a task for delivery of reports 4. In the Settings window (see the figure below): 208

209 R E P O R T S A N D N O T I F I C A T I O N S Use appropriate checkboxes to select in the list the templates that will be used to generate reports for further delivery via . Figure 178. Creating a report delivery task. Configuring the settings To configure delivery of reports by as they are generated, check the Send report by box and use the notification settings link to configure the parameters that will be used to the reports. By default, the system will use the Administration Server settings specified during configuration on the Notifications tab (see section "Viewing and configuring policy settings" on page 85) in the properties window of the Reports and notifications folder. In the Settings of notifications window (see the figure below) you can define your custom settings. address the address where the reports matching the selected templates will be sent in the chosen format; Subject the header of the message prepared for sending and containing generated reports; In the settings group of fields select one of the following options: Use Administration Server settings to send messages, using the settings specified on the Notifications tab in the properties window of the Reports and notifications folder. 209

210 R E F E R E N C E G U I D E Configure stand-alone, to specify new settings for the SMTP server. Figure 179. Creating a report delivery task. Configuring the settings for delivery To save the created reports to a folder, check the Save report to folder box and press the Browse button to open the Folder selection window and specify the path to the folder where the reports should be stored. To create a task for delivery of reports, you can also use the Send Reports command in the context menu of the node in the console tree corresponding to the required report template, or the Schedule a new report delivery link in the task pane of the Kaspersky Administration Kit tasks folder. To modify task settings: 1. Open the Kaspersky Administration Kit tasks folder in the console tree. 2. Select the necessary reports delivery task. 3. Open the context menu and choose the Properties command. 4. In the window that opens, select the Settings tab (see the figure below). This tab displays the same settings that were configured when the task was created: the set of templates for report generation; operations performed with report; settings for delivery. 5. Specify the required values for these settings. 210

211 R E P O R T S A N D N O T I F I C A T I O N S 6. To confirm the settings, press the Apply or OK button. Figure 180. Configuring the reports delivery task To modify the set of templates for generation of reports, use the checkboxes in the Select a template for creating a report section to select the reports, which should be sent by and deselect those, which should not be ed. To change the settings used to send reports by , use the notification settings link and redefine the parameters in the window that opens. To navigate quickly to the task settings, use the Edit task link in the task pane of the required task. ADMINISTRATION SERVERS HIERARCHY REPORTS In order to configure the use of information from the slave Administration Servers in the report: 1. In the Reports and notifications folder, select the required report and select Properties by opening its context menu. 211

212 R E F E R E N C E G U I D E 2. On the General tab of the window that opens, click the Configure settings for Administration Server hierarchy link to open the Administration Servers hierarchy window (see the figure below). Figure 181. The Administration Servers hierarchy window 3. Configure settings for the servers hierarchy: If you wish to use information from slave Servers, check the box in the Include data from slave Administration Servers field. Use the Up to nesting level field to specify the Administration Server nesting depth to which information is to be obtained based on the current hierarchy. Enter the desired value in the Data wait timeout (minutes) field. If no information is received from a slave Server during the specified time interval, it is considered unreachable (relevant information will be contained in the report). If no data can be received from a slave Server, the data downloaded during the last successful connection can be used to generate a combined report. To keep the data from slave Administration Servers in the cache, check the Cache slave Administration Server data box and specify the caching interval in the Cache update frequency (hours) field. To transfer to the master Administration Server the information displayed in the Details report section, check the Transfer detailed information from slave Administration Servers box; if this box is unchecked, the master Administration Server only receives information from the Summary report section. 4. To confirm the settings, press the OK button. RESTRICTING THE NUMBER OF RECORDS INCLUDED IN REPORTS To set the maximum number of records included in a report, select the required report template in the Reports and notifications folder. Select the Properties command in the context menu and on the General tab (see the figure below) check the Maximum number of entries displayed box. Enter the required value in the field to the right. 212

213 R E P O R T S A N D N O T I F I C A T I O N S Click the Apply or OK button to apply the settings. Figure 182. The report template settings window. The General tab 213

214 R E F E R E N C E G U I D E NOTIFICATION LIMIT To configure notification limit: 1. Click the Configure numeric notification limit link located in the properties window of the Reports and notifications folder. This will open the notification limit configuration window (see the figure below). Figure 183. Notification limit 2. In the window that opens, enable the option to Limit the number of notifications and specify the values for the following settings: the maximum number of notifications sent by the Administration Server; the time period (in minutes) during which the Administration Server can generate the notifications. 3. Press the OK button to complete the notification limit configuration. NOTIFICATIONS Kaspersky Administration Kit makes it possible to configure the general settings for the Administration Server notifications and configure the settings for notifications about: Administration Server. Kaspersky Anti-Virus for Windows Workstations. Kaspersky Anti-Virus for Windows Servers. Kaspersky Administration Kit enables you to choose the most convenient notification method: (see section " notification" on page 215). NET SEND (see section "Use NET SEND" on page 217). Executable file to run (see section "Notification using the executable file to run" on page 218). 214

215 R E P O R T S A N D N O T I F I C A T I O N S NOTIFICATION To configure general notification settings: 1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window. 2. Set the values for the settings (see the figure below). Figure 184. Editing the settings for notifications 3. From the drop-down list select the notification method (see the figure above). Under this option: in the Recipient field, specify the address of the notification recipient. Several addresses may be entered as a list separated by commas or semicolons. in the SMTP server field, specify the address of the mail server connection (an IP address or a Windows network name can be used); in the SMTP server port field, specify the SMTP server connection port number (the default is port 25); 215

216 R E F E R E N C E G U I D E specify the subject for the message that will be delivered as a notification. To do this, press the Properties button and in the window that opens (see the figure below), fill in the Subject field. The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button. Use the same window to enter User name and Password in the relevant fields if ESMTP authorization is being used. Figure 185. Configuring notification settings. Specifying the Sender and Subject 4. Set the parameters to restrict the number of notifications. 216

217 R E P O R T S A N D N O T I F I C A T I O N S 5. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed. Figure 186. Configuring notification settings. Sending a test notification 6. Press the OK button to complete the notification settings. USE NET SEND To configure general settings of the NET SEND notifications: 1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window. 2. In the drop-down list select the NET SEND notification method (see the figure below). 217

218 R E F E R E N C E G U I D E Under this option, use the field below to enter recipient host addresses for network notifications. You can use either the IP address or computer name in the Windows network as the address. Several addresses may be entered as a list separated by commas or semicolons. For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers. Figure 187. Configuring notifications. Notification using NET SEND 3. Set the parameters to restrict the number of notifications. 4. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed. 5. Press the OK button to complete the notification settings. NOTIFICATION USING THE EXECUTABLE FILE TO RUN To configure general settings of notifications by running the executable file: 1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window. 2. In the drop-down list select the Executable file to run notification method (see the figure below). Under this option, use the Select button to select an executable module to run when an event occurs. 218

219 R E P O R T S A N D N O T I F I C A T I O N S Executable environment variable names are the same as the names of placeholders used to create the message text (see the figure below). Figure 188. Configuring notifications. Notification using executable files Enter the message which will be delivered as notification in the Notification message section at the bottom of the window (see the figure above). The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button. Event severity; From computer; Domain; Event; Event description; Time raised; Task name; Application; Version number; 219

220 R E F E R E N C E G U I D E IP-address; IP address of the connection. 3. Set the parameters to restrict the number of notifications. 4. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed. 5. Press the OK button to complete the notification settings. 220

221 KASPERSKY ADMINISTRATION KIT TASKS Kaspersky Administration Kit performs the following tasks: reports delivery (see section "Reports delivery task" on page 208). downloading of updates to the repository (see section "Determining the updates list" on page 261). Administration Server data backup (see section "Data backup" on page 318). 221

222 TASKS FOR SPECIFIC COMPUTERS Kaspersky Administration Kit makes it possible to create tasks for groups of computers included in various administration groups. Kaspersky Administration Kit can perform the following main tasks: Remote application installation (see the Deployment Guide for further details). Message for users (see section "Sending message to the user of the client computer" on page 174). Switching the Administration Server (see section "Administration Server change task" on page 161). Managing the client computer (see section "Client computer management task" on page 164). Updates verification (see section "Testing of downloaded updates" on page 265). Distribution of the installation package (see the Deployment Guide for further details). Remote application installation to the slave Administration Servers (see the Deployment Guide for further details). Remote application uninstallation (see the Deployment Guide for further details). 222

223 EVENT AND COMPUTER SELECTIONS Kaspersky Administration Kit provides extensive functionality to monitor the anti-virus protection system. There is a capability to maintain event logs, create event and computer selections. Information can be saved both in the Microsoft Windows system log and in the Kaspersky Administration Kit event log. Information about the status of the antivirus protection system and client computers is kept in the Event and computer selections folder. IN THIS SECTION Event selections Computer selections EVENT SELECTIONS Information about events registered during the operation of the anti-virus protection system is represented as selections in the Events folder. After application installation the folder contains a few standard selections. You can create additional selections, and export event records to file. VIEWING KASPERSKY ADMINISTRATION KIT EVENT LOG STORED ON THE ADMINISTRATION SERVER To view Kaspersky Administration Kit event log stored on the Administration Server, connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26), select the Event and computer selections Events folder in the console tree and choose the folder corresponding to the necessary selection. The default set contains the following selections: Recent events, information events, Critical events, Functional failures, Warnings, and Audit events. Modification of the settings of those selections except for the Recent events selection is impossible. To open the necessary event selection, you can also use the corresponding link in the task pane of the Events folder. In the results pane you will then see a table (see the figure below) listing all events of the selected type stored on that Administration Server (for all groups and installed applications). The table displays the following information: Severity level of registered event importance. Client computer the name of the client computer or the Administration Server which was the source of the event. Group the name of the administration group that contains the client computer. Application the name of the application that generated the event. Version number the application version number. Task name of the task that caused the event. 223

224 R E F E R E N C E G U I D E Event the name of the event. Time the date and time of the event. Description event description. Figure 189. Viewing events stored on the Administration Server You can sort data in any column in ascending or descending order. To facilitate viewing and searching for required information, there is a capability to create and configure user-defined selections. The use of selections makes it possible to search for and filter out unnecessary information that hinders viewing, since the table of events for every selection displays only relevant information matching its settings. This is very important since the Server stores a considerable amount of information. CREATING AN EVENT SELECTION To create a selection: 1. Select the Event and computer selections Events folder in the console tree. 2. Open the context menu and use the New New selection command or the Create a new selection link in the task pane. 3. Enter the selection name in the window that opens (see the figure below) and press the OK button. 224

225 E V E N T A N D C O M P U T E R S E L E C T I ONS As a result, a folder with the name you have specified for the selection will appear in the console tree. The structure of this folder will include all events and task results that are stored on the Administration Server. To search for events, configure the selection parameters. Figure 190. Creating an event selection For selection created manually, you can change the order of columns, add or remove columns. To change the columns displayed for an event selection created manually: 1. In the console tree, select the Event and computer selections Events folder and choose the necessary selection. 2. Open the context menu and select the View Add or remove columns command. 3. In the window that opens (see the figure below), use the Add and Remove buttons to create the list of displayed columns. Use the Move Up and Move Down buttons to edit the order of displayed columns. Figure 191. The Add or remove columns window The list of events in the results pane will be updated automatically in accordance with the specified settings. CUSTOMIZING AN EVENT SELECTION To customize a selection: 1. In the console tree, open the Event and computer selections folder. 225

226 R E F E R E N C E G U I D E 2. Open the Events folder and make the necessary event selection. 3. Open the context menu and select the Properties command. This will open the selection configuration window that contains the following tabs: General, Events, Computers and Time. For preset selections, the configuration window contains only the General tab. The Recent events selection configuration window also contains the Time tab where you can specify the time interval for the selection. On the General tab (see the figure below) you can: Edit the selection name. Restrict the amount of information to be displayed in this selection. To do this, check the Restrict the number of displayed events box and specify the maximum number of rows to be included in the table. Restrict the amount of events, in which the search for events in selections is performed. To do this, check the Limit search with the number of last events box and specify the maximum number of events to search for. Figure 192. Customizing an event selection. The General tab Using the Events tab (see the figure below) define the event characteristics and task results that must be included in the selection: Name of the application for which you require information. 226

227 E V E N T A N D C O M P U T E R S E L E C T I ONS Application version number. Name of the task, the results of which must be displayed. Select the event importance level from the drop-down list. For each application event types are defined that may occur during its operation. Each event has a characteristic that reflects its importance level. Events of the same type may have different severity levels depending on the situation in which the event occurred. To configure the selection to include only events of a specific type, check the Events box and check the boxes next to the names of the required types. If the event type is not specified, all types of events will be displayed. To ensure that the selection includes task results, check the Results of performing tasks box and select the required task status. To collect information about results of the last task launch only, check the Show only last results of the task box. Figure 193. Customizing an event selection. The Events tab On the Computers tab (see the figure below), define the computers where the events and task execution results included in the selection must be registered. You can use the following parameters: computer name; 227

228 R E F E R E N C E G U I D E computer name in the Windows network; administration group; domain; to specify the range of IP addresses of computers, check the IP address range box and enter the starting and ending IP address. Figure 194. Customizing an event selection. The Computers tab Using the Time tab (see the figure below), define the time of event and task execution results to be included in the selection. You can select the following options: During a period - to define fixed dates for the beginning and end of the period. To specify the dates, select Events on in the From and To fields respectively and enter the exact date and time. If all recorded information is required, select First event and Last event. For recent days to specify the number of days. In that case the time interval will be calculated starting with the time of list creation. 228

229 E V E N T A N D C O M P U T E R S E L E C T I ONS E.g., if the field contains 2 days, and the selection is created on June 24 at 3.00 pm, then it will include the data for the period since 3.00 pm of June 22 until 3.00 pm June 24. Figure 195. Customizing an event selection. The Time tab To confirm the selection settings, press the Apply or the OK button. As a result, the Events table for a selection will display only the information that satisfies the specified criteria. SAVING INFORMATION ABOUT EVENTS TO FILE To save information about events to file: 1. Select the event selection containing the required events in the console tree and use the All tasks Export command from the context menu. A wizard will start. 2. During the first step of the wizard, specify the path and name of the file where the information will be saved. If you want only those events that you selected in the results pane to be saved to a file, check the Export selected events only box. 3. During the second step, select the file format: Export as tab-delimited text text file. Export as tab-delimited Unicode text Unicode format text file. 4. To complete the wizard, press the Finish button. 229

230 R E F E R E N C E G U I D E DELETING EVENTS To delete an individual event, choose an event in the results pane and use the Delete command from the context menu. To delete events matching certain criteria: create and apply an event selection with the settings corresponding to the specified criteria. After that, delete all events in the results pane, using the Delete All context menu command. Only events that satisfy the selection settings will be deleted from the Events folder. COMPUTER SELECTIONS Information about the status of client computers is available in a separate node of the console tree Event and computer selections Computer selections. Data is represented as a set of selections, each of which displays information about computers matching the specified conditions. After application setup the folder contains some standard selections (see the figure below). Figure 196. Computer selections folder 230

231 E V E N T A N D C O M P U T E R S E L E C T I O N S Status diagnostics of client computers is performed based on the data describing the anti-virus protection status on a host and information about its network activity. Diagnostics settings can be configured individually for every administration group on the Computer status tab. VIEWING A COMPUTER SELECTION To view a computer selection: 1. Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26). 2. Select in the console tree the Event and computer selections Computer selections folder. 3. Select the folder corresponding to the necessary selection: Not scanned for a long time, Computers without anti-virus software, Computers without protection, Computers with the status "Critical", etc. For quick access to the necessary selection, you can also use the corresponding link in the task pane of the Computer selections folder. In the results pane you will see a table (see the figure below) listing all computers matching the selection criteria. The table displays the following information: Name client computer name; OS Type; Domain Windows domain or workgroup including the host; Agent / Anti-virus status of the applications installed on the computer; Last visible time date and time when the Administration Server last registered the host in the network; Last update date date of the last database or application update on the host; Status current computer status (OK / Warning / Critical) based on administrator-defined criteria; Info update date of the last host information update on the Administration Server; Domain name DNS name of the host; IP-address computer IP address; Connecting to Server date and time of the last connection established between the Network Agent installed on the client computer and the Administration Server; IP address of the connection IP address of the client computer connection with Administration Server; Connection IP address is preserved until the next connection attempt; it is used if connection to the client computer by its main name cannot be established. Viruses found the number of viruses found on the client computer; On-demand scan - date and time of the last complete anti-virus scan of the client computer; Parent group - the administration group that contains the client computer; Server Administration Server that the computer is assigned to; 231

232 R E F E R E N C E G U I D E Real-time protection status real-time protection status on the computer. Figure 197. Viewing a computer selection You can sort data in any column in the ascending or descending order, change the order of columns, add or remove columns. Modification of the displayed columns in preset selections is not supported. To change the columns displayed for a computer selection: 1. In the console tree, open the Event and computer selections. 2. Select the necessary selection in the Computer selections folder. 3. Open the context menu and select the View Add or remove columns command. 4. In the window that opens (see the figure below) use the Add and Remove buttons to create the list of displayed columns. Use the Move up and Move down buttons to edit the order of displayed columns. 5. Press the OK button to complete. Figure 198. The Add or remove columns window 232

233 E V E N T A N D C O M P U T E R S E L E C T I ONS The list of computers in the results pane will be updated automatically in accordance with the specified settings. To facilitate viewing and searching for required information, there is a capability to create and configure user-defined selections. CREATING A COMPUTER SELECTION To create a computer selection: 1. In the console tree, open the Event and computer selections Computer selections folder. 2. Open the context menu and select the New New selection command. 3. In the window that opens, enter the selection name (see the figure below) and press the OK button. As a result, in the Computer selections folder of the console tree, a folder will appear with the name you have specified for the selection. To add computers to the selection, configure the selection settings (see section "Configuring a computer selection" on page 233). To navigate quickly to the creation of a computer selection, use the Create a new selection link in the task pane of the Computer selections folder. Figure 199. Creating a computer selection CONFIGURING A COMPUTER SELECTION Kaspersky Administration Kit allows the user to configure the created selections of computers. To configure a computer selection: 1. Make the required computer selection in the console tree and choose the Properties command from the context menu. 2. This will open the computer selection configuration window made up of the tabs: General and Conditions. Using the General tab (see the figure below) you can modify the selection name, and define the computers to be searched, by selecting one of these options: Find any computers the search will be performed for all computers within the network, whether included in administration groups or not. Find managed computers search only among client computers of the administration groups. Find unassigned computers search among computers not included in administration groups. 233

234 R E F E R E N C E G U I D E To allow a search to use information about computers stored on the slave Administration Servers, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search. Figure 200. Configuring a computer selection. The General tab On the Conditions tab select the corresponding selection of computers and press the Properties button. This will open the computer selection configuration window that contains the following tabs: General, Network, Network activity, Application, Computer status, Virus protection and Applications registry. On the Network tab (see the figure below), specify attributes for the computers to be included in the selection. You can use the following parameters: Computer name in the administration group. Domain that must include the computers. IP address range of the computers; for this, check the IP address range box and enter the initial and final IP addresses. Computer is located in Active Directory organization unit. Check the box and use the Select button to specify the Active Directory organization unit that must include the computers. 234

235 E V E N T A N D C O M P U T E R S E L E C T I ONS Including child organization units. Check this box to allow a search to use information about computers included in the child organization units of the specified Active Directory organization unit. Figure 201. Configuring a computer selection. The Network tab You can use the Network activity tab (see the figure below) to specify the following selection criteria: If the computer to be selected acts as an Update Agent. To do this, in the Update Agent is drop-down list, select one of the following values: Yes, to add computers acting as Update Agents to the selection. No, to add computers not acting as Update Agents to the selection. If the Do not disconnect from the Administration Server option is included in the client computer properties. To do this, select one of the following values in the Feature "Do not disconnect from the Administration Server" drop-down list: Enabled, to add to the selection computers with the option enabled. Disabled, to add to the selection computers with the option disabled. Whether the computer is connected to the Administration Server as the result of switching the connection profile. To do this, in the Connection profile switched field, select: Yes, for the selection to be made from computers which connected as the result of switching the connection profile. 235

236 R E F E R E N C E G U I D E No, for the selection to be made from computers which connected not as the result of switching the connection profile. If the computer connected to the Administration Server during a specific time interval. To do this, check the Time range of the last connection to Administration Server box and specify the time interval in the fields below. If the computer was detected as a new host during network polling. To do this, check the New computers found during network scan box and specify the number of days in the Detection period (days) field. Figure 202. Configuring a computer selection. The Network activity tab On the Application tab (see the figure below) specify which Kaspersky Lab application must be installed on the computers. You can use the following parameters: Application name. Select the required value from the drop-down list. The list provides only the names of applications with administration plug-ins installed in the administrator's workplace. Application version number. Critical update name. Last modules update. To do this, check the Last modules update box and specify the start and end date and length of the interval in the from and to fields. 236

237 E V E N T A N D C O M P U T E R S E L E C T I ONS Version of the operating system installed on the computer. Figure 203. Configuring a computer selection. The Application tab On the Virus protection tab (see the figure below), specify criteria to evaluate the anti-virus protection on the computers which will be included in the selection. You can specify: creation date of the anti-virus database used by the applications; to do this, check the Anti-virus database date box and specify the time interval matching the date of the anti-virus database release; number of records in the anti-virus database used by applications; to do this, check the Database records count box and specify the minimum and the maximum number of records; the time of the last full computer scan by one of the Kaspersky Lab anti-virus applications; to do this, check the Last virus scan time box and specify the time interval during which the scan was performed; 237

238 R E F E R E N C E G U I D E the number of viruses detected on the computer; to do this, check the Viruses found box and specify the minimum and the maximum possible values for this parameter. Figure 204. Configuring a computer selection. The Virus protection tab On the Computer status tab (see the figure below), specify parameters that characterize the status of the computers and the status of the real-time protection task on those computers. To do this: select the required value from the Computer status drop-down list: OK, Critical or Warning; from the Computer status description list select the conditions based on which the computer is assigned the status; 238

239 E V E N T A N D C O M P U T E R S E L E C T I ONS select in the Real-time protection status list the status of the real-time protection running on the computers included in the selection. Figure 205. Configuring a computer selection. The Computer status tab On the Programs registry tab (see figure below), specify the set of program parameters with which the selection is made. To do this, specify the necessary values in the following fields or leave them empty: Application name (using the dropdown list); Application version; Manufacturer (using the dropdown list); Incompatible security application name. Use the drop-down list to select an external application or a Kaspersky Lab application that is incompatible with Kaspersky Administration Kit. 239

240 R E F E R E N C E G U I D E If an update installed for an application is used as the search criterion, check the Find by update box and in the corresponding fields enter the update name, version and vendor. Figure 206. Configuring a computer selection. The Applications registry tab 240

241 UNASSIGNED COMPUTERS Information about computers within a corporate network that are not included in administration groups can be found in the Unassigned computers folder. The Unassigned computers folder contains three subfolders: Domains, IP subnets and Active Directory. The Domains folder contains the hierarchy of subfolders reflecting the structure of domains and workgroups in the corporate Windows LAN. Each of the folders at the lowest level contains a list of computers of the respective domain or workgroup, which are not included in the structure of administration groups. Once a computer is included in a group, information about it will be immediately deleted from the folder. If the computer is excluded from the structure of the administration group, information about it will again be placed in the Unassigned computers Domains folder, in the corresponding subfolder. The Active Directory folder displays computers reflecting the Active Directory structure. The IP subnets folder displays computers reflecting the structure of IP subnetworks created within the network. The structure of the IP subnets folder can be determined by the administrator by creating new IP subnets and editing the settings of existing ones. To view information about the computer network received by the Administration Server during regular polling: 1. Select the Unassigned computers. 2. Select one of the subfolders: Domains, Active Directory or IP subnets. The results pane will display information about the computer network structure in the appropriate way. Administration Console information updates automatically for objects of the console tree and information panel diagrams only. To update the data in the results pane, use one of the following options: the F5 key, the Refresh item in the context menu, or the Refresh link in the task pane. IN THIS SECTION Network Discovery Viewing and changing domain settings Creating an IP subnet Viewing and modifying the IP subnet settings Viewing and modifying the Active Directory group properties NETWORK DISCOVERY Information about the structure of the network and computers included in this network, is received by the Administration Server through regular polling of the Windows network, IP subnets and Active Directory within the corporate computer network. The content of the Unassigned computers folder will be updated based on the results of this polling. The Administration Server can use the following types of network scanning: Windows network polling. There are two polling methods: quick and full. During quick polling, only information on hosts in the list of NetBIOS names of all network domains and workgroups is collected. During a full scan, additional information is requested about computers: operating system, IP address, DNS name, etc. 241

242 R E F E R E N C E G U I D E Polling by IP Subnets. The Administration Server will poll the specified IP ranges using ICMP packets, and collect a complete set of data on hosts within the range. Polling of Active Directory groups. This enters information on the Active Directory unit structure and host DNS names into the Administration Server database. The Administration Server uses the collected information and the data on corporate network structure to update the contents of the folder of the Unassigned computers folder, as well as the content and items in the Managed computers folder. Computers that are found during the scan and which belong to a certain administration group can automatically be added to the administrator-defined Managed computers folder. The Unassigned computers folder of the master Administration Server also displays computers included in administration groups of other slave Administration Server, if they are located in the same subnetwork. The reverse is also true. VIEWING AND CHANGING THE SETTINGS FOR WINDOWS NETWORK POLLING To modify the settings for Windows network polling: 1. Select the Unassigned computers Domains folder in the console tree. 2. Open the context menu and select the Properties command. 3. In the window that opens, use the General tab (see the figure below) to check the Enable Windows network polling box. Specify in the fields below: Quick scan time (min). Information about the list of NetBIOS names of computers in all network domains and workgroups will be updated with the specified frequency. The default interval between polls is 15 minutes. Full scan time (min). Complete information about computers in the network, including operating system, IP address, and DNS name, will be updated with the specified interval. The default interval between polls is 60 minutes. To manually start full computer network polling, click the Scan now button. To disable polling of the Windows network, uncheck the Enable Windows network polling box. 242

243 U N A S S I G N E D C O M P U T E R S For quick viewing and modification of the settings for Windows network polling, use the Edit discovery settings link in the results pane of the Unassigned computers folder in the Microsoft Network Discovery section. Figure 207. Viewing the Domains group properties To exclude all domains from network scans: 1. Select the Unassigned computers Domains folder. 2. Open the context menu and select the Properties command. 243

244 R E F E R E N C E G U I D E 3. In the window that opens, use the Client computers tab (see the figure below) to uncheck the Enable scanning of computers of this group box. Figure 208. Viewing the Domains group properties. The Client computers tab VIEWING AND MODIFYING ACTIVE DIRECTORY GROUP PROPERTIES To modify the settings for polling Active Directory groups: 1. Select Unassigned computers Active Directory in the console tree. 2. Open the context menu and select the Properties command. 3. In the window that opens, use the General tab (see the figure below) to check the Enable Active Directory polling box. The Administration Server will poll the network with the period specified in the Scan interval (min) field. The default interval between polls is 60 minutes. You can specify a different value, or cancel polling by unchecking the Enable Active Directory polling box. To manually start full computer network polling, press the Scan now button. 244

245 U N A S S I G N E D C O M P U T E R S For quick viewing and modification of the settings for Windows network polling, use the Edit discovery settings link in the results pane of the Unassigned computers folder in the Active Directory Discovery section. Figure 209. Viewing the Active Directory group properties To exclude a group from full scan: 1. Select the Unassigned computers Active Directory folder and select the group. 2. Open the context menu and select the Properties command. 3. In the window that opens, use the General tab to uncheck the Enable Active Directory polling box. VIEWING AND MODIFYING THE SETTINGS FOR IP SUBNET POLLING To modify the settings for IP subnets polling: 1. Select Unassigned computers IP subnets in the console tree. 2. Open the context menu and select the Properties command. 3. In the window that opens, use the General tab (see the figure below) to check the Enable IP subnet scanning box. The Administration Server will poll the specified IP ranges using ICMP packets, and collect a complete set of data on hosts within the range. Polls occur with the frequency specified in the IP subnet scanning period (min) field. The default interval between polls is 420 minutes. You can specify a different value, or cancel polling by unchecking the Enable IP subnet scanning box. 245

246 R E F E R E N C E G U I D E To manually start full computer network polling, press the Scan now button. Figure 210. Viewing the IP subnets group properties VIEWING AND CHANGING DOMAIN SETTINGS To modify domain settings, perform the following actions: 1. Open the Unassigned computers Domains folder. 2. Select the folder corresponding to the necessary domain. 3. Open the context menu and select the Properties command. This will open the <Domain name> Properties window containing the following tabs: General and Client computers. 246

247 U N A S S I G N E D C O M P U T E R S On the General tab (see the figure below) you can view the domain name and the parent group name. Figure 211. Viewing domain settings. The General tab On the Client computers tab (see the figure below) you can: Configure automatic removal of inactive hosts from the Unassigned computers folder. To do this, check the Remove from group after specified computer inactivity period box. When this box is enabled, the Administration Server removes from domains the hosts that remain inactive longer than specified in the days field. You can modify the parameter value or disable removal of hosts by unchecking the Remove from group after specified computer inactivity period box. 247

248 R E F E R E N C E G U I D E Exclude a domain from full network scans. To do this, use the Client computers tab to uncheck the Enable scanning of computers of this group box. Figure 212. Viewing domain settings. The Client computers tab CREATING AN IP SUBNET To create a new IP subnet: 1. Select the Unassigned computers IP subnets folder in the console tree. 2. Open the context menu and select the New IP range command. 3. In the New IP subnet window that opens (see the figure below) specify values for the following settings: Name of the subnetwork. The subnetwork description method and values appropriate for the method selected. Select one of the following: 4. Specify IP subnet using the address and the subnet mask: in this case you must specify the Subnet mask and Subnet address in the corresponding entry fields. Specify IP subnet using the initial and final IP-address, then enter the initial and final IP-addresses. 248

249 U N A S S I G N E D C O M P U T E R S Time interval after which information about an inactive computer will be deleted from the Administration Server database, in the IP address lifetime (hours) field. Figure 213. Creating a new IP subnet VIEWING AND MODIFYING THE IP SUBNET SETTINGS To modify the IP subnet settings: 1. Open the Unassigned computers IP subnets folder. 2. Select the folder corresponding to the required subnetwork. 3. Open the context menu and select the Properties command. This will open the <Subnetwork name> Properties dialog containing the General and IP subnets tabs. On the General tab (see the figure below), you can: Change the subnetwork name. Change the value of the time interval after which information on an inactive computer will be deleted from the Administration Server database, in the IP address lifetime (hours). The default lifetime of an IP address is 24 hours. 249

250 R E F E R E N C E G U I D E Permit or cancel regular polling of the computers in this subnetwork by the Administration Server. If you do not wish the Administration Server to poll computers a second time, uncheck the Enable IP subnet scanning box. Figure 214. Viewing the IP subnetwork properties. The General tab On the IP ranges tab (see the figure below), you can add and delete the IP ranges that define the subnetwork, and also modify their settings: the starting and ending IP addresses for the subnet; 250

251 U N A S S I G N E D C O M P U T E R S subnet mask and address. Figure 215. Viewing the IP subnetwork properties. The IP subnets tab To add an IP range that defines the subnet, press the Add button. In the IP subnets window that opens (see the figure below) specify the method to define the range, and enter the values for the method selected. Select one of the following: Specify IP address range with address and subnet mask and specify the subnet mask and subnet address in the corresponding entry fields. Specify IP address range with starting and ending IP address and specify the starting and the ending IP addresses of the range. Figure 216. Adding an IP subnet 251

252 R E F E R E N C E G U I D E VIEWING AND MODIFYING THE ACTIVE DIRECTORY GROUP PROPERTIES To modify the Active Directory group properties: 1. Open the Unassigned computers Active Directory folder. 2. Select the node corresponding to the required group in Active Directory, call up its context menu and select the Properties command. This will open the <Active Directory group name> Properties dialog box containing the General tab (see the figure below). 3. To allow group scanning, check the Enable scan box. To disable scanning, uncheck this box. Figure 217. Viewing the Active Directory group properties 252

253 UPDATE Timely updates of the application databases used while scanning infected objects, installation of critical patches for application modules and their regular updating are essential factors affecting the reliability of anti-virus protection systems. To update the databases and program modules of the applications managed using Kaspersky Administration Kit, you should create an update download task for the Administration Server. When this is done the server will retrieve updates to databases and program modules from the update source in accordance with the task settings. Before their distribution to client computers, the received updates can be tested (see section "Testing of downloaded updates" on page 265) for correct functioning. IN THIS SECTION Creating the task of downloading updates to the repository Testing of downloaded updates Viewing downloaded updates Automatic distribution of updates CREATING THE TASK OF DOWNLOADING UPDATES TO THE REPOSITORY The Download updates to repository task is created automatically while the Quick Start Wizard is running. You can create only one task of downloading updates to the Administration Server repository. To create a task for updates download by the Administration Server: 1. Select the Kaspersky Administration Kit tasks node in the console tree, open its context menu and select the New Task command. 253

254 R E F E R E N C E G U I D E 2. Create an Administration Server task (see section "Creating an Administration Server task" on page 128). Specify Download updates to repository as the task type (see the figure below). Figure 218. Creating an update task. Selecting the task type 3. In the window that opens (see the figure below), by following the Configure link, you can configure: Update sources a list of possible sources from which the update will be performed; Connection settings the proxy server settings and other network connection settings; Other settings location of the copied updates, automatic update settings, and the settings for applying program modules updates, distribution of updates on slave Servers. 254

255 U P D A T E Press the Next button. Figure 219. Configuring the update source settings 4. Create the task launch schedule (see section "Creating a group task" on page 116) (see the figure below). Press the Next button. Figure 220. Scheduling task launch 255

256 R E F E R E N C E G U I D E 5. Click the Finish button to complete task creation (see the figure below). Figure 221. Completing task creation ADDING AN UPDATES SOURCE To add an updates source to the list: 1. In the console tree select the Kaspersky Administration Kit tasks folder, the Download updates to repository task. Open the context menu and choose the Properties command. 256

257 U P D A T E 2. In the window that opens, select the Settings tab (see the figure below). Figure 222. Configuring the update source settings 3. Follow the Configure link in the Update sources section. 257

258 R E F E R E N C E G U I D E In the window that opens (see the figure below), you can add update sources. The Administration Server will download updates from the sources in the order of their listing. If this source is unavailable for some reason, the updating will be performed from the source next in the list, etc. You can change the order of the sources in the list using the buttons and. Figure 223. Adding updates sources Press the Add button (see the figure above). This will open the Update source properties window. 4. In the Update source properties window (see the figure below) you can specify the source of updates to the anti-virus database and the application modules. To do this, select one of the options below: Kaspersky Lab update servers Kaspersky Lab's servers to which the updated anti-virus database and the application modules are uploaded. Master Administration Server a shared folder located on the master Administration Server. Local or network folder an FTP, HTTP server, a local or network directory added by the user and containing the latest updates. If you select this option, specify the location of the updates folder using the Browse button. Note that when selecting a local folder, you should specify the folder on the computer with the installed Administration Server. Check the Do not use proxy server box if you do not wish the proxy server to be used to connect to the updates source. If this box is unchecked, the proxy server will be used according to the connection options defined in the LAN settings window. 258

259 U P D A T E Press the OK button. Figure 224. Selecting the source of updates to the anti-virus database and the application modules 5. Press the OK button to finish adding the source of updates. CONFIGURING CONNECTION TO THE UPDATE SERVERS To configure connection to the update servers: 1. In the console tree select the Kaspersky Administration Kit tasks folder, the Download updates to repository task. Open the context menu and choose the Properties command. 259

260 R E F E R E N C E G U I D E 2. In the window that opens, select the Settings tab (see the figure below). Figure 225. Configuring the update source settings 3. In the window that opens (see the figure above), follow the Configure link in the Connection settings section. 4. In the LAN settings window that opens, enter the necessary settings for connection with the update servers (see the figure below): Use proxy server if connection to the updates source is established using a proxy server. Enter the address and the port number to be used for connection to the proxy server. The address can be specified in the notation, which is more convenient for you: text (e.g., Address: testserver) or decimal (e.g., Address: ). Autodetect settings to use the parameters for connection to the proxy server defined in the system registry of the Administration Server. Proxy server authentication if there is no access to the proxy server, a password is used. Fill in the User name and Password fields. Use passive FTP mode to use passive mode when the update is performed using the FTP protocol. Uncheck this box to use active mode. You are advised to use passive mode. 260

261 U P D A T E Connection timeout (sec) specify the maximum time for connecting to the updates server. If the connection has failed, after the specified period of time an attempt will be made to connect to the next updates server. Attempts to contact each server will continue until the connection is established successfully or until the program runs out of available addresses of update servers. Figure 226. Configuring the settings used to connect to the update servers DETERMINING THE UPDATES LIST When configuring the update task settings, you can determine the list of updates distributed from the source. To change the updates list: 1. Select the Kaspersky Administration Kit tasks folder in the console tree, open the context menu of the Download updates to repository task and select the Properties command. 261

262 R E F E R E N C E G U I D E 2. In the window that opens, select the Settings tab (see the figure below). Figure 227. Changing the updates list. The Settings tab 3. In the Updates list group of fields click the Configure link to open the updates list configuration window and check the boxes next to the types of downloading updates (see the figure below). In this window configure the following parameters: Autodetect updates list download updates for all Kaspersky Lab applications installed on hosts connected to the Administration Server. 262

263 U P D A T E Force downloading of the following updates types select the updates for downloading for each individual component, irrespective of which applications are using them and whether the applications are installed in the administration groups or not. To do this, check the appropriate boxes in the table next to the required types of updates. Figure 228. Selecting updates 4. Press the OK button to finish determining the updates list. CONFIGURING OTHER UPDATE TASK SETTINGS To configure the updates source settings: 1. Select the Kaspersky Administration Kit tasks folder and select the Download updates to repository task. Open the context menu and choose the Properties command. 263

264 R E F E R E N C E G U I D E 2. In the window that opens, select the Settings tab (see the figure below). Figure 229. Configuring other update task settings 3. In the window that opens (see the figure above), follow the Configure link in the Other settings section. 4. In the Other settings folder (see the figure below), you can configure the following settings: Force update of slave Servers. When enabled, the option forces the tasks of receiving updates by the slave Administration Servers to launch automatically after they are downloaded by the master Server, irrespective of the schedule specified in the relevant task settings. Update Administration Server modules. When enabled, the option forces installation of updates to Administration Server modules immediately after completion of the download update by the Administration Server. If this box is unchecked, you will only be able to install the updates manually. Update Network Agent modules. When enabled, the option forces installation of updates to Network Agent modules immediately after the update is downloaded by the Administration Server. If this box is unchecked, you will only be able to install the updates manually. Deploy downloaded updates to additional folders. If this box is checked, the Administration Server copies updates downloaded from the source to the specified folders. Create a list of additional update folders using the Add and Remove buttons. By default, this box is unchecked. 264

265 U P D A T E To make the update tasks of client computers and slave Administration Server start only after the updates are copied from the selected network folder to additional updates folders, check the Do not force updating of client computers and slave Administration Servers before copying completion box. This box must be checked if client computers and slave Administration Servers download updates from additional network folders. Figure 230. Configuring the settings 5. Press the OK button to complete configuration of other download updates settings. TESTING OF DOWNLOADED UPDATES The anti-virus protection system can operate correctly only if the latest database versions are available. Therefore, it is necessary to check that the task of downloading updates to the repository (shared folder) on the Administration Server, and the task of distributing those updates to the client computers, are both operating correctly. To check database updates: 1. In the Administration Console go to the Kaspersky Administration Kit tasks folder and select the task of downloading updates to repository. 2. Open the task properties window, by selecting Properties in the context menu. 265

266 R E F E R E N C E G U I D E 3. Open the Updates testing tab (see the figure below). Figure 231. Configuring updates testing 4. Check the Test updates before distributing box. 5. In the Updates testing task field, select a task from the existing tasks with the Select button. You can also create a new updates testing task. To do this, click the Create new task button and follow the wizard's instructions. During creation of a new updates testing task, the Administration Server generates test policies, and auxiliary group update and on-demand scan tasks. It is recommended that you run the updates testing task on well-protected computers with the software configuration most typical of your corporate LAN. This approach increases the quality of scans, and minimizes the risk of false responses and the probability of virus detection during scans. If viruses are detected on the test computers, the update testing task will be considered to have failed. After the specified settings are applied, the updates testing task will be started before distribution of databases. The Administration Server will download updates from the source, save them to a temporary storage, and run the updates testing task. If the task completes successfully, the updates will be copied from the temporary storage to the shared folder on the Administration Server (Share\Updates folder) and distributed to all other computers for which the Administration Server is the source of updates. If the results of the updates testing task show that updates located in the temporary storage are incorrect or if the updates testing task completes with an error, such updates will not be copied to the shared folder, and the Administration Server will keep the previous set of updates. The tasks using the When new updates are downloaded to the repository schedule type are also not started. These operations will be performed at the next start of the Administration Server updates download task if testing of the new updates completes successfully. 266

267 U P D A T E If the Test updates before distributing box is checked, Administration Server updates download is considered finished only after completion of the updates testing task. Please note that the updates verification task initiates special update and on-demand tasks. They require some time. This should be kept in mind while making up the schedule for the Administration Server updates download task. The settings for test policies and auxiliary tasks can be modified. Please note that for correct testing of updates, it is necessary to: Save on Administration Server all events with severity levels Critical event and Error. Using the events of these types, the Administration Server analyzes the operation of applications. Use the Administration Server as the source of updates. If computer restart is required after the installation of updates to program modules, it should be performed immediately. It will be impossible to test the correct functioning of updates of this type if the computer is not restarted. For some applications installation of updates that require a restart may be prohibited or configured to prompt the user for confirmation first. These restrictions should be disabled in the application policies or task settings. The ichecker, iswift and istream scanning acceleration technologies should be disabled. Select the actions to perform over infected objects: Do not prompt for action / Skip / Log information to report. Specify the task schedule as Manually. Automatic removal of detected malicious objects is not recommended because files that have caused a false alarm will be then deleted from the computer and there will be no way to verify the alarm for that file after the next update. As a result, the update to anti-virus databases will be distributed to all computers managed by the Administration Server. The procedure of testing updates is as follows: 1. Once updates are copied to the temporary repository, the Administration Server starts the update tasks specified in the properties of the updates verification task: auxiliary group update tasks or update tasks for specific computers specially created by the administrator. As a result, updates to databases and program modules are distributed to the specifically assigned computers. Once updates are downloaded, the computers can be restarted to apply program patches. 2. After the updates are applied, the following checks are performed in accordance with the settings of the updates testing task: Checks of the status of real-time protection returned by anti-virus applications and the statuses of all realtime protection tasks; Launch of on-demand scanning tasks specified in the settings of the updates testing task: auxiliary group on-demand scanning tasks or on-demand scan tasks for specific computers specifically created by the administrator. 3. After completion of all the tasks on all computers specified in the updates testing task a conclusion about correct functioning of the updates follows. A set of updates is considered to be incorrect if one of the following conditions is met on at least one computer: an update task error has occurred; the status of real-time protection of an anti-virus application has changed after applying updates; an infected object was found during a scan; 267

268 R E F E R E N C E G U I D E a functional error of a Kaspersky Lab application has occurred. If none of the listed conditions is true for all the computers, the set of updates is considered to be correct and the updates verification task completes successfully. VIEWING DOWNLOADED UPDATES To view the updates downloaded by the Administration Server, in the console tree select the Repositories folder. The list of updates stored on the Administration Server will be displayed in the results pane. Updates To view the properties of an update, select the necessary update in the results pane and use the Properties command from the context menu. That will open the <Update name> Properties window (see the figure below). The General tab displays the following information: update name; number of records in the anti-virus database (this field is missing for updates to application modules); name and version of the application to which the update applies; size of the update saved on the Administration Server; date when the update was copied to the Administration Server; date of anti-virus database creation. Figure 232. Viewing properties of the downloaded update 268

269 U P D A T E AUTOMATIC DISTRIBUTION OF UPDATES Updates are distributed to client computers using the update tasks for applications. Slave Servers are updated by their Administration Server update download tasks. These tasks can run automatically immediately after the master Server downloads updates irrespectively of the schedule in task settings. AUTOMATIC DISTRIBUTION OF UPDATES TO THE CLIENT COMPUTERS To automatically distribute updates retrieved by the Administration Server to client computers after downloading: In the update task settings of a Kaspersky Lab application set the Administration Server as an update source, and select the When new updates are downloaded to the repository option on the Schedule tab. AUTOMATIC DISTRIBUTION OF UPDATES TO THE SLAVE SERVERS To automatically distribute updates retrieved by the master Administration Server to slave Servers after downloading: In the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Force update of slave Servers box. As a result, immediately after the updates are downloaded by the master Administration Server, updates retrieval by the slave Administration Servers will be automatically launched irrespectively of the schedule specified in the settings of those tasks. AUTOMATIC INSTALLATION OF UPDATES TO PROGRAM MODULES To install updates for program modules to the Administration Server automatically after downloading, in the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Update Administration Server modules box. To install updates for program modules to Network Agents automatically after downloading, in the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Update Network Agent modules box. As a result, immediately after the updates are downloaded by the master Administration Server, installation of updates to program modules will be started automatically. 269

270 R E F E R E N C E G U I D E CREATING THE LIST OF UPDATE AGENTS AND CONFIGURING THE AGENTS To create a list of Update Agents and configure them to distribute updates on the computers within a group, Select the Update Agents tab in the group properties window (see the figure below). Using the Add and Remove buttons, create the list of computers that will be used as Update Agents within the group. Figure 233. Creating the list of Update Agents To configure an Update Agent, select it in the list and press the Properties button. In the <Update Agent name> properties window that opens (see the figure below) you can: specify the port number used by the client to connect to the Update Agent. By default, port is used; if this port is in use, it can be changed; If the host running the Administration Server is specified as the Update Agent, port is used for connection by default. specify the port number used by the client to connect securely to the Update Agent using the Secure Sockets Layer (SSL) protocol. By default, port will be used; If the host running the Administration Server is specified as the Update Agent, port is used for the SSL connection by default. 270

271 U P D A T E activate the IP multicast mode to distribute installation packages automatically to clients in a group. To do this, check the Use multicast box and fill in the Multicast IP and IP multicast port number fields. If this box is checked, the installation packages and the group tasks' and policies' settings will also be applied on client computers using multicast IP delivery. When you are using multi-address IP delivery, the total traffic will become N timer smaller, where N stands for the total number of running computers in the administration group. For details on the distribution of installation packages using Update Agents, see the Implementation guide. Figure 234. The Update Agent properties window. The General tab To view an Update Agent statistics, click the View Update Agent statistics link. The displayed window (see the figure below) will contain the following information: Information about application databases: The time of the last synchronization with the Administration Server the last time when the Update Agent contacted the Administration Server to retrieve updates. Percentage of data obtained through multicasting ratio between the data transferred to client computers using multicasting and the data downloaded by the Update Agent from the Administration Server. The total number of synchronizations with the Administration Server how many times the Update Agent contacted the Administration Server. Amount of information sent using multicast distributions data (bytes) transferred by the Update Agent to the client computers using multicast delivery of application databases. 271

272 R E F E R E N C E G U I D E Amount of information downloaded by clients via TCP protocol data (bytes) transferred by the Update Agent to client computers over TCP. Time created date and time when the application databases downloaded by the Update Agent from Administration Server were created. Information about remote installation: Percentage of data obtained through multicasting ratio between the data transferred to client computers using multicasting and the data downloaded by the Update Agent from Administration Server. The total size of installation packages downloaded from the Administration Server the size of all installation packages downloaded by the Update Agent from the Administration Server. The total size of installation packages downloaded by the clients from Update Agent data (bytes) transferred by the Update Agent to client computers over the TCP protocol. Size of installation packages sent by Update Agent to the clients using multicast distributions data (bytes) transferred by the Update Agent to client computers using multicast delivery of application databases. Figure 235. The Update Agent statistics window UPDATE AGENT STATISTICS Kaspersky Administration Kit makes it possible to view information about the operation of the Update Agents. 272

273 U P D A T E To view Update Agent statistics: 1. Select the Update Agents tab in the group properties window (see the figure below). Figure 236. Selecting an Update Agent 273

274 R E F E R E N C E G U I D E 2. Select an Update Agent from the list and press the Properties button. This will open the update wizard settings window (see the figure below). Figure 237. Update Agent properties 274

275 U P D A T E 3. Click the Update Agent statistics link to open the Update Agent statistics window (see the figure below). Figure 238. Update Agent statistics THE TASK OF DOWNLOADING UPDATES BY THE UPDATE AGENTS Kaspersky Administration Kit makes it possible for the Update Agents to download updates. 275

276 R E F E R E N C E G U I D E To download updates for the Update Agents: 1. Select the Update Agents (see figure below) and click the Properties button. Figure 239. Selecting an Update Agent 276

277 U P D A T E 2. In the window that opens, select the Updates source tab (see the figure below). Figure 240. Selecting the updates source for the Update Agent 3. On this tab check the Use update download task box. Select a task from the list of created tasks for specific computers by pressing the Select button, or create a new task using the New task button (see the figure above). 277

278 MANAGING LICENSES Kaspersky Administration Kit features opportunities for centralized installation of licenses to client computers within administration groups, monitoring their status and renewal. When a license is installed using the Kaspersky Administration Kit services, all information about it is stored on the appropriate Administration Server. The information is used to generate reports on the status of installed licenses and for notifications about license expiration or about the threshold being exceeded for the maximum number of applications using a license. Parameters for notifications about the status of licenses are configured in the Administration Server settings. IN THIS SECTION Viewing information about installed licenses Installing a license Running the license installation task creation wizard Creating and viewing report on licenses Obtaining license using activation code Automatic distribution of license VIEWING INFORMATION ABOUT INSTALLED LICENSES To view information about all the installed licenses: Connect to the necessary Administration Server (see section "Managing Administration Servers" on page 26) and select the Repositories Licenses folder in the console tree. The results pane will display the list of licenses installed on the client computers. The following information will be displayed for each license: Serial number the license serial number. Type the type of installed license (for example, commercial or trial). Limit computers count restrictions imposed by the license. License period license validity period. Expiration date expiration date for the license. Application name of the application for which the license is valid. Current on the number of hosts on which the license is active at the moment. Backup on the number of hosts on which the license is used as backup. An icon corresponding to the type of its use will be displayed next to each license: information about the license used is obtained from the client computer connected to the Administration Server. This license is not stored in the Administration Server repository. 278

279 M A N A G I N G L I C E N S E S the license is stored in the Administration Server repository. The option of automatic installation of this license is not enabled. the license is stored in the Administration Server repository. The option of automatic installation of this license is enabled (see section "Automatic distribution of license" on page 284). To view information about a specific license, select the necessary license in the results pane and use the Properties command from the context menu. This will open the <Key serial number> properties window, which includes the General and Targets tabs. The General tab (see the figure below) contains the following license information: serial number; type; name of the application, for which the license is valid; license period; restrictions imposed in the license; the number of hosts on which the license is active at the moment; the number of hosts on which the license is reserved at the moment; 279

280 R E F E R E N C E G U I D E information about the license. Figure 241. License properties. The General tab The Objects tab (see the figure below) displays a list of client computers where the license is installed. This tab displays the following information: name of the client computer; administration group; whether this license is used as the current license; license expiration date; 280

281 M A N A G I N G L I C E N S E S activation date of the license on the client computer. Figure 242. License properties. The Objects tab The About the client tab contains information about the license owner obtained from the key file. You can check which licenses are installed for the application on a specific client computer by viewing the application properties configuration window. INSTALLING A LICENSE The license is installed using the license installation task. The task can be either a group task (see section "Creating a group task" on page 116), a task for specific computers (see section "Creating a task for specific computers" on page 129) or a local task (see section "Creating a local task" on page 136). When creating this task: specify the application for which you are installing this license as the application for which the task is being created; specify Add license key as the task type. 281

282 R E F E R E N C E G U I D E RUNNING THE LICENSE INSTALLATION TASK CREATION WIZARD To launch the license installation wizard, select the Licenses folder in the console tree and use the Add license command from the context menu. This will launch a wizard to create a task for specific computers; this wizard will skip the step which selects the task type, as the task type will be defined by default. The tasks created using the license installation task wizard are tasks for specific computers; they are located in the Tasks for specific computers folder of the console tree. When configuring the license installation task on the Properties tab (see the figure below), you can replace the key file for the installation and check the Use when active license expires box to use this license key as the application's backup license. If this box is unchecked, the license will be used as current. The License info field contains detailed information about the license. Figure 243. Configuring a license installation task CREATING AND VIEWING REPORT ON LICENSES To generate a report about the status of the licenses installed on the client computers, use the built-in Licensing Report template or create a new template (see section "Creating a report template" on page 189) of that type. 282

283 M A N A G I N G L I C E N S E S The report created using the Licensing Report template contains complete information about all licenses installed on all client computers (both current and reserve licenses), indicating which computers are using which keys, and the license restrictions. OBTAINING LICENSE USING ACTIVATION CODE To obtain a key using the activation code: 1. In the Repositories folder, open the context menu of the Licenses folder and select Create Add license. This will open the license adding wizard window. Press the Next button. 2. In the next wizard window, select Enter activation code. Press the Next button. Figure 244. Obtaining key using activation code 283

284 R E F E R E N C E G U I D E 3. In the window that opens, enter the activation code obtained when you purchased a commercial version of the application. If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field. Press the Next button. Figure 245. Entering the activation code 4. Press the Finish button to apply the changes. AUTOMATIC DISTRIBUTION OF LICENSE Kaspersky Administration Kit provides a capability to automatically distribute licenses located in the Administration Server license repository on the client computers. To automatically distribute the license to the client computers: 1. Select the Repositories Licenses folder in the console tree. 2. Select the license which you wish to distribute. 3. Open the context menu of this license and select Properties. 4. In the window that opens, check the Automatically installed license box. The license applies to the client computers on which the application is installed but which do not have a current license. The license will be installed using the Network Agent's tools. Additional license installation tasks for the application will not be created. The license will be applied as the active license. The license restriction will be verified during its installation. If the restriction is violated, the license will not be installed. 284

285 REPOSITORIES The Repositories folder is intended for operations with objects used to monitor the status of client computers and perform their maintenance. The information is displayed in folders containing the following lists: Installation packages that can be used to install on client computers. Updates downloaded by the Administration Server (see section "Update" on page 253), which can be distributed to client computers. Licenses installed on the client computers (see section "Managing licenses" on page 278). Objects quarantined on client computers by anti-virus applications. Backup copies of objects placed into Backup. Files assigned for postponed scanning by anti-virus applications. Applications deployed on corporate network hosts with the installed Network Agent. IN THIS SECTION Installation packages Quarantine Backup Unprocessed files Application registry INSTALLATION PACKAGES One of the most important features of Kaspersky Administration Kit is the remote installation of Kaspersky Lab applications and applications of third parties. In order to install the application using Kaspersky Administration Kit, you must create an installation package for this application. An installation package is a set of files required for the installation, and the settings related to the installation process and to the initial configuration of the application being installed (particularly, the file containing the Anti-Virus settings). A list of all created installation packages is provided in the Repositories tree. Installation packages folder of the console For details on the properties of the installation packages, see the Deployment Guide. QUARANTINE Kaspersky Administration Kit supports the possibility of keeping a centralized list of objects placed by Kaspersky Lab applications in their repositories. Network Agents send the information from client computers for storage in the database of the appropriate Administration Server. You can then use the Administration Console to view the properties of objects in local repositories, run anti-virus scanning of those repositories and delete the stored objects. 285

286 R E F E R E N C E G U I D E VIEWING THE PROPERTIES OF A QUARANTINED OBJECT To view the properties of a quarantined object, select the Repositories folder, then Quarantine. Select the necessary object in the results pane and use the Properties command from the context menu. The displayed window (see the figure below) will contain the following information about the object: name under which the object was delivered for processing by the anti-virus application; object description; action that was performed on the object by the anti-virus application; name of the computer on which the object is stored; status assigned to the object by the anti-virus application; name of the virus contained or possibly contained in the object; date when the object was quarantined or placed in backup; object size (in bytes); path on the client computer to the folder in which the object was originally located; name of the user who quarantined the object or placed it in backup. Figure 246. Viewing the properties of quarantined or backed-up objects 286

287 R E P O S I T O R I E S REMOVING AN OBJECT FROM QUARANTINE To remove an object from Quarantine, select the Repositories Quarantine folder in the console tree. Select the object you need in the results pane and use the Delete command from the context menu. As a result, the anti-virus application that placed the object into a backup storage on the client computer, will remove the object from Quarantine or from the Backup. SCANNING THE QUARANTINE FOLDER ON THE CLIENT COMPUTER To scan the Quarantine folder on a client computer, select the Repositories Quarantine folder, select the object you wish to scan in the results pane and use the Scan Quarantined Files command from the context menu or the corresponding item from the Action menu. As a result, the on-demand Quarantine folder scan task will be launched on the client computer for the anti-virus application that has quarantined the selected object. RESTORING AN OBJECT FROM THE QUARANTINE To restore an object from the Quarantine, select the Repositories Quarantine folder in the console tree. Select the necessary object in the results pane and use the Restore command from the context menu. As a result, the anti-virus application that has placed the object into a backup storage on the client computer, will restore the object to the original folder. SAVING AN OBJECT FROM THE QUARANTINE TO DISK Kaspersky Administration Kit lets the administrator save files that the anti-virus application has quarantined on the client computer, to the Administration Server. The file is downloaded to the computer, on which the Kaspersky Administration Kit is installed, and then saved to the directory specified by the administrator. To save an object from the Quarantine to the administrator's disk, select the Repositories Quarantine folder in the console tree. Select the necessary object in the results pane and use Save to disk from the context menu. As a result, the anti-virus application which has quarantined the object on the client computer will save the object to the directory specified by the administrator. BACKUP Kaspersky Administration Kit supports the possibility of keeping a centralized list of objects placed by Kaspersky Lab applications in their repositories. Network Agents send the information from client computers for storage in the database of the appropriate Administration Server. You can then use the Administration Console to view the properties of objects in local repositories, run anti-virus scanning of those repositories and delete the stored objects. 287

288 R E F E R E N C E G U I D E VIEWING THE PROPERTIES OF AN OBJECT PLACED INTO THE BACKUP To view the properties of a backed-up object, select the Repositories Backup folder in the console tree. Select the necessary object in the results pane and use the Properties command from the context menu. The displayed window (see the figure below) will contain the following information about the object: name under which the object was delivered for processing by the anti-virus application; object description; action that was performed on the object by the anti-virus application; name of the computer on which the object is stored; status assigned to the object by the anti-virus application; name of the virus contained or possibly contained in the object; date when the object was quarantined or placed in backup; object size (in bytes); path on the client computer to the folder in which the object was originally located; 288

289 R E P O S I T O R I E S name of the user who quarantined the object or placed it in backup. Figure 247. Viewing the properties of quarantined or backed-up objects REMOVING AN OBJECT FROM THE BACKUP To remove an object from the backup storage, select the Repositories Backup folder in the console tree. Select the object you need in the results pane and use the Delete command from the context menu. As a result, the anti-virus application that placed the object into a backup storage on the client computer, will remove the object from Quarantine or from the Backup. RESTORING THE OBJECT FROM THE BACKUP To restore an object from the backup storage, select the Repositories Backup folder in the console tree. Select the necessary object in the results pane and use the Restore command from the context menu. As a result, the anti-virus application that has placed the object into a backup storage on the client computer, will restore the object to the original folder. 289

290 R E F E R E N C E G U I D E SAVING AN OBJECT FROM THE BACKUP TO DISK Kaspersky Administration Kit lets the administrator save the files that the anti-virus application has placed in the Backup on the client computer to the Administration Server. The file is downloaded to the computer, on which the Kaspersky Administration Kit is installed, and then saved to the directory specified by the administrator. To save an object from the Backup to the administrator's disk, select the Repositories Quarantine folder in the console tree. Select the necessary object in the results pane and use Save to disk from the context menu. As a result, the anti-virus application which has placed the object into the backup storage on the client computer will save the object to the folder specified by the administrator. UNPROCESSED FILES Information about the files for which scheduled scanning and disinfection has been postponed, is available in the Repositories Unprocessed files folder. The folder contains information about all such files within the Administration Servers and client computers. Postponed processing and disinfection are performed upon request or after a specified event. You can configure the settings for postponed disinfection of a set of files. DISINFECTING THE OBJECT FROM THE UNPROCESSED FILES FOLDER To remove an object from the Unprocessed files folder, in the console tree select the Repositories Unprocessed files folder, select the object you wish to disinfect in the results pane, and use the Disinfect command from the context menu. The application attempts to disinfect the object: if the object is disinfected, information about it will be deleted from the list in the Unprocessed files folder; if disinfection is impossible, both information about the object and the object itself are deleted. SAVING THE OBJECT FROM THE UNPROCESSED FILES FOLDER TO DISK Kaspersky Administration Kit allows the administrator to save the files that the anti-virus application has placed in the Unprocessed files folder on the client computer. The file is downloaded to the computer, on which the Kaspersky Administration Kit is installed, and then saved to the directory specified by the administrator. To remove an object from the Unprocessed files folder to the administrator's disk, in the console tree, select the Repositories Unprocessed files folder. Select the necessary object in the results pane and use Save to disk from the context menu. The anti-virus application that has placed the object in the Unprocessed files folder on the client computer will save the object to the folder specified by the administrator. 290

291 R E P O S I T O R I E S REMOVING THE OBJECT FROM THE UNPROCESSED FILES FOLDER To remove an object from the folder, Unprocessed files in the console tree, select the Repositories Unprocessed files folder. Select the object you need in the results pane and use the Delete command from the context menu. As a result, the anti-virus application that has placed the object into the repository on the client computer will remove the object from the list in the Unprocessed files folder. APPLICATION REGISTRY Information about the applications installed in the network is stored in the applications registry. Information about the applications is based on the data received from client computers. Information about the applications installed on computers connected to slave Administration Servers is also collected and stored in the applications registry of the master Administration Server. Use a report to view this information, by enabling collection of data from slave Administration Servers (see section "Administration Servers hierarchy reports" on page 211). To view the applications registry: 1. In the console tree, open the Repositories. 2. Open the Applications registry folder. The results pane will display information about applications as a table (see the figure below). This table contains the following fields: Name application name; Version application version; Manufacturer vendor name; Number of computers the number of network hosts where the application is installed; Comments brief application description; Technical Support Service web site address of the Technical Support Service; Technical Support phone number phone number of the Technical Support Service. 291

292 R E F E R E N C E G U I D E The Comments, Technical Support Service and Technical Support phone number fields can be empty. Figure 248. Viewing the applications registry To view application information in a separate window: 1. Select the application from the list in the results pane. 2. Open the context menu and select the Properties command. The General tab of the window that opens (see the figure below) contains the following application data: name, version, manufacturer, manufacturer's comments, web site address and phone number of the technical support service. 292

293 R E P O S I T O R I E S Check the Publish installation event box to make the client computers report installation of that application to the Administration Server and register it in accordance with the parameters defined for the Monitored application from the applications registry was installed event in the Administration Server settings or in the policy of Kaspersky Administration Kit. Figure 249. The application properties window. The General tab 293

294 R E F E R E N C E G U I D E The Computers tab (see the figure below) contains a list of computers where the application is installed. Figure 250. The application properties window. The Computers tab To view the list of applications matching certain criteria, you can use a filter. To do this, perform the following actions: 1. Open the Applications registry folder. 2. Open the context menu and choose the Filter command. 3. In the window that opens (see the figure below), select the Specify filter option and specify values for the following settings: Enter the application name manually or select it from the drop-down list. The list contains all applications installed on client computers. The information is provided by the Network Agents installed on the computers based on the system registry data. Specify the application version. 294

295 R E P O S I T O R I E S Enter the name of the application vendor manually or select it from the drop-down list. Information in the list is provided for all client computers by the Network Agents installed on those hosts. Figure 251. The application search settings window 4. To display only installed applications in the Applications registry node, check the Show installed applications only box. 5. Press the OK button. The list of applications matching the specified parameters will appear in the results pane of the Applications registry folder. If information filtering is not necessary, select the option to Show all applications. As a result, the filter will be turned off. 295

296 ADDITIONAL FEATURES This section describes some additional features of Kaspersky Administration Kit designed to extend the opportunities for centralized management of applications in computer networks. IN THIS SECTION Monitoring anti-virus protection status using system registry data Mobile users Search Data backup Tracking virus outbreaks Automation of the Kaspersky Administration Kit operation (klakaut) Custom tools Configuring interface MONITORING ANTI-VIRUS PROTECTION STATUS USING SYSTEM REGISTRY DATA To view the anti-virus protection status of the client computer using the data written into the system registry by the Network Agent: 1. Open the system registry on the client computer (for example, locally by running regedit from the Start Run menu). 2. Select the branch: HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\ \Statistics\AVS tate The anti-virus protection status corresponds to the values of the keys listed in the table below. Table 1. List of registry keys and their possible values KEY (DATA TYPE) VALUE DESCRIPTION Protection_AdmServer (REG_SZ) Protection_AvInstalled (REG_DWORD) Protection_AvRunning (REG_DWORD) Protection_HasRtp (REG_DWORD) non-zero non-zero non-zero Real-time protection status: Name of Administration Server, managing the computer. An anti-virus application was installed on the computer. Real-time protection is enabled. Real-time protection component is installed. 296

297 A D D I T I O N A L F E A T U R E S KEY (DATA TYPE) VALUE DESCRIPTION 0 Unknown. 2 Disabled. 3 Paused. 4 Starting. 5 Enabled. 6 Enabled, high level of protection (maximum protection). 7 Enabled, recommended settings. 8 Enabled, user-defined settings. Protection_LastFscan (REG_SZ) Protection_BasesDate (REG_SZ) Protection_LastConnected (REG_SZ) 9 Failure. DD-MM-YYYY HH-MM-SS DD-MM-YYYY HH-MM-SS DD-MM-YYYY HH-MM-SS Date and time (in UTC format) of last full scan. Date and time (in UTC format) of last full scan. Date and time (in UTC format) of last connection to Administration Server. MOBILE USERS The Kaspersky Administration Kit features a capability to switch the Network Agent to other Administration Servers if the following network settings change: Subnet change the subnetwork address and mask. DNS domain change the DNS suffix for a subnetwork. Default gateway address change the address of the main network gateway. DHCP server address change the IP address of the network DHCP server. DNS server address change the IP address of the network DNS server. WINS server address change the IP address of the network WINS server. Windows domain accessibility change the status of the Windows domain to which a client computer is connected. The functionality is supported for the following operating systems: Microsoft Windows 2000 / XP / Vista; Microsoft Windows Server 2000 / 2003 / The initial settings of the Network Agent connection to the Server are defined during the installation of the Agent. The Network Agent will then respond to changes in the network layout provided that the switching rules are configured: The Network Agent connects to the Administration Server specified in the corresponding rule when the rule conditions are fulfilled, and the applications installed on client computers switch to mobile user policies provided that such behavior is enabled in the rule. If none of the existing rules applies, the Network Agent returns to the initial connection parameters defined during the installation and the applications installed on client computers return to the active policies. If the Administration Server is unavailable, the Network Agent will use mobile policies. 297

298 R E F E R E N C E G U I D E The settings of the Network Agent connection to the Server are saved in a profile. In addition, the profile also defines the rules for switching the client computers to policies for mobile users and restricts the profile use to updates downloading only. By default, the Network Agent switches to a mobile user policy if the Administration Server remains unavailable for longer than 45 minutes. The Network Agent switching profiles are configured in the policy or in the settings of the Network Agent. The list of profiles created for the Network Agent can be found in the Administration Server connection profiles section of the Connection tab. You can add or remove profiles and also edit profile settings using the Add, Remove and Properties buttons. The list of rules created for the profile is located in the Switch profiles section of the Connection tab. You can add or remove rules and also edit rules settings using the Add, Remove and Properties buttons. Rules are checked for a match to the network layout in the order of their appearance in the list. If a network matches several rules, the first one will be used. To change the order of rules in the list, use the buttons and. CREATING A PROFILE FOR THE MOBILE USERS In order to add a new profile to connect to the Administration Server: 1. Select the Network Agent policy in the console tree. 2. Open the context menu and select Properties. 3. Open the Network tab in the <Policy name> Properties window. 298

299 A D D I T I O N A L F E A T U R E S 4. Click the Connection profiles link to switch to the Network Agent settings configuration window (see the figure below). Figure 252. The Connection tab 299

300 R E F E R E N C E G U I D E 5. Press the Add button located in the Administration Server connection profiles section (see the figure above). This will open the tab settings configuration window (see the figure below). Figure 253. The New profile window 6. Specify values for the following settings of the Network Agent profile (see the figure above): Profile name. Address of the computer which is hosting the Administration Server. Port number to connect on. Port number to connect on if using SSL protocol. To connect through a secure port, i.e. using SSL protocol, check the Use SSL connection box. Proxy server settings. To do this, use the Configure connection via a proxy server link. If the Enable mobile policies box is checked, the applications installed on the client computer will work with the policies for mobile users even if the Administration Server specified in the profile is available. If the policies for mobile users are not defined, the regular current policy will be used. If this box is unchecked, applications will use active policies. If the Use to receive updates only option is enabled, the profile will only be used for downloading updates by the applications installed on the client computer. For other operations connection to the Administration Server will be established with the initial connection settings defined during the Network Agent installation. 7. Press the OK button to finish the operation. By default, the list contains only the <Not connected> built-in profile. The profile cannot be edited or removed. It does not contain a Server for connection and the Network Agent switching to it will not attempt to connect to any server while the 300

301 A D D I T I O N A L F E A T U R E S applications installed on client computers will work with the policies for mobile users. The <Not connected> profile can be used if computers get disconnected from the network. CREATING THE NETWORK AGENT SWITCHING RULE To create a rule for switching the Network Agent from one Administration Server to another whenever the network layout changes: 1. Select the Network Agent policy in the console tree. 2. Open the context menu and select Properties. 3. Open the Network tab in the <Policy name> Properties window. 4. Click the Connection profiles link to open the corresponding window. This will open the Network Agent settings configuration window (see the figure below). Figure 254. The Connection tab 5. Press the Add button located in the Switch profiles section (see the figure below). 6. In the window that opens (see the figure below): Enter the rule name in the upper entry field. Select the created profile from the Use connection profile drop-down list. 301

302 R E F E R E N C E G U I D E Use the Switch conditions section to create a list of rule conditions by pressing the Add, Modify, and Remove buttons. The conditions in a rule are combined using the logic "AND". Figure 255. The New rule window 7. Check the Rule activated box in order to activate the rule (see the figure above). 8. Press the OK button to finish operations with the rule. ADDING A CONDITION TO THE RULE To add a condition to the rule: 1. Select the Network Agent policy in the console tree, open the policy context menu and select Properties. 2. Open the Network tab in the <Policy name> Properties window. 302

303 A D D I T I O N A L F E A T U R E S 3. Click the Connection profiles link to open the corresponding window. (see the figure below). In this window you can edit the Network Agent switching settings. Figure 256. The Connection tab 4. Press the Add button located in the Switch profiles section (see the figure below). 303

304 R E F E R E N C E G U I D E 5. In the Switch conditions section press the Add button (see the figure below). Figure 257. The New rule window 6. Select from the drop-down list a value corresponding to the changes in the characteristics of the network to which the client computer is connected (see the figure below): Subnet change the subnetwork address and mask; DNS domain change the DNS suffix for a subnetwork; Default gateway address change the address of the main network gateway; DHCP server address change the IP address of the network DHCP server; DNS server address change the IP address of the network DNS server; WINS server address change the IP address of the network WINS server; 304

305 A D D I T I O N A L F E A T U R E S Windows domain accessibility change the status of the Windows domain to which a client computer is connected. Figure 258. List of network characteristics 305

306 R E F E R E N C E G U I D E 7. Press the Add button and specify the value at which the condition of switching the Agent to another Administration Server will be satisfied. Create the values necessary for the condition using the Add, Modify, and Remove buttons. Figure 259. Adding a value 8. Select when the condition will be considered fulfilled: Matches at least one value from the list. Does not match any of the values in the list. 9. Press the OK button to finish the operation. SEARCH To view information about an individual computer or a group of computers, you can use the computer search function based on the specified criteria. While searching for computers, information from slave Administration Servers can be enabled. Search results can be saved to a text file. The search feature can find: client computers in administration groups of an Administration Server and its slave Servers; computers that are not added to administration groups, but included in computer networks where an Administration Server and its slave Servers are installed; all computers in the networks where Administration Server and its slave Servers are installed regardless of whether they are in administration groups. To find computers, you can also use the following links: Find unassigned computers on the task pane of the Unassigned computers folder or Find computers on the Groups tab of the task pane of the Managed computers folder. While searching for computers, you can use the following regular expressions: 306

307 A D D I T I O N A L F E A T U R E S * any string of 0 or more characters;? any single character; [<range>] one character from the specified range or array, for example, [0 9] any digit or [abcdef] one of the following characters: a, b, c, d, e, f. DETECTING COMPUTERS To find a computer or a group of computers that match the specified criteria: 1. Use the context menu of the Administration Server node, the Unassigned computers folder or administration group folder to select Search. 2. In the right upper corner of the window, select Find client computers from the drop-down list. In the window that opens, specify the search criteria on the following tabs: Network, Network activity, Application, Computer status, Virus protection, Applications registry and Administration Servers hierarchy. 3. You can use the Network tab (see the figure below) to specify the following search criteria: Computer name in the logical network or IP address. Domain. Specify the domain to which the client computer belongs. IP address range. Specify the starting and ending IP addresses of the range. 307

308 R E F E R E N C E G U I D E Computer is located in Active Directory organization unit. Select the computer from the Active Directory group. Check the Including child organization units box if the computer is included in a specific unit of the Active Directory. Figure 260. Detecting computers. The Network tab 4. You can use the Network activity tab (see the figure below) to specify the following search criteria: Whether the computer acts as an Update Agent. To do this, in the Update Agent is drop-down list select one of the following values: Yes; No. Value for the Do not disconnect from the Administration Server parameter, which must be defined in the client computer properties. To do this, select one of the following values in the Feature "Do not disconnect from the Administration Server" drop-down list: 308

309 A D D I T I O N A L F E A T U R E S Enabled; Disabled. Whether the computer is connected to the Administration Server as the result of switching the connection profile. To do this, from the Connection profile switched list, select the required value. Time of the latest connection of the client computer with the Administration Server by checking the box in the corresponding field. Figure 261. Computer search. The Network activity tab 5. You can use the Application tab (see the figure below) to specify the following search criteria: Application name. Specify the name of the Kaspersky Lab application installed on the client computer. To do this, from the drop-down list, select the required value. The list provides only the names of applications with administration plug-ins installed in the administrator's workplace. Application version. Specify the version of the application installed on the client computer. 309

310 R E F E R E N C E G U I D E Critical update name. Specify the number or name of the updates package installed for the application. Last modules update. Specify the time period since the last update of the application modules installed on the client computer. Operating system version. Indicate the version of the operating system installed on the computer. Figure 262. Computer search. The Application tab 6. You can use the Computer status tab (see the figure below) to specify the following search criteria: Computer status. Select the current computer status: OK, Critical or Warning. Computer status description. Check boxes next to the conditions which must determine the selected status assigned to the client computer. 310

311 A D D I T I O N A L F E A T U R E S Real-time protection status. Select from the drop-down list the current status of the real-time anti-virus protection of the client computer. Figure 263. Computer search. The Computer status tab 7. You can use the Virus protection tab (see the figure below) to specify the following search criteria: Anti-virus database date. Specify the time interval during which the databases were released. Database records count. Define the numerical interval matching the number of database records. Last virus scan time. Indicate the time period during which a full scan of the client computer was last performed. 311

312 R E F E R E N C E G U I D E Viruses found. Define the numerical interval matching the number of found viruses. Figure 264. Computer search. The Virus protection tab 8. You can use the Applications registry tab (see the figure below) to specify the following search criteria: to search using data about an application, uncheck the Find by update box and specify the necessary parameters: Application name; Application version; Manufacturer. To search using information on an update installed for an application, check the Find by update box and specify the necessary parameters: Update name. 312

313 A D D I T I O N A L F E A T U R E S Update version. Manufacturer. Incompatible security application name. Select a third-party security application from the list. Figure 265. Computer search. The Applications registry tab Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the View Configuring interface menu and enable the option to Display application registry. 9. The Administration Servers hierarchy tab is used to specify whether the information stored on slave Administration Servers will be taken into account while searching for computers. 313

314 R E F E R E N C E G U I D E To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search. Figure 266. Detecting computers. The Administration Servers hierarchy tab 10. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found. 11. To save search results in a text file, press the Export to file button and specify the target file in the window that opens. SEARCHING FOR ADMINISTRATION GROUPS To find an administration group that matches the specified criteria: 1. Use the context menu of the Administration Server node or the administration group to select Search. 314

315 A D D I T I O N A L F E A T U R E S 2. In the left upper corner of the window, select Find administration groups from the drop-down list. In the window that opens, specify search criteria on the following tabs: General and Administration Servers hierarchy. 3. Use the General tab to specify the group name (see the figure below). Figure 267. Searching for an administration group. The General tab 4. The Administration Servers hierarchy tab is used to specify whether the information stored on slave Administration Servers will be taken into account while searching for computers. 315

316 R E F E R E N C E G U I D E To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search. Figure 268. Searching for an administration group. The Administration Servers hierarchy tab 5. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found. 6. To save search results in a text file, press the Export to file button and specify the target file in the window that opens. SEARCHING FOR THE SLAVE ADMINISTRATION SERVERS To find a slave administration Server that matches the specified criteria: 1. Use the context menu of the Administration Server node or the administration group to select Search. 316

317 A D D I T I O N A L F E A T U R E S 2. In the left upper corner of the window select Find slave Administration Servers from the drop-down list. In the window that opens, specify search criteria on the following tabs: General and Administration Servers hierarchy. 3. Use the General tab to specify the name of the Server (see the figure below). Figure 269. Searching for the slave Administration Servers. The General tab 4. The Administration Servers hierarchy tab is used to specify whether the information stored on slave Administration Servers will be taken into account while searching for computers. 317

318 R E F E R E N C E G U I D E To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search. Figure 270. Searching for a slave Administration Server. The Administration Servers hierarchy tab 5. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found. 6. To save search results in a text file, press the Export to file button and specify the target file in the window that opens. DATA BACKUP Backup copying allows you to move an Administration Server from one computer to another without data losses and restore information if the Administration Server database is transferred to another host or an upgrade to a newer version of Kaspersky Administration Kit is made. 318

319 A D D I T I O N A L F E A T U R E S To create a backup copy of the Administration Server data, use one of the following options: Using the Administration Console, create and launch data backup copying (see section "Data backup task" on page 319). On the computer running the Administration Server start up the klbackup utility (see section "Data backup and restoration utility (klbackup)" on page 321). This utility is included in the installation file of Kaspersky Administration Kit and after installation of the Administration Server it is located in the root of the program folder specified during application installation. To restore the Administration Server data, start the klbackup utility on the computer with the newly installed Administration Server. The names of the databases of the new and old SQL servers must be the same. DATA BACKUP TASK The backup task is an Administration Server task created by the Quick Start Wizard (see section "Quick Start Wizard" on page 18) or manually and placed in the Kaspersky Administration Kit tasks folder. To create an Administration Server data backup task: 1. Select the Kaspersky Administration Kit tasks node in the console tree, open its context menu and select the New Task command. 2. Create an Administration Server task (see section "Creating an Administration Server task" on page 128). Then select the following settings: Select Administration Server data backup (see the figure below) as the task type. Figure 271. Creating a task. Selecting the task type 319

320 R E F E R E N C E G U I D E While configuring the task (see the figure below) specify: the Backup folder, for saving the backup copy of the data; this folder must be write-accessible for both the Administration Server and for the SQL server on which the Administration Server database is installed; the password that will be used for encrypting/decrypting the Administration Sever certificate; re-enter the password in the field below. Figure 272. Creating a data backup task. Configuring the settings A backup copy of the data is created in the specified folder as a subfolder under a name that reflects the current date and time of the operation in the klbackup YYYY-MM-DD # HH-MM-SS format (where YYYY is the year, MM month, DD day, HH hour, MM minutes, SS seconds). The following information will be saved in this folder: information database of the Administration Sever (policies, tasks, application settings, events saved on the Administration Server); configuration information about the structure of the administration groups and client computers; repository of the installation files for deployment of applications (contents of the Packages folder); Administration Server certificate. If required, restrict the maximum number of backup copies (subfolders) that can be simultaneously located in Backup. To do this, check the Limit the number of backup copies saved box and specify the required number of copies. If the imposed restriction has been met, the previous, older copies stored in Backup will be removed. To configure an Administration Server backup data task: 1. Select the required task in the results pane of the Kaspersky Administration Kit tasks node, open its context menu and select the Properties command. 2. In the window that opens, select the Settings tab (see the figure below). This tab displays the same settings that were configured when the task was created: 320

321 A D D I T I O N A L F E A T U R E S folder for saving the backup data copy password that will be used for encrypting/decrypting the Administration Sever certificate; re-enter the password in the field below; restriction imposed on the number of backup copies. Specify the required values for these settings. 3. To confirm the settings, press the Apply or OK button. Figure 273. Configuring the data backup task DATA BACKUP AND RESTORATION UTILITY KLBACKUP Administration Server data can be copied for backup purposes and further restoration using not only the Administration Server task (see section "Data backup task" on page 319), but also the klbackup utility included in the distribution package of Kaspersky Administration Kit. Data is restored using only the klbackup utility, which can work in one of two modes: interactive (see section "Interactive mode of creating a backup copy and data restoration" on page 322); non-interactive (see section "Non-interactive mode of creating a backup copy and data restoration" on page 323); 321

322 R E F E R E N C E G U I D E INTERACTIVE MODE OF CREATING A BACKUP COPY AND DATA RESTORATION For an interactive mode of creating a backup copy of the Administration Server data: 1. Start up the klbackup utility located in the C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit directory. 2. In the wizard window that opens, select the action (see the figure below): Backup Administration Server data. Restore Administration Server data. If you enable the option to Restore or backup Administration Server Certificate only, the wizard will save or restore just the Administration Server certificate. Press the Next button. Figure 274. Data backup 322

323 A D D I T I O N A L F E A T U R E S 3. In the next window specify the Password and Backup destination folder (see the figure below). Press the Next button to perform backup. Figure 275. Creating the backup destination folder NON-INTERACTIVE MODE OF CREATING A BACKUP COPY AND DATA RESTORATION For a non-interactive mode of creating a backup copy of the Administration Server data on the computer where the Administration Server is installed, install the klbackup utility with the required set of command line options. Utility command line syntax: klbackup [-logfile LOGFILE] -path BACKUP_PATH [-use_ts] [-restore] -savecert PASSWORD If the password is not entered in the command line of the klbackup utility, the utility will prompt you to enter it in the interactive mode. The command line parameters are as follows: -logfile LOGFILE save a report about copying/restoring the Administration Server data; -path BACKUP_PATH save information in the BACKUP_PATH folder / restore user data from the BACKUP_PATH folder (required parameter); The database server account and the klbackup utility must have access rights to modify data in the BACKUP_PATH folder. 323

324 R E F E R E N C E G U I D E -use_ts when saving the data, copy information into the folder under the name that reflects the current date and time of the operation in format klbackup YYYY-MM-DD # HH-MM-SS in the BACKUP_PATH folder. If no modifier is specified, information will be saved in the root of the BACKUP_PATH folder. When attempting to save information to the folder in which a backup copy already exists, an error message will appear and no update will occur. The use of the -use_ts option can maintain the archive of the Administration Server data. For example, if the C:\KLBackups folder was specified using the -path modifier, then information about the Administration Server status as of June 19, 2006, 11:30:18 will be saved in the klbackup # folder. -restore restore the Administration Server data. The data will be restored based on information stored in the BACKUP_PATH folder. If the modifier is missing, the data will be copied into the BACKUP_PATH folder. -savecert PASSWORD save or restore the Administration Server certificate using the password specified in the PASSWORD setting for encrypting/decrypting the certificate. Full restoration of the administration system data requires mandatory saving of the Administration Server certificate. When restoring the certificate, the password matching the password provided during backup copying must be provided. If the password is incorrect, the certificate will not be restored. If during the restoration of the Administration Server data, the path to the shared folder has changed, you should verify correct execution of tasks in which the folder is used (update, remote deployment tasks) and, if necessary, change the settings. MOVING THE ADMINISTRATION SERVER TO A DIFFERENT COMPUTER To move the Administration Server to a different computer: 1. Create a backup copy of the Administration Server data. 2. Install a new Administration Server. To simplify moving the administration groups, it is desirable that the new server's address match the old server's address. The address (computer's name in the Windows network or IP address) is indicated in the Network Agent's settings as part of the parameters used to connect to the Server. 3. Restore the old server's data from the backup copy on the new Administration Server. 4. If the addresses (computer's name in the Windows network or the IP address) of the new and the old servers do not match, create a Change Kaspersky Administration Server task on the old server for the Managed computers group to connect the client computers to the new Server. If the addresses match, there is no need to create the server change task as the connection will be made using the Server address specified in the settings. 5. Remove the old Administration Server. To move the Administration Server to a different computer, and change the Administration Server database: 1. Create a backup copy of the Administration Server data. 2. Install a new SQL server. 324

325 A D D I T I O N A L F E A T U R E S To ensure that the information is moved correctly, the database on the new SQL server must have the same collation as the old SQL server being replaced. 3. Install a new Administration Server. The names of the databases of the new and old SQL servers must be the same. To simplify moving the administration groups, it is desirable that the new server's address match the old server's address. The address (computer's name in the Windows network or IP address) must be indicated in the Network Agent's settings as part of the parameters used to connect to the Server. 4. Restore the old server's data from the backup copy on the new Administration Server. 5. If the addresses (computer's name in the Windows network or the IP address) of the new and the old servers do not match, create a Change Kaspersky Administration Server task on the old server for the Managed computers group to connect the client computers to the new Server. If the addresses do match, there is no need to create the server change task as the connection will be made automatically. 6. Remove the old Administration Server. TRACKING VIRUS OUTBREAKS Kaspersky Administration Kit allows control over virus activity on client computers using the Virus outbreak event registered in the Administration Server operation. ENABLING VIRUS OUTBREAK DETECTION To ensure that the Virus outbreak event is registered in administration groups and that a notification about it is issued: 1. In the console tree select the node corresponding to the necessary Administration Server, open the context menu and use the Properties command. This will open the Administration Server <server name> Properties dialog window. 325

326 R E F E R E N C E G U I D E 2. On the Virus outbreak tab (see the figure below) check the boxes next to the names of the required types of anti-virus applications, and specify parameter values that determine the threshold of virus activity. Any time that a threshold is exceeded will be considered as increased virus activities producing a Virus outbreak event. Figure 276. Viewing the Administration Server properties. The Virus outbreak tab 326

327 A D D I T I O N A L F E A T U R E S 3. Use the Events tab (see the figure below) while configuring Critical events to select the Virus outbreak event type and specify the notification settings. Figure 277. Viewing the Administration Server properties. The Events tab 327

328 R E F E R E N C E G U I D E 4. In policies for all anti-virus applications use the Events tab (see the figure below) to configure the Critical event to select the Infected objects detected type of events and in the properties window of this event check the On Administration Server for (days) box. Figure 278. Editing a policy. The Events tab To count the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events, only information from the client computers of the master Administration Server is to be taken into account. For each slave Server the Virus outbreak event is configured individually. CHANGING THE APPLICATION POLICY WHEN A VIRUS OUTBREAK EVENT IS REGISTERED To ensure that the current application policy changes once a Virus outbreak event occurs: 1. Open the Administration Server properties window. 2. Select the Virus outbreak tab. 3. Click the Configure policies to activate on "Virus outbreak" event link and use the window that opens (see the figure below) to: 328

329 A D D I T I O N A L F E A T U R E S Select the virus outbreak type according to the application type: Anti-Virus for workstations and servers, Anti-Virus for mail servers, Anti-Virus for perimeter protection. Figure 279. Configuring the Virus outbreak event. Selecting the policies for activation In the appropriate field create the list of policies using the buttons to the right: To add a policy to the list, press the Add button and in the Select a policy window (see the figure below) check the box of the required policy in the suggested tree. If you select an administration group, then all the policies of that group will be marked for addition to the list. 329

330 R E F E R E N C E G U I D E To remove a policy from the list, select the policy and press the Delete button (see the figure above). Figure 280. The group selection window AUTOMATION OF THE KASPERSKY ADMINISTRATION KIT OPERATION (KLAKAUT) Operation of the Kaspersky Administration Kit can be automated using the klakaut automation object. This utility and its help system are located in the application installation folder in the klakaut subfolder. CUSTOM TOOLS Kaspersky Administration Kit makes it possible to create a list of external tools, i.e. applications, which will be invoked for a client computer from the Administration Console using the Custom tools command of the context menu. Each tool in the list will be associated with a separate menu command, which the Administration Console uses to start the application corresponding to that tool. The application starts on the administrator's workstation, i.e. the computer with the installed Administration Console. The application can accept the attributes of a remote client computer as command line options (NetBIOS name, DNS name, IP address). The remote computer can be accessed via a specifically opened tunneled connection. The default list of custom tools contains the following service programs for each client computer: Remote diagnostics Kaspersky Administration Kit remote diagnostics utility. Remote Desktop standard Windows Remote Desktop Connection component. Computer management standard Windows component. You can add or remove custom tools and edit their settings using the Add, Remove, and Modify buttons. CONFIGURING INTERFACE Kaspersky Administration Kit makes it possible to configure the Administration Console interface. 330

331 A D D I T I O N A L F E A T U R E S To change the specified interface settings: 1. In the console tree switch to the Administration Server. 2. Open the context menu and select View Configuring interface. This will open the corresponding window (see the figure below). Figure 281. Viewing the group properties. The Configuring interface window 3. In the window that opens, specify the following parameters: Display slave Administration Servers. Display security settings tabs. Display application registry. The maximum number of computers displayed in console nodes. This setting determines the number of computers displayed in the Administration Console results pane. The default value is If the number of computers in the group exceeds the specified value, a corresponding notification will be displayed on the screen. To view the list of all computers, increase the parameter value. The parameter defined for the maximum number of displayed hosts in the settings of a group (or domain) applies to all groups on all hierarchy levels and for all domains. 331