Installing ksc. Installing Kaspersky Security Center

💖 Like it? Share the link with your friends
0
The article examines the product of Kaspersky Lab Kaspersky Endpoint Security and its use in a corporate environment, using the example of our clients

Good day, dear visitor. From the title of the article, you already understood that today we will talk about protection. In one of the previous articles, I reviewed a product related to this area of ​​​​IT, which showed itself well. Today I will tell you about an equally interesting product of Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be covered in a Hyper-V virtual environment, on Generation 2 machines. Server part will be implemented on the OS domain controller Windows Server 2012 R2, Windows Server 2012 R2 AD mode, and the client is on Windows 8.1.

It should be noted that we constantly use this product in our IT outsourcing practice.

What is Kaspersky Endpoint Security?

Kaspersky Endpoint Security for Windows combines world-class anti-malware technologies with Application Control, Web Control, Device Control, and data encryption - all within a single application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.

Opportunities:

  • Single application
  • Single console
  • Uniform Policies

Kaspersky Endpoint Security for Windows is a single application that includes a wide range of critical security technologies, such as:

  • Malware protection (including firewall and intrusion prevention system)
  • Workplace control
  • Application Control
  • Web Control
  • Device control
  • Data encryption

Kaspersky Endpoint Security differs in the set of incoming modules that contain a different number of modules depending on the edition:

  • STARTING,
  • STANDARD
  • ADVANCED
  • Kaspersky Total Security for Business

In our case, we will use ADVANCED.

The following features are available as part of the Kaspersky Endpoint Security for Business START-UP solution:

The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:

  • Malware protection, firewall and intrusion prevention system
  • Workplace control
  • Application Control
  • Web Control
  • Device control

…as well as other Kaspersky Lab technologies for IT security

The following features are available as part of Kaspersky Endpoint Security for Business ADVANCED and Kaspersky Total Security for Business:

  • Malware protection, firewall and intrusion prevention system
  • Workplace control
  • Application Control
  • Web Control
  • Device control
  • Encryption
    …as well as other Kaspersky Lab technologies for IT security.

Architecture

Server part:

  • Kaspersky Administration Server Security Center
  • Administration Console of Kaspersky Security Center
  • Kaspersky Security Center Network Agent

Client side:

  • Kaspersky Endpoint Security

So let's get started

Installing the administration server

In our case, the administration server will be installed on the AD controller in Windows mode Server 2012 R2. Let's start the installation:

I forgot to clarify, we will use Kaspersky Security Center 10. Install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10

In the next window of the wizard, select the path for unpacking the distribution and click "Install".

After unpacking the distribution kit, we are greeted by the Kaspersky Security Center installation wizard, after clicking the "Next" button, the wizard asks "Network size", because we will have only two clients, one x86, and the other x64 bit, then we indicate “Less than 100 computers on the network”.



Set the account under which the "Administration Server" will start. In our case, the domain administrator account.



Kaspersky Security Center stores all its data in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you already have a DBMS installed, you can select the name of the SQL server and the name of the database.



At the stage "Address of the administration server", the wizard asks you to specify the address of the server, because Since we have AD and DNS integrated, it would be wiser to specify the server name.



After selecting plug-ins for management, the installation of Kaspersky Security Center will begin.



After successful installation and the first launch of Kaspersky Security Center, we are greeted by the initial setup wizard, in which we can specify the key, accept the agreement to participate in KSN, and specify the email address for notifications.




The update parameters are also specified and a policy with tasks is created.



After installation on our server will be installed:

  • Administration Server
  • Administration Console
  • Administration Agent

But Kaspersky Endpoint Security will not be installed. Let's perform a remote installation, because If the network agent is already installed, then we will be able to deploy Kaspersky Endpoint Security to the server. If there is no Network Agent and all incoming connections are denied in the Firewall Windows Remote installation fails. Expand the Remote Install node and select Run the Remote Install Wizard. Select the installation package and click the "Next" button



In the "Select computers for installation" window, select the installation option for computers located in administration groups. Then select the server and click the "Next" button.



A system restart will be required after updating important modules of Kaspersky Endpoint Security, as the package is new enough, then a reboot is not needed. In the choice of credentials, we will leave everything by default, i.e. empty. After clicking the "Next" button, we will see the installation progress of Kaspersky Endpoint Security.


Create groups

Because Since the policies and tasks intended for servers differ from the policies and tasks for workstations, we will create groups corresponding to the type of administration for different machines. Expand the "Managed computers" node and select "Groups", click "Create subgroup". Let's create two subgroups, "Workstations" and "Servers". From the "Managed computers - Computers" menu, using "drag and drop” or “cut & copy”, move “DC” to the “Servers” group and create a policy and tasks for this group different from the tasks and policies in the “Managed computers” node.

Installing Kaspersky Endpoint Security

To install Kaspersky Endpoint Security remotely, disable UAC during installation. The requirement is "uncomfortable" so we will create a Windows Firewall policy in the GPO that will allow incoming connection with the following predefined "File and Printer Sharing" rule.

After configuring and distributing Group Policy, let's go to the administration console. Expand the "Administration Server" node and select "Install Kaspersky Anti-Virus", click "Start Remote Installation Wizard". In the window of the installation package selection wizard, select the required package and click "Next". Select clients in the "Unassigned computers" group and click "Next".

In the next window, leave everything as default and click "Next". After the window with the key selection, the wizard offers to ask the user about rebooting the system after the installation of Kaspersky Endpoint Security is complete, leave it by default and click Next. At the "Remove incompatible programs" step, you can make adjustments, of course, if they are needed. Next, the wizard suggests moving client computers to one of the groups, in our case, moving them to the Workstations group.







As we can see, the console "talks" about the successful installation of Kaspersky Endpoint Security on client stations.



As we can see, after the installation, the administration server transferred the client machines according to the condition in the remote installation task.



Kaspersky Endpoint Security on the client machine.


Let's create a policy for client stations, in which we enable "Password protection", this is necessary, for example, if the user wants to turn off the antivirus.

Let's try to disable protection on the client machine.



Rules for moving computers

On the administration server, you can set up movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security is installed on a newly discovered PC. This is useful in a scenario where a new PC has been installed in an organization.

To automate the deployment of Kaspersky Endpoint Security, let's define movement rules for computers. To do this, select the "Unassigned computers" node and select the "Configure rules for moving computers to administration groups" item and create a new rule.




In the created rule, a new detected PC will be added to the "Workstations" group from the specified range of IP addresses.

Next, let's create a task to automatically deploy anti-virus protection for machines on which it is not installed. To do this, select the "Workstations" group and go to the "Tasks" tab. Let's create a task to install anti-virus protection with the "Immediate" schedule.

So, we see that the client computer has been added to the Workstations group.

Let's go to the "Tasks" tab and see that the installation task is running.



Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated remote installation on one of them, after that, the anti-virus was removed to demonstrate this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection, a machine with anti-virus protection was not affected. After installing anti-virus protection, the KES policy will be applied to this client computer.

Reports

The reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report "About versions of Kaspersky Lab applications".

The report, in some detail, displays information about installed programs Kaspersky Lab. You can see how many agents, client solutions and servers are installed. Reports can be removed and added. You can also view the status of anti-virus protection using the "Computer Selection", which helps you conveniently sort computers with infected objects or critical events.

In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was considered. Management is really convenient and intuitive. But it is worth noting the huge workload of client systems during the search for viruses and potential threats, this workload is mainly due to heuristic analysis, which requires quite a few resources. The product is very easy to administer and is suitable for both AD and workgroup environments. This product is installed by many of our customers and shows itself only from the good side.

Everything, people, peace be with you!

A large number of articles describe - how to remotely install an application on multiple computers in a domain network (AD). But many are faced with the problem of finding or creating suitable packages. Windows installation Installer (MSI).

Really. In order to install for all users of the group, for example, FireFox, you either need to build the MSI package yourself (), or download the appropriate one on the appropriate site. The only thing is that in the first case - in fact - a task that is not very trivial, but in the second - we get a package configured in the way its creator wanted, and even modified in fact (doubtful, but minus).

If your organization uses Kaspersky Lab products as anti-virus protection - and you use the administration server - you can remotely install applications even from *.exe packages using keys - to control installation settings.

Silent installation options

Most programs can be installed in "silent" mode, for example, there is a table with a large number of frequently used programs, and supported parameters passed during installation. You can also find a large number of transmitted installation parameters.

Thus we need:

  • Download the standard distribution of the program we need from the developer's website (or where you usually get them from)
  • Find on the Internet which "silent" installation keys are supported by the program you are using
  • Install the application on a user's PC using Kaspersky Security Center
To do this, you need to prepare an installation package in Kaspersky Administration Kit (KSC). And by task or manually set to required computers.
Administration panel - gives full control (during installation) comparable to administration through Win-server's group policies, and for me it's even more convenient - less tricks - less chance of making a mistake;)

If you assign software installation manually, or all your users use the same set of programs, you can skip this section, but if different departments in your organization install different software, these departments can be assigned different groups for which different tasks will be used .

User groups in KSC are divided - similar to the structure used in AD - directories and subdirectories. Tasks and policies used in parent groups apply to all child groups.

Thus, for example, all users of the company can install FireFox and Chrome, and only Photoshop designers.

So let's get started:

1) To create an installation package, go to the "Installation packages" subsection of the "Storage" section in the KSC control panel. There we will see a list of created IPs, the ability to create a new one, as well as edit or delete an existing one.

Creating a new installation package is simple: you specify its name (how it will be displayed in KSC), select "UI for the program specified by the user", specify the path to the program (exe, bat, cmd, msi) and specify the launch options (silent settings).

The specified package can then be used to install on remote computers.

2) Now we need to create a task to install the created package. If you have worked with KSC before, or with its previous counterpart Adminkit. The very process of creating a task is not difficult for you.

You can either create a task by going to the folder of the corresponding group, and going to the "Tasks" tab - create new task. Or By going to the "Tasks for sets of computers" section, create a new task.
Specify the name of the created task, and select the task type "Remote installation of the program".

We select the program that we want to install, which user groups this task will be assigned to, and specify the user who is allowed to install the software on all of the computers used (usually a domain administrator).

The only thing, in terms of settings, is that we are limited only to those parameters that the developer allows to pass when installing the program, and set up a proxy server in the browser via command line we are unlikely to succeed. But here standard AD group policies come to our aid. After all, usually alternative browsers use system proxy settings, and we can assign them to the right users through AD. ;)

Kaspersky Endpoint Security 10 for Windows is one of the best solutions, allowing you to protect a private local network, or an organization's network. The program is installed on a computer that is a base station, but protects all network components. This scheme of work allows you to save on licenses, because it is enough to provide one computer with anti-virus software, and not all. That is why Kaspersky Endpoint Security is the best option for large organizations.
Like other Kaspersky products, Endpoint security has all the necessary elements for comprehensive protection. They work independently of each other, which allows you to configure the protection parameters with the highest precision. For example, you can turn off verification of uploaded files, but leave site security tracking. Thus, maximum speed and efficiency is achieved. You can download Kaspersky Endpoint Security for free to evaluate it functionality and the quality of the GUI. The program can be easily installed on ordinary home computers under Windows control 7/8/10. Of course, both 32 and 64 bit versions are supported.

Technically, this version is a regular anti-virus software, which has added special tools for centralized communication of several devices, as well as a number of specific utilities that guarantee greater security when working on the network. With Endpoint Security, you can be sure that your organization's data will remain secret and spyware of all kinds will not be able to access it.

Many tests have been carried out which show that Windows system, supplemented by the Kaspersky anti-virus solution, is not susceptible to all existing threats. This is also facilitated by cloud technology, which determines malware not only by signatures, but also by the behavioral characteristics of the program. This approach does not allow downloading files infected with unique viruses on a computer with Kaspersky Endpoint Security installed.

Additional features of KES 10:

  • Control of devices installed on the computer;
  • Network and browser status control;
  • IM and mail protector;
  • Encryptor of hard and removable drives;
  • Anti DDoS.

This material was prepared for specialists involved in the management of anti-virus protection and security in the enterprise.

This page describes and analyzes the most interesting features of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was compiled based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are undergoing the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, IT specialists often do not know the most interesting moments in the work of new versions of products that really help make life easier for these same IT professionals, while at the same time increasing the level of security and reliability.

After reading this article and watching the videos, you will be able to briefly get acquainted with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.

1. Installing the Kaspersky Security Center 10 Administration Server.

You can find the necessary distributions on the official website of Kaspersky Lab:

ATTENTION! To distribution full version Kaspersky Security Center is already included in the distribution kit of Kaspersky Endpoint Security of the latest version.

First of all, I would like to tell you how to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from installing the administration server and the central management console of Kaspesky Security Center (KSC ). With this console, you can deploy anti-virus protection on all computers in your institution much faster. In this video, you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer of an anti-virus solution for client computers, which even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains everything 2 buttons - "Install" and "Close".

The administration server itself can be installed on any computer that is always on or maximum available, this computer must be visible to other computers on the network, and Internet access is very important for it (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed a center console before, but previous versions- perhaps you will hear and see something new for yourself ...

LIKE THE VIDEO?
We are doing the same delivery of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab have centralized management at all, and do not know that this miracle of civilization does not have to pay anything.

In order to "link" already installed client antiviruses with the administration server, you need very little:

  • Install the administration server (The first section of this article).
  • Install the administration server agent (NetAgent) on all computers - I will talk about installation options in the attached video below.
  • After the Administration Server Agent is installed, computers, depending on your settings, will be either in the "Unassigned computers" section or in the "Managed computers" section. If the computers are in "Unassigned computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.

After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, fewer infections and less headache for the administrator.

In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.

We reviewed the functionality of Kaspersky Endpoint Security 8, which provides a comprehensive multi-level protection system for computers running under operating systems Windows. Kaspersky Security Center is used to centrally manage all deployed copies of Kaspersky Endpoint Security 8 on computers in an organization. In the second part of the review, we will take a closer look at how administration is carried out using the new, ninth version of Kaspersky Security Center and what key features it provides.

The main purpose of Kaspersky Security Center is to provide the administrator with tools to configure all components of the protection system and access detailed information about the security level of the corporate network. Kaspersky Security Center is a single tool for centralized management of a large set of protection tools in an organization provided by Kaspersky Lab. The set of software products that can be managed using Kaspersky Security Center includes solutions for protecting workstations, servers, and mobile devices:

  • Kaspersky Endpoint Security 8 for Smartphone;
  • Kaspersky Endpoint Security 8 for Windows;
  • Kaspersky Endpoint Security 8 for Linux;
  • Kaspersky Endpoint Security 8 for Mac;
  • Kaspersky Anti-Virus 6.0 for Windows Workstation;
  • Kaspersky Anti-Virus 6.0 Second Opinion Solution;
  • Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition;
  • Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition;
  • Kaspersky Anti-Virus 8.0 for storage systems;
  • Kaspersky Anti-Virus 8.0 for Linux File Server;
  • Kaspersky Anti-Virus 6.0 for Windows Servers;
  • Kaspersky Anti-Virus 5.7 for Novell NetWare.

Figure 1. The logic behind using Kaspersky Security Center to protect an organization's network

Kaspersky Security Center can operate in two modes - the normal one, which is described in this overview, and the mode required for the operation of service providers that provide other organizations with the protection of their networks as a SaaS service. This mode requires a special license.

Kaspersky Security Center is not a separate program, but a set of software tools that includes:

  • administration server is a service responsible for security management. It is the main module of Kaspersky Security Center and stores all information about managed computers in a database (MS SQL Server or MySQL). In addition to the main administration server, you can organize a hierarchical structure of administration servers to work with remote parts through them local network or local network of the serviced organization. This is especially true for companies whose structure is distributed. In this case local users only access their server.
  • administration console - a module implemented as a snap-in for the Microsoft Management Console and designed to manage the administration server;
  • web console - a web application that has a purpose similar to the administration console. The difference is that the web console allows you to access the administration server through a browser using a web interface. However, compared to the same administration console, it has limited management capabilities;
  • Kaspersky Security Center Administration Agent is a program designed for interaction between the Administration Server and client computers. It is installed on client systems and allows you to receive information about the current state of applications and events that have occurred on client computers, send and receive control commands, and also ensures the functioning of the Update Agent.
  • application management modules - modules that are installed on the administrator's workstation. The purpose is to gain access to software products"Kaspersky Lab" in the organization through the administration console.

Figure 2. Structural scheme interaction between components of Kaspersky Security Center

It can be seen from the diagram that the administrator has the ability to work with several administration servers through the snap-in, which are, for example, company servers located in different offices. In addition, the administrator has the ability to access the administration server through an Internet browser from any computer without the need to install any modules on it, which can be useful if you need to monitor the security system. This method access is also used when protection is deployed in an organization by an external service provider, whose administration server can be accessed from the protected network using the web console.

Figure 3. Scheme of using the web console

;

Kaspersky Security Center allows you to configure and manage components and settings on client computers. For each user group or specific user, the administrator can set different settings for the following components:

  1. Protection components: file antivirus, mail antivirus, web antivirus, IM antivirus, firewall, network attack protection, network monitoring, system monitoring.
  2. Control components: application launch control, application activity control, vulnerability scan, device control, web control.

Figure 4. Scheme of components managed by Kaspersky Security Center

The ninth version of Kaspersky Security Center is a development of the Kaspersky Administration Kit 8.0 tool. Compared to it, a set of new features has been added to Kaspersky Security Center. It became possible to create virtual administration servers, management of the operation of the Application Control, Vulnerability Control, Web Control, and Device Control components was added virtual machines, it became possible to centrally detect and fix vulnerabilities on client computers. The functions of tools for managing installations of various components, obtaining additional information about controlled computers, creating reports and working with accounts have been significantly expanded.

System requirements

To work with Kaspersky Security Center 9, the computer must meet the general system requirements specified in Table 1.

Table 1. Hardware requirements for operation on different operating systems

Operating system version Hardware Requirements
32-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1.processor with a frequency of 1 GHz or higher; 512 MB random access memory; 1 GB of free hard disk space.
64-bit OS
Microsoft Windows Server 2003; Microsoft Windows Server 2008 SP1, 2008 R2, 2008 R2 deployed in Server Core mode; Microsoft Windows XP Professional SP2, Vista SP1, 7 SP1;processor with a frequency of 1.4 GHz or higher; 512 MB of RAM; 1 GB of free hard disk space.

Since Kaspersky Security Center 9 includes three components - the administration server, the administration console, and the administration web console server, for each of them to work, the following requirements must be met.

Administration Server

  • Microsoft Data Access Components (MDAC) 2.8 or higher or Microsoft Windows DAC 6.0.
  • Microsoft Windows Installer 4.5 (for Windows Server 2008 / Windows Vista).

Database management system

  • Microsoft SQL Server Express 2005, 2008;
  • Microsoft SQL Server 2005, 2008, 2008 R2;
  • MySQL Enterprise.

Administration Console

Administration web console server

  • Web server: Apache 2.2.
  • Browser - Internet Explorer 7, Firefox 3.6 or Safari 4.

Functionality

The main functions of Kaspersky Security Center are deploying protection on client computers, centralized administration of these applications, and receiving information about events on protected computers.

Deploying protection

  1. Remote installation and removal of endpoint protection programs and administrative tools.
  2. Deployment of third-party products or custom installation packages on protected computers.
  3. Ability to install endpoint protection systems on infected computers.

Administration

  1. Creation of virtual administration servers to ensure the protection of physically remote segments of the organization's local network or remote offices.
  2. Formation of a hierarchy of administration groups for "flexible" configuration of the rules for the operation of various user groups.
  3. Combining a set of rules and settings of various components into policies and flexible application of the created policies to regulate the activities of a particular user or group of users. Ability to use both standard policies and create new policies.
  4. Implementation of centralized (if necessary, remote) management of endpoint protection applications.
  5. Centralized updating of databases and protection modules with endpoint protection programs.
  6. Centralized work with files placed in quarantine or in backup storage, as well as with objects whose processing is delayed.
  7. Inventory of hardware devices and software on computers in the organization's local network.
  8. Centralized detection and remediation of vulnerabilities found in the operating system and various software.
  9. Management of Kaspersky Endpoint Security 8 deployed in virtual environments (automatic detection of virtual machines, life cycle management of virtual machines, optimization of the load on the host server when performing resource-intensive tasks).

Monitoring

  • Obtaining information about critical events on protected computers in real time.
  • Obtaining statistics and reports on all events on protected computers. It is possible to generate reports containing events in each protection component and administrator actions. Reports can be generated according to a schedule or at the request of an administrator. If necessary, you can configure sending reports in a convenient format by e-mail.
  • Using the web console allows you to organize access to operational information about the status of protection and reports from any computer on the network or remotely.

Also, Kaspersky Security Center now has the ability to manage the protection of virtual workstations. When a new virtual machine appears on the network, it is automatically located, connected to the administration console, and all the necessary protection components are installed on it. Kaspersky Security Center allows you to distinguish between virtual and physical machines and combine them into different groups for the convenience of virtual infrastructure administration. Dynamic mode support for Virtual Desktop Infrastructure (VDI) has also been implemented.

Preparation for use

To install Kaspersky Security Center, you need to run the installation file of the application, after which the welcome window of the installation wizard will appear.

Figure 5. The initial window of the Kaspersky Security Center Installation Wizard

Next, you need to familiarize yourself with license agreement and accept its terms. After that, you need to select the type of installation. Standard installation contains a minimum set of components and is recommended for networks with up to 200 computers. Custom installation allows you to configure additional settings for Kaspersky Security Center and is recommended for networks with more than 200 computers. Select custom installation and click Next.

Figure 6. Selecting the installation type of Kaspersky Security Center

The next step is to select the components to be installed.

Figure 7. Selecting Kaspersky Security Center components for installation

Figure 8. Network size selection

At the next step, you need to select the account under which the Administration Server will run on the computer. You can choose from two types of accounts - a system account (not available in Windows Vista and later Microsoft operating systems) or a user account.

Figure 9. Selecting an account under which Kaspersky Security Center will be launched

After that, you need to select the type of database for the administration server - Microsoft SQL Server (Express Edition) or MySQL. When choosing MS SQL Server, if this DBMS is not available, it will be installed. If you choose the MySQL DBMS for operation, it must already be installed in the system.

Figure 10. Selecting a database server for Kaspersky Security Center

The next step is to configure the connection settings to the server with the database. And then an account is configured to connect to the server.

Figure 11. Configuring the connection parameters to the server with the database

After that, you need to determine the location and name of the folder public access, which will store installation files and updates. You can create a new folder or select an existing one.

Figure 12. Creating a shared folder

Next, you need to specify the port number for connecting to the administration server ("port 14000" is used by default) and the SSL port number for a secure connection to the administration server using the SSL protocol ("port 13000 is used by default").

Figure 13. Configuring the settings for connecting to the administration server

After that, you need to set the address of the administration server. The address can be a DNS name, NetBIOS name, or IP address.

Figure 14. Setting the administration server address

The next step is to select modules for program management. We need a module for managing Kaspersky Endpoint Security 8 for Windows, so we select it.

Figure 15. Selecting modules for installation

This completes the setup process, you can start installing the program. Next, you need to restart the operating system, after which the installation can be considered completed.

After installation, you will need to make a series advanced settings– specify a key or registration code, decide on the use of "cloud" technologies, configure the sending of notifications about the occurrence of events and proxy server settings. After that, you can start working with Kaspersky Security Center.

Working with the product

The administration server is managed through the administration console. It is a special snap-in that is integrated into the Microsoft Management Console (MMC).

Figure 16. Microsoft Management Console snap-in window

The benefit of using the snap-in is a standard interface that is familiar to Windows administrators. In addition, several different snap-ins can be added to one management console. For example, " Windows Firewall”, the Diskeeper defragmentation program, the Performance snap-in, and Kaspersky Security Center.

Figure 17. An example of creating a management console

The main window for working with Kaspersky Security Center consists of a menu, a toolbar, an overview panel (console tree), and a workspace. After installing Kaspersky Security Center, we get access to the administration server, through which we will manage instances of Kaspersky Endpoint Security 8 installed on computers on the local network.

With a distributed structure of the company, it is necessary to create a set of administration servers that will allow servicing each segment of the network separately, but at the same time, centrally managing everything from one point. This will reduce traffic within the local network, simplify work with remote offices or local network segments. If you have several administration servers, you can delegate the responsibility for security and the authority to manage each virtual server to individual administrators. Administration servers can be added from the context menu of the "Kaspersky Security Center" node ("Create" - "Kaspersky Administration Server" - "Administration Server..."). The created hierarchy allows you to create inheritance rules for tasks and policies for different administration servers.

The hierarchy of tools for the administrator's work is shown in Figure 18.

Figure 18. Hierarchy of tools for administrator work

The Administration Server can be used as a proxy server for Kaspersky Security Network (KSN), a special service, KSN Proxy, is responsible for this. Its use allows all computers managed by the administration server to send and receive data to the "cloud" even if they do not have access to the Internet. Also, due to caching requests, KSN Proxy allows you to reduce the load on Internet access.

Figure 19. Configuring KSN Proxy settings

The logic of working with the program when deploying protection and administration is built as follows. First, the administrator configures the administration server settings. After that, administration groups are created in accordance with the logic of the protected network. For example, accountants can be prohibited from using any removable media, and for programmers, set the most stringent web control settings.

Computers are added to the created groups, and Network Agent and Kaspersky Endpoint Security 8 are installed on each computer. Then, security policies are created and configured for each user group. Also, the administrator can create various tasks (virus scan, update, etc.) and set the criteria for their execution (by timer, by event, etc.). After that, work with the program goes to background mode- the administrator needs to periodically review reports, respond to threats, add new users for protection, and perform other network maintenance work. Let's take a look at how it works.

To manage protection settings on client computers, use the "Computer Management" group, which contains four panels: "Groups", "Policies", "Tasks" and "Computers".

Figure 20. Computer Management group

Creating administration groups and configuring them

The "Groups" panel contains tools for managing groups of computers on the "Administration Server". These administration groups allow you to organize a hierarchy of computers on the network in order to selectively apply various policies and tasks to them in the future. "By default" only one, root, group is available. Using the "Create Group" and "Create Subgroup" commands on the "Groups" panel, you can create the hierarchy of computer groups necessary for your organization.

Figure 21. An example of creating administration groups

Through the context menu of the "Managed computers" node (the command "All tasks" - "Create group structure" in context menu) the hierarchy of computers can be generated automatically. For this, information about the structure of domains and workgroups is used. Windows networks, groups Active Directory or content text file.

In the "Groups" panel, you can set the conditions for installing programs on computers that have newly appeared in a group. You can also specify the criteria by which the user's computer will be assigned the Warning or Critical status. For example, if the databases have not been updated for more than X days or more than Y viruses have been found.

Figure 22. Setting criteria for setting statuses for computers

After the groups have been created and configured, you can start populating the groups with computers. To do this, use the "Computers" panel, in which you can add and remove computers on the "Administration Server". You can also view information about each of the computers on the network - its status, the time when signature databases were updated, the number of viruses found, etc.

Figure 23. Computers panel with expanded filtering panel

To add a new computer, you need to click on the "Add computers" button, after which the wizard window will appear. Its first step is to determine how to add client computers.

Figure 24. Add client computers wizard window

When manually adding computers, you need to specify the ip-address or range of ip-addresses of computers on the network. You can also import a list from a text file with a list of ip-addresses.

Figure 25. Manually adding new computers

When automatically adding, it is enough to specify the necessary computers from the list of discovered computers on the network.

Figure 26. Window for adding computers detected by the administration server

If, for some reason, computers have not been assigned to administration groups, they remain in the folders of the Uncommon Computers node. You can also apply tasks and configure policies to these computers. These folders also contain new computers found by the administration server when polling the Windows network, IP addresses, and Active Directory groups. After finding new computers on the network, the administrator can move them to one of the existing groups.

Installing applications through Kaspersky Security Center

Kaspersky Security Center allows you to install on computers in the local network various programs. These can be Kaspersky Lab client protection programs or third-party programs. To install the application on client computers, you must create a task of the appropriate type and specify the computers for which it will be executed.

Installing applications through Kaspersky Security Center is primarily needed to deploy protection on client computers when you start using Kaspersky Lab solutions in an organization and when adding new computers for protection.

To organize protection on client computers, you first need to install network agents and Kaspersky Endpoint Security 8. The installation package is installed using the remote installation wizard, which is launched from the Groups panel by clicking the Start installation button. Select the administration agent and click the "Next" button.

Figure 27. Selecting the program to be installed

We indicate that the program is installed "From the shared folder." After installing the Network Agent, it is more convenient to carry out all installations through it, since in this case it is possible to centrally manage the installation repository. And when a new computer is added to the network, the administrator will be able to run one task to install the entire list of necessary programs.

Figure 28. Selecting program installation options

In the next step, you can specify Accounts with administrator rights.

Figure 29. Selecting accounts that have administrator rights on the target computer

After that, you will need to choose whether to restart the computer after installing the program, and if so, whether to do it forcibly or ask the user. This completes the creation of the application installation task and can be launched.

Figure 30. Launching the application installation task

If for some reason network installation is not possible (for example, the network is disabled on the computer), then you can create an installation package and provide it to the user for self-installation.

Subscribe to news

This material was prepared for specialists involved in the management of anti-virus protection and security in the enterprise.

This page describes and analyzes the most interesting features of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was compiled based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are undergoing the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also common for IT specialists not to know the most interesting moments in the operation of new versions of products that really help to make life easier for these same IT specialists, and at the same time increase level of security and reliability.

After reading this article and watching the videos, you will be able to briefly get acquainted with the most interesting functionality provided by the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console and see how it works.

1. Installing the Kaspersky Security Center 10 Administration Server.

You can find the necessary distributions on the official website of Kaspersky Lab:

ATTENTION! The distribution kit of the full version of Kaspersky Security Center already includes the distribution kit of Kaspersky Endpoint Security of the latest version.

First of all, I would like to tell you how to start installing anti-virus protection from Kaspersky Lab: Not from the anti-viruses themselves on client computers, as it might seem at first glance, but from installing the administration server and the central management console of Kaspesky Security Center (KSC ). With this console, you can deploy anti-virus protection on all computers in your institution much faster. In this video, you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer of an anti-virus solution for client computers, which even a completely unprepared user can install (I think every administrator has such "users") - the installation interface contains everything 2 buttons - "Install" and "Close".

The administration server itself can be installed on any computer that is always on or maximum available, this computer must be visible to other computers on the network, and Internet access is very important for it (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but of previous versions - you may hear and see something new for yourself...

LIKE THE VIDEO?
We are doing the same delivery of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab have centralized management at all, and do not know that this miracle of civilization does not have to pay anything.

In order to "link" already installed client antiviruses with the administration server, you need very little:

  • Install the administration server (The first section of this article).
  • Install the administration server agent (NetAgent) on all computers - I will talk about installation options in the attached video below.
  • After the Administration Server Agent is installed, computers, depending on your settings, will be either in the "Unassigned computers" section or in the "Managed computers" section. If the computers are in "Unassigned computers" - they will need to be transferred to "Managed computers" and set up a policy that will apply to them.

After these actions, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, fewer infections and less headache for the administrator.

In the video below, I will try to describe the scenarios for installing NetAgents on client computers, depending on how your network is arranged.

Kaspersky Security Center simplifies the management of security and IT systems. The flexible, scalable console, also available as a web version, meets the security needs of growing businesses that change with them. It provides comprehensive management of IT systems and security tools and facilitates the distribution of responsibilities among administrators.

Kaspersky Security Center offers the following benefits:

  • Powerful management console with optional flexible web interface, accessible anywhere from any desktop or mobile device
  • The ability to view security settings and manage security across the entire enterprise environment, including cloud, physical, and virtual machines as well as mobile devices
  • Easily deploy and manage security with out-of-the-box, unified policies

It does not matter how many workstations you have (fifty or fifty thousand) and what kind of infrastructure (centralized, distributed or mixed) – Kaspersky Security Center allows you to install, configure and administer comprehensive protection tools effortlessly. Easily scale and leverage new tools and capabilities to meet your unique business needs.

FEATURES AND BENEFITS

  • Full overview of protection status

    The growing diversity of platforms, devices, and software makes life difficult for information security leaders. Complexity has a negative impact on security. The more resources you control, the more difficult it is to track and protect them.

    Collection of information about the program and hardware and timely installation of fixes for vulnerabilities take a lot of time and effort. Kaspersky Security Center simplifies these tasks. Physical, virtual and cloud desktops, mobile devices and embedded systems are managed from a single console, which increases efficiency and reduces the total cost of operation.

    • Resource control and cost reduction

      Kaspersky Security Center provides a detailed view of the hardware and software in your network. You can save on licensing costs with centralized monitoring and provisioning of usage rights. Automatic discovery of devices and other hardware, and software summary reports help optimize resource usage. Kaspersky Security Center makes it easy to track and control software licensing and your hardware.

    • Finding and fixing vulnerabilities

      Vulnerability detection and patch management technology in Kaspersky Security Center identifies vulnerabilities in applications and operating systems that cybercriminals can use to infiltrate your corporate network. Timely patching allows you to fix these vulnerabilities before malware can harm you.

      Automatic Vulnerability Scanning uses the most up-to-date information about exploit activity coming from the cloud in real time. This allows you to quickly install new critical security patches without slowing down your systems and users. With support for more than 150 applications, Kaspersky Security Center provides effective vulnerability monitoring for a wide range of applications commonly used in business. The discovered vulnerabilities are prioritized, and the most critical ones are eliminated first.

    • Automatic risk minimization

      Security patches are automatically downloaded, distributed, and installed on physical, virtual, and cloud-hosted machines. Optimization of Microsoft update installation algorithms reduces the amount of network traffic and used disk space. You can track the status of patching with detailed reports on fixing vulnerabilities in third-party applications.

    Optimization of everyday tasks

    Kaspersky Security Center offers extensive IT system administration options that streamline routine tasks in heterogeneous networks.

    The console's extensible architecture includes plug-ins for managing security products for various platforms. When a new product is released or an existing one is updated, the desired extension can be installed in Kaspersky Security Center without using patches or reinstalling the console. Client management tools make it easy to distribute and deploy programs to your workspaces. Centralized administration is enhanced with role-based access and built-in dashboards so that administrators can access only those resources that are relevant to their job responsibilities.

    • Simple scaling

      To scale the console, you do not need to change the initial settings. One server instance of Kaspersky Security Center allows you to administer up to 100,000 physical, virtual and cloud workstations. One distribution point can serve up to 10,000 hosts. For multiple servers, a hierarchy is supported, where all standby servers inherit the roles and rights of the master server, and the master server has complete information about each host managed by each standby server.

    • Data Loss Protection

      Centrally managed encryption further protects data in the event of a device attack or loss. Kaspersky Security Center allows administrators to centrally enable and disable FileVault 2.0 on macOS, mobile device encryption, Kaspersky Lab encryption technology, and Microsoft BitLocker on Microsoft Windows. The console also monitors the status of encrypted devices, reports blocking access to encrypted files, and stores locally backups encryption keys to recover forgotten credentials.

    • Remote Support Optimization

      Reduce response time and increase efficiency by streamlining remote support and troubleshooting capabilities. Kaspersky Security Center connects to client/remote computers via RDP, which allows for quick diagnostics and troubleshooting in any software.

    • Easy deployment to remote offices

      Kaspersky Security Center supports remote and automatic configuration of new workstations in company branches. You can also deploy new applications and schedule them automatic installation during non-working hours. This allows centralized creation, storage and deployment of system images, which greatly facilitates migration, for example, to Microsoft Windows 10.

    • Mobile device management based on various platforms

      Kaspersky Security Center allows you to effectively manage both corporate and personal mobile devices. Even when working away from the office, employees don't have to worry about the safety of their mobile devices.

    • Mobile Security

      Manage the protection of mobile devices with Kaspersky Security Center and get a detailed view of their security thanks to protection level indicators. Keep corporate and personal data separate on user and guest devices, enforce passwords and corporate data encryption to prevent leaks if the device is stolen or lost.

    • Support of work of employees on personal devices

      In many organizations, employees use personal devices to complete work tasks (BYOD). A convenient system of assistants in Kaspersky Security Center allows you to deploy protection for such devices using Over the Air (OTA) technology, as well as third-party consoles (Samsung KNOX).

    • SaaS console for security management

      Manage your protection remotely using our cloud-based Kaspersky Security Center console. This is a management server in the Azure cloud. No need to waste time and resources on its deployment and support - Kaspersky Lab will take care of them. If you use Kaspersky Endpoint Security for Business Standard, you can now manage the security of Windows, Mac, and Linux workstations directly from the cloud console.
      Key features:

      • Centralized workplace discovery and deployment
      • Distribution point support
      • Possibility of migration within the hierarchy of servers - for example, moving the master server to the cloud while maintaining the slave server in the local infrastructure
      • Migration Wizard
      • Support for up to 10,000 nodes - the console is suitable for companies of any size, including corporations

      However, you can continue to use the existing management tools (MMC console and web console).

      • Extended web console for local management

        You can now administer advanced features such as vulnerability and patch management, encryption, and remote desktop management using the web console in Kaspersky Enterprise Security for Windows, Kaspersky Enterprise Security for Mac, and Kaspersky Security for Windows Server.

        The console also supports new solutions - Kaspersky Sandbox and Kaspersky Endpoint Detection and Response Optimum, as well as latest version Kaspersky Embedded Systems Security.

      • System Integrity Support

        Kaspersky Security Center allows you to monitor any changes in critical infrastructure components, such as web servers and ATMs, and promptly respond to security breaches. Receive event data from the System Integrity Control component. So you can keep track of not only file system devices (using file integrity monitoring), but also behind registry hives, firewall status, and connected equipment.

      • Easily manage the security of all devices

        Deploying, configuring, and enforcing security policies for all devices, across all platforms, from a single console, providing added visibility, full control, and efficient management.

      • Protection against attacks in public networks

        Using untrusted public WiFi networks makes devices and corporate networks vulnerable. By creating a list of trusted networks for mobile workers, you can prevent them from accessing all others without compromising convenience and productivity.

      • Easy firewall management

        Configuring and managing a firewall for Linux and Windows OS. Kaspersky Security Center allows you to apply network policy to all end devices from a single console.

      • Minimizing risks and increasing employee productivity

        You can control which devices and applications can access your network and how they can operate on it, and fully control employee access to devices, applications and websites. This allows you to provide reliable protection against malware and other threats.

      • Instant connection protection for cloud environments

        Tight integration between the management console and the Amazon Web Services cloud platform provides complete transparency and control over all instances of Kaspersky Security for Linux and Kaspersky Security for Windows Server deployed in the cloud.

        Install Kaspersky Security Center in the Amazon EC2 cloud to manage the security of your environment, or subscribe to one of the AMIs available on AWS Marketplace to get an image with Kaspersky Security Center already installed and ready to go. Other public cloud services can be used in the usual way.

      • Optimization of updates and traffic saving

        The new signature update mechanism can reduce the amount of traffic between the Kaspersky Security Center server and agents by 20 times.

        Further optimization is possible by using a remote workstation as a distribution point. Each distribution point can now also act as a proxy for Kaspersky Security Network in remote environments.

        Reducing the load on communication channels increases their bandwidth and availability for other tasks.

      • Extensive audit options

        Improved endpoint application auditing capabilities allow administrators to track changes and roll back to previous policies. An administrator can compare two policies for the same application and get a report on their matching and different settings. This is especially useful if different administrators have created multiple policies for the same application, or if one policy top level was inherited by all local offices and then adapted for each of them.

      BUY

      Kaspersky Security Center is a part of:

    • Full system requirements can be found in . Note: below are the minimum requirements for RAM and processor for the Administration Server, Administration Console and Network Agent. Before deploying each product, please refer to the included user documentation for complete system requirements.

    Administration Server

    • Hardware Requirements

      • RAM: 4 GB
      • Free disk space: 10 GB. When using vulnerability management and patching, you must have at least 100 GB of free disk space.

    • Software Requirements

      • Microsoft Windows 7/8/8.1/10
      • Microsoft Windows Server 2008/2008 R2/2012/2016/
      • Microsoft Windows Storage Server 2008 R2/2012/2012 R2/2016

    • Database server (can be installed on a different device):

      • Microsoft SQL Server 2008 Express 32-bit.
      • Microsoft SQL Server 2008 R2 Express 64-bit.
      • Microsoft SQL Server 2012 Express 64-bit.
      • Microsoft SQL Server 2014 Express 64-bit.
      • Microsoft SQL Server 2016 Express 64-bit.
      • Microsoft SQL Server 2017 Express 64-bit.
      • Microsoft SQL Server 2008 (all editions) 32-bit / 64-bit.
      • Microsoft SQL Server 2008 R2 (all editions) 64-bit.
      • Microsoft SQL Server 2008 R2 service pack 2 (all editions) 64-bit.
      • Microsoft SQL Server 2012 (all editions) 64-bit.
      • Microsoft SQL Server 2014 (all editions) 64-bit.
      • Microsoft SQL Server 2016 (all editions) 64-bit.
      • Microsoft SQL Server 2017 on Windows 64-bit.
      • Microsoft SQL Server 2017 on Linux 64-bit.
      • MySQL Standard Edition 5.6 32-bit / 64-bit.
      • MySQL Enterprise Edition 5.6 32-bit / 64-bit.
      • MySQL Standard Edition 5.7 32-bit / 64-bit.
      • MySQL Enterprise Edition 5.7 32-bit / 64-bit.
      • All supported Microsoft SQL Server versions on Amazon Relational Database Service (RDS) and Microsoft Azure.

    Kaspersky Security Center 11 Web Console Server

    • Hardware Requirements

      • CPU: CPU: 4 cores, 2.5 GHz
      • RAM size: 8 GB
      • Hard disk: 40 GB

    • Software Requirements

      Database server:

      • Microsoft SQL Express 2008, 2008 R2, 2012, 2014
      • Microsoft SQL Server 2008, 2008 R2, 2012, 2014, 2016

      • Microsoft Windows x64: 7 SP1, 8, 8.1, and 10
      • Microsoft Windows Server x64: 2008, 2008 R2, 2012, 2012 R2, and 2016

    Kaspersky Security Center Web Console client

    • Software and hardware requirements

      Using the web console of Kaspersky Security Center on the client side requires only a web browser ( Google Chrome 60 or higher). The hardware and software requirements are identical to those of a web browser.

    Network Agent

    Minimum Requirements for computers on which Network Agent is installed:

    • Hardware Requirements

      • CPU with an operating frequency of 1 GHz or higher. For 64-bit operating systems, the minimum CPU operating frequency is 1.4 GHz.
      • RAM: 512 MB.
      • Free disk space: 1 GB.

      A device with Network Agent installed, which will additionally act as an Update Agent, must meet the following requirements:

      • Processor: 3.6 or higher.
      • RAM: 8 GB.
      • Free disk space: from 120 GB.

    • Supported operating systems

      • Microsoft Windows Embedded POSReady 2009/POSReady 7/Standard 7/8/8.1
      • Microsoft Windows XP SP3/7/8/8.1/10
      • Windows Essential Business Server 2008
      • Windows Small Business Server 2008/2011
      • Microsoft Windows Home Server 2011 64-bit
      • Microsoft Windows MultiPoint Server 2011
      • Microsoft Windows Server 2008/2008 R2/2012/2012 R2/2016/2019
      • Microsoft Windows Storage Server 2008 R2/2012/2012 R2
      • Debian GNU/Linux 7.x/8.x/9.x
      • Ubuntu Server/Desktop 14.04/16.04/18.04
      • CentOS 6.x/7.0 64-bit
      • Red Hat Enterprise Linux Server 6.x/7.x
      • SUSE Linux Enterprise Server/Desktop 12
      • OS X 10.10–10.14

    • Supported virtualization platforms

    The application is available as part of the Kaspersky Endpoint Security for Business solution and can be used on a subscription basis with flexible monthly licensing. Check system requirements with your local partner. You can view the subscription options available in your country.

  1. Go to node Administration Server.
  2. Select from the menu ViewInterface customization.
  3. Customize the display of interface elements using the following checkboxes:

      Display System Administration. If the checkbox is checked, the folder Remote installation Deploying device images, and in the folder Vaults subfolder is displayed Equipment. The checkbox is unchecked by default.

      Display encryption and data protection. If the checkbox is selected, you can manage data encryption on devices connected to the network. After the program is restarted, the folder will appear in the console tree. Encryption and data protection

      Display workplace control parameters. If the checkbox is checked, in the section Security control The properties window of the Kaspersky Endpoint Security for Windows policy displays the following subsections: Application Control, Vulnerability monitoring, Device control, Web Control. The checkbox is unchecked by default.

      Display Mobile Device Management. If the checkbox is checked, the function is available Mobile device management. After the program is restarted, the folder will appear in the console tree. Mobile devices . The checkbox is unchecked by default.

      Display slave Administration Servers. If the checkbox is selected, the console tree displays the nodes of subordinates and virtual Servers administration as part of administration groups. The checkbox is checked by default.

      Display sections with security settings. If the checkbox is selected, the properties windows of the Administration Server, administration groups, and other objects will display the section Security. The checkbox is checked by default.

  4. Click OK.

To apply some changes, you must close and reopen the Administration Console.

tell friends
Twitter
Apr 19...
Next article
Read also
Scheme, partitions and ROM size
Scheme, partitions and ROM size
2022-12-12 18:15:45
Detailed theory with examples
Detailed theory with examples
2022-12-12 18:15:44
See what is
See what "Superposition of functions" is in other dictionaries
2022-12-12 18:15:44
Nokia codes - owners of Nokia mobile phones: secret keys and codes
Nokia codes - owners of Nokia mobile phones: secret keys and codes
2022-11-13 18:46:45