TDR and Kaspersky Integratin Guide
i WatchGuard Technlgies, Inc.
TDR and Kaspersky Deplyment Overview Threat Detectin and Respnse (TDR) is a cllectin f advanced malware defense tls that crrelate threat indicatrs frm Firebxes and Hst Sensrs t enable real-time, autmated respnse t stp knwn, unknwn, and evasive threats. As part f the TDR slutin, yu install TDR Hst Sensrs t prvide endpint prtectin. In sme cases, the TDR Hst Sensr might have cnflicts with the antivirus sftware installed n yur endpints. T reslve this issue, yu can cnfigure exclusins in the antivirus sftware and in TDR. This dcument describes the steps t deply a TDR Hst Sensr n a hst that runs Kaspersky sftware. This dcument des nt describe all steps necessary t set up yur Threat Detectin and Respnse accunt. Befre yu begin, make sure t set up yur TDR accunt and enable TDR n the Firebx. Fr infrmatin abut hw t set up yur TDR accunt, TDR deplyment best practices, and hw t enable TDR n a Firebx, see Quick Start Set Up Threat Detectin and Respnse. TDR and Kaspersky Integratin Guide 1
Cnfiguratin Summary T avid cnflicts between the TDR Hst Sensr and Kaspersky, add these exclusins: Exclusins in TDR fr Kaspersky Fr Windws: C:\PrgramData\KasperskyLab\ C:\PrgramData\Kaspersky Lab Setup Files\ C:\PrgramData\Kaspersky Lab\ C:\Prgram Files(x86)\Kaspersky Lab\ C:\Prgram Files\Kaspersky\ C:\Windws\Temp\klsc-*\ Exclusins in Kaspersky fr the TDR Hst Sensr Fr Windws: 64-bit Windws C:\Prgram Files(x86)\WatchGuard\Threat and Respnse\ 32-bit Windws C:\Prgram Files\WatchGuard\Threat and Respnse\ Exclusins in TDR fr Kaspersky Fr Mac: /Applicatin/Kaspersky Endpint Security/ /Applicatin/Kaspersky Internet Security/ /Library/Applicatin Supprt/Kaspersky Lab/ Exclusins in Kaspersky fr TDR Fr Mac: /usr/lcal/watchguard/ If the Hst Sensr and Kaspersky detect and respnd t a threat at the same time, this can cause high utilizatin f system resurces such as CPU, Memry and Disk I/O. 2 WatchGuard Technlgies, Inc.
Cnfiguratin Details T cmplete this deplyment, yu must have: An active Threat Detectin and Respnse subscriptin with Hst Sensr licenses Firebx with Fireware v12.0 r higher Kaspersky Endpint Security Kaspersky Endpint Security 10.3.0.6.6294 Kaspersky Endpint Security Clud build 3.0.1.741 Kaspersky Small Office Security 5 17.0.0.611 Windws. Kaspersky Internet Security Mac The Windws test envirnment fr this deplyment included: Windws 7,8,10 Enterprise Operating System Memry (RAM) 4 GB Prcessr 2 CPU Cres The Mac test envirnment fr this deplyment included: Sierra versin 10.13.2 Memry (RAM) 8 GB Prcessr 2.6GHz Intel Cre i5 TDR and Kaspersky Integratin Guide 3
Cnfigure Exclusins in TDR In yur TDR accunt, add the exclusins t manually identify paths fr files and prcesses that yu d nt want Hst Sensrs t mnitr. Befre yu deply a Hst Sensr n cmputers that have Kaspersky installed, Add exclusins fr the Kaspersky file paths as TDR Exclusins in yur TDR accunt. T exclude Kaspersky directries, add exclusins with these paths in yur TDR accunt. Flders specified in an exclusin must end with a backslash. Exclusins fr Windws: C:\PrgramData\KasperskyLab\ C:\PrgramData\Kaspersky Lab Setup Files\ C:\PrgramData\Kaspersky Lab\ C:\Prgram Files(x86)\Kaspersky Lab\ C:\Prgram Files\Kaspersky\ C:\Windws\Temp\klsc-*\ Exclusins fr Mac: /Applicatin/Kaspersky Endpint Security/ /Applicatin/Kaspersky Internet Security/ /Library/Applicatin Supprt/Kaspersky Lab/ T add an exclusin in TDR: 1. Lg in t yur TDR accunt r managed accunt as a user with Operatr privileges. 2. Select Cnfiguratin > Exclusin. 3. Click Add Exclusin. The Add Exclusin dialg bx appears. 4. In the Path text bx, type the path t exclude. 5. Click Save. Repeat these steps t add each exclusin. 4 WatchGuard Technlgies, Inc.
Cnfigure Exclusin in Kaspersky T exclude TDR Hst Sensr files n Windws add an exclusin: C:\Prgram Files(x86)\WatchGuard\Threat and Respnse C:\Prgram Files\WatchGuard\Threat and Respnse T add an exclusin in Kaspersky Small Office Security: 1. Click Setting. The Setting page appears. 2. Select Additinal n the left panel. A list f ptins appears n the right panel. 3. Select Threats and Exclusins n the right panel. The Threat and exclusin setting page appears. 4. Click Exclusin > Manage exclusin. 5. Click Add. 6. In the File r flder text bx, type the path t exclude. 7. Click Add. T exclude TDR Hst Sensr files n Mac add an exclusin: /usr/lcal/watchguard/ T add an exclusin in Kaspersky: 1. Lg in yu Kaspersky clud accunt. 2. Click Security prfiles in yur clud hme page. 3. Click Default. Select Mac in Operating system. 4. Select Advanced. Click Settings after the Threats and exclusins. 5. Click Settings after the Scan exclusins. 6. Click Add and type in the Cmment, TDR path and Object name. 7. Click Save buttn. Fr infrmatin abut the integratin testing methds, see TDR Testing Methdlgy. TDR and Kaspersky Integratin Guide 5
Abut This Guide Guide Type Dcumented Integratin WatchGuard r a Technlgy Partner has prvided dcumentatin demnstrating integratin. Guide Details WatchGuard prvides integratin instructins t help ur custmers cnfigure WatchGuard prducts t wrk with prducts created by ther rganizatins. If yu need mre infrmatin r technical supprt abut hw t cnfigure a third-party prduct, see the dcumentatin and supprt resurces fr that prduct. Infrmatin in this guide is subject t change withut ntice. Cmpanies, names, and data used in examples herein are fictitius unless therwise nted. N part f this guide may be reprduced r transmitted in any frm r by any means, electrnic r mechanical, fr any purpse, withut the express written permissin f WatchGuard Technlgies, Inc. Guide revised: 2/6/2018 Cpyright, Trademark, and Patent Infrmatin Cpyright 1998 2018 WatchGuard Technlgies, Inc. All rights reserved. All trademarks r trade names mentined herein, if any, are the prperty f their respective wners. Cmplete cpyright, trademark, patent, and licensing infrmatin can be fund in the Cpyright and Licensing Guide, available nline at http://www.watchguard.cm/wgrd-help/dcumentatin/verview. Abut WatchGuard WatchGuard Technlgies, Inc. is a glbal leader in netwrk security, prviding best-in-class Unified Threat Management, Next Generatin Firewall, secure Wi-Fi, and netwrk intelligence prducts and services t mre than 75,000 custmers wrldwide. The cmpany s missin is t make enterprisegrade security accessible t cmpanies f all types and sizes thrugh simplicity, making WatchGuard an ideal slutin fr Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washingtn, with ffices thrughut Nrth America, Eurpe, Asia Pacific, and Latin America. T learn mre, visit WatchGuard.cm. Fr additinal infrmatin, prmtins and updates, fllw WatchGuard n Twitter, @WatchGuard n Facebk, r n the LinkedIn Cmpany page. Als, visit ur InfSec blg, Secplicity, fr real-time infrmatin abut the latest threats and hw t cpe with them at www.secplicity.rg. Address 505 Fifth Avenue Suth Suite 500 Seattle, WA 98104 Supprt www.watchguard.cm/supprt U.S. and Canada +877.232.3531 All Other Cuntries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Cuntries +1.206.613.0895 TDR and Kaspersky Integratin Guide 6