Kaspersky Endpoint Security for Linux
12
English

Contents

Using Kaspersky Security Network

To increase the protection of devices and user data, Kaspersky Endpoint Security can use Kaspersky cloud-based knowledge base Kaspersky Security Network (KSN) to check the reputation of files, Internet resources, and software. Using Kaspersky Security Network data ensures a faster response to various threats, high protection component performance, and fewer false positives.

Use of Kaspersky Security Network is voluntary. Kaspersky Endpoint Security prompts you to enable KSN usage during the initial configuration of the application. You can start or stop using KSN at any time.

Kaspersky Security Network infrastructure solutions

Kaspersky Endpoint Security supports the following infrastructure solutions to work with Kaspersky reputation databases:

  • Kaspersky Security Network (KSN) – A solution that receives information from Kaspersky and sends data about objects detected on user devices to Kaspersky for additional verification by Kaspersky analysts and to add to reputation and statistical databases.
  • Kaspersky Private Security Network (KPSN) – A solution that allows users of devices with Kaspersky Endpoint Security installed to access the reputation databases of Kaspersky, as well as other statistical data, without sending data to Kaspersky from their devices. KPSN is designed for corporate clients who can't use Kaspersky Security Network, for example, for the following reasons:
    • No connection of local workplaces to the Internet
    • Legal prohibition or corporate security restrictions on sending any data outside the country or the organization's local network

After changing the Kaspersky Endpoint Security license, submit the details of the new key to the service provider in order to be able to use KPSN. Otherwise, an authentication error will prevent data exchange with KPSN.

Kaspersky Security Network usage options:

There are two options for using KSN:

  • Extended KSN mode – you can receive information from the Kaspersky knowledge base, while Kaspersky Endpoint Security automatically sends statistical information to Kaspersky Security Network that it obtained during its operation. The application can also send to Kaspersky for additional scanning certain files (or parts of files) that intruders can use to harm the device or data.
  • Basic KSN mode – you can receive information from the Kaspersky knowledge base, but Kaspersky Endpoint Security does not send anonymous statistics and data about the types and sources of threats.

You can select a different Kaspersky Security Network usage option at any time.

No personal data is collected, processed, or stored. Detailed information about the storage, and destruction, and/or submission to Kaspersky of statistical information generated during participation in KSN is available in the Kaspersky Security Network Statement and on Kaspersky's website. The file with the text of the Kaspersky Security Network Statement is included in the application distribution kit.

Cloud mode for Kaspersky Endpoint Security

If Kaspersky Endpoint Security is used in standalone mode and you are using KSN in the application, you can enable cloud mode. If cloud mode is enabled, Kaspersky Endpoint Security uses a lightweight version of the malware databases. This lets you reduce the load on device memory.

Kaspersky Endpoint Security switches to using a lightweight version of the malware databases after enabling cloud mode and performing the latest update of the application databases and modules. If cloud mode is disabled, Kaspersky Endpoint Security downloads the full version of the application databases from Kaspersky servers during the next update of application databases and modules.

Kaspersky Security Network facilitates the application's use of the lightweight malware databases. If you are not using KSN or cloud mode is disabled, Kaspersky Endpoint Security uses the full version of the application databases.

Cloud mode is disabled automatically if use of KSN is disabled.

If Kaspersky Endpoint Security is used in Light Agent mode for protecting virtual environments, use of the lightweight malware databases is not supported. Kaspersky Endpoint Security receives special databases necessary for the operation of the Light Agent from the Protection Server.

Using the KSN Proxy service

User devices managed by Kaspersky Security Center Administration Server can interact with KSN via the KSN Proxy service.

If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the KSN Proxy service facilitates interaction with the KSN infrastructure. If the KSN proxy is not available, KSN is not used by the application.

A KSN proxy server provides the following capabilities:

  • The user's device can query KSN and submit information to KSN, even without direct access to the Internet.
  • A KSN proxy server caches processed data, thereby reducing the load on the external network connection and speeding up receipt of the information that is requested by the user's device.

KSN proxy server settings can be configured in the Kaspersky Security Center Administration Server properties. For details about the KSN proxy server, refer to the Kaspersky Security Center Help.

In this Help section

Enabling and disabling Kaspersky Security Network usage from the command line

Enabling and disabling cloud mode from the command line

Checking the connection to Kaspersky Security Network using the command line
Page top
[Topic 246794]

Enabling and disabling Kaspersky Security Network usage from the command line

To enable use of Kaspersky Security Network in extended mode, execute the following command:

kesl-control --set-app-settings UseKSN=Extended --accept-ksn

To enable use of Kaspersky Security Network in standard mode, execute the following command:

kesl-control --set-app-settings UseKSN=Basic --accept-ksn

To disable use of Kaspersky Security Network, execute the following command:

kesl-control --set-app-settings UseKSN=No

To enable or disable use of Kaspersky Security Network with a configuration file, execute the following command:

kesl-control --set-app-settings --file <configuration file name> [--accept-ksn]

To enable the use of Kaspersky Security Network, execute the following command: kesl-control --set-settings with the --accept-ksn option.

If Kaspersky Endpoint Security installed on a client device runs under a policy that was assigned in Kaspersky Security Center, the value of the UseKSN setting can only be modified by using Kaspersky Security Center. When Kaspersky Endpoint Security installed on a client device stops running under a policy, the following value is assigned to the setting: UseKSN=No.

The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the directory /opt/kaspersky/kesl/doc/.

Page top
[Topic 198040]

Enabling and disabling cloud mode from the command line

Cloud mode is an operating mode of Kaspersky Endpoint Security that uses a lightweight version of the malware databases.

If Kaspersky Endpoint Security is used in Light Agent mode for protecting virtual environments, use of the lightweight malware databases is not supported. Kaspersky Endpoint Security receives special databases necessary for the operation of the Light Agent from the Protection Server.

Cloud mode is available if use of Kaspersky Security Network is enabled.

To enable cloud mode, run the following command:

kesl-control --set-app-settings CloudMode=Yes

Kaspersky Endpoint Security switches to using a lightweight version of the malware databases after enabling cloud mode and performing the latest update of the application databases and modules.

To disable cloud mode, run the following command:

kesl-control --set-app-settings CloudMode=No

Kaspersky Endpoint Security downloads the full version of the application databases from Kaspersky servers during the next update of application databases and modules.

You can also enable or disable cloud mode using the configuration file.

If you plan to use cloud mode, make sure KSN is available on your device.

Page top
[Topic 265411]

Checking the connection to Kaspersky Security Network using the command line

To check the connection to Kaspersky Security Network, run the following command:

kesl-control --app-info

The Using Kaspersky Security Network line displays the status of the connection to Kaspersky Security Network:

  • If Extended KSN mode is displayed, Kaspersky Endpoint Security uses Kaspersky Security Network, information can be obtained from the knowledge base, and anonymous statistics and information about the types and sources of threats are sent.
  • If Basic KSN mode is displayed, Kaspersky Endpoint Security uses Kaspersky Security Network and information can be obtained from the knowledge base, but anonymous statistics and information about the types and sources of threats are not sent.
  • If the status is Disabled, Kaspersky Endpoint Security does not use Kaspersky Security Network.

The Kaspersky Security Network Infrastructure line displays information about the infrastructure solution that is used to work with Kaspersky reputation databases: Kaspersky Security Network or Kaspersky Private Security Network.

A connection to Kaspersky Security Network may be absent for the following reasons:

  • The user device is not connected to the internet.
  • The use of Kaspersky Security Network is disabled.
  • The application has not been activated or the license has expired.
  • Problems related to the license key are detected. For example, the key is in the denylist.
Page top
[Topic 246852]