Kaspersky Security 9.0 for SharePoint Server Maintenance Release 2

Contents

About this Help

Welcome to Kaspersky Security 9.0 for SharePoint Server Maintenance Release 2 Help!

This Help is intended for:

This Help serves the following purposes:

  • provides quickly searchable information to answer questions relating to the operation of the application;
  • references additional sources of information about the application and describes ways to get technical support.

Limitations imposed when viewing Help

When handling server-based operating systems, some of the Help elements may be displayed improperly. We recommend that you add https://help.kaspersky.com to the list of trusted websites in your web browser.

Page top

What's new

Kaspersky Security now provides the following features:

The Management Console GUI has also been improved.

Page top

Sources of information about the application

This section lists the sources of information about the application.

You can select the most convenient source, depending on the urgency or importance of your question.

In this Help section

Data sources for independent searching

Discussing Kaspersky Lab applications on the forum

Page top

Data sources for independent searching

You can use the following sources to search for information about Kaspersky Security on your own:

  • Kaspersky Security page on the Kaspersky Lab website
  • Kaspersky Security page on the Technical Support website (Knowledge Base)
  • Online help
  • Documentation

An Internet connection is required to use online information sources.

If you cannot find the solution to an issue on your own, we recommend that you contact Technical Support at Kaspersky Lab.

Kaspersky Security page on the Kaspersky Lab website

On the Kaspersky Security page, you can view general information about the application, its functions and features.

The Kaspersky Security page contains a link to eStore. There you can purchase the application or renew your license.

Kaspersky Security page in the Knowledge Base

Knowledge Base is a section on the Technical Support website.

On the Kaspersky Security page in the Knowledge Base, you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application.

Knowledge Base articles can answer questions relating to not only to Kaspersky Security but also to other Kaspersky Lab applications. Knowledge Base articles can also include Technical Support news.

Online help

The application includes full help and context help files.

Context help provides information about Kaspersky Security windows: descriptions of Kaspersky Security settings and links to descriptions of tasks that use such settings.

Full help provides information on how to configure and use Kaspersky Security.

Help files can be included in the application or published online on a Kaspersky Lab web resource. If help files are published online, they open in a web browser window when you try to access them. An Internet connection is required to view online help.

Documentation

Application documentation consists of the files of application guides.

  • The Administrator's Guide provides instructions on:
  • Preparing Kaspersky Security for installation, installing and activating the application
  • Configuring and using Kaspersky Security

The Security Officer's Guide provides information about standard tasks that a user can perform through the application, with regard for rights granted in Kaspersky Security.

The Help Guide provides the descriptions of Kaspersky Security features and settings. The sections of the Help Guide are sorted in alphabetical order or grouped by topic.

Page top

Discussing Kaspersky Lab applications on the forum

If your issue does not require an immediate solution, you can discuss it with Kaspersky Lab specialists and other users on our Forum.

In this forum you can view existing topics, leave your comments, create new topics.

Page top

To administrator

This Help section is intended for specialists who perform Kaspersky Security installation and administration, as well as for those who provide technical support to organizations that use Kaspersky Security.

Information in this section is arranged in accordance with the interface of Kaspersky Security Management Console.

Page top

Kaspersky Security 9.0 for SharePoint Server

Kaspersky Security for SharePoint Server is an application designed for protection of servers running Microsoft SharePoint Server against malicious objects and unwanted content.

Kaspersky Security can perform the following operations:

  • Scan on demand various documents stored on the SharePoint servers checking them for the presence of harmful objects and unwanted content.
  • Perform on-access scan of documents placed on SharePoint servers. Kaspersky Security scans documents checking them for the presence of harmful objects or unwanted content when users attempt to upload a document to a SharePoint server or download it from a server to a computer.
  • Scan on demand files attached to items within SharePoint lists checking them for the presence of unwanted content.
  • Select areas of the SharePoint structure to scan on demand, and exclude certain areas from the scan to reduce the load on the server.
  • Configure the rules for processing of the documents in which harmful objects or unwanted content are detected.
  • Save copies of the documents in Backup before disinfecting or deleting them.
  • Generate reports about the results of document scanning. Reports can be generated automatically in accordance with the defined schedule or upon request.

In this Help section

About Kaspersky Security 9.0 for SharePoint Server

Role-based access restriction in Kaspersky Security for SharePoint Server

Distribution kit

Hardware and software requirements

Page top

About Kaspersky Security 9.0 for SharePoint Server

Kaspersky Security 9.0 for SharePoint Server Maintenance Release 2 (hereinafter referred to as "the application") is designed to protect the SharePoint platform against viruses and other malware. The application lets you scan the content of websites and wiki blogs for unwanted content, protect personal data of users, and confidential corporate data on SharePoint websites against data leaks.

Kaspersky Security features:

  • Scan files for malware and unwanted content in real time
  • Block files containing malware or unwanted content at the attempt to upload them to SharePoint;
  • Monitor the content of blogs and wiki pages on SharePoint
  • Form custom criteria of unwanted content
  • Scan web addresses against lists of malicious or phishing links
  • Receive anti-virus database updates from Kaspersky Lab servers during the license validity period
  • Use file and link reputation data from Kaspersky Security Network services
  • Scan files on SharePoint in background mode
  • Configure the schedule and run mode of SharePoint file scan tasks
  • Move copies of infected objects to Backup before disinfecting or deleting them
  • Automatically or manually generate application reports and send them to email addresses
  • Define the settings for maintaining the application event logs
  • Automatically send infected file notifications to email addresses
  • Use the role-based access control system for accessing various application functions
  • Create data categories to protect information that is valuable to the company;
  • Scan file content for data of specific categories at the time when users upload files to SharePoint sites.
Page top

Role-based access restriction in Kaspersky Security for SharePoint Server

Kaspersky Security for SharePoint Server supports the roles of Administrator and Security Officer. Roles restrict users' rights of access to the application's features. The Administrator and the Security Officer use different features of the application to achieve their respective goals. The functions of these two roles do not overlap.

Two different sets of nodes are displayed Kaspersky Security Management Console for the Administrator and for the Security Officer. The table below lists the main tasks for the Administrator and for the Security Officer, as well as nodes displayed in Management Console for these two roles.

Main tasks of Kaspersky Security roles

Role

Main tasks

Nodes in Management Console

Administrator

  • Configuring the anti-virus protection;
  • Configuring content filtering;
  • Scanning servers for viruses and unwanted content;
  • Application licensing;
  • Detecting false positives;
  • Reducing the workload on SharePoint servers.
  • Control Center;
  • On-access scan;
  • On-demand scan;
  • Content filtering;
  • Backup;
  • Updates;
  • Notifications;
  • Reports;
  • Settings;
  • Licensing.

Security Officer

  • Detecting confidential data on portals;
  • Protection of confidential data;
  • Data leak prevention;
  • Processing possible leakage incidents.
  • Protection from Data leaks;
  • Categories and policies;
  • Incidents;
  • Search;
  • Reports.

Roles are assigned by adding a user account to one of the following Active Directory groups:

  • KSH Administrators (Administrator);
  • KSH Security Officers (Security Officer).

You can create those groups manually before installing Kaspersky Security. If the account under which Kaspersky Security is being installed, has the rights to create groups in Active Directory, groups will be created automatically when installing the application.

A user can combine the roles of Administrator and Security Officer. In this case, the user will have access to all of the application's features. If a user needs to combine both roles and use all of the features of Kaspersky Security, the corresponding account should be added to both groups in Active Directory. The account of the user who has installed the application will be added to both groups in Active Directory. Role assignment with the KSH Administrators and KSH Security Officers groups apply to all servers in a SharePoint farm.

Page top

Distribution kit

Kaspersky Security 9.0 for SharePoint Server is supplied as part of Kaspersky Security for Collaboration Servers and Kaspersky Total Security.

You can buy the application through partner companies or Kaspersky Lab eStore.

If the application is purchased through an online store, it is downloaded from the store's website. Information needed to active the application, including the key file, will be emailed to you after you purchase a license.

Carefully review the End User License Agreement between installing and using the application.

Page top

Hardware and software requirements

Kaspersky Security has the following hardware and software requirements:

Hardware requirements

If installing Management Console and Security Server:

  • For SharePoint Server 2010:
    • 64-bit quad-core processor
    • 4 GB RAM
    • 229 MB of available disk space
  • For SharePoint Server 2013:
    • 64-bit quad-core processor
    • 8 GB RAM
    • 229 MB of available disk space
  • For SharePoint Server 2016:
    • 64-bit quad-core processor
    • 8 GB RAM
    • 229 MB of available disk space

If installing only Management Console:

  • Minimum 400 MHz processor (1 GHz recommended)
  • 256 MB RAM
  • 176 MB of available disk space

Depending upon the application settings and its mode of operation, more disk space may be required for Backup and other service folders. DLP Module additionally requires at least 4 GB free disk space. While DLP Module is running, files and memory dumps are generated, which may require a volume of memory that would significantly exceed 4 GB.

Software requirements

Supported versions of SharePoint servers:

  • Microsoft SharePoint Server 2010;
  • Microsoft SharePoint Server 2013;
  • Microsoft SharePoint Server 2016.

Supported operating systems:

If installing Management Console and Security Server:

  • For SharePoint Server 2010:
    • Windows Server 2008 R2 Service Pack 1;
    • Windows Server 2012 R2
  • For SharePoint Server 2013:
    • Windows Server 2008 R2 x64 Service Pack 2
    • Windows Server 2012 x64;
    • Windows Server 2012 R2
  • For SharePoint Server 2016:
    • Windows Server 2012 R2

If installing only Management Console:

  • Windows Server 2008 R2;
  • Windows Server 2012 x64;
  • Windows Server 2012 R2;
  • Windows 7 Professional Service Pack 1;
  • Windows 7 Professional x64 Service Pack 1
  • Windows 7 Enterprise Service Pack 1
  • Windows 7 Enterprise x64 Service Pack 1
  • Windows 7 Ultimate Service Pack 1
  • Windows 7 Ultimate x 64 Service Pack 1
  • Windows 8
  • Windows 8 x64
  • Windows 8.1;
  • Windows 10.

Required components to install the application:

  • Supported version of Microsoft SharePoint Server

    Standalone installation of Administration Console does not require Microsoft SharePoint Server

  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft Management Console 3.0
Page top

Application architecture

Kaspersky Security 9.0 for SharePoint Server includes the following components:

  • Management Console. This is a snap-in for Microsoft Management Console (hereinafter referred to as MMC). This component is designed for interaction with the application through an interface.

    You can install Management Console separately from other application components. If you need to manage other components of the application, you can add computers with installed components to Management Console. If several administrators work concurrently, Management Console can be installed on each administrator's computer.

  • Security Server. This component is designed for anti-virus protection of a SharePoint server (or server farm) and for scanning files, blogs, and wiki pages for unwanted content. Security Server is responsible for real-time protection, updating the application databases, background scanning of SharePoint servers, relaying data to Kaspersky Security Network services, and activating the application.
  • DLP Module. This component is designed to protect SharePoint data against leaks. The DLP Module is part of Security Server and can be installed on a SharePoint server only together with Security Server. A separate key is required to use the DLP Module.

Some Kaspersky Security settings are stored in the memory of third-party software (Active Directory and Microsoft SQL Server). Kaspersky Security is unable to guarantee security of such data. To prevent unauthorized changes to these settings, you have to ensure their security on your own.

The figure below shows an example of application deployment within the Microsoft SharePoint Server structure.

ks90_pict_architecture

Kaspersky Security 9.0 for SharePoint Server deployment example

About information stored in the SQL database

The application saves the following information to the SQL database:

  • Details of Security Server's operation:
    • The component's configuration
    • The component's operation statistics
    • Ready reports
    • Backup copies of documents.
  • Details of DLP Module's operation:
    • The component's configuration
    • Information about user categories
    • The component's operation statistics
    • Ready reports
    • Information about incidents (including files associated with incidents)
    • Information about the progress of scan tasks.

Files associated with incidents and backup copies of documents are not encrypted. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to protect files in the SQL database on your own.

Information about incidents may increase the size of the database significantly. An information security specialist can archive incidents. This procedure allows minimizing the volume of data stored in the SQL database.

Page top

Access rights for managing Kaspersky Security

Kaspersky Security installation and management are based on the access rights granted to the account under which all actions on the application are performed. The rights required for Kaspersky Security installation and management are listed below.

Rights to manage Kaspersky Security

The account under which Kaspersky Security services will be run, must have the following set of rights:

  • Local administrator rights on the SharePoint servers on which Kaspersky Security is to be installed
  • Rights to modify the SharePoint configuration
  • Rights to website collections that need to be protected with Kaspersky Security

You can grant rights to modify the SharePoint configuration and rights to website collections that need to be protected, using one of the two methods: manually or with a script.

Rights for installing Kaspersky Security

The account under which you run the application installation, must have the following set of rights:

  • Local administrator rights on the computer on which Kaspersky Security is to be installed
  • Rights for creating groups in Active Directory

    Without the rights for creating groups in Active Directory, the application cannot create role-based control groups automatically. If these rights have not been granted to the account, you have to create role-based control groups manually.

  • using rights for SQL database preparation.

Rights for SQL database preparation

Kaspersky Security uses the SQL database to store Backup configuration files and data. You can provide the account selected for SQL database preparation with access to the database using one of the following methods:

  • Assign the account the sysadmin role on the SQL server (on which a database for Kaspersky Security management already exists or is to be created).

    Users with the sysadmin role can perform any actions on the SQL server. If the account has been assigned the sysadmin role, the database can be created automatically during the application installation.

  • Assign the account the db_owner role for a database that was created manually.

    If the database was created manually before the application installation, you will need to specify this database in the SQL server connection settings during the application installation. Users with the db_owner role can perform any actions on the database.

The account intended for SQL database creation and preparation will be used only when the Application Installation Wizard is running. It will not be used after installation of Kaspersky Security is complete.

Rights for managing Kaspersky Security

The user account under which Kaspersky Security will be manged must have read and write rights to <application installation folder>\Configurations. By default, the account that has been granted the local administrator rights on the computer, has the read/write access in this folder.

Also, the account under which you run Management Console must be added to the Active Directory group, which corresponds to the user role.

Kaspersky Security cannot be managed without these rights.

In this Help section

How to grant rights to website collections and modify the SharePoint configuration

Creating an SQL database manually

Page top

How to grant rights to website collections and modify the SharePoint configuration

To make Kaspersky Security operable, the user account under which Kaspersky Security will be run must be granted rights to modify the SharePoint configuration and rights to website collections that need to be protected. Listed below are the methods of granting those rights to a user account.

Granting rights manually

You can grant rights manually through Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express. The user account must be assigned the following:

  • db_owner role for the SQL database, which contains the SharePoint configuration (by default, SharePoint_Config database)
  • db_owner role for the SQL database, which contains the SharePoint configuration contents (by default, SharePoint_AdminContent database)
  • SiteCollection Administrator rights to each website collection that needs to be protected These rights can be granted (for example, through the SharePoint admin center or SharePoint command console).
  • db_owner role for each SQL database with a website collection that needs to be protected

Granting rights using a script

Using scripts allows you to automate the process of granting rights to a user account. You must run the following scripts using Windows PowerShell:

  • Script for granting rights to modify the SharePoint configuration

    Add-SPShellAdmin -UserName <domain\KSH_User>

  • Script for granting rights to each website collection that needs to be protected

    $wa = Get-SPWebApplication <http://WebApp.domain.com>

    $wa.GrantAccessToProcessIdentity(<domain\KSH_User>)

    $wa.Update()

    Where http://WebApp.domain.com is the web address or GUID of the web application on the SharePoint portal, and <domain\KSH_User> is the name of the account created for managing Kaspersky Security.

    You have to run this script for each web application on which SharePoint website collections are located.

Page top

Creating an SQL database manually

To create an SQL database manually, run the following SQL script:

CREATE DATABASE [<database name>]

ON PRIMARY

(

NAME = [<name of database>_

<logical name of the primary data file> ],

FILENAME = '<full path to the primary data file>'

),

FILEGROUP [<name of database>_BACKUP_DATA_FILE_GROUP]

(

NAME = [<name of database>_BACKUP_DATA_FILE_GROUP],

FILENAME = 'full path to the secondary data file'

)

To manage the database that has been created manually, you must grant the relevant access rights to the account intended for database preparation.

Page top

Preparing to install

Before preparing your computer for Kaspersky Security installation, make sure that the hardware and software on your computer meet the requirements for the Security Server and Administration Console.

To prepare your computer for Kaspersky Security installation:

  1. Install all of the components required for the Kaspersky Security operation (if they are still missing):
    • Microsoft .NET Framework 3.5 SP1.
    • Microsoft Management Console 3.0 (MMC 3.0).

    You can download these components by clicking the link in the welcome window of the Kaspersky Security installation package, and then install them. The computer must be restarted after Microsoft .NET Framework 3.5 SP1 installation. Continuing the application installation without restart may cause failures in the Kaspersky Security operation.

    If Microsoft SharePoint Server is not installed on the computer, the application prompts you to install Management Console alone. In this case, the Security Server and the DLP Module cannot be installed on this computer.

  2. Create an account to run Kaspersky Security services and grant it all the relevant rights.
  3. Create an account under which Kaspersky Security installation will be run, and grant it all the relevant rights.

    If no access rights for the SharePoint_Config and SharePoint_AdminContent_<GUID> databases are provided, the anti-virus settings of the SharePoint server cannot be defined. At the final stage of the installation, when the files are being copied and the components registered, an error message appears. When the error message appears, click the Ignore button in the dialog box and, when the installation finishes, reboot the ISS server using the command iisreset / restart.

  4. If necessary, create a database manually to store Backup configuration files and data.

    You can also use the databases created during the previous installation of Kaspersky Security. In this case, no additional actions are required.

    If the account intended to handle the SQL database has been assigned the sysadmin role on the SQL server on which the database is to be created, you can skip this step. If these rights have been granted, the database will be created by the Application Installation Wizard automatically.

    Kaspersky Security does not provide channel encryption during data transmission between the server and the SQL database. To secure your data, manually encrypt data to be transmitted over communication channels.

  5. Create an account for SQL database preparation and grant it all the relevant rights.
  6. In Active Directory, create groups for role-based access to Kaspersky Security features. These groups can be created in any of the organization's domains. The group type is "Universal". Group names:
    • KSH Administrators
    • KSH Security Officers

    If the account under which Kaspersky Security is to be installed, has the rights to create groups in Active Directory, you can skip this step. The groups will be created automatically during the application installation.

  7. Create an account for managing Kaspersky Security and grant it all the relevant rights.

    Kaspersky Security cannot be managed without those rights.

    Management Console connects to the Security Server over TCP using port 5014. The port must remain open to allow management of the Security Server.

Upon finishing your installation preparations, you can proceed to Kaspersky Security installation.

Page top

Features of the application installation on a SharePoint farm

When Kaspersky Security is installed on a SharePoint farm, the application needs to be successively installed on all the SharePoint farm servers. When the installation completes on the first SharePoint farm server, you can use the Configuration Wizard to perform the initial setup of the application. The installation of Kaspersky Security on the other SharePoint farm servers uses the initial settings configured during installation of the application on the first SharePoint farm server.

The process of Kaspersky Security installation is accompanied by the Setup Wizard. The Setup Wizard will prompt you to configure the installation settings. Follow the Wizard's instructions.

Page top

Upgrading from a previous version of the application

This section describes the procedure for upgrading from the previous version of the application. This section includes upgrade instructions and describes the specifics of upgrading Kaspersky Security on a standalone SharePoint server and on a SharePoint server farm.

In this section

About Kaspersky Security upgrades

Tips for upgrading Kaspersky Security on a SharePoint farm

Upgrading Kaspersky Security on a standalone SharePoint server or the first server in a SharePoint farm

Connecting Administration Console to a SharePoint farm when updating Kaspersky Security

Starting the application upgrade

Restarting the SharePoint Timer service

Page top

About Kaspersky Security upgrades

Kaspersky Security 9.0 Maintenance Release 2 (build 9.1.45175) can be upgraded to version 9.0 Maintenance Release 2. Upgrades of earlier application versions are not supported. To run the application upgrade, the account under which Kaspersky Security is to be upgraded must have rights to handle SQL databases.

During the application upgrade process, Anti-Virus databases are rolled back automatically. For the safety of your computer, you are advised to start the database update after completing the application upgrade. Application functionality can change after update.

Before upgrading Security Server for Kaspersky Security, you are recommended to complete all on-demand scan, report and database update tasks running on the server. Otherwise, these tasks are forcibly stopped prior to completion.

The following upgrade configurations of Kaspersky Security are available:

  • Security Server and Management Console installed on a standalone SharePoint server
  • Security Server and Management Console installed on a SharePoint server in a SharePoint farm environment.
  • Management Console only

During the upgrade of a separately installed Management Console, tasks running on Security Server are not suspended. SharePoint server protection remains enabled.

When the application upgrade is started, the I have read the KSN Statement and accept all of the conditions therein check box is cleared automatically in Kaspersky Security settings. When the upgrade is complete, you can accept the KSN Statement and define the settings of KSN usage Other Kaspersky Security settings are transferred to the new version unchanged.

When upgrading Kaspersky Security 9.0 Maintenance Release 1 to version 9.0 Maintenance Release 2, failures may occur in the operation of the SharePoint Timer service. Errors in the Windows Event Log will indicate an operation failure. Text of error messages will start with the name of the SharePoint.Integration.Vsapi.Com.dll module. In this case, you will have to restart the SharePoint Timer service. The SharePoint Timer service must be restarted on all the servers on which Kaspersky Security is installed.

Page top

Tips for upgrading Kaspersky Security on a SharePoint farm

When upgrading Kaspersky Security on a SharePoint server farm, it is recommended that you complete the upgrade in the shortest possible time frame.

When upgrading Kaspersky Security on a SharePoint server farm, it is not recommended to perform any operations with the application until the upgrade has been completed on all SharePoint farm servers.

If you need to resume using the application before an upgrade is completed on a SharePoint server farm, the version number of Security Server should comply when being added to Management Console. You can add Security Server of the previous version to Management Console that has not yet been upgraded, or you can add Security Server of the new version to the upgraded instance of Management Console.

However, Security Server that has not yet been upgraded cannot be added to the upgraded instance of Management Console.

Page top

Upgrading Kaspersky Security on a standalone SharePoint server or the first server in a SharePoint farm

When upgrading Security Server and Management Console on the first server in a SharePoint server farm, or on a standalone SharePoint server, the following items are transferred to the new version:

  • Active key and additional key that have been added before the application upgrade. The respective validity periods of the keys remain unchanged.
  • Settings of Kaspersky Security that have been defined before the application upgrade.
  • Objects moved to Backup before the application upgrade.
  • Reports created before the application upgrade.

The application uses the application log to save the operation data of the Security Server version that has not yet been upgraded.

Operation statistics of Security Server that have been collected before the application upgrade, will not be saved nor displayed in the Control Center node. Reports that have been created after the application upgrade, will not contain any information about the application's activity before the upgrade.

If you modify any settings of the upgraded Security Server on the first server in a SharePoint server farm, the settings that have been modified will be applied to other SharePoint servers. Security Servers that have not yet been upgraded continue running under the settings defined before the upgrade start.

Page top

Connecting Administration Console to a SharePoint farm when updating Kaspersky Security

If Kaspersky Security is installed on SharePoint farm, you can connect Administration Console to any of the SharePoint farm servers.

When Kaspersky Security is being upgraded on SharePoint farm servers, it is not recommended to perform any operations with the application until the upgrade has been completed on all SharePoint farm servers.

If you need to use the application before completing the upgrade on all SharePoint farm servers, be sure to use the matching versions of Administration Console and the application on the SharePoint server.. Administration Console of the previous version should be connected to server with the application version that has not been upgraded, and Administration Console of the new version should be connected to servers with upgraded Kaspersky Security.

During the application upgrade process, Anti-Virus databases are rolled back automatically. For the safety of your computer, you are advised to start the database update after completing the application upgrade.

Page top

Starting the application upgrade

The user under which the application update will be run must be granted the rights to access the SQL database.

To run an upgrade of Kaspersky Security deployed in any of the above configurations:

  1. If Kaspersky Security Management Console is running on the computer for which you want to upgrade the application, close this Management Console before starting the upgrade.
  2. Run the file setup.exe in the distribution package of the application on the computer for which you want to upgrade Kaspersky Security.

    This opens the welcome window of the install package.

  3. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window to launch the Setup Wizard.
  4. Click the Install button in the welcome screen of the Setup Wizard.

    The automatic upgrade of the application now starts. When the upgrade completes, the final screen of the Setup Wizard opens.

  5. To complete the upgrade and close the Setup Wizard, click the Finish button.

The upgrade completes. When the upgrade of Kaspersky Security 9.0 Maintenance Release 1 to version 9.0 Maintenance Release 2 is complete, you need to restart SharePoint Timer.

During the upgrade, SharePoint server protection is disabled because all services under the application are suspended until the upgrade of Security Server for Kaspersky Security completes.

Page top

Restarting the SharePoint Timer service

SharePoint Timer needs to be restarted after Kaspersky Security 9.0 Maintenance Release 1 is upgraded to version 9.0 Maintenance Release 2. The SharePoint Timer service must be restarted on all the servers on which Kaspersky Security is installed.

To restart the SharePoint Timer service:

  1. Run Windows PowerShell on behalf of the administrator.
  2. In the PowerShell environment, run the Add-PSSnapin Microsoft.SharePoint.PowerShell command.

    The Windows PowerShell snap-in will be added.

  3. Run the Get-SPTimerJob job-timer-recycle | Start-SPTimerJob command.

SharePoint Timer will be restarted.

Page top

Step 1. Installing the required components

To start the installation of Kaspersky Security,

launch the setup.exe file from the application distribution package.

The welcome window of the Kaspersky Security installation package opens. In this window, you can perform one of the following actions:

  • Download and install the .NET Framework 3.5 SP1 component (if the component is not installed);

    The computer must be restarted after Microsoft .NET Framework 3.5 SP1 installation. If you continue setup without restart, it may cause problems in the operation of Kaspersky Security.

  • Download and install the Microsoft Management Console 3.0 component (if the component is not installed);

    Microsoft Management Console 3.0 (MMC 3.0) is a part of the operating system in Microsoft Windows Server 2003 R2 and later versions. To install the program in earlier versions of Microsoft Windows Server, you need to update MMC to version 3.0.

  • start the Setup Wizard by clicking the Kaspersky Security 9.0 for SharePoint Server link.

    If Microsoft SharePoint Server is not installed on the computer, the application prompts you to install Management Console alone. In this case, Security Server and DLP Mpdule cannot be installed on the computer.

Page top

Step 1. Viewing the welcome screen and License Agreement

The welcome screen contains information about how to begin the installation of Kaspersky Security on your computer. To switch to the window containing the End User License Agreement, click the Next button.

The End User License Agreement is an agreement between the application user and AO Kaspersky Lab. Checking the box I accept the terms of the License Agreement means that you have read the End User License Agreement and accepted its terms and conditions. You can print the text of the License Agreement by clicking the Print button.

To continue to the next step of the Setup Wizard, click the Next button.

Page top

Step 3. Selecting the type of installation

You can select one of the following application installation options:

Once the installation type is selected, the Setup Wizard proceeds to the next installation step.

Page top

Step 4. Selecting the application components

To select the application components to be installed and specify the paths to the installation and data storage folders:

  1. Select the application components that you want to install.

    You can install either Security Server (with or without the DLP Module) and Management Console, or Management Console alone. Only Management Console is installed to manage Security Server of Kaspersky Security remotely on a different computer.

  2. Click the Browse button, and in the window that opens specify the path to the installation folder.

    The full path to the default installation folder is displayed in the field Destination folder.

  3. Click the Browse button, and in the window that opens specify the path to the data storage folder.

    The full path to the default data storage folder is displayed in the field Data storage folder.

    The data storage folder contains application runtime logs and application databases.

  4. Click the Reset button if you want to cancel the paths to the installation and data storage folders that you specified and return to the default options.
  5. Click the Disk Usage button if you want to view information about free space available on local drives required to install the selected components.

    The window that opens displays information about local drives.

  6. To continue to the next step of the Setup Wizard, click the Next button.
Page top

Step 5. Configuring the connection between Kaspersky Security and SQL database

To configure a connection to link Kaspersky Security to an SQL database:

  1. In the Name of SQL server field, specify the name (or IP address) of the computer with SQL server installed, and the name of the SQL server instance, for example, MYCOMPUTER\SQLEXPRESS.

    Click the Browse button opposite the Name of SQL server field to select the SQL server in the network segment in which the computer is located.

    If the connection is to a remote SQL server, make sure that the SQL server is enabled to support TCP/IP as a client protocol.

  2. In the Database name field, specify the name of the database where the application will store Backup data, statistics, and application configuration details.

    If you install Kaspersky Security on a farm of SharePoint servers, make sure that all servers with the installed application use one and the same SQL database. To this end, identical values must be specified in the Name of SQL server and Database name fields when you install the application on all farm servers.

    The application can use one of the following databases:

    • The database created in advance by the SQL server administrator.
    • The database created automatically by the Setup Wizard installer.
    • The database used by the previous version of the application (version 9.1.45175) – if you are reinstalling or upgrading the application.

      After being reinstalled or updated, the application uses the contents of this database: runtime reports, statistics, setup information. The configuration includes application settings that were change during the reinstallation / update of the application.

  3. Select an account for use with the SQL server during installation of the application.
    • Current account. Current user account will be used then.
    • Other account. In this case, enter the name and password for the specified user account. You can also click the Browse button to select an account.

    The account must be assigned the necessary rights and sysadmin role on the SQL server specified in the Name of SQL server field.

  4. To finish the configuration and continue to the next step of the Setup Wizard, click the Next button.

Kaspersky Security does not provide channel encryption during data transmission between the server and the SQL database. To secure your data, manually encrypt data to be transmitted over communication channels.

Page top

Step 6. Select an account for running Kaspersky Security services

To select an account for running Kaspersky Security services,

specify the name and password of the account in the Account and Password fields in the Setup Wizard window, or select an account by clicking the Browse button.

To ensure proper operation of the application, the account must be assigned all the necessary rights.

Page top

Step 7. Completing installation

To continue the installation:

  1. Click the Install button in the Setup Wizard window.

    It will initiate copying of the application files to the computer and registration of the components in the system. Once the files are copied and the components are registered in the system, the Setup Wizard will display a notification informing about completion of the application setup.

  2. To finish the installation, click the Next button.

    If the application is installed on a standalone SharePoint server or the first server in a SharePoint farm, the Configuration Wizard starts automatically. The Configuration Wizard allows you to specify the initial application settings: activate the application, enable SharePoint server protection, and configure application database updates.

    If you are installing the application on the remaining servers of a SharePoint farm, the Application Configuration Wizard will not be started. The installation is now complete, and the Setup Wizard closes automatically.

    Kaspersky Security on these SharePoint farm servers uses the settings defined in the Application Configuration Wizard during setup on the first server of the SharePoint farm. Protection on subsequent servers of the SharePoint farm is enabled as soon as Kaspersky Security has been installed, but only if SharePoint farm server protection was enabled at the Configuring Anti-Virus protection step of the Application Configuration Wizard.

Page top

Changes in the system after installing the application

When Kaspersky Security is installed on the computer, the following changes are made:

  • Kaspersky Security folders are created.
  • Kaspersky Security are registered.
  • Kaspersky Security keys are registered in the system registry.

In special cases, application behavior can be modified by means of special configuration files that have to be saved in the application folder. Contact Technical Support for more details.

Kaspersky Security folders

Kaspersky Security folders created on the computer

 

Folder

Kaspersky Security files

%Kaspersky Security folder%; by default:

  • In the Microsoft Windows 32-bit version:

    %ProgramFiles%\Kaspersky Lab\Kaspersky Security for SharePoint Server\

  • In the Microsoft Windows 64-bit version:

    %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for SharePoint Server\

Executable files, configuration, and logs of Kaspersky Security (destination folder specified during installation).

  • In the Microsoft Windows 32-bit version:

    %ProgramFiles%\Kaspersky Lab\Kaspersky Security for SharePoint Server\data\

  • In the Microsoft Windows 64-bit version:

    %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for SharePoint Server\data\

Updatable data of Kaspersky Security

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security for SharePoint Server\

Shortcuts of Management Console, Administrator's Guide, Kaspersky Security Uninstaller, and IFilter utility.

C:\Windows\assembly\GAC_MSIL\SharePoint.Integration.Vsapi.Com

File to integrate Kaspersky Security with SharePoint.

Kaspersky Security services

Kaspersky Security services

 

Service

Purpose

KSHSecurityService

The main service of Kaspersky Security; it manages tasks and processes of Kaspersky Security.

KSHIntegrationService

Service to integrate Kaspersky Security with SharePoint and IFilters.

KSHAdministrationService

Service to manage Kaspersky Security and integrate it with the application configuration.

System registry keys

System registry keys

 

Key

Purpose

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\AVScanner]

Registration of the Anti-Virus with SharePoint

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D4428D8-63EB-41f4-97C9-B8E240B6ED58}]

Configuration of the Anti-Virus for SharePoint

  • In the Microsoft Windows 32-bit version:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Kaspersky Lab\Kaspersky Security for Microsoft SharePoint]

  • In the Microsoft Windows 64-bit version:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Kaspersky Lab\Kaspersky Security for Microsoft SharePoint].

Kaspersky Security configuration settings

  • In the Microsoft Windows 32-bit version:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{44267241-A2B7-4ed2-82E6-BC127AA5CDD1}]

  • In the Microsoft Windows 64-bit version:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MMC\SnapIns\FX:{44267241-A2B7-4ed2-82E6-BC127AA5CDD1}].

Management Console MMC snap-in

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\KSH8]

Windows Event Log source.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSHAdministrationService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSHIntegrationService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSHSecurityService]

Kaspersky Security services

Page top

Getting started. Application Configuration Wizard

This section provides step-by-step instructions for preparing the application for use with the help of the Application Configuration Wizard.

You can close the Application Configuration Wizard by clicking the Cancel button in the welcome window of the Application Configuration Wizard, and perform the necessary configuration after starting Kaspersky Security.

In this section

Step 1. Activating the application

Step 2. Enable Anti-Virus protection

Step 3. Kaspersky Security Network

Step 3. Configuring the proxy server settings

Step 5. Completing application configuration

Page top

Step 1. Activating the application

To activate the application:

  1. Click the Add button in the Application Configuration Wizard.
  2. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

    The key corresponding to the license that entitles the owner to use the entire functionality of Kaspersky Security for the specified time period will be added in the product then.

    The key added during installation on the first SharePoint farm server is automatically used to install the application on subsequent SharePoint farm servers.

To remove the key,

click the Delete button in the Application Configuration Wizard.

Page top

Step 2. Enable Anti-Virus protection

To configure the anti-virus protection settings for a SharePoint server or servers:

  1. Select the Enable anti-virus protection check box to enable anti-virus scanning of files as they are uploaded to the server or downloaded from the server to the user's computer.
  2. Select the Enable automatic database updating check box if you want the application to update the anti-virus databases automatically as scheduled, or clear the check box if you want to run updates of the databases manually.
Page top

Step 3. Kaspersky Security Network

In the Use of Kaspersky Security Network window, you can view the Statement on the use of Kaspersky Security Network services for protection of your computer.

To participate in Kaspersky Security Network,

select the I accept the KSN Agreement and want to use KSN check box if you have read the KSN Statement and accepted all of its conditions.

Page top

Step 3. Configuring the proxy server settings

In the Configuring proxy server to retrieve updates and connect to Kaspersky Security Network window of the Application Configuration Wizard, you can define the proxy server settings for Kaspersky Security.

To configure the proxy server settings, perform the following steps:

  1. Select the Use proxy server check box if you want the application to connect to Kaspersky Lab update servers via a proxy server.
  2. Specify the proxy server address in the Proxy server address field.
  3. Specify the proxy server port number in the Port field.

    The default port number is 8080.

  4. If a password is required to access the proxy server, specify the proxy user authentication settings. To do this, select the Use authentication check box and fill in the Account and Password fields.

    The application uses the specified proxy server to retrieve updates and connect to Kaspersky Security Network

To finish configuration of the application and proceed to the final step in the Configuration Wizard, click the Next button.

Page top

Step 5. Completing application configuration

To stop the application configuring:

  1. If you want Kaspersky Security Management Console to run automatically after closing the Configuration Wizard, leave the Start Management Console after the Application Configuration Wizard finishes check box selected.
  2. To finish the configuration of the application and exit the Configuration Wizard, click the Finish button.

    The Configuration Wizard closes. If the Start Management Console after the Application Configuration Wizard finishes check box has been selected, Management Console starts as soon as the Configuration Wizard closes.

Page top

Restoring the application

If the application malfunctions (due to a damaged executable file of the application or the application databases, or a fault in the operation of VS API interceptor), you can restore the application using the Setup Wizard.

During restoration, the installer replaces the executable files and libraries used by Kaspersky Security with the files contained in the Distribution, application databases – databases in the Distribution, and replaces the registration of VS API interceptor.

The application's configuration and event logs are saved during the restoration process.

To restore Kaspersky Security:

  1. Launch the setup.exe file from the application distribution package.

    This opens the welcome window of the install package.

  2. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window to launch the Setup Wizard.
  3. Click the Next button in the welcome screen of the Setup Wizard.

    This opens the Change, Restore, or Remove the Application window.

  4. In the Change, Repair or Remove the application window, click the Restore button.

    This opens the Restoration window.

  5. In the Restoration window, click the Repair button.

    The process to replace the executable files, libraries, and databases of the application and register VS API interceptor begins.

Restoration of the application will not be possible if its configuration files are damaged. Removing and reinstalling the application is recommended in that case.

Page top

Removing the application

You can delete Kaspersky Security from the computer using:

  • Standard Microsoft Windows tools to install/uninstall applications.
  • Using the Setup Wizard.

To uninstall Kaspersky Security from the SharePoint farm, the application must be deleted from each SharePoint farm server.

To uninstall Kaspersky Security using the Setup Wizard:

  1. Launch the setup.exe file from the application distribution package.

    This opens the welcome window of the install package.

  2. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window of the install package to launch the Setup Wizard.

    This opens the start window of the Setup Wizard.

  3. In the start window of the Setup Wizard, click the Next button.
  4. In the Change, Restore, or Remove the Application window click the Remove button.
  5. In the Uninstallation window, confirm your choice by clicking the Remove button.

    The process of removing application files from the computer and unregistering application components begins.

  6. If you are removing the application from a standalone SharePoint server or from the last server of a SharePoint farm, once the files have been removed a window appears prompting you to delete the application database. Select one of the following operations in this window:
    • If you want to delete the database containing the application configuration, Backup and statistical data, click Yes.

      To delete the database, the account under which the removal process is running must possess the db_owner role for this database. If the account does not possess this role, in the window that appears clickNo. When Kaspersky Security is uninstalled, you need to delete the database manually.

    • If you do not want to delete the database in order to use the data stored in it for subsequent application re-installations, click No.
Page top

Application licensing

This section provides information about general concepts related to the application licensing.

In this Help section

About the End User License Agreement

About the license

About the license certificate

About the key

About the key file

About data provision

Page top

About the End User License Agreement

The End User License Agreement is a binding agreement between you and Kaspersky Lab AO, stipulating the terms on which you may use the application.

Carefully review the terms of the License Agreement before using the application.

You can view the terms of the License Agreement in the following ways:

  • During installation of Kaspersky Security.
  • By reading the license.txt file. This file is included in the application's distribution kit.

By confirming that you agree with the End User License Agreement when installing the application, you signify your acceptance of the terms of the End User License Agreement. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application.

Page top

About the license

A license is a time-limited right to use the application, granted under the End User License Agreement.

A license entitles you to the following kinds of services:

  • Use of the application in accordance with the terms of the End User License Agreement
  • Technical support

The scope of services and application usage term depend on the type of license under which the application is activated.

The following license types are provided:

  • Trial – a free license intended for trying out the application.

    A trial license is of limited duration. When the trial license expires, all Kaspersky Security features become disabled. To continue using the application, you need to purchase a commercial license.

    You can activate the application under a trial license only once.

  • Commercial – a pay-for license that is provided when you buy the application.

    When the commercial license expires, the application continues running with limited functionality (for example, Kaspersky Security database updates are not available). To continue using Kaspersky Security in fully functional mode, you must renew your commercial license.

We recommend renewing the license before its expiration to ensure maximum protection of your computer against security threats.

Page top

About the license certificate

License Certificate is a document provided together with a key file or activation code.

The License Certificate contains the following license information:

  • Order ID;
  • Details of the license holder
  • Information about the application that can be activated using the license
  • Limitation on the number of licensing units (devices on which the application can be used under the license)
  • License start date
  • License expiration date or license validity period
  • License type
Page top

About the key

A key is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement. A key is generated by Kaspersky Lab.

You can add a key to the application by using a key file. After you add a key to the application, the key is displayed in the application interface as a unique alphanumeric sequence.

Kaspersky Lab can black-list a key over violations of the End User License Agreement. If the key has been black-listed, you have to add a different key to continue using the application.

A key may be an "active key" or an "additional key".

An active key is the key that is currently used by the application. A trial or commercial license key can be added as the active key. The application cannot have more than one active key.

An additional key is a key that entitles the user to use the application, but is not currently in use. An additional key automatically becomes active when the license associated with the current active key expires. An additional key may be added only if the active key is available.

A key for a trial license can be added only as the active key. A trial license key cannot be installed as the additional key.

Page top

About the key file

A key file is a file with the .key extension that you receive from Kaspersky Lab. Key files are designed to activate the application by adding a key.

You receive a key file at the email address that you provided when you bought Kaspersky Security or ordered the trial version of Kaspersky Security.

You do not need to connect to Kaspersky Lab activation servers in order to activate the application with a key file.

You can recover a key file if it is accidentally deleted. You may need a key file to register with Kaspersky CompanyAccount.

To recover a key file, do one of the following:

  • Contact the license seller.
  • Obtain a key file on the Kaspersky Lab website based on your existing activation code.
Page top

About data provision

To increase the protection level, by accepting the terms of the License Agreement, you agree to provide the following information to Kaspersky Lab in automatic mode:

  • Details of the currently used license
  • Data on the Kaspersky Security version currently in use

When you participate in Kaspersky Security Network, information obtained as a result of the Kaspersky Security operation is automatically sent from the computer to Kaspersky Lab: The list of data items that are to be sent is given in the KSN Statement. You can view the terms of the KSN Statement in the following ways:

  • By clicking the KSN Participation Agreement button in the Settings node.
  • By reading the ksn_agreement.rtf document located in the application installation folder.

Participation in Kaspersky Security Network is voluntary. You can opt out of participating in Kaspersky Security Network at any time. No personal data of the user is collected, processed, or stored.

Kaspersky Lab protects any received information pursuant to the legal requirements and effective Kaspersky Lab rules. Kaspersky Lab uses any collected information in depersonalized format and as general statistics only. General statistics are automatically generated using original collected information and do not contain any private data or other confidential information. Originally collected information is cleared as it is accumulated (once per year). General statistics are stored indefinitely.

Page top

Getting started

This section provides information about how to run Kaspersky Security and add SharePoint servers with installed Security Server to Management Console.

In this Help section

Starting: Management Console

Kaspersky Security 9.0 for SharePoint Server

Adding protected servers to Management Console

Adding a server

Page top

Starting: Management Console

The services of Kaspersky Security start automatically during the operating system start-up. Management Console is started manually.

To start Management Console, perform the following steps:

  1. In the Start menu select Programs.
  2. Select the Kaspersky Security 9.0 for SharePoint Server folder in the list of programs.
  3. Select Kaspersky Security 9.0 for SharePoint Server in the menu.

When Management Console starts, the snap-in of Kaspersky Security connects to Microsoft Management Console, so the console tree displays the application icon and the node of Kaspersky Security 9.0 for SharePoint Server.

When Management Console is running, you can add servers on which the Security Server component has been installed (hereinafter referred to as "Protected servers") to Management Console.

The application records information about starts and stops of Management Console to Windows Event Log. A record contains information about the time of a start / stop of Administration Console, as well as the user who initiated those activities.

Page top

Kaspersky Security 9.0 for SharePoint Server

Show all | Hide all

The Kaspersky Security 9.0 for SharePoint Server node displays information about the current version of the application and its purpose. In this node, you can view the list of SharePoint servers that have been added to Management Console, as well as add new servers and proceed to servers in the console tree.

In the Protected servers section, you can add to Management Console the SharePoint server on which Security Server has been installed (hereinafter referred to as protected SharePoint server or simply protected server). After adding a protected server, you can add other ones or proceed to that server's protection settings.

Add server

Clicking this button opens the Add server window. In this window, you can specify the protected SharePoint server that will be added to Management Console.

The Added servers list displays the names of protected SharePoint servers that have been added to Management Console. Clicking the <Server name> button takes you to the Control Center node of the selected Server in Administration Console.

Use these settings for the following tasks

Starting: Management Console

See also

Adding a server

Page top

Adding protected servers to Management Console

To add protected servers to Management Console:

  1. Start Management Console.
  2. Select in Management Console tree the node of Kaspersky Security 9.0 for SharePoint Server.
  3. In the workspace, click the Add server button.
  4. Select the appropriate option in the displayed dialog:
    • Local. The application adds to Management Console the SharePoint server on which Management Console and Security Server are installed. This is the default option.
    • Remote. The application adds to Management Console the SharePoint server on which Security Server is installed. If you select this option, use one of the following methods to specify the server name:
      • Click Browse and select the computer from the list in the window that opens.
      • Enter the server name manually as an IP address (in IPv4 or IPv6 notation) or DNS name.
  5. Click the OK button.

The server will be added to Management Console and shown in the nodes tree.

If Kaspersky Security is installed on a farm of SharePoint servers, you can add any server of the farm to Management Console.

Page top

Adding a server

Show all | Hide all

In the Add server window, you can select the protected SharePoint server that will be added to Management Console.

Local

The SharePoint server on which Management Console and Security Server are installed will be added to Management Console.

This is the default option.

Remote

The SharePoint server on which Security Server is installed will be added to Management Console.

You can specify the IP address or the DNS name of a SharePoint server manually or select one from the list by clicking the Browse button.

Use these settings for the following tasks

Adding protected servers to Management Console

Page top

Control Center

In the Control Center node, you can view the details of the protection status of a server or a farm of SharePoint servers.

The workspace of this node displays the Events and statistics and List of farm servers tabs, depending on the schemes for deployment of Kaspersky Security on the organization's network. The List of farm servers tab is displayed if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

See also

Events and statistics

List of farm servers

Page top

Default protection

The protection status of the SharePoint server depends on the settings defined in the Application Configuration Wizard during installation. A detailed description of the Application Configuration Wizard is provided in the Installation Guide for Kaspersky Security 8.0 for SharePoint Server.

If the Enable Anti-Virus protection check box was selected in the Application Configuration Wizard during setup on the first SharePoint server, the application components are launched in the following mode at application startup:

  • On-access scan:
    • Anti-Virus scan is enabled;
      • Action on infected and probably infected files: Disinfect;
      • Action on corrupted files and password-protected files: Skip;
    • Content filtering is enabled.
  • On-demand scan:
    • On-demand scan tasks are not created. On-demand scan is not performed.

If the Enable Anti-Virus protection check box was cleared during application installation, the Anti-Virus scan and Content filtering components are disabled at application startup, and on-demand scanning is not performed.

Page top

Viewing SharePoint server protection status details

The Information about server protection section shows the application version and the status of anti-virus scanning and Content Filtering. Available values:

  • Enabled. Anti-Virus protection / Content filtering is enabled in the On-access scan node of Management Console and is working correctly on all SharePoint farm servers.
  • Disabled. Anti-Virus protection / Content filtering is disabled

    on all SharePoint farm servers.
  • Protection errors. Errors detected in the operation of Anti-Virus protection / Content filtering on at least one of the SharePoint farm servers.
  • Unknown. The status of anti-virus protection / Content filtering on at least one of the SharePoint farm servers is unknown.

The section contains a description of any errors that occur.

Page top

Events and statistics

Show all | Hide all

The Events and statistics tab displays summary information about the protection status of a server or a farm of SharePoint servers, about the application components, as well as the application operation statistics for the last week.

The Protection of farm servers section displays the current version of the application, the statuses of the application subsystems (i.e., anti-virus protection and content filtering) and the DLP Module component.

  • Enabled. This component / subsystem is enabled and operates properly on a server or a farm of SharePoint servers.
  • Disabled. This component / subsystem is disabled on a server or a farm of SharePoint servers.
  • Protection errors. Errors have been detected in the operation of this component / subsystem on at least one of the SharePoint servers. The section contains a description of any errors that occur.
  • Unknown. The status of the subsystems on one of the SharePoint servers is unknown.

Real-time protection settings

Clicking this link opens the On-access scan node where you can configure real-time protection.

The Anti-virus settings of SharePoint section displays information about the anti-virus settings of SharePoint. The operation of Kaspersky Security in on-access scan mode depends on the anti-virus settings defined on SharePoint.

For example, if the scanning of files downloaded from SharePoint websites to a computer is disabled in the anti-virus settings of SharePoint, Kaspersky Security will not be able to scan those files.

Define anti-virus settings of SharePoint

Clicking this link opens a page on which you can define the anti-virus settings of SharePoint in the web browser window.

The workspace displays the Security Server license section (always) and DLP Module license section (if components such as Security Server and DLP Module have been installed on the SharePoint server). The Security Server license and DLP Module license sections provide information about the status of the key for corresponding components, the license expiration date, as well as the number of users and availability of an additional key (added or not added).

If any key-related errors occur, the sections display information about those errors

Licensing settings

Clicking this link takes you to the Licensing node. In the Licensing node, you can activate the application and renew your license.

The Database update section shows information about the current status of the anti-virus databases, their latest update, the number of records in the databases, as well as information about update-related errors.

Update settings

Clicking this link takes you to the Updates node. In the Updates node, you can run an update, configure updating, and set up a schedule for automatic startup of updates.

The Protection of farm servers section contains information about the current protection status on the farm of SharePoint servers. If Kaspersky Security is installed on a stand-alone SharePoint server, the Protection of farm servers section is not displayed.

List of farm servers

Clicking this link opens the List of farm servers tab. The List of farm servers tab displays a list of servers in the farm, as well as information about the protection status on the servers.

The Statistics section contains statistics on the application's operation for the last week. The charts present information about the number of positives returned by the application components, the number of threats detected, files blocked, and non-infected files.

Reports

Clicking this link takes you to the Reports node. In the Reports node, you can create and view reports, as well as set up a schedule for automatic reply generation.

Page top

List of farm servers

Show all | Hide all

The List of farm servers tab displays a table with a list of protected SharePoint servers included in the farm, as well as information about the protection status and the update status of Kaspersky Security databases on all of the servers.

Delete servers

Clicking this button causes the application to remove one or several protected servers from the list of servers included in the SharePoint farm. This button is displayed if one or several servers have been selected from the list of protected servers.

Licensing settings

Clicking this link takes you to the Licensing node. In the Licensing node, you can activate the application and renew your license.

Update settings

Clicking this link takes you to the Updates node. In the Updates node, you can run an update, configure updating, and set up a schedule for automatic startup of updates.

Page top

Information about server protection

The Protection of farm servers section shows the current version of the application and the status of its components. The following component statuses are possible:

  • Enabled. The component is enabled and runs correctly on all SharePoint farm servers.
  • Disabled. The component is disabled on all the servers in the SharePoint farm.
  • Protection errors. Errors have been detected in the operation the component on at least one of the SharePoint farm servers. The section contains a description of any errors that occur.
  • Unknown. The status of Anti-Virus protection / Content filtering on at least one of the SharePoint farm servers is unknown.
Page top

Anti-virus settings of SharePoint

The Anti-virus settings of SharePoint section displays information about the scan settings configured on the SharePoint server. If anti-virus protection is disabled on the SharePoint server, Kaspersky Security does not perform Anti-Virus scanning and Content filtering in real time.

Page top

Application licenses

Depending on the application components installed on the SharePoint server, the workspace may display the following sections with licensing information:

  • Security Server license;
  • DLP Module license.

The Key status field displays the details of the active key. Available field values:

  • Current license. A key has been added, and the license has not expired.
  • Errors on some farm servers. Licensing errors or violations have been detected on at least one of the SharePoint farm servers (for example, a key is missing or blacklisted). The error description is displayed in red, and the section itself is highlighted in orange.
  • Key is missing. No key has been added, and Management Console is deployed on a standalone SharePoint server.

The Expiration date field displays the expiration date of the license.

If the number of days remaining on the license is less than the number of days specified in the Notifications node, the expiration date in the field is displayed in red. You are advised to add an additional key in the Licensing node before the current license expires.

The Additional key field contains information about the availability of an additional key. Available values:

  • Added. An additional key has been added, and the validity period of the active key has not expired yet.
  • Not added. One of two possibilities:
    • an additional key is not added;
    • an additional key is installed, but the active key has expired.

The Users field contains information about the maximum number of company employees with access to a SharePoint server protected by the application.

The Functionality field contains information on available application features. Available field values:

  • Full functionality. No limitations are imposed on the operation of Kaspersky Security.
  • The license expired. Database updates and technical support are not available. The application does not update Anti-Virus protection, Content filtering, and DLP Module databases. You have to replace the key to be able to download the current databases.
  • Management only. No key is installed, or the trial license has expired. Only management of Kaspersky Security is available. Anti-Virus protection and Content filtering are not performed, and updates are not available.
  • Update only. The key is in the black list. Only database updates are available. Anti-virus scanning and content filtering are not performed.
Page top

Protection of SharePoint farm servers

The Protection of farm servers section displays information about the current protection status of servers in the SharePoint farm.

SharePoint farm servers that have not accessed the database within the past 60 seconds are considered inactive by the application. The number and list of such servers are shown in this section. Detailed information about why the database was not accessed is displayed in a table on the List of farm servers tab.

If Kaspersky Security is installed on a standalone SharePoint server, the Protection of farm servers section is not displayed in the workspace of the Control Center (<Server name>) node.

Page top

Database update

The Database update section shows information about the current state of the anti-virus databases, the date of the last update, and the number of records in the databases.

The Status field displays information about the status of databases currently in use by Kaspersky Security.

If Kaspersky Security is installed on a SharePoint farm, the Status field can take the following values:

  • Databases are up to date on all farm servers. Databases used on all SharePoint farm servers were updated in the past 24 hours and are not corrupted.
  • Databases outdated on some farm servers. Databases were not updated in the past 24 hours.
  • Databases corrupted on some farm servers. Databases are missing or corrupted, and cannot be read by the application on at least one SharePoint farm server.

If Kaspersky Security is installed on a standalone SharePoint server, the Status field can take the following values:

  • Databases are up to date. Databases were updated in the past 24 hours and are not corrupted.
  • Update required. Databases were not updated in the past 24 hours.
  • Databases corrupted. Databases are missing or corrupted and cannot be read by the application.

The Last update status field displays the date and result of the most recent update of the databases. If an error occurred during the last database update, the field contains a description of the error. In this case, the Database update section is highlighted in orange, and the description of the error is displayed in red.

If Kaspersky Security is installed on a standalone SharePoint server, the section displays the Last update field, which contains the date and time of the most recent attempt to update the databases.

The Release date and time field shows the release date of the earliest database on all SharePoint farm servers. If the databases are out of date, the date is displayed in red. In this case, it is recommended that you go to the Updates node and update the application databases.

The Number of records field contains information about the total number of records in the databases on the server since the time of the first update.

Page top

Statistics

The Statistics section contains statistics on the application's operation for the last week. The graph presents the following information about the number of positives returned by application components, the number of threats detected, files blocked, and clean files:

  • ANTI-VIRUS PROTECTION:
    • Total files. The total number of files that are infected, probably infected, corrupted, password-protected, or clean, and files that returned an error during Anti-Virus scanning.
    • Threats. The number of malicious objects detected in scanned files.
    • Excluded. The number of files excluded from the scan scope.
    • Non-infected. The number of files scanned by the application and recognized as not infected.
    • Other. Files that do not match any other categories. The group includes, for example, files not scanned because of key errors or files that have caused errors while being processed.
  • CONTENT FILTERING:
    • Total. The total number of files and SharePoint web objects that caused content filtering incidents (by content, by file type and format, and masks of unwanted file names, files with Non-infected status, and files that returned content filtering errors).
    • Files with unwanted content. The number of files found by Content filtering to contain unwanted words or phrases included in Kaspersky Lab categories and custom categories. You can configure custom categories in Content filtering settings.
    • Web objects with unwanted content. The number of SharePoint web objects that have been found by Content Filtering to contain unwanted words or phrases included in Kaspersky Lab categories and custom categories, and the number of web objects found to contain malicious or phishing URLs.
    • Files in unwanted formats. Number of files in unwanted formats.
    • Found clean. The number of files that are free from unwanted content (with the names and formats not matching the specified masks of unwanted file names and formats), malicious or phishing URLs.
    • Other. Files that do not match any other category including files unprocessed because of errors.
Page top

On-access scan

The application scans files and web objects when they are accessed by users, i.e., when uploading files to SharePoint websites, when download files from SharePoint websites to the computer of a user, and when modifying web objects.

In the On-access scan node, you can enable and configure anti-virus protection and content filtering of files and web objects.

See also

About anti-phishing scans

About on-access scan

Kaspersky Security operation depending upon the SharePoint server settings

Page top

About on-access scan

Real-time protection is an operation mode of Kaspersky Security in which objects are scanned for malicious code and web objects are scanned for unwanted web content in real-time mode. The application scans objects when they are transferred to a Server, modified, or downloaded from a Server to a user's computer.

Kaspersky Security scans the following objects:

  • Files uploaded by the user to the SharePoint server;
  • Files copied from the SharePoint server to the computer;
  • SharePoint web objects (such as wiki pages and forums hosted on the SharePoint server) when they are created or modified.

When the real-time protection is enabled, Kaspersky Security performs the following actions:

The application performs one type of scan:

  • If a file was blocked during Content filtering, the application does not perform a virus scan on this file.
  • If a file was blocked during a virus scan, the application does not scan its contents.

Non-infected objects are allowed in to the user, while objects that contain threats or are possibly infected will be processed in accordance with the protection settings defined.

Status labels assigned to files following on-access scan

Based on the results of on-access scanning, the application assigns one of the following status labels to the file:

  • Not infected. No threats detected in the file.
  • Infected. A file a segment of whose code fully matches a code segment of a known threat.
  • Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
  • Password-protected. A password-protected archive.
  • Corrupted. The file cannot be read by Kaspersky Security.

Based on the results of content filtering, the application assigns one of the following status labels to the file:

  • Allowed. There is no unwanted content in the file.
  • Forbidden format. The file has an unwanted format.
  • Forbidden mask. The file name contains an unwanted mask.
  • Forbidden content. The file has been found to contain unwanted words and phrases.

Based on the results of content filtering, the application assigns one of the following status labels to the SharePoint web part:

  • Allowed. The SharePoint web object does not contain unwanted content, malicious or phishing URLs.
  • Forbidden content. The SharePoint web object has been found to contain malicious / phishing URLs or unwanted content.
Page top

About anti-phishing scans

Phishing scan is a feature of Kaspersky Security designed to protect the user's personal data.

While scanning the content of SharePoint web objects, the application checks links against lists of malicious and phishing URLs.

Checking links against the list of malicious URLs allows the application to detect URLs redirecting to infected websites. Malicious URLs can be contained in the text of messages disguised as ads. The ad text prompts you to find out more about a product or service by clicking a link. The link takes you to a website with viruses, and the computer gets infected. The computer is infiltrated by viruses and malware that can access your private data and relay it to criminals.

By checking links against the list of phishing web addresses, the application is able to detect links redirecting to fraudulent websites. A phishing attack can be disguised, for example, as an email message from your bank with a link to its official website. The link takes you to an exact copy of the bank's website where you can even see the bank site's address in the browser despite actually being on a spoofed website. From this point forward, all of your actions on the site are tracked and can be used to steal your private data.

A phishing scan of SharePoint web objects detects malicious and phishing URLs embedded in the text of web objects. Malicious and phishing URLs are designed to steal your personal data or information entered in a web form. The application performs a phishing scan when a SharePoint web object is created or modified. If the phishing scan detects at least one web address appearing on lists of malicious and phishing ones, the application assigns the Phishing status to the web object.

On detecting a phishing or malicious URL in a SharePoint web object, the application performs the action configured in the Content filtering section. If the action is set to Block, the application shows a dialog saying that web content cannot be created or modified.

To protect SharePoint servers against phishing, the application uses a list of URLs of web resources that have been labeled as malicious or phishing URLs by Kaspersky Lab. The database is regularly updated and is part of the Kaspersky Security delivery kit.

You can use Kaspersky Security Network services for added protection of SharePoint servers against phishing. It uses cloud computing technology that provides up-to-the-minute information about threats before they have been included in Kaspersky Lab anti-phishing databases.

Page top

Kaspersky Security operation depending upon the SharePoint server settings

The operation of Kaspersky Security in on-access scan mode depends on the values of the anti-virus settings of SharePoint.

Anti-virus settings of SharePoint

SharePoint setting

Value

Impact on the operation of Kaspersky Security

Scan files being uploaded to SharePoint

 

Check box selected

Kaspersky Security can scan files that are uploaded to SharePoint websites. The application performs on files actions that have been defined in the anti-virus protection settings.

Check box cleared

Anti-virus protection of files uploaded to SharePoint websites is not available.

Scan files being downloaded from SharePoint

 

Check box selected

Kaspersky Security can scan files downloaded from SharePoint websites. The application performs on files actions that have been defined in the anti-virus protection settings.

Check box cleared

Anti-virus protection of files uploaded to SharePoint websites is not available.

Allow users to download infected files

 

Check box selected

Kaspersky Security cannot block and disinfect files that users access. The application skips infected files.

Check box cleared

The Attempt to disinfect infected files setting impacts the operation of Kaspersky Security.

Attempt to disinfect infected files

 

Check box selected

Kaspersky Security can disinfect infected files when they are accessed by users. If the application cannot disinfect a file, it blocks the file.

Check box cleared

Kaspersky Security can block infected files when they are accessed by users.

The anti-virus protection settings of Kaspersky Security may conflict those of SharePoint. For example, if the Allow users to download infected files check box is selected in the anti-virus protection settings of SharePoint while the Block action is selected in the anti-virus protection settings of Kaspersky Security, the user will be able to download an infected file. Before downloading, the web browser window shows a warning message informing that Kaspersky Security recommends you to avoid downloading that file.

When a conflict arises between the anti-virus protection settings of Kaspersky Security and the anti-virus settings of SharePoint, the latter ones will have the higher priority.

Page top

General

Show all | Hide all

On the General tab, you can configure the anti-virus protection and content filtering to perform on-access scanning. While on this tab, you can go to the website of SharePoint administration center in order to define the SharePoint anti-virus settings. The values of the anti-virus settings of SharePoint affect the application's operation.

Move files to backup

Saves object copies in Backup.

If this check box is selected, the application saves copies of objects in Backup in the following cases:

  • Before disinfecting / deleting an infected or possibly infected file
  • When blocking / detecting a web object that contains unwanted content.

If the check box is cleared, the application does not save the object copies in Backup.

The check box is cleared by default.

Exclude from scanning any files larger than

Exclusion of files exceeding the specified size from scanning.

If this check box is selected, the application does not scan files that are larger than the specified size (in MB). You can specify the file size in the field on the right. By default, 10 MB or larger files are excluded from scanning. The maximum value available in this field is 1024 MB. If this check box is cleared, the application scans files irrespective of their size.

The check box is cleared by default.

The Anti-Virus scan section allows enabling the anti-virus protection and configure the application's actions on files that users access.

Enable Anti-Virus scan

Enable Anti-Virus protection.

If this check box is selected, the application scans files when users access them, i.e., when uploading files to SharePoint websites and when downloading files from SharePoint websites to the computer. When processing files, the application performs actions specified in the Anti-Virus scan section.

You can specify which formats and file names must be excluded from scan by using the Exclusions from scan tab.

If the check box is cleared, Anti-Virus protection is disabled.

The check box is cleared by default.

The values of the internal settings of SharePoint anti-virus protection affect the application's operation. If the scanning of files during uploading and downloading is disabled in the SharePoint settings, Kaspersky Security cannot scan files when they are accessed by users.

Actions with infected and probably infected files

A dropdown list in which you can configure the application's actions on infected and possibly infected files:

  • Disinfect. Kaspersky Security automatically attempts to disinfect files. Before disinfecting, the application moves a copy of the file to Backup. If disinfection fails, the application blocks the file.

To perform this action, the anti-virus settings of SharePoint must have the Attempt to disinfect infected files check box selected.

  • Block. The application blocks upload of infected files to the SharePoint website and downloading of infected files from the SharePoint website to the computer.

To perform this action, the anti-virus settings of SharePoint must have the Attempt to disinfect infected files check box selected.

  • Skip. The application allows upload of infected files to the SharePoint website and downloading of infected files from the SharePoint website to the computer.

The default option is Disinfect.

Actions with password-protected files

A dropdown list in which you can configure the application's actions on password-protected files:

  • Block. The application blocks upload of password-protected files to the SharePoint website and downloading of such files from the SharePoint website to the computer.
  • Skip. The application allows upload of password-protected files to the SharePoint website and downloading of such files from the SharePoint website to the computer.

The default option is Skip.

Actions with corrupted files

A dropdown list in which you can configure the application's actions on corrupted files:

  • Block. The application blocks upload of corrupted files to the SharePoint website and downloading of such files from the SharePoint website to the computer.
  • Skip. The application allows upload of corrupted files to the SharePoint website and downloading of such files from the SharePoint website to the computer.

The default option is Skip.

The Content filtering section allows enabling content filtering, as well as configuring the application's actions on files with unwanted content.

Enable Content filtering

Enabling content filtering.

If this check box is selected, the application scans files for unsolicited data while they are uploaded to the SharePoint website and while downloading them from the SharePoint website to the computer. The application scans files in accordance with the content filtering rules configured on the Content Filtering rules tab. When scanning files, the application performs actions specified in the Content filtering section.

If this check box is cleared, content filtering is disabled.

The check box is cleared by default.

Actions with files that contain unwanted content

A dropdown list in which you can configure the application's actions on files with unwanted content:

  • Block. The application blocks upload of files to SharePoint websites and downloading of files from SharePoint websites to the computer.
  • Skip. The application allows upload of files to SharePoint websites and downloading of files from SharePoint websites to the computer.

The default option is Block.

Scan SharePoint web content

Scanning SharePoint web objects for unsolicited data.

If this check box is selected, the application scans SharePoint web objects (such as wiki pages, forums, blogs) for unsolicited data. On detecting unwanted data in a web object, the application makes a corresponding record in the application log and the Windows event log. Kaspersky Security does not delete web objects and does not move them to Backup. This check box is available if Content Filtering is enabled.

You can configure criteria for recognition of unsolicited data in web objects on the Content Filtering rules tab.

If this check box is cleared, web objects will not be scanned.

The check box is cleared by default.

Scan content of SharePoint web objects for phishing

Scanning SharePoint web objects for phishing.

If the check box is selected, the application scans the content of SharePoint web objects for phishing links and malicious URLs. Information about phishing links is stored in the application log. The check box is available if Content filtering and scanning of SharePoint web objects is enabled.

If this check box is cleared, web objects will not be scanned for phishing.

The check box is cleared by default.

The Anti-virus settings of SharePoint section displays information about the anti-virus settings of SharePoint. The operation of Kaspersky Security in on-access scan mode depends on the anti-virus settings defined on SharePoint.

For example, if the scanning of files downloaded from SharePoint websites to a computer is disabled in the anti-virus settings of SharePoint, Kaspersky Security will not be able to scan those files.

Define anti-virus settings of SharePoint

Clicking this link opens a page on which you can define the anti-virus settings of SharePoint in the web browser window.

Use these settings for the following tasks

Enabling and disabling Anti-Phishing scanning of web content

Enabling and disabling on-access anti-virus scanning

Configuring basic scan settings

Configuring object processing rules for on-access scanning

Enabling and disabling on-access content filtering

Enabling and disabling SharePoint web object scanning

Page top

Enabling and disabling on-access anti-virus scanning

To enable or disable anti-virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. On the General tab, perform one of the following actions:
    • Select the Enable Anti-Virus scan check box if you want the application to perform on-access anti-virus scanning of the file.
    • Clear the Enable Anti-Virus scan check box if you do not want the application to perform on-access anti-virus scanning of the file.
  3. Click the Save button.
Page top

Configuring basic scan settings

To define the general settings of real-time protection:

  1. In the Management Console tree, select the Server for which the real-time protection should be configured.
  2. Select the On-access scan node.
  3. In the workspace, select the General tab.
  4. Select the Move files to backup check box if you want Kaspersky Security to add to Backup copies of files that have been blocked by Anti-Virus scanning and Content Filtering.
  5. To limit the size of files to be scanned, select the Exclude from scanning any files larger than check box and specify the maximum size of files to be scanned (in MB). The default value is 10 MB.
  6. Click the Save button.
Page top

Configuring object processing rules for on-access scanning

Kaspersky Security will handle infected, potentially infected, corrupted and password-protected files depending on the Anti-Virus scan settings of the SharePoint server.

To create object processing rules for anti-virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node and click the General tab in the workspace.
  2. In the Anti-Virus scan section, open the Actions with infected and probably infected files dropdown list and select one of the following actions:
    • Disinfect. Kaspersky Security attempts to disinfect the file. If the file cannot be disinfected, Kaspersky Security blocks it (the file is not uploaded to the SharePoint server or downloaded from the server to the user's computer).
    • Block. Kaspersky Security blocks the file.
    • Skip. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
  3. In the Anti-Virus scan section, open the Actions with password-protected files dropdown list and select one of the following actions:
    • Disinfect. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
    • Skip. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
  4. In the Anti-Virus scan section, open the Actions with corrupted files dropdown list and select one of the following actions:
    • Block. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
    • Skip. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.

      If the Skip option is selected, Kaspersky Security does not take any action on the file, but assigns one of the status values to the file based on the scan results. Information about the file will be added to reports and statistics.

  5. To save the changes, click the Save button.

To create object processing rules for content filtering:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node and click the General tab in the workspace.
  2. In the Content filtering section, open the Actions with files that contain unwanted content dropdown list and select one of the following actions:
    • Block. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
    • Skip. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
  3. To save the changes, click the Save button.

If the Skip option is selected, Kaspersky Security does not take any action on the file, but assigns one of the status values to the file based on the scan results. Information about the file will be added to reports and statistics.

Page top

Enabling and disabling on-access content filtering

To enable or disable Content Filtering:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. On the General tab, perform one of the following actions:
    • Select the Enable Content filtering check box if you want the application to perform content filtering of the file during on-access scanning.
    • Clear the Enable Content filtering check box if you do not want the application to perform content filtering of the file during on-access scanning.
  3. Click the Save button.

For Content filtering to work properly, the Kaspersky Security account must have site collection administrator privileges (for all site collections) and administrator privileges for the SQL database containing the site collection.

Page top

Enabling and disabling SharePoint web object scanning

To enable or disable the scanning SharePoint web objects:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. On the General tab, perform one of the following actions:
    • Select the Scan SharePoint web content check box if you want the application to scan SharePoint web objects when they are created or modified.
    • Clear the Scan SharePoint web content check box if you do not want the application to scan SharePoint web objects when they are created or modified.

    Kaspersky Security scans SharePoint web objects if Content Filtering is enabled (the Enable Content filtering check box is selected).

    If the Scan SharePoint web content check box is selected, the application scans SharePoint web objects that are created or modified for unwanted words or phrases included in Kaspersky Lab categories and custom categories within the search scope configured in the Content filtering settings.

    On detecting unwanted content in a SharePoint web object, the application makes a corresponding record in the application log and the Windows event log. Kaspersky Security does not save the SharePoint web objects or move them to Backup. The application shows a message that such SharePoint web object cannot be saved or modified.

    If Kaspersky Security blocks a SharePoint web object under Microsoft SharePoint Server 2010, the application may fail to save the changes made to this SharePoint web object or the newly created SharePoint web object.

  3. Click the Save button.
Page top

Enabling and disabling Anti-Phishing scanning of web content

To enable or disable Anti-Phishing scanning of web content:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. On the General tab in the Content filtering section, perform one of the following actions:
    • Select the Scan content of SharePoint web objects for phishing check box if you want the application to scan the content of a created or modified SharePoint web object for links appearing on the lists of malicious or phishing URLs.
    • Clear the Scan content of SharePoint web objects for phishing check box if you do not want the application to scan the content of a created or modified SharePoint web object for links appearing on the lists of malicious or phishing URLs.

    Kaspersky Security scans web content for malicious and phishing links if Content Filtering is enabled (the Enable Content filtering check box is selected) and scanning of SharePoint web objects is enabled (the Scan SharePoint web content check box is selected).

    If the Scan content of SharePoint web objects for phishing check box is selected, the application checks URLs against the Kaspersky Lab database of malicious and phishing URLs when web content is created or modified. If Kaspersky Security Network is used to protect a server or servers, information about the malicious / phishing URL can be relayed to KSN services.

    On detecting a phishing threat in a SharePoint web object, the application logs information about it in Reports.

  3. Click the Save button.
Page top

Anti-Virus scan exclusions

Show all | Hide all

On the Exclusions from scan tab, you can define the settings for exclusion of files from scanning.

The File formats section displays a list of file formats grouped by type (executable files, data, multimedia, images, archives). Clicking the ks90_pict_mask_list button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can configure exclusions from scanning by selecting the check boxes next to relevant groups, subgroups, and specific file formats. The real-time protection settings will not be applied to files of selected formats. The application allows uploading files of specified formats to SharePoint websites, as well as downloading them from SharePoint websites to the computer.

All boxes are cleared by default.

Expand all

Expands all nodes in the tree of file formats.

Minimize all

Collapses all nodes in the tree of file formats.

In the File masks section, you can create a list of file masks, as well as select file masks that will be used to exclude files from scanning.

If the check box is selected next to a mask, the application allows uploading to SharePoint websites files that correspond to that mask, as well as downloading such files from SharePoint websites to the computer.

Add

Clicking this button opens the Adding file mask window. In this window, you can add one or several file masks.

Change

Clicking this button opens the Editing file mask window. In this window, you can edit file name masks.

This button is available if a file mask is selected from the list.

Delete

Clicking this button causes the application to delete the file mask that has been selected from the list.

Use these settings for the following tasks

Creating on-access Anti-Virus scan exclusions

Page top

Creating on-access Anti-Virus scan exclusions

To reduce the load on the SharePoint server caused by on-access Anti-Virus scanning, you can specify file formats or file name masks to be excluded from scanning and set the maximum size of files to scan.

To exclude unwanted file formats from on-access anti-virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. In the workspace, select the Exclusions from scan tab.
  3. In the File formats list, select the check boxes next to the items in the file formats tree that correspond to the relevant formats.

    Make a convenient use of the tree with the Expand all and Minimize all buttons.

  4. To save the changes, click the Save button.

To exclude files that match specific masks from Anti-Virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. In the workspace, select the Exclusions from scan tab.
  3. In the File masks list, select the check boxes next to file name masks to be excluded from the scan scope.
  4. To add a mask to the list, open the Adding file mask window by clicking the Add button, and specify the mask in the entry field. To save the mask and close the window, click OK. The mask will be displayed in the File masks field.

    If you want to define several masks, use a semicolon as a delimiter.

  5. To save the changes, click the Save button.
Page top

File mask

In the entry field, you can specify / change a file mask. Use a semicolon to separate multiple masks.

Page top

Content filtering rules

Show all | Hide all

On the Content Filtering rules tab, you can create content filtering rules (such as prohibition of some words and expressions, prohibition of some file names, and blocking of specific file formats on SharePoint websites). In accordance with those rules, the application tracks unsolicited data in SharePoint files and web objects.

The List of categories section displays a list of categories of unwanted words and phrases. The list of categories is divided into the following groups:

  • Kaspersky Lab categories. Preset categories of unwanted words and phrases compiled by Kaspersky Lab experts.
  • Custom categories. Categories of unwanted words and phrases created by the user manually in the Content filtering node.

Clicking the ks90_pict_mask_list button next to a group of categories expands the list of categories included in that group. You can select the check boxes for categories that will be included in a rule for prohibition of some words and expressions. In accordance with the rule, the application scans SharePoint files and web objects for unwanted words and phrases belonging to the selected categories. When handling files that contain unwanted words and phrases, the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file names section displays a list of file mask sets. You can create sets of file masks in the Content filtering node. You can select the check boxes for sets that will be included in a rule for prohibition of some file names on SharePoint. In accordance with the rule, the application checks if the names of files match the masks. When handling files that match the mask(s), the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file formats section displays a list of file formats grouped by their type. Clicking the ks90_pict_mask_list button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can select the check boxes for file formats that will be included in a rule for prohibition of specific file formats on SharePoint websites. When handling such files, the application performs the action that has been defined on the General tab.

All boxes are cleared by default.

Expand all

Expands all nodes in the tree of file formats.

Minimize all

Collapses all nodes in the tree of file formats.

Use these settings for the following tasks

Configuring additional settings for on-access content filtering

Page top

Configuring additional settings for on-access content filtering

You can configure additional settings for on-access Content filtering: specify prohibited file formats, masks of unwanted file names, unwanted words or phrases.

To specify prohibited file formats:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. In the workspace, select the Content Filtering rules tab.
  3. In the Unwanted file formats list, select the check boxes next to unwanted file formats.

    Make a convenient use of the tree with the Expand all and Minimize all buttons.

  4. To save the changes, click the Save button.

To specify the masks for unwanted file names:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. In the workspace, select the Content Filtering rules tab.
  3. In the Unwanted file names list, select the check boxes next to unwanted file name masks.

    In the Content filtering node you can add and edit the sets of unwanted file name masks using the Filter by masks tab.

  4. To save the changes, click the Save button.

To define unwanted words and phrases:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
  2. In the workspace, select the Content Filtering rules tab.
  3. In the List of categories list, select the check boxes next to categories of unwanted words and phrases.

    You can add and edit custom categories of unwanted words and expressions in the Content filtering node using the tab Filter by keywords.

  4. To save the changes, click the Save button.
Page top

On-demand scan

Show all | Hide all

On-demand scanning allows you to scan all (or specific) files stored on SharePoint for viruses and unwanted content. The application runs scans through scan tasks. Each task covers specific SharePoint websites, defines the scan criteria and the application's actions on detection of a virus or unwanted content. You can run the scan task manually or set up the automatic run of the task upon a schedule. The application can run multiple on-demand scan tasks concurrently. The application runs scan tasks in background mode. The application generates a report with the results of each task.

In the workspace of the On-demand scan node, you can add scan tasks and configure them, run the scan, and view reports on the scan results.

Create

Clicking this button opens the Task settings window. In this window, you can create a new task for scan of files and web objects on SharePoint and configure it.

Start

Clicking this button causes the application to run the scan task that has been selected from the list of tasks.

Stop

Clicking this button causes the application to stop running the scan task that has been selected from the list.

Down

Clicking this button causes the application to copy the settings of the selected task and create a new task with the same settings. Clicking this button opens the Task settings window in which you can edit the task settings. When copying a task, the application automatically adds the word "Copy" to the name of the new task.

Change

Clicking this button opens the Task settings window. In this window, you can edit the settings of the task that has been selected in the list.

Report

Clicking this button opens a report on the results of the selected task. Report opens in the default browser.

Delete

Clicking this button causes the application to delete the selected scan task.

See also

About on-demand scanning

Use these settings for the following tasks

Creating an on-demand scan task

Starting and stopping on-demand scan tasks

Viewing an on-demand scan task report

Deleting an on-demand scan task

Page top

About on-demand scanning

On-demand scan is scanning of files on a SharePoint server, which is performed manually or according to a schedule created in advance.

Kaspersky Security performs on-demand scan on:

  • files located on the SharePoint server and in areas of the SharePoint structure specified in the scan settings;
  • all SharePoint web objects (such as wiki pages and forums hosted on the SharePoint server);
  • SharePoint service files.

The application scans only the last versions of files and SharePoint web objects hosted on the SharePoint server.

During on-demand scanning, Kaspersky Security performs:

  1. Performs anti-virus file scanning in accordance with the scan exclusions settings.
  2. Searches for unwanted file formats and unwanted file names.
  3. Scans files and SharePoint web objects for unwanted content.

If a file has been blocked by Content filtering, the application does not perform Anti-Virus scanning of this file. Alternatively, if a file has been blocked following an Anti-Virus scan, the application does not apply Content filtering to the file. In on-demand scan mode, the application always skips web objects that contain unwanted content even if the Block action is configured in task settings.

Status labels assigned to files based on scan results

Based on the results of Anti-Virus scanning, Kaspersky Security assigns one of the following status labels to the file:

  • Not infected. No threats detected in the file.
  • Infected. A file a segment of whose code fully matches a code segment of a known threat.
  • Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
  • Password-protected. A password-protected archive.
  • Corrupted. The file cannot be read by Kaspersky Security.

Based on the results of content filtering, Kaspersky Anti-Virus assigns one of the following status labels to the file:

  • Allowed. There is no unwanted content in the file.
  • Forbidden format. The file has an unwanted format.
  • Forbidden mask. The file name contains an unwanted mask.
  • Forbidden content. The file has been found to contain unwanted words and phrases.

Based on the results of content filtering, the application assigns one of the following status labels to the SharePoint web part:

  • Allowed. The SharePoint web object does not contain unwanted content.
  • Forbidden content. The SharePoint web object has been found to contain unwanted content.

On-demand scan tasks

To run on-demand scan tasks, you have to configure an on-demand scan task or tasks in Kaspersky Security. You can configure anti-virus scanning and content filtering settings for each on-demand scan task, and define a schedule.

On-demand scan tasks can be run manually or scheduled to run automatically. The application generates a report with the results of each scan task.

The list of on-demand scan tasks is displayed in a table in the workspace of the On-demand scan node. The on-demand scan tasks that were not run or could not be run at the scheduled time are highlighted in red. Color highlighting is not used for other tasks.

The reasons for not running the tasks are displayed in the Status column:

  • Task server does not exist. Kaspersky Security Server has been deleted from the SharePoint server specified in the on-demand scan task settings. You can specify a different SharePoint server in the task settings.
  • Task not executed. The SharePoint server specified in the on-demand scan task settings was not available at the time scheduled for the start of the task. The availability of the SharePoint server needs to be checked. You can run a task manually, if necessary.
Page top

Creating an on-demand scan task

To create an on-demand scan task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. Click the Create button in the workspace.

    This opens the Task settings window.

  3. In the Task name field, enter the name of the task.
  4. Configure restrictions for the newly created on-demand scan task:
    • If you want Kaspersky Security to move copies of files to Backup before processing, select the Move files to backup check box.
    • If you want to limit the duration of an on-demand scan task, select the Restrict the duration of task execution check box and specify a value in the field on the right.
    • If you want the application to scan SharePoint service files while performing the task, select the Scan service files check box.
    • If you want to limit the duration for a scan of each individual file, select the Scan timeout check box and enter a value (in seconds) in the field on the right.
    • If you want to run the task on a different SharePoint server, select the relevant SharePoint server in the Run task on server dropdown list.
  5. In the Schedule section, set up a schedule for the on-demand scan task:
    • If you want to run the on-demand scan task manually at your convenience, select manually.
    • If you want the on-demand scan task to run once at the specified time, select Once and specify the date and time for task start.
    • If you want the on-demand scan task to run automatically every week, select Weekly and specify the days and time for task start.

      If the Once or Weekly option is selected, the application uses the time set on the SharePoint server where the task will be run.

  6. If necessary, in the Anti-Virus scan section, select the Enable Anti-Virus scan check box and configure actions to be performed by the application on infected, potentially infected, password-protected, and corrupted files during the task run:
    1. In the Actions with infected and probably infected files dropdown list, select an action:
      • Disinfect. Kaspersky Security attempts to disinfect an infected or probably infected file. If the file cannot be disinfected, the application replaces it with a text file describing the reason for deletion.
      • Delete. Kaspersky Security replaces the infected or probably infected file with a text file describing the reason for deletion.
      • Skip. Kaspersky Security does not perform any operations on the infected or potentially infected file.

        After an infected file is deleted, Kaspersky Security also deletes all of its versions (regardless of whether they have been infected). We recommend that you save your files in Backup in order to avoid data losses.

    2. In the Actions with password-protected files dropdown list, select an action:
      • Delete. Kaspersky Security replaces the password-protected file with a text file describing the reason for deletion.
      • Skip. Kaspersky Security does not perform any action on the password-protected file.
    3. In the Actions with corrupted files dropdown list, select an action:
      • Delete. Kaspersky Security replaces a corrupted file with a text file describing the reason for deletion of the original file.
      • Skip. Kaspersky Security does not perform any action on the corrupted file.

        If the Skip option is selected, the application does not perform any operations on the file, but assigns it one of the status labels based on the scan results. The application records the file details in reports and statistics.

  7. If necessary, select the Enable Content filtering check box and set the action to be performed on files with unwanted content by selecting one from the Actions with files that contain unwanted content dropdown list:
    • Delete. Kaspersky Security replaces a file with unwanted content with a text file describing the reason for deletion of the original file.

      If Kaspersky Security detects unwanted content in a SharePoint service file, it does not delete this file. The application records information about unwanted content in the SharePoint service file in the task report and the application log.

    • Skip. Kaspersky Security does not perform any action on the file containing unwanted content.

      If the Skip option is selected, the application does not perform any operations on the file, but assigns it one of the status labels based on the scan results. The application records the file details in reports and statistics.

  8. If you want the application to scan SharePoint web objects (such as wiki pages and forums hosted on a SharePoint server) with Content Filtering, select the Scan SharePoint web content check box.

    If the Scan SharePoint web content check box is selected, the application scans SharePoint web objects for unwanted words or phrases included in Kaspersky Lab sections and custom categories whose settings are configured in the Content filtering node.

    On detecting unwanted content in a SharePoint web object, the application makes a corresponding record in the on-demand scan task report and the application log. Kaspersky Security does not delete the SharePoint web object or move it to Backup.

    For Content filtering to work properly, the Kaspersky Security account must have site collection administrator privileges (for all site collections) and administrator privileges for the SQL database containing the site collection.

  9. Click the OK button.

    The task that has been created will be added to the list of tasks in the workspace of the On-demand scan node.

You can configure additional settings for an on-demand scan task:

  • Select or exclude areas of the SharePoint structure from the scan scope.
  • Exclude certain file types, file formats, or file name masks from Anti-Virus scanning, limit the per-file scan time, and disable scanning of archives.
  • configure content filtering.
Page top

Starting and stopping on-demand scan tasks

To start an on-demand scan task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. Select an on-demand scan task from the list in the workspace.
  3. Click the Start button to run the on-demand scan task, or click the Stop button to stop the task.
Page top

Viewing an on-demand scan task report

To view a report on the results of an on-demand scan task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. Select a task from the list in the workspace.
  3. Click the Report button.

    The report is displayed in a new window of your web browser.

    The Report button is not available for tasks currently in progress and for tasks that have never been started.

The report contains the following information on the last on-demand scan:

  • Used task settings:
    • task name;
    • task launch method (manual or scheduled);
    • scan task start and end times;
    • information about enabled application components;
    • name of the SharePoint where the task was performed;
    • task status;
  • Scan results. Summarized information about the results of the on-demand scan task.
    • Processing errors. The number of files skipped by the application because of scanning errors.
    • Scanned items. Total number of scanned files.
    • Virus threats found. The number of malicious objects detected (the number Anti-Virus component incidents).
    • SharePoint web objects scan alarms. Number of detected files in an unwanted format and file names containing unwanted masks, as well as web objects with unwanted content (number of Content filtering incidents).
  • Table of positives. A table with information about all files found to contain malicious objects or violations of Content filtering rules. If the scan has not detected any virus threats or violations of content filtering rules, the File scan detected no incidents message is displayed instead of the table of positives.
    • File name. The name and path to the file where malicious objects or violations of content filtering rules have been found.
    • Version. File version on the SharePoint server.
    • Action. Operation performed on the file based on the scan results in accordance with the defined settings.
    • Anti-Virus scan. Status assigned to the file by the anti-virus scanning component. This column shows the Corrupted or Password protected status label for corrupted or password-protected files. This column shows the name of the object detected in the file for infected or probably infected files.
    • Content filtering. Status assigned to the file by the content filtering. Policies whose violation triggered the content filtering component.
    • Backup. Information about creation of a backup copy for the file in Backup.
    • Restored version. The version to be assigned to the restored file (if it can be disinfected).
    • Incident ID. The universal ID of the positive. The incident ID simplifies the search for information about the incident in the report, Backup, and file log. It is also displayed in the properties of a backup copy of the file in Backup and in notifications about violations of security policies during on-demand scanning.
  • SharePoint web objects scan alarms. A table with the details of SharePoint web objects found to contain unwanted words or phrases. If no unwanted words or phrases have been detected during a scan of SharePoint web objects, the SharePoint web objects scan detected no incidents message is displayed instead of this table.
    • Name and version. Name and version of a SharePoint web object found to contain unwanted words or phrases included in Kaspersky Lab sections and user categories within the search scope configured in the Content filtering settings. The name consists of: <Site name> / <List name> / <Object ID>. The field contains n/a if the version information of the scanned SharePoint web object is unavailable.
    • Categorized as. List of SharePoint web object fields found to contain unwanted words or phrases, and categories to which the detected words and phrases belong.
    • Incident ID. The universal ID of the positive. The incident ID simplifies the search for information about the incident in the report and log file.
  • Table of locations to scan. The list of all scan areas specified in the on-demand scan task settings.
Page top

Deleting an on-demand scan task

To delete an on-demand scan task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the workspace, select the task that you want to remove and click the Delete button.
Page top

Task settings – General

Show all | Hide all

On the General tab, you can define the general settings of the task (e.g., select a SharePoint server for scanning), set up the task run mode and the mode of anti-virus scanning and content filtering during the task run. You can set up different modes of anti-virus scanning and content filtering for various tasks.

Task name

Task name. The name should not be identical to the names of other tasks.

Move files to backup

Saves object copies in Backup.

If this check box is selected, the application saves copies of objects in Backup in the following cases:

  • Before disinfecting / deleting an infected or possibly infected file
  • When blocking / detecting a web object that contains unwanted content.

If the check box is cleared, the application does not save the object copies in Backup.

The check box is cleared by default.

Restrict the duration of task execution

Stop task automatically when specified time interval expires.

If this check box is selected, the application limits the task run time. In the spin box on the right, you can specify the maximum allowed time of task run in hh:mm format. If the task is not completed when the specified time interval expires, the application stops the task. The maximum task run time is 30 minutes. The default task run time is 3 hours.

If this check box is cleared, the task run time is unlimited.

The check box is cleared by default.

Run task on server

This dropdown list allows you to select the protected SharePoint server on which you want to run the scan task. The list shows all servers that have been added to Management Console.

Scan service files

Enables the scanning of SharePoint service files.

If this check box is selected, the application scans service files for viruses and unwanted content.

Service files in SharePoint include:

  • files not included into any list of documents (for example, into a SharePoint library);
  • files present on the list of documents, but actually structured as a web form or a view.

Popular formats of service files are ASPX, HTML, MHT, and INI.

If this check box is cleared, the application does not scan service files.

The check box is cleared by default.

If a virus is detected in a service file of ASPX format, the application only deletes the file's contents. The application does not delete service files that contain unwanted content.

Scan timeout

Limits the duration of object scanning.

If this check box is selected, the application limits the object scan time (e.g., when scanning a file). In the spin box on the right, you can specify the maximum allowed scan time (in seconds). When the specified time expires, the application stops the object scan and proceeds to another object. If an object scan has been stopped due to the expiration of the specified time interval, the application assigns the Not infected status to the object.

Possible values in this field span from 30 to 60,000 seconds. The default scan timeout is 30 seconds.

If the check box is cleared, the object scan time is unlimited.

The check box is cleared by default.

In the Schedule section, you can select the task run mode (manual or automatic) and set up the schedule of automatic scan run.

Manually

Scheduled startup of the task is disabled. You can run the task manually at any time you like.

This is the default option.

Once

The application automatically runs the task once, on the day and at the time that you have specified.

If you select this option, the Start day and Start time fields become available so that you can set up the task run mode.

Weekly

The application automatically runs the task weekly, according to the schedule that you have set up.

If you select this option, the Start day and Start time fields become available so that you can configure the task run schedule.

In the Anti-Virus scan section, you can enable the anti-virus scanning and set up rules for processing objects with an anti-virus scan.

Enable Anti-Virus scan

Enable Anti-Virus scan.

If this check box is selected, the application scans the most recent versions of files stored on SharePoint websites when running the task.

You can specify which formats and file names must be excluded from scan by using the Exclusions from scan tab.

If the check box is cleared, Anti-Virus scan is disabled.

The check box is selected by default.

Actions with infected and probably infected files

A dropdown list in which you can configure the application's actions on infected and possibly infected files:

  • Disinfect. Kaspersky Security automatically attempts to disinfect the file. If the Task name check box is selected, the application moves a copy of the file to Backup before disinfection. If the file cannot be disinfected, the application blocks users' access to the file.
  • Delete. The application deletes the infected file and all versions of this file (whether infected or not).
  • Skip. The application takes no actions on the infected file and proceeds to the next one.

The default option is Disinfect.

Actions with password-protected files

A dropdown list in which you can select the application's action on password-protected files:

  • Delete. The application deletes the password-protected file.
  • Skip. The application takes no actions on the password-protected file and proceeds to the next one.

The default option is Skip.

Actions with corrupted files

A dropdown list in which you can select the application's action on corrupted files:

  • Delete. The application deletes the corrupted file.
  • Skip. The application takes no actions on the corrupted file and proceeds to the next one.

The default option is Skip.

The Content filtering section allows enabling content filtering, as well as configuring the application's actions on files with unwanted content.

Enable Content filtering

Enabling content filtering.

If this check box is selected, the application scans files stored on SharePoint websites for unwanted information when running the task. The application scans files in accordance with the content filtering rules configured on the Content Filtering rules tab.

If this check box is cleared, content filtering is disabled.

The check box is cleared by default.

Actions with files that contain unwanted content

A dropdown list in which you can configure the application's actions on files with unwanted content:

  • Block. The application blocks users' access to the file.
  • Skip. The application takes no actions on the infected file and proceeds to the next one.

The default option is Block.

Scan SharePoint web content

Scanning SharePoint web objects for unsolicited data.

If this check box is selected, the application scans SharePoint web objects (such as wiki pages, forums, blogs) for unsolicited data. On detecting unwanted data in a web object, the application makes a corresponding record in the application log and the Windows event log. Kaspersky Security does not delete web objects and does not move them to Backup. This check box is available if Content Filtering is enabled.

You can configure criteria for recognition of unsolicited data in web objects on the Content Filtering rules tab.

If this check box is cleared, web objects will not be scanned.

The check box is cleared by default.

Use these settings for the following tasks

Creating an on-demand scan task

See also

Task settings – Scan scope

Task settings – Exclusions from scan

Task settings – Content filtering rules

Page top

Task settings – Scan scope

Show all | Hide all

On the Scan scope tab, you can select SharePoint websites that the application will scan when running the task.

The Select areas of the SharePoint structure to scan section shows a list of websites hosted on the protected SharePoint server. You can create a scan scope by selecting the check boxes for certain websites or their websites.

Select child items

This selects the check boxes next to subsections of websites that make part of the SharePoint structure.

Deselect child items

This clears the check boxes next to subsections of websites that make part of the SharePoint structure.

In the Additional web addresses section, you can add SharePoint web addresses to the scan scope manually, as well as configure exclusions from the scan scope. In the dropdown list on the right of the web address that has been added, you can specify the action that the application will take on that address:

  • Exclude. The address will be excluded from the scan scope.
  • Include. The address will be added to the scan scope.

Add

This opens the Web address window. In this window, you can specify the web address of the SharePoint website for which you want to define specific scanning conditions.

Delete

Deletes a web address selected in the list from the scan scope.

See also

About on-demand scanning

Creating an on-demand scan task

Starting and stopping on-demand scan tasks

Viewing an on-demand scan task report

Deleting an on-demand scan task

Task settings – General

Web address

Selecting and excluding from on-demand scanning areas of the SharePoint structure

Task settings – Exclusions from scan

File mask

Creating on-demand Anti-Virus scan exclusions

Task settings – Content filtering rules

Configuring content filtering

Task settings – General

Task settings – Exclusions from scan

Task settings – Content filtering rules

Use these settings for the following tasks

Creating an on-demand scan task

Page top

Web address

In this entry field, you can specify the SharePoint web address for which you want to set up specific scanning conditions. The application supports the following syntax of web addresses:

  • https://<SharePoint portal name>.local:8080/content/file.txt
  • http://<SharePoint portal name>.local/content/;
  • http://<SharePoint portal name>/.

Use these settings for the following tasks

Creating an on-demand scan task

Selecting and excluding from on-demand scanning areas of the SharePoint structure

Page top

Selecting and excluding from on-demand scanning areas of the SharePoint structure

You can specify areas of the SharePoint structure to be scanned during an on-demand scan task. You can also exclude individual areas of the SharePoint structure from scanning.

To define the scan scope in a SharePoint structure:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window on the Scan scope tab.
  3. Specify the scan scope in the SharePoint structure in one of the following ways:
    • In the SharePoint server structure tree, select check boxes corresponding to the SharePoint structure areas that you want to include in the scan scope. All check boxes are selected by default (all available SharePoint structure areas are scanned during the on-demand scan task).

      The tree only displays the SharePoint structure areas, for which administrator access is allowed to the account used to start the application services.

    • Add SharePoint structure areas manually. To do this, in the Additional web addresses section, perform the following actions:
      1. Click the Add button. In the window that opens, enter the path to the area that you want to add and click OK.

        The following types of paths are supported:

        • http://<SharePoint portal name>.local/content/;
        • https://<SharePoint portal name>.local:8080/content/file.txt;
        • http://<SharePoint portal name>/.

        To remove an area, select one in the list and click the Delete button.

      2. Select the check box opposite the path to a SharePoint structure area, and select Include in the drop-down list.
      3. Clear the check box opposite the path to a SharePoint structure area, and select Exclude in the drop-down list.
  4. Click OK to save the changes and close the window.

To exclude SharePoint structure areas from an on-demand scan:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window on the Scan scope tab.
  3. Exclude a SharePoint structure area from scanning in one of the following ways:
    • In the SharePoint server structure tree, clear the check boxes corresponding to the areas which you want to exclude from the scan scope.
    • In the Additional web addresses section, select the Exclude action in the dropdown lists for the areas that you want to exclude from scanning.
  4. Click OK to save the changes and close the window.
Page top

Task settings – Exclusions from scan

Show all | Hide all

On the Exclusions from scan tab, you can define the settings for exclusion of files from scanning.

The File formats section displays a list of file formats grouped by type (executable files, data, multimedia, images, archives). Clicking the ks90_pict_mask_list button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can configure exclusions from scanning by selecting the check boxes next to relevant groups, subgroups, and specific file formats. The anti-virus scan settings will not be applied to files of selected formats. When running the task, the application will not scan files of specified formats.

All boxes are cleared by default.

Expand all

Expands all nodes in the tree of file formats.

Minimize all

Collapses all nodes in the tree of file formats.

In the File masks section, you can create a list of file masks, as well as select file masks that will be used to exclude files from scanning.

If the check box is selected next to a mask, the application will not scan files matching that mask when running the task.

Add

Clicking this button opens the Adding file mask window. In this window, you can add one or several file masks.

Change

Clicking this button opens the Editing file mask window. In this window, you can edit file name masks.

This button is available if a file mask is selected from the list.

Delete

Clicking this button causes the application to delete the file mask that has been selected from the list.

Use these settings for the following tasks

Creating on-demand Anti-Virus scan exclusions

See also

About on-demand scanning

Creating an on-demand scan task

Starting and stopping on-demand scan tasks

Viewing an on-demand scan task report

Deleting an on-demand scan task

Task settings – General

Task settings – Scan scope

Web address

Selecting and excluding from on-demand scanning areas of the SharePoint structure

File mask

Creating on-demand Anti-Virus scan exclusions

Task settings – Content filtering rules

Configuring content filtering

Task settings – General

Task settings – Scan scope

Task settings – Content filtering rules

Page top

File mask

In this entry field, you can add or edit one or several file masks. If you enter multiple file masks in the field, use semicolons to separate them (e.g., test; win*; img).

Use these settings for the following tasks

Creating an on-demand scan task

Creating on-demand Anti-Virus scan exclusions

Page top

Creating on-demand Anti-Virus scan exclusions

To ease the load on the SharePoint server, you can exclude files from the scope of on-demand Anti-Virus scanning specific formats or file name masks, restrict scanning duration for individual files, as well as disable scanning of archives.

To exclude specific file formats from on-demand anti-virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window, then select the Exclusions from scan tab.
  3. In the File formats list, select the check boxes next to the file formats that you want to exclude from scanning.

    Make a convenient use of the tree with the Expand all and Minimize all buttons.

  4. To save the changes and close the window, click OK.

To exclude files that match specific masks from on-demand Anti-Virus scanning:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window and select the File formats tab.
  3. In the File masks list, select the check boxes next to file name masks to be excluded from the scan scope.
  4. To add a mask to the list, open the Adding file mask window by clicking the Add button, and specify the mask in the entry field.

    If you want to define several masks at once, use a semicolon as a separator.

  5. To save the changes and close the window, click OK.
Page top

Task settings – Content filtering rules

Show all | Hide all

On the Content Filtering rules tab, you can create content filtering rules (such as prohibition of some words and expressions, prohibition of some file names, and blocking of specific file formats on SharePoint websites). In accordance with those rules, the application scans SharePoint files and web objects for unwanted information.

The List of categories section displays a list of categories of unwanted words and phrases. The list of categories is divided into the following groups:

  • Kaspersky Lab categories. Preset categories of unwanted words and phrases compiled by Kaspersky Lab experts.
  • Custom categories. Categories of unwanted words and phrases created by the user manually in the Content filtering node.

Clicking the ks90_pict_mask_list button next to a group of categories expands the list of categories included in that group. You can select the check boxes for categories that will be included in a rule for prohibition of some words and expressions. In accordance with the rule, the application scans SharePoint files and web objects for unwanted words and phrases belonging to the selected categories. When handling files that contain unwanted words and phrases, the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file names section displays a list of file mask sets. You can create sets of file masks in the Content filtering node. You can select the check boxes for sets that will be included in a rule for prohibition of some file names on SharePoint. In accordance with the rule, the application checks if the names of files match the masks. When handling files that match the mask(s), the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file formats section displays a list of file formats grouped by their type. Clicking the ks90_pict_mask_list button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can select the check boxes for file formats that will be included in a rule for prohibition of specific file formats on SharePoint websites. When handling such files, the application performs the action that has been defined on the General tab.

All boxes are cleared by default.

Expand all

Expands all nodes in the tree of file formats.

Minimize all

Collapses all nodes in the tree of file formats.

Use these settings for the following tasks

Creating an on-demand scan task

Configuring content filtering

See also

Task settings – General

Task settings – Scan scope

Task settings – Exclusions from scan

Page top

Configuring content filtering

For on-demand scan tasks, you can configure the application to look for specific file formats, file name masks, and the categories of unwanted words and phrases.

To configure Content Filtering rules for an on-demand scan:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
  2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window and select the Content Filtering rules tab.
  3. Configure the following Content filtering settings:
    • In the List of categories, select the check boxes next to the categories of Kaspersky Lab and user categories, which the application should seek while running the on-demand scan task.
    • In the Formats list, select check boxes next to the file formats that should be scanned. To expand / collapse the entire list of formats and extensions, use the Expand all and Minimize all button.
    • In the Mask sets list, select check boxes next to the sets of file name masks to be scanned during on-demand scanning.
  4. To save the changes and close the window, click OK.

You can specify the file formats and file name masks and the set of categories of unwanted words and phrases in the Content filtering node.

Page top

Content filtering

In the Content filtering node, you can view and edit the settings for the content filtering. The application will use those settings to scan files, websites, and web objects for unwanted content.

See also

About content filtering

About the white list

Page top

About content filtering

Kaspersky Security performs content filtering of files placed on the SharePoint server during on-access scanning and on-demand scanning.

Content is filtered by:

  • File format.
  • File name mask. You can specify masks for unwanted file names and formats.
  • By the text content and names of the files. Kaspersky Security includes a preset collection of categories of unwanted words and phrases created by the experts at Kaspersky Lab. The preset collection of unwanted words and phrases cannot be modified nor updated. You can create custom categories of unwanted words and phrases.

File content is scanned using the libraries of filters via the IFilter interface. To enable or disable filters available on a server, you can use IFilter utility, which is installed along with Kaspersky Security.

More details about IFilter can be found at http://msdn.microsoft.com/en-us/library/ms691105%28v=vs.85%29.aspx.

When the application is installed, filters included in following standard filter packs are enabled by default:

  • Windows Server (installed with the operating system).
  • SharePoint (installed with the SharePoint server).
  • Office 2007 Filter Pack
  • Office 2010 Filter Pack

If other filters are installed on the SharePoint server, they are disabled by default and content filtering by format is not performed for files scanned using these filters. Use Kaspersky IFilter Utility to enable such filters.

You can enable / disable the installed filters and also install necessary additional filters using utility.

You can start the utility from the menu Start → Programs → Kaspersky Security 9.0 for SharePoint Server → Kaspersky IFilter Utility.

For more details on the Kaspersky IFilter Utility, please refer to the corresponding Help file.

Page top

About the white list

The while list is a list of words and / or phrases that should be skipped by Content filtering.

The white list contains words and / or phrases that, although included in prohibited categories of Kaspersky Lab, should be ignored by Content Filtering. By using the white list, it is possible to avoid false positives of the application component on detecting words and / or phrases that are permissible in and specific to the field of the company's business.

The white list is local. It is created separately for each farm server. When a word and / or phrase is included in the white list, all of its word forms should be specified for the application component to work properly.

Example:

<string>sea</string>

<string>seas</string>

<string>seaside</string>

<string>seasick</string>

Changes made to the list are applied with a delay of no more than 5 seconds.

Page top

Creating the white list

To create a white list of permissible words and / or phrases:

  1. Open the folder with SharePoint server configuration files by performing the following:
    • If the application is installed on a farm of SharePoint servers, open the application setup folder and go to the folder of the corresponding farm server. Then open the Configuration folder.
    • If the application is installed on a standalone SharePoint server, open the application setup folder and go to the Configuration folder.
  2. Create an XML file with the name ContentFilteringWhitelist.

    The ContentFilteringWhitelist.config file must have the following structure:

    <?xml version="1.0" encoding="utf-16"?>

    <configuration version="1.0">

    <ContentFilteringWhitelistSubset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

    <Items>

    <string></string>

    </Items>

    </ContentFilteringWhitelistSubset>

    </configuration>

  3. Type the word or phrase to be skipped by Content filtering between the <string> and </string> tags.

    Type each new word or phrase and their word forms in a new line between the <string> and </string> tags.

  4. Save changes to the file in Unicode format.

When saving the file in a different format, words and / or phrases containing language-specific characters may be displayed improperly.

Page top

Filter by keywords tab

Show all | Hide all

The List of categories section displays a list of categories that the application uses to recognize unwanted information in files and on websites. In this section, you can create a list of categories. Clicking the name of a category in the Category structure section displays detailed information about the selected category.

Create

This opens the Category name window. In this window, you can specify the name of a category.

Rename

This opens the Category name window. In the window, you can change the name of a category.

Delete

Clicking the button makes the application delete the selected category. You can delete only custom categories.

Import from file

Clicking this button opens the Open file window. In this window, you can proceed to the folder in which the TXT file is stored, and select that file.

The application imports information from the file to the selected category. During the import, the application automatically adds terms that contain words and word combinations from the file. When the terms are added, the application displays the results in the Import result window.

In the Category structure section, you can define a set of user categories. The Keyword field shows words and phrases in this category. The case sensitivity of a term is shown on the right of that term.

Add

This opens the Add a term window. In this window, you can specify and configure a term.

Change

This opens the Add a term window. In this window, you can modify a term and its settings.

Delete

Clicking the button causes the application to delete the selected term.

See also

Filter by masks tab

Use these settings for the following tasks

Creating, renaming, and deleting user categories of unwanted words and phrases

Importing a list of unwanted words and phrases into a user category from a text file

Adding, changing, and deleting unwanted words and phrases in user categories

Page top

Category name

In this entry field, you can specify / edit the name of a user category.

Use these settings

Creating, renaming, and deleting user categories of unwanted words and phrases

See also

Keyword settings

Page top

Keyword settings

Show all | Hide all

In the entry field, you can specify a word and / or word combination. Use the semicolon to separate words or word combinations. Term length may not exceed 512 characters.

Case-sensitive

Enable case sensitivity.

If this check box is selected, the application tells uppercase letters from lowercase ones when performing content filtering. If this check box is cleared, the case is disregarded.

The check box is cleared by default.

See also

Category name

Use these settings for the following tasks

Adding, changing, and deleting unwanted words and phrases in user categories

Page top

Creating, renaming, and deleting user categories of unwanted words and phrases

To create a new user category of unwanted words and phrases:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, select the Filter by keywords tab and click the Create button in the List of categories section.
  3. In the Category name window that opens, enter a name for the new category.
  4. Click the OK button.

To rename a user category of unwanted words and phrases:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by keywords tab, select the category that you want to rename, and click the Rename button.
  3. In the Category name window that opens, enter the name of the category and click OK.

To delete a category for unwanted words and phrases:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by keywords tab, in the List of categories section, select the category that you want to delete, and click the Delete button. Selected category will be removed from the list.

    Only user categories can be created, renamed or deleted. You cannot change the preset collection of Kaspersky Lab categories included in the application.

Page top

Importing a list of unwanted words and phrases into a user category from a text file

You can import from a text file a list of unwanted words and phrases into a user category.

The words and phrases in such file must comply with the following conditions:

  • Each line must contain just one term with its word forms.
  • The term should be separated from its word forms with the "|" character.
  • Term length may not exceed 127 characters.

    If a term contains special symbols or multibyte characters, for example, UTF-8 (encoded using three or more bytes), the term length must not exceed 64 characters.

To import a list of unwanted words and phrases into a user category:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, select the Filter by keywords tab, and in the List of categories field, select the category to which you want to import the list.
  3. In the List of categories field, click the Import from file button. In the displayed window specify the path to the necessary file.

    The Import from file button is only available for custom categories of unwanted words and phrases.

  4. To save the changes, click the Save button.
Page top

Adding, changing, and deleting unwanted words and phrases in user categories

To add an unwanted word or phrase to a user category:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by keywords tab, and in the List of categories field, select the custom category to which you want to add a word or phrase.
  3. In the Category structure field, click the Add button. Type the word or phrase in the field within the displayed dialog.
  4. If you want the application to consider case while searching for a word or phrase, select the Case-sensitive check box.
  5. Click the OK button.

    You can specify several words or phrases. Use the "|" character as a delimiter.

To edit a word or phrase within a selected user category:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by keywords tab, and in the List of categories field, select the custom category containing the word or phrase that you want to edit.
  3. In the Category structure field, select the word or phrase that you want to edit, and click the Change button.
  4. Edit the word or phrase in the displayed window. If necessary, select the Case-sensitive to enable case sensitivity.
  5. Click the OK button.

To delete a word or phrase from a selected user category:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, select the Filter by keywords tab, and in the List of categories field, select the custom category containing the word or phrase that you want to delete.

    You can select several words of phrases in the list while holding the SHIFT key pressed.

  3. In the Category structure field, select the word or phrase that you want to delete, and click the Delete button.

    Only user categories can be created, edited or deleted. You cannot change the preset collection of Kaspersky Lab categories included in the application.

Page top

Filter by masks tab

Show all | Hide all

The Mask sets section shows a list of mask sets that the application uses to recognize unwanted file names. In this section, you can add and edit sets.

Add

This opens the Set name window. In this window, you can specify the name of a set.

Rename

This opens the Set name window. In this window, you can change the name of the selected set.

Delete

Clicking the button makes the application delete the selected mask set.

The Masks in set section displays the file masks contained in the selected set. In this section, you can compile a set of file masks.

Add

This opens the Adding file mask window. In this window, you can specify one or several file masks.

Change

This opens the Adding file mask window. In this window, you can edit one or several file masks.

Delete

Clicking the button makes the application delete the selected mask from the set.

Use these settings for the following tasks

Creating, renaming, and deleting a set of masks for unwanted file names

File name mask creation rules

Changing a set of unwanted file name masks

See also

Filter by keywords tab

Page top

Set name

In this entry field, you can specify / change the name of a set of masks.

Use these settings for the following tasks

Creating, renaming, and deleting a set of masks for unwanted file names

See also

File mask

Page top

File mask

In the entry field, you can specify / change a file mask. When specifying file name masks, you must follow the file name mask creation rules. Use a semicolon to separate multiple masks.

See also

Set name

Use these settings for the following tasks

Changing a set of unwanted file name masks

Page top

Creating, renaming, and deleting a set of masks for unwanted file names

To create a new set of forbidden file name masks:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, on the Filter by masks tab, click the Add button. This opens the Set name window.
  3. Enter in the displayed dialog the name for the new set of masks.
  4. Click the OK button.

To rename a set of masks for unwanted file names:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, on the Filter by masks tab, select the set of masks that you want to rename, and click the Rename button.
  3. Enter the new name for the set of masks in the window that opens, and click OK.

To delete a set of unwanted file name masks:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, on the Filter by masks tab, select the set of masks that you want to delete, and click the Delete button.
Page top

File name mask creation rules

Please follow these guidelines on creating masks:

  • The following wildcards are supported:
    • * – an arbitrary string of characters. For example, the "abc*" mask stands for any file with the name beginning with the "abc" string: abc.exe, abc1.com, abc2.rar.
    • ? – any single character. For example, the "abc?.exe" mask stands for any file with the name beginning with the "abc" string followed with an arbitrary single character, like abc1.exe. However, the file abc12345.exe will not match the mask.
  • Observe the following restrictions:
    • Masks cannot contain the following characters: >, <, \, /, |, ", ;.
    • It is not recommended to use masks that match the file extensions of SharePoint service files (for example, *.aspx, *.html, *.mht) in the content filtering settings. Deleting SharePoint service files could disrupt the operation of SharePoint.
Page top

Changing a set of unwanted file name masks

To add an unwanted file name mask to a set:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, select the Filter by masks tab, and in the Mask sets field, select the set to which you want to add a mask.
  3. In the Masks in set field, click the Add button. In the window that opens, specify the mask of the unwanted file name in the field.

    You can specify several masks. Use a semicolon as a delimiter.

To edit the unwanted file name masks in a set:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by masks tab, and in the Mask sets field, select the set in which you want to edit masks.
  3. In the Masks in set field, select the mask that you want to edit, and click the Edit button.
  4. In the window that opens, edit the mask and click OK.

To delete an unwanted file name mask from a set:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
  2. In the workspace, click the Filter by masks tab, and in the Mask sets field, select the set from which you want to delete masks.

    You can select several masks in the set while holding the SHIFT key pressed.

  3. In the Masks in set field, select the mask that you want to delete, and click the Delete button.

    If multiple masks have been selected within a set, you can only delete the selected masks. No other operations with them will be available.

Page top

Backup

Show all | Hide all

The Backup node lets you view information about malicious objects detected by the application.

Backup

Clicking this link takes you to the Settings node. You can specify the Backup size and enable automatic purging of Backup in the Settings node in the Backup section.

The upper part of the workspace displays the Quick search entry field. Here you can specify the name of an object (or a mask) that must be found in Backup. Clicking the button on the right of the entry field opens the block of advanced search settings. The drop-down lists on the left let you select an object filtering criterion. Details of the object or users related to it are used as filtering criteria. In the next dropdown list, you can specify the rate of the match between the criterion and the value. In the entry field on the right, you can specify a value for the selected criterion.

By default, the block contains three filtering conditions. You can add several conditions to configure object filtering flexibly. The application performs filtering according to all conditions added to the advanced search settings.

Add a condition

The drop-down list lets you select a filtering criterion. An additional filtering condition will be displayed for this criterion in the advanced search settings. Conditions that have been added are highlighted with dark green. You can delete an additional condition by clicking the ks90_pict_backup_delete button.

Reset filter

Clicking this button causes the application to clear the filtering conditions automatically.

A table with information about Backup objects follows. For your convenience, you can set up the appearance of the table and sort objects by any of the columns that are displayed at the time of sorting.

Delete

Clicking this button causes the application to delete the selected object from Backup.

Restore

Clicking this button causes the application to move the selected object from Backup to its original location on SharePoint.

Save to disk

Clicking this button opens the Save as window. In this window, you can specify the path for saving the object.

The application saves the object selected in Backup. By default, the application saves the object under the name specified in the Backup.

Select columns

Clicking this button expands the Select columns to display section. This section lets you select the object details to be displayed in the Backup table by means of check boxes. Object details next to which the icon \\HQAITFE\Data\Images\Kaspersky Security 9.0 for SharePoint\DLP_Edition appears are always displayed in the table.

Clear

Clicking this button causes the application to delete all objects in Backup, without any possibility of restoration.

Export to CSV

Clicking this button opens the Save as window. In this window, you can save the list of objects and respective details in a CSV file.

By default, the application saves the file under the name backup.csv.

In the bottom part of the workspace, you can view the object's details. Clicking the ks90_pict_backup_details button opens a section with the details of the object that has been selected in the table.

Use these settings for the following tasks

Viewing the list of files in Backup

Quick file search in Backup

Extended file search in Backup

Restoring files from Backup

Saving files from Backup to disk

Removing files from Backup

Purging Backup manually

See also

About Backup

Configuring automatic Backup purging

Page top

About Backup

Kaspersky Security saves in Backup copies of files that require action based on the results of Anti-Virus scanning and / or Content filtering (such as blocking or deletion). The application places in Backup copies of all harmful files, whether they can be disinfected or not.

Kaspersky Security places files to the Backup storage in encrypted form, which prevents the infection risk (files in Backup storage are not accessible without decryption).

Backup size

The data volume that can be stored in the Backup may be restricted by one of the two following parameters:

  • Total number of files in Backup cannot exceed 50000. You cannot remove or change this restriction.
  • The default size of Backup is 3686 MB. You can change the size of Backup.

Removing files from Backup

The application periodically (every time a new file is placed in Backup) checks compliance with the set restrictions on the size of Backup.

If the restrictions are exceeded, the application:

  • Stops placing files in Backup, if the number of files in storage is exceeded.
  • Frees up the necessary disk space by deleting the oldest files, if the restriction on storage size is exceeded by the addition of another file. The files stored for the longest amount of time are deleted first.

You can also delete files from Backup manually. For example, you may need to delete files that have been successfully restored after disinfection, or delete all files to purge Backup.

Page top

Viewing the list of files in Backup

You can view the list of files in Backup; it is displayed as a table with corresponding column headers.

To view the list of files in Backup:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The workspace displays information about Backup and a list of files moved to Backup.

    The top right corner of the workspace displays the number of files moved to Backup and the total size of these files.

    The bottom right corner of the workspace displays the following information:

    • The range of lines in the table listing files.
    • The number of lines in the table listing files.
    • The page number of the files list.

    In the files list you can view the information about files stored in Backup. The appearance of the files list may differ depending on the columns selected for display.

    By default, the list contains the following file information:

    • File name. File name.
    • Path to file. The path to the original location of the file on the server.
    • Account. Account of the user who had performed the operation that resulted in file addition to Backup.
    • Restored. Date and time of file restoration on server.
    • Detected. Date and time of object detection in file.
    • Component. The module, that scanned the file - anti-virus scan or content filtering.
    • Reason why moved to Backup. Name of the object detected in the file.
    • Scan type. The type of scan which detected the object – on-demand or on-access scan.
  2. Configure the appearance of the files list (if necessary) by selecting the columns to be displayed in the table:
    1. Click the Select columns button.

      This opens the Select columns to display window.

      The columns in the table of files will appear and disappear as you select or clear their corresponding check boxes.

      The File name column is always displayed. It cannot be hidden.

    2. Click outside the Select columns window to close it.
  3. You can sort the files list in the table by any of the columns in ascending or descending order, as required. To do this, click the header of the column that you want to sort files by, for example, File name, Path to file, or Component. If you want to reverse the sorting order, click the header once again.

    The list of files will be sorted by the selected column. The sorting symbol will appear in the header of the selected column:

    • Sorting in ascending order– sorted in ascending order
    • Sorting in descending order– sorted in descending order

To view the details of a specific file, select it in the file list using the buttons to navigate to the next / previous, first / last pages of the file listks90shp_pict_pages. To find files in the list, you can also use the quick search and extended filter functions.

Page top

Quick file search in Backup

To quick-search files in Backup:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The workspace displays a list of files moved to Backup.

  2. Enter the pattern string for file search in the Quick search field. The pattern string supports masks.

    Quick search begins acting immediately as soon as you enter the template string.

    The table lists only files that match the search condition. A file will match the search condition if the entered pattern string can be found in at least one of the following file properties:

    • File name
    • Path to file
    • Account
    • Owner
    • Owner email
    • Last edit by
    • Last editor email
    • ID.

If you want to cancel quick search, click the ks90shp_pict_cancelqsearch icon next to the Quick search field.

Page top

Extended file search in Backup

To find files in Backup using the extended filter:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The results window will display the list of files stored in Backup.

  2. Click the ks90shp_pict_openfilter icon to maximize the extended filter section.

    The extended filter section will be displayed. The section contains the list of filter conditions. By default, the list contains three lines where you can specify the conditions that will be used to filter document copies. Each filter condition consists of three parts: the file property to check, the pattern string and the comparison rule applied while matching the property and the pattern string.

  3. To define a filtration condition:
    1. Select the property to check from the drop-down list in the left part of the line.

      You can pick any of the following values as the property to check:

      • File name
      • Path to file
      • User name
      • Account
      • ID
      • Owner
      • Owner email
      • Last edit by
      • Last editor email
      • Scan type.
    2. Select the comparison rule from the drop-down list in the middle of the line. 

      The set of values in the list will correspond to the selected value of the property to check. For example, when checking the File name property, the list contains the following values: IncludesDoes not include, Empty field.

      If you have selected Empty field, the entry field in the right part of the line will become inactive.

    3. Enter the template string in the entry field in the right part of the line. The pattern string supports masks.

      Specified filter condition will be applied to the list of files in Backup immediately as soon as you specify all its three parts. The files list only displays files matching all specified filtering conditions.

  4. If you need to define more than three filter conditions, you can append additional lines to the list of conditions. To do this, click the Add a condition button.

    A new line will appear in the lower part of the filter conditions section.

  5. If you want to delete an additional filter condition, click the delete_string icon in the filtering condition line.

    The selected line will be deleted from the list of filter conditions. The list of files will be refreshed to match the remaining filter conditions.

For convenience, you can minimize the extended filter section by clicking the ks90shp_pict_closefilter icon. Minimized extended filter will continue to function. If you want to cancel extended filtering, click the Reset filter link.

Page top

Restoring files from Backup

To restore files from Backup:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The workspace displays a list of files moved to Backup.

  2. Select the files that you want to restore in the table.

    Restoring files containing viruses and malicious objects can cause the computer to be infected.

  3. Click the Restore button.

    Selected files will be decrypted and restored to the original locations in SharePoint structure. The files will be restored in the same format and under the same names they had when they were added to Backup.

    While restoring objects, the application updates in SharePoint the following relevant information:

    • Account. The application records to the field the account name of its administrator.
    • Comment. The application records in this field the application name, date when an object was placed in Backup and file version.
    • Version. The application updates the file version.

    After file restoration its copy and relevant information remains in Backup.

Page top

Rules for restoring files when version control is enabled in SharePoint

When files are being restored from Backup, it is possible that the path specified in SharePoint points to a file of the same name. Restoration of files of the same name depends on version control settings configured on the SharePoint server.

The following version control options exist:

  • Major. File versions are available to all users of the SharePoint server.
  • Minor. File versions are available to a limited group of users.

Restoring a file of the same name with version control enabled

If there is no file of the same name in SharePoint, the application restores the object from Backup as a file with the first minor or major version, depending on the version of the file when a copy of it was placed in Backup. If major version control is enabled in SharePoint, the file will be restored as a file with the corresponding major version.

If there is a file of the same name in SharePoint, Kaspersky Security restores the file according to the following rules:

  • Kaspersky Security restores the new minor version if minor/major version control is enabled in SharePoint and the file in Backup has a minor version.
  • Kaspersky Security restores the new major version in all other cases.

If the file being restored has no version, the application restores the file as a file with a new minor version (if minor/major version control is enabled in SharePoint), or as a file with a new major version (if major version control is enabled).

Restoring a file of the same name with version control disabled

In this instance, Kaspersky Security prompts you to replace the file of the same name with the file being restored.

You can select one of the following actions in the window with the prompt to replace the file:

  • Yes. The file in SharePoint is replaced with the file being restored.
  • No. The file in SharePoint is not replaced with the file being restored. In this case, the file being restored remains in Backup.

When several files are being restored from Backup and there is a file of the same name of at least one of them in SharePoint, Kaspersky Security prompts you to replace the file / files of the same name with the file / files being restored.

You can select one of the following actions in the window with the prompt to replace the file / files:

  • Yes, restore the file. The file in SharePoint will be replaced with the restored file.
  • No, do not restore the file. The file in SharePoint will not be replaced with the restored file.
Page top

Saving files from Backup to disk

To save files in Backup to disk:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The results window will display the list of files stored in Backup.

  2. If you want to save a single file to disk:
    1. Select in the files list the file, which you want to save to disk. You may use quick search or extended filter to find the file.
    2. Click the Save button.

      The standard file saving dialog will appear.

    3. Select the destination folder for the file.
    4. If you want to save the file under a different name, enter one in the File name field.
    5. Click the Save button.

      Selected file will be saved in the destination folder.

  3. If you want to several files to disk:
    1. Select in the list the files, which you want to save to disk. You may use quick search or extended filter to find the files.
    2. Click the Save button.

      The standard destination selection dialog will appear.

    3. Select the destination folder where you want to save the files and click Save.

    Selected files will be saved in the destination folder.

Page top

Removing files from Backup

To delete files from Backup:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

    The results window will display the list of files stored in Backup.

  2. Select in the list the files, which you want to delete. You may use quick search or extended filter to find the files.

    Kaspersky Security permanently removes files from Backup.

  3. Click the Delete button.

    A warning dialog will appear.

  4. Click the Yes button.

    Selected files will be deleted from Backup.

Page top

Purging Backup manually

You can purge Backup by deleting all the objects inside it.

To purge the Backup:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.
  2. In the workspace, click the Purge Backup button below the list of files moved to Backup.

    The application permanently deletes all files in Backup.

Page top

Configuring automatic Backup purging

To configure automatic Backup purging:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
  2. Select the Clear Backup automatically if its size exceeds check box.
  3. Enter in the entry field maximum Backup size (MB).

    Supported parameter values are 1 –1048576 MB. If there is a storage size restriction and the addition of a new file exceeds this restriction, the application frees up the necessary space by deleting the oldest files. The default size of Backup is 3686 MB.

  4. To save the changes, click the Save button in the upper part of the application window.
Page top

Updates

In the Updates node, you can configure the updating of databases.

In this node, the General and Updates on servers tabs can be displayed, depending on the schemes for deployment of Kaspersky Security on the organization's network. The Updates on servers tab is displayed if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database of application configuration and Backup.

See also

About database updates

Page top

About database updates

Kaspersky Security database updates keep SharePoint servers protected against new viruses and other threats. Databases contain the latest information about threats and ways to neutralize them.

Databases contain descriptions of all malicious programs known to date and ways of disinfecting objects that have been corrupted by malware, as well as descriptions of programs that may be used by criminals to do harm to the user's computer or data.

While updating the databases, the application does not update the set of Kaspersky Lab categories.

It is important to keep all databases up to date. You are advised to update the databases as soon as you install the application because the databases included in the distribution kit will already be out of date. The databases on Kaspersky Lab's update servers are updated every hour.

Databases can be updated from the following sources:

  • Kaspersky Lab's update servers on the Internet
  • Local updates source, such as a local or a network folder
  • Another HTTP or FTP server, such as your Intranet server

The updating is performed either manually or automatically, according to a schedule. After the files are copied from the specified update source, the application automatically connects to the new databases.

For added protection of SharePoint files, you can use Kaspersky Security Network services in addition to database updates. These services provide up-to-date information about threats and malware before it appears in Anti-Virus and Anti-Phishing databases.

During setup on several SharePoint farm servers, you can define local update settings for each individual server or propagate the global update settings to all servers.

Page top

Updates – General

Show all | Hide all

The Database update section displays information about the number of records in the databases, as well as their respective release dates. If the databases are outdated, this section displays a notification stating that the databases need to be updated. This section is displayed in the local settings of the Server if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

In the General settings section, you can specify the source from which the application will download updates, as well as set up the update run mode and schedule.

Kaspersky Lab's servers

The application uses Kaspersky Lab update servers as a source of database updates. New database updates are uploaded to the servers every hour.

This is the default option.

HTTP server, FTP server, local or network folder

The application uses an HTTP or FTP server, local or network folder specified in the entry field as the source of updates. If you select this option, enter the path to the folder manually in the entry field.

Run mode

A dropdown list in the General settings section. In the Run mode dropdown list, you can configure the automatic startup of database updates. The following startup options are available:

  • Manually. The update of Kaspersky Security databases is started manually by clicking the Start database update on all servers button in the lower part of the configuration section.
  • Periodically. The update is started automatically at specific time intervals.
  • Daily. The update procedure runs automatically at specified time every day. If the update start at the defined time is somehow prevented, the application will attempt update again next day at the specified time (local server time).
  • On selected day. The update procedure runs automatically at specified time (local server time) on the selected day of the week.

Start update

Clicking this button runs the updating of databases. An update download indicator is displayed when an update is running.

If Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup, the Start database update on all servers button is displayed.

In the Connection settings section, you can define the proxy server settings for updates downloading.

Proxy server address

In this entry field, you can specify the IP address and port of the proxy server. The application will use those settings to download updates from Kaspersky Lab servers.

By default, the port value is set to 8080.

Use authentication

Enables the use of authentication when connecting to the proxy server.

If this check box is selected, the Account and Password entry fields are available. Here you can specify the account that the application will request to establish connection with a proxy server.

If the check box is cleared, authentication is disabled.

The check box is cleared by default.

Use proxy server

Connection to the update source via a proxy server.

If the check box is selected, the application connects to the update source via a proxy server when downloading updates. If the check box is cleared, the application establishes the connection according to the default settings of the operating system.

The check box is cleared by default.

Maximum connection timeout

Limiting the time of connection with an update source.

In this entry field, you can specify the time interval (in seconds) during which the application will attempt to establish connection with another update source. The maximum value of the field is 86,400 seconds.

The default value is 60 seconds.

See also

Updates – Database update settings

Use these settings for the following tasks

Configuring automatic database updates

Page top

Configuring automatic database updates

To configure automatic database updates:

  1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
  2. In the workspace, click the General tab, and in the Updates on servers section, select an update source for the databases:
    • Kaspersky Lab's servers to download updates from Kaspersky Lab servers.
    • HTTP server, FTP server, local or network folder to download updates from some of the listed update sources.

      If you select this option, specify in the corresponding text box the server address, local or network folder.

    If Kaspersky Security is installed on a standalone SharePoint server, the update source is selected in the Updates on servers section of the workspace, which appears on selecting the Updates node in the Management Console tree.

  3. The Run mode dropdown list allows you to set up a schedule for updates of the databases:
    • Manually. The update starts when you click the Start database update on all servers button.
    • Periodically. The update starts at the specified intervals.
    • Daily. The update starts at the specified time (the local time of the SharePoint server is used).
    • On selected day. The update starts on the specified days of the week.

    If Kaspersky Security is installed on a standalone SharePoint server, the run mode for automatic updates of databases is configured in the Database update settings section of the workspace, not on the tab.

  4. In the Connection settings section, specify the required connection settings:
    • If you connect to the Internet using a proxy server, select the Use proxy server check box and specify the proxy server address and number of the port used for connection. The default proxy server port number is 8080.
    • If the proxy server requires authentication, specify the name and password of the user account. To do this, select the Use authentication check box and fill in the Account and Password fields.
    • Specify the timeout duration in the Connection timeout entry field. By default, the timeout is set to 60 seconds.

      This proxy server is used to exchange information with KSN cloud services if KSN protection is enabled.

    If Kaspersky Security is installed on a standalone SharePoint server, connection settings should be defined in the Connection settings section of the workspace displayed when you select the Updates node in the console tree.

  5. Click the Save button.
Page top

Updates – Database update settings

Show all | Hide all

The Updates on servers tab displays a table, which lists Servers included in the farm. You can define the local settings for updates of the databases on each of those Servers, or use shared settings for all of them.

Start update

Clicking this button runs the updating of databases on the selected Server.

Modify local settings

This opens the Server database update settings: ##settingsDetails## window in which you can define the local for updates on the selected Server.

Propagate global settings

Clicking this button applies the updates specified on the General tab to the selected Server(s).

Start database update on all servers

Clicking this button runs the updating on all of the Servers shown in the table.

See also

SharePoint server database update settings

Use these settings for the following tasks

Viewing the information about updates to the anti-virus database

Updating databases manually

Propagating global database update settings to SharePoint farm servers

Page top

Configuring the local database update settings on SharePoint servers of the farm

To configure the local database update settings on a SharePoint server within a farm:

  1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
  2. In the workspace, click the Updates on servers tab, select the required server in the table, and click the Modify local settings button.
  3. In the Server settings window that opens, in the General settings section, select a source of updates:
    • Kaspersky Lab's servers to download updates from Kaspersky Lab servers.
    • HTTP server, FTP server, local or network folder to download updates from some of the listed update sources.

      If you select this option, enter the server address, local or network folder in the entry field.

  4. In the Database update settings section, in the Run mode dropdown list, set up a schedule for updates of the databases:
    • Manually. The update starts when you click the Start update button.
    • Periodically. The update starts at the specified intervals.
    • Daily. The update starts at the specified time (the local time of the SharePoint server is used).
    • On selected day. The update starts on the specified days of the week.
  5. In the Connection settings section, define the connection settings:
    • If you connect to the Internet via a proxy server, select the Use proxy server check box and specify the proxy server address and number of the port used for connection. The default proxy server port number is 8080.
    • If the proxy server requires authentication, specify the name and password of the user account. To do this, select the Use authentication check box and fill in the Account and Password fields.
    • Specify the timeout duration in the Maximum connection timeout entry field. By default, the timeout is set to 60 seconds.
  6. Click the Save button.
Page top

SharePoint server database update settings

Show all | Hide all

The Database update section displays information about the number of records in the databases, as well as their respective release dates. If the databases are outdated, this section displays a notification stating that the databases need to be updated. This section is displayed in the local settings of the Server if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

In the General settings section, you can specify the source from which the application will download updates, as well as set up the update run mode and schedule.

Kaspersky Lab's servers

The application uses Kaspersky Lab update servers as a source of database updates. New database updates are uploaded to the servers every hour.

This is the default option.

HTTP server, FTP server, local or network folder

The application uses an HTTP or FTP server, local or network folder specified in the entry field as the source of updates. If you select this option, enter the path to the folder manually in the entry field.

Run mode

A dropdown list in the General settings section. In the Run mode dropdown list, you can configure the automatic startup of database updates. The following startup options are available:

  • Manually. The update of Kaspersky Security databases is started manually by clicking the Start database update on all servers button in the lower part of the configuration section.
  • Periodically. The update is started automatically at specific time intervals.
  • Daily. The update procedure runs automatically at specified time every day. If the update start at the defined time is somehow prevented, the application will attempt update again next day at the specified time (local server time).
  • On selected day. The update procedure runs automatically at specified time (local server time) on the selected day of the week.

The Connection settings section allows specifying the address of the proxy server through which an Internet connection will be established and configure the connection via the proxy server.

Proxy server address

In this entry field, you can specify the IP address and port of the proxy server. The application will use those settings to download updates from Kaspersky Lab servers.

By default, the port value is set to 8080.

Use authentication

Enables the use of authentication when connecting to the proxy server.

If this check box is selected, the Account and Password entry fields are available. Here you can specify the account that the application will request to establish connection with a proxy server.

If the check box is cleared, authentication is disabled.

The check box is cleared by default.

Use proxy server

Connection to the update source via a proxy server.

If the check box is selected, the application connects to the update source via a proxy server when downloading updates. If the check box is cleared, the application establishes the connection according to the default settings of the operating system.

The check box is cleared by default.

Maximum connection timeout

Limiting the time of connection with an update source.

In this entry field, you can specify the time interval (in seconds) during which the application will attempt to establish connection with another update source. The maximum value of the field is 86,400 seconds.

The default value is 60 seconds.

Use these settings for the following tasks

Configuring the local database update settings on SharePoint servers of the farm

Page top

Viewing the information about updates to the anti-virus database

To view the information about database updates:

  1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
  2. In the workspace, open the Updates on servers tab.

    You will see a table with information about database updates on each SharePoint farm server. The table contains the following columns:

    • Server name. Server within a SharePoint farm, on which Kaspersky Security is installed.
    • Status of the last database update. The result of the last database update.
    • Database release date (UTC). The time when databases currently used by the application were published on Kaspersky Lab servers.
    • Time of last database update. The time of the latest database update on the server.
    • Settings. Update settings used on the server (local or global).

If Kaspersky Security is installed on a standalone SharePoint server, update-related information is displayed in the workspace of the Update settings section, not on the Updates on servers tab.

Page top

Updating databases manually

You can start the database update procedure on all servers of the farm or on a few selected ones.

To update the database on all servers manually:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
  2. In the workspace, go to the General tab, and, in the General settings configuration section, click the Start database update on all servers button.

To update the database on several selected servers manually:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
  2. In the workspace, open the Updates on servers tab.
  3. Select the servers in the table and click the Start update@ button.
Page top

Propagating global database update settings to SharePoint farm servers

To apply the global database update settings on all SharePoint servers of the farm:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
  2. In the workspace, click the Updates on servers tab, select the required server in the table, and click the Propagate global settings button.
Page top

Notifications

Show all | Hide all

In the Notifications node, you can configure the sending of automatic notifications of the application operation by email.

The SMTP server settings section allows you to configure the SMTP server for sending email messages on behalf of the application.

Administrator address

Email addresses of SharePoint administrators. The application sends any notifications of application operation events to those addresses. You can configure notifications in the Notifications node.

Use a semicolon to separate email addresses in the entry field.

No addresses are specified by default.

Sender name

Email address from which the application will send notifications of events in the application operation.

By default, the application sends email messages from the email address, which is specified in the SMTP server settings on SharePoint.

Use SMTP server settings on SharePoint

The application uses the settings of the SMTP server defined on SharePoint. If the settings of the SMTP server have not been defined on SharePoint, the application will not be able to send email messages.

This is the default option.

Use custom SMTP server settings

The application uses the settings of the SMTP server that have been specified manually.

If you select this option, the SMTP server address, Account, and Password fields become available. In this fields, you can specify the settings of the SMTP server that you intend to use for sending email messages.

Send test message

The program sends a test email message according to the current settings of the SMTP server.

If the test message has been sent successfully, the application recommends checking the administrator's email. If the test message has not been sent, the application displays information about errors that occurred during the attempt to send the message.

The button is active when the administrator's email address and the SMTP server address are specified.

In the Event notifications section, you can configure the delivery of notifications about events in the operation of the application.

The left part of the section displays the Notification subjects list. In this list, you can select events of which the application will notify recipients from the right part of the section, by email.

In the right part of the section, you can select recipients for each notification, edit the text of notifications, or define the advanced settings for notifications about events. The set of notification recipients may vary depending on the event selected in the Event notifications list in the left part of the section. Additional notification settings will also be available for defining.

In the Select recipients of notifications list, you can select one or several recipients to whom the application will send a notification about the selected event.

You can edit the text in this automatic notification by clicking the Template button on the right of each recipient. This feature is available for events that were logged by anti-virus scanning or content filtering.

On-access scan. Malicious objects

This item allows you to configure notifications of malicious objects detected by an on-access scan. The application sends an automatic notification if the user performs one of the following actions:

  • Uploads a file with a virus to SharePoint
  • Downloads a file with a virus from SharePoint.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Author.

If this check box is selected, the application sends a notification to the email address of the author of the document (i.e., the user who uploaded the first version of the document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.

  • User.

If this check box is selected, the application sends a notification to the email address of the user who has accessed the infected file. The user's email address is contained in the settings of the SharePoint server on which the document is stored.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

On-access scan. Unwanted content

This item allows you to configure notifications about unwanted content detected by an on-access scan. The application sends an automatic notification if the user performs one of the following actions:

  • Uploads a file with unwanted content to a SharePoint website
  • Downloads a file with unwanted content from a SharePoint website
  • Adds unwanted content to a web object.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Author.

If this check box is selected, the application sends a notification to the email address of the author of the document (i.e., the user who uploaded the first version of the document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.

  • User.

If this check box is selected, the application sends a notification to the email address of the user who has accessed the file with unwanted content. The user's email address is contained in the settings of the SharePoint server on which the document is stored.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

On-deman scan. Malicious objects

This item allows you to configure notifications about malicious objects detected by the on-demand scan task. The application sends an automatic notification if it detects a file with a virus when scanning SharePoint websites.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Author.

If this check box is selected, the application sends a notification to the email address of the author of the document (i.e., the user who uploaded the first version of the document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.

  • User.

If this check box is selected, the application sends a notification to the email address of the user who made the most recent change to the file. The user's email address is contained in the settings of the SharePoint server on which the document is stored.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

On-demand scan. Unwanted content

This item allows you to configure notifications about unwanted content detected by an on-demand scan task. The application sends an automatic notification if it detects a file or a web object with unwanted content when scanning SharePoint websites.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Author.

If this check box is selected, the application sends a notification to the email address of the author of the document (i.e., the user who uploaded the first version of the document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.

  • User.

If this check box is selected, the application sends a notification to the email address of the user who made the most recent change to the file. The user's email address is contained in the settings of the SharePoint server on which the document is stored.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

Change databases status and condition

This item of the list allows you to configure notifications about events related to changes in the status and condition of the anti-virus databases. The application will send an automatic notification if any outdated or corrupted databases are detected.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

Reports on on-demand scan tasks

This item allows you to configure notifications about the results of on-demand scan tasks. The application will send an automatic notification after completing the task. A report on the scan results is attached to the notification.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

Inactive SharePoint servers

This item of the list allows you to configure notifications of servers with inactive Kaspersky Security for SharePoint Server. The application sends an automatic notification if it detects a protected server on which Kaspersky Security for SharePoint Server is inactive.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

License-related events

This item of the list allows you to configure notifications about events related to the license. The application will send an automatic notification if any of the following events are detected:

  • The license terms are violated.
  • The license term expires soon (or it has already expired).
  • No key has been found on the server.

If you select this item, the Notification settings workspace displays a list of recipients who are available for notification. The following recipients are available:

  • Administrator.

If the check box is selected, the application sends the notification to the administrator's email address.

  • Additional addresses.

If this check box is selected, the application sends a notification to the email addresses specified in the entry field on the right. You can specify multiple email addresses, separating them with a semicolon.

All boxes are cleared by default.

In the Notify about license expiry in spin box, you can specify how many days before the license expiration the application will send a notification. The application will sends an automatic notification about the license expiry to the administrator's email address. The minimum value of this setting is 1 day. The default value is 15 days.

In the Notify about license expiry in spin box, you can specify how many days before the license expiration the application will send a notification. The application will sends an automatic notification about the license expiry to the administrator's email address. The minimum value of this setting is 1 day. The default value is 15 days.

Use these settings for the following tasks

Configuring notifications of events in the application operation

SMTP server configuration for delivery of notifications

See also

About notifications

Page top

About notifications

Notification is an email message that contains information about an event, which occurred on a protected SharePoint Server.

Kaspersky Security supports the delivery of notifications on the following events in the application:

  • Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-access scan
  • Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-demand scan
  • Change of database status and condition
  • Execution of an on-demand scan task and its results
  • Detection of inactive SharePoint servers
  • License-related events

Kaspersky Security sends event notifications by email. The application uses a SMTP server to send notifications. You can select an SMTP server used on SharePoint or specify a different SMTP server.

You can specify notification recipients for each event. By default, no notification recipients are specified.

You can edit the text in the automatic notification of events that are logged by anti-virus scanning and content filtering. When making templates for notifications about events related to on-access and on-demand scans, you can use the following variables:

Variables in notification templates

Variable name

Variable value

%ACTION%

The application's action on the object.

%AUTHOR%

Name of the user who is the file author. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value n/a.

%BACKUP_RESULT%

Object backup result.

%FARM_NAME%

Name of the server farm associated with the event.

%FILE_NAME%

Name of the object scanned by the application.

%FILE_URL%

Path to the object on SharePoint.

%FILE_VERSION%

Version of the file scanned by the application. This variable can only be used in notifications about events of an on-demand scan.

%INCIDENT_ID%

Unique ID of the incident. The ID allows finding information about the event in the application event log and Backup.

%LAST_MODIFIER%

Name of the user who has been the last to make any changes to the file. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value n/a.

%ODS_TASK_NAME%

Name of an on-demand scan task. This variable can only be used in notifications about events of an on-demand scan.

%OPERATION_TYPE%

The user's action on the object (e.g., downloading the file from a SharePoint website to the user's computer). This variable can only be used in notifications about events of an on-access scan.

%SERVER_LOCAL_DATETIME%

Date and time the malicious object or unwanted content was detected on the server. The variable takes on the value of the local time of the server.

%SERVER_NAME%

Name of the server associated with the event.

%THREAT_DESCRITION%

Name of the virus or category of unwanted words and phrases.

%USER%

Name of the user associated with the event. This variable can only be used in notifications about events of an on-access scan.

%UTC_OFFSET%

Time shift regarding UTC (Coordinated Universal Time).

For other events (such as changes in the database status and condition, or license-related events), the notification text remains unchanged.

Notifications about license-related events

Kaspersky Security checks licenses of Security Server and the DLP Module after each database update. The application sends notifications about license-related events in the following cases:

  • If the license expires soon

    The application sends the notification once per day (at 12:00 A.M. UTC) if both the active key and the additional key expire. By default, the application starts sending notifications 15 days before this event. You can change the term for sending the license expiration notification.

  • If the license already expired

    The application sends the notification once per day (at 12:00 A.M. UTC) if the active key expired and no additional key is available.

  • If the active key has been added to the black list of keys

    When updating anti-virus databases, the application checks the black list of keys for active keys. The application sends a notification if at least one active key has been found in the black list of keys.

Kaspersky Security sends special notifications about events related to Security Server and DLP Module licenses.

Page top

SMTP server configuration for delivery of notifications

To define the SMTP server settings for sending notifications:

  1. In the Management Console tree, select the protected SharePoint server on which you want to configure the SMTP server.
  2. In the node tree of this server, select the Notifications node.

    The workspace of this node displays the notification settings.

  3. Configure the following settings in the SMTP server settings section:
    • Email addresses of SharePoint administrators.

      The application sends any notifications of application operation events to those addresses. You can configure notifications in the Notifications node.

      Use a semicolon to separate email addresses in the entry field.

      No addresses are specified by default.

    • Email address from which the application will send notifications of events in the application operation.

      By default, the application sends email messages from the email address, which is specified in the SMTP server settings on SharePoint.

  4. Select the method of SMTP server configuration from the following options:
    • Use SMTP server settings on SharePoint.

      The application uses the settings of the SMTP server defined on SharePoint. If the settings of the SMTP server have not been defined on SharePoint, the application will not be able to send email messages.

      This is the default option.

    • Use custom SMTP server settings.

      The application uses the settings of the SMTP server that have been specified manually.

      If you select this option, the SMTP server address, Account, and Password fields become available. In this fields, you can specify the settings of the SMTP server that you intend to use for sending email messages.

  5. If you need to test the operation of the SMTP server that has been configured manually, click the button.
  6. Click the Save button in the upper part of the window.

The application saves the SMTP server settings for sending notifications.

Page top

Notification template

Show all | Hide all

In the Notification template window, you can edit the contents of the notification that the application will send to a specified recipient.

Subject

The Subject field displays the default subject of the notification. You can change the notification subject, if necessary.

Message text

The Message text field displays the text of the default notification. You can edit the text of the notification, as well as add relevant variables to the text. The available variables are listed in the table:

Variables included in notifications

Variable name

Variable value

%ACTION%

The application's action on the object.

%AUTHOR%

Name of the user who is the file author. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value n/a.

%BACKUP_RESULT%

Object backup result.

%FARM_NAME%

Name of the server farm associated with the event.

%FILE_NAME%

Name of the object scanned by the application.

%FILE_URL%

Path to the object on SharePoint.

%FILE_VERSION%

Version of the file scanned by the application. This variable can only be used in notifications about events of an on-demand scan.

%INCIDENT_ID%

Unique ID of the incident. The ID allows finding information about the event in the application event log and Backup.

%LAST_MODIFIER%

Name of the user who has been the last to make any changes to the file. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value n/a.

%ODS_TASK_NAME%

Name of an on-demand scan task. This variable can only be used in notifications about events of an on-demand scan.

%OPERATION_TYPE%

The user's action on the object (e.g., downloading the file from a SharePoint website to the user's computer). This variable can only be used in notifications about events of an on-access scan.

%SERVER_LOCAL_DATETIME%

Date and time the malicious object or unwanted content was detected on the server. The variable takes on the value of the local time of the server.

%SERVER_NAME%

Name of the server associated with the event.

%THREAT_DESCRITION%

Name of the virus or category of unwanted words and phrases.

%USER%

Name of the user associated with the event. This variable can only be used in notifications about events of an on-access scan.

%UTC_OFFSET%

Time shift regarding UTC (Coordinated Universal Time).

Default

Clicking the Default button causes the application to restore the message's default subject and text.

Use these settings for the following tasks

Configuring notifications of events in the application operation

See also

Notifications

Page top

Configuring notifications of events in the application operation

To configure automatic notifications of events in the application operation:

  1. In the list of protected servers that have been added to Management Console, select the SharePoint server on which you need to configure notifications of events in the application operation.
  2. In the node tree of this server, select the Notifications node.

    The workspace of this node displays the notification settings.

  3. In the Event notifications section, configure notifications as follows:
    1. In the left part of the section, in the Notification subjects list, select an event of which the application will notify you by email.

      The right part of the section displays a list of recipients that can be sent notifications.

    2. Select the check box next to the recipients that will be automatically notified of this event by the application. You can specify the following recipients:
      • Administrator. Email address(es) of the administrators specified in the Event notifications section.
      • Author. Email address of the document author (user who uploaded the first version of this document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.
      • User. Email address of a user associated with the event. The user's email address is contained in the settings of the SharePoint server on which the document is stored.
      • Additional addresses. Email address(es) specified in the entry field. Use a semicolon to separate email addresses in the entry field.
    3. If necessary, edit the notification text by clicking the Template button.
  4. Click the Save button in the upper part of the window.

The settings of notifications about events in the application operation will be saved.

Page top

Changing the term of sending license expiration notifications

To change the term of sending license expiration notifications:

  1. In the list of protected servers that have been added to Management Console, select the SharePoint server on which you need to configure license expiration notifications.
  2. In the node tree of this server, select the Notifications node.

    The workspace of this node displays the notification settings.

  3. In the left part of the Event notifications section, in the Notification subjects list, select License-related events.

    The right part of the section then displays the settings of license-related event notifications.

  4. In the Notify about license expiry in spin box, specify how many days before the license expiration the application must start sending notifications.

    By default, the application sends the first notification 15 days before the license expires.

    Notifications are sent once per day (at 12:00 A.M. UTC).

  5. Click the Save button in the upper part of the window.

The notification settings are saved. The application starts sending license expiration notifications on the specified day.

Page top

Reports

In the Reports node, you can create and view reports on the application's operation.

See also

About reports

Page top

About reports

Kaspersky Security allows you to generate anti-virus protection, content filtering and operational reports. Reports allow you to analyze information about the protection status of a SharePoint server. Reports provide information on the number of clean and infected files and the number of files disinfected and removed.

Ready reports are displayed in the workspace of the Reports node, on the View and generate reportstab. You can view a report in the web browser window.

You can generate reports using one of the two following methods:

If a report generation task has not been executed, information about this event is displayed in the list of tasks, in the Status column:

  • Deleted: <Server name>. Security Server of Kaspersky Security has been deleted from the SharePoint server specified in the report generation task settings. You can specify a different SharePoint server in the task settings.
  • Task not executed. The SharePoint server specified in the report generation task settings was not available at the time scheduled for the start of the task. The availability of the server needs to be checked.
Page top

The Reports tab

Show all | Hide all

On the View and generate reports tab, you can create quick reports and view ready reports.

New report

Clicking this button opens the Report settings window. In this window, you can define the report generation settings:

This button is available by default.

View

Clicking this button opens the selected report in the default web browser window.

Delete

Clicking this button deletes one or multiple selected reports without the possibility of recovery.

Save

Clicking this button opens the standard Save as window of Microsoft Windows. In this window, you can select a folder to save the report in and change the report file name, if necessary.

By default, the application assigns the following name to the report file: <report name> <report creation date>.

See also

Report creation tasks tab

Use these settings for the following tasks

Generating reports manually

Viewing ready reports

Page top

Report parameters

Show all | Hide all

In the Create report list, you can select the time period for which the application will create a report.

For 24 hours

The application creates a report for the selected day.

If you select this option, the Specify the reporting period field becomes available, allowing you to specify a date.

For period

The application creates a report for the selected time period.

If you select this option, the Specify the reporting period field becomes available, allowing you to specify the start date and end data of a time period.

Use these settings for the following tasks

Generating reports manually

Page top

Generating reports manually

To generate a report manually:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. In the workspace, on the Reports tab, click the New report button.

    This opens the Report settings window.

  3. Select one of the following reporting periods:
    • For 24 hours. The application creates a report for the selected day.
    • For period. The application creates a report for the selected time period.
  4. Click the OK button.

The report will be displayed in the list of generated reports in the View and generate reports section.

Page top

Report creation tasks tab

Show all | Hide all

The Report creation tasks tab displays a list of tasks for automatic generation of reports. In this section, you can add new tasks and configure their settings.

Create

Clicking this button opens the Task settings window. In this window, you can create a new report generation task and configure it.

This button is available by default.

Change

Clicking this button opens the Task settings window. In this window, you can edit the settings of the report generation task that has been selected in the list of tasks.

Delete

Clicking this button causes the application to delete one or multiple tasks that have been selected in the list, without the possibility of recovery.

Start task

Clicking this button causes the application to run the report generation task that has been selected in the list of tasks. The application automatically opens the report generated by the task in the default web browser window.

See also

Task settings

Use these settings for the following tasks

Creating a report generation task

Starting a report creation task

Deleting a report generation task

Page top

Task settings

Show all | Hide all

In the Task settings window, you can define the settings of the report generation task.

Task name

Task name. The name should not be identical to the names of other tasks.

Run on schedule

Enable automatic report generation according to schedule.

If this check box is selected, the task will be run automatically. The application creates a report according to the schedule set up in the Schedule section. If this check box is cleared, the report will not be created automatically.

The check box is selected by default.

Run task on server

In the dropdown list, you can select the server on which the application will run the task.

The Schedule section allows setting up a schedule according to which the application will run the task.

Every N days

The application automatically starts the task at the specified time and at the specified interval in days.

If you select this option, theEvery N days and Start time fields become available for configuring the task run mode.

Weekly

The application automatically runs the task weekly, according to the schedule that you have set up.

If you select this option, the Start day and Start time fields become available so that you can configure the task run schedule.

Monthly

The application automatically starts the task once per month on the selected day of the month and at the specified time.

If you select this option, theDay of month and Start time fields become available for configuring the task run schedule.

In the lower part of the window, you can select the recipients whom the application will send the ready report by email to.

Send to administrator

Automatically send ready reports to administrator's address.

If this check box is selected, the application sends the ready report to the administrator's email address. You can specify the administrator's email address in the Notifications node. If this check box is cleared, the automatic delivery of ready reports is disabled.

The check box is cleared by default.

Send to recipients

Automatic delivery of ready reports to additional addresses.

If this check box is selected, the application sends ready reports to email addresses. You can specify additional email addresses in this entry field, separating them with semicolons. If this check box is cleared, the automatic delivery of ready reports is disabled.

The check box is cleared by default.

Use these settings for the following tasks

Configuring a report generation task

Page top

Creating a report generation task

To create a new report generation task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. In the workspace of the Reports node, on the Report creation tasks tab, click the Create button.

    The Task settings window opens, which allows you to define the settings for the report creation task.

  3. In the Task settings window, define the settings for the report creation task, then click OK.

    The task that you have created will be added to the list of tasks in the workspace. If necessary, you can edit the task settings.

Page top

Configuring a report generation task

To configure a report generation task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. In the workspace of the Reports node on the Report creation tasks tab, select the task whose settings you want to modify, and click the Change button.

    The Task settings dialog will appear.

  3. In the Task settings window, define the following settings:
    • In the Task name field, edit the task name.
    • Select the Run on schedule check box if you want the application to generate the report upon a schedule, and select from the dropdown list the server on which the task will run. In the Schedule section, set up a schedule for the task run:
      • Every N days. The report will be created at the interval with the specified number of days, at the specified time. The report contains data for the last N days (by default, collected from 12:00 AM of the first day of the interval to 12:00 AM of the report generation day). You can change the report generation time in the Start time entry field.
      • Weekly. The report will be created at the defined time on the specified day of the week. The report contains data for the last 7 days (by default, from 12:00 AM of the first specified day of the week to 12:00 AM of the report generation day, for example, from Monday to Monday). You can change the report generation time in the Start time entry field.
      • Monthly. The report will be created at the defined time on the specified day of the month. The report contains data for the last month (by default, collected from 12:00 AM of the specified date of the previous month to 12:00 AM of the specified date of the report generation month). You can change the report generation time in the Start time entry field.

      The report generation schedule uses the time of the SharePoint server where the task is started.

    • If you want reports to be sent to the administrator's email address, select the Send to administrator check box.
    • If you want reports to be sent to other email addresses, select the Send to recipients check box and specify email addresses in the entry field. If several addresses are defined, use a semicolon as a delimiter.
  4. To save the changes and close the window, click OK.
Page top

Starting a report creation task

To start a report generation task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. In the workspace of the Reports node, on the Report creation tasks tab, select the relevant report creation task from the list.
  3. Click the Run task on server button.
Page top

Deleting a report generation task

To delete a report generation task:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. In the workspace of the Reports node on the Report creation tasks tab, select in the list the task that you want to delete, and click the Delete button.
Page top

Viewing ready reports

To view a ready report:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Reports node.
  2. On the Reports tab, select in the list the report that you want to view and click the View button.

    The report opens in the default browser.

    The report contains the following information:

    • Date and time of report generation.
    • Name of the SharePoint server for which the report has been generated.
    • Reporting period covered by the report.

    Report on operations with files. Information on the number of files processed by Kaspersky Security:

    • Files submitted for scanning during the reporting period. Files submitted for scanning during the reporting period.
    • Recognized as clean. Number of files recognized as clean after being scanned by application components to which they were referred for scanning.
    • Disinfected. Number of files that have been successfully disinfected by the application.
    • Deleted. Number of files that have been deleted after scanning.
    • Blocked. Number of files that have been blocked during on-access scanning.
    • Skipped (threat detection only). Number of files that have been skipped by the application after anti-virus scanning and content filtering according to the configured settings of on-demand and on-access scanning.
    • Not processed. Number of files that have not been scanned by at least one Kaspersky Security component.

    Report on status of server protection:

    • Files received for Anti-Virus scanning during the reporting period.
    • Status labels assigned by the application to files as a result of virus scanning:
      • Non-infected. Number of files that have been found to be free from threats during virus scanning.
      • Infected. The number of files with a code segment fully matching a code segment of a known application posing a threat.
      • Probably infected. The number of files whose code contains a modified segment of code of a known application posing a threat, or files resembling such application in the way it they behave.
      • Password protected. Number of password-protected archives.
      • Corrupted. Number of files that cannot be read by Kaspersky Security.

      Information about skipped files:

      • Excluded from scanning by the Administrator. Number of files that have been skipped according to the virus scan exclusion settings.
      • License issues. The number of files that have not be scanned due to license errors (such as a missing key).
      • Processing error. Number of files that have been skipped due to errors during virus scanning.

      Operations on malicious files:

      • Disinfected. Number of files disinfected after virus scanning.
      • Deleted. Number of files deleted after virus scanning.
      • Blocked. Number of files blocked after virus scanning.
      • Skipped (threat detection only). The number of files that, although found to contain a threat during an anti-virus scan, have been skipped because the Skip action had been specified in the scan settings.

    Content filtering report:

    • Files received for Content filtering during the specified time period.
    • Status labels assigned by the application to files as a result of content filtering:
      • Allowed. Number of files that have been found to be free from violations of content filtering policies.
      • Forbidden format. Number of times that the content filtering component detected prohibited file formats specified in the content filtering settings.
      • Forbidden mask. Number of times that the content filtering component detected file names that match masks specified in the content filtering settings.
      • Forbidden content. Number of times that the Content filtering component detected words or phrases included in Kaspersky Lab sections and user categories within the search scope configured in the Content filtering settings

      If one and the same file causes multiple detections by the content filtering component in a number of categories, each detection is recorded under the corresponding category.

      Information about skipped files:

      • Excluded from scanning by the Administrator. Number of files that have been skipped according to the content filtering exclusion settings.
      • Text extraction errors. Number of files whose contents have not been scanned by the application due to text extraction errors. Such errors may be caused by errors in the corresponding filter of IFilter Utility or a stopped Kaspersky Text Extracting Service.
      • License issues. The number of files whose content has not been scanned by the applications to due license violations, such as a missing or blacklisted key.
      • Text filter is not available. Number of files whose contents have not been scanned by the application because the corresponding filter of IFilter Utility is disabled or not installed.
      • Processing error. Number of files that have been skipped due to other errors occurring during content filtering.

      Actions taken by the application on files found to contain unwanted content.

      • Deleted. Number of files for which the action is set to Delete in content filtering settings.
      • Blocked. Number of files for which the action is set to Block in content filtering settings.
      • Skipped (threat detection only). Number of files for which the action is set to Skip in content filtering settings.

    SharePoint web objects scan report:

    • SharePoint web objects submitted for Content filtering during the reporting period.
    • Actions taken by the application on SharePoint web parts based on the results of content filtering:
      • Recognized as clean. Number of SharePoint web parts that have been found to be free from violations of content filtering policies.
      • Blocked. Number of SharePoint web parts that have been blocked based on the results of content filtering.
      • Skipped (threat detection only). The number of SharePoint web objects that, although found to contain unwanted content, have not been blocked because the Skip action has been specified for them in the scan settings.

      In on-demand scan mode, the application always skips web objects that contain unwanted content even if the Block action is configured in task settings.

    • Information on skipped SharePoint web objects:
      • License issues. The number of SharePoint web objects that have not be scanned due to license errors (such as a missing key).
      • Processing error. The number of SharePoint web objects that have been skipped due to errors occurring during content filtering.
Page top

Settings

Show all | Hide all

In the Settings node, you can define the general settings of the application.

The Use of Kaspersky Security Network section allows you to view the KSN Statement, enable the usage of KSN services, and define the protection settings of the SharePoint server.

KSN Participation Agreement

Clicking this button opens a window with the full text of the Kaspersky Security Network Statement. In this window, you can view the KSN Statement and print it.

I have read the KSN Statement and accept all of the conditions therein

Acceptance of the terms of use of Kaspersky Security Network (KSN).

If this check box is selected, you accept the terms of the KSN Statement. In this case, the settings of KSN are available.

If this check box is cleared, the terms of the KSN Statement are not accepted. KSN is not in use, the settings of KSN are not available.

The check box is cleared by default.

Use Kaspersky Security Network

Enables the Kaspersky Security Network (KSN) cloud services for added protection of SharePoint servers.

If this check box is selected, you accept to participate in Kaspersky Security Network. Participation in KSN provides for automatic sending to Kaspersky Lab AO information specified in the KSN Statement. Your personal data are not collected, processed, nor stored at that. This check box is available if the I have read the KSN Statement and accept all of the conditions therein check box is selected.

If this check box is cleared, KSN services are not available for use.

The check box is cleared by default.

Maximum waiting time when requesting KSN

Maximum waiting time for response from KSN cloud services on reputation of object being checked (in seconds).

If no response on the reputation of the object has been received from KSN services when this time period expires, the application proceeds to checking the reputation of the next object. The application uses the current anti-virus databases to make a decision on an object for which the reputation check has been stopped due to the time limit exceeded.

The maximum waiting time is 600 seconds.

The default value is 5 seconds.

Use proxy server to access KSN

Connection to KSN cloud services using a proxy server.

If this check box is selected, the application uses a proxy server to download updates and upload application operation data to cloud services. If this check box is cleared, the application connects to KSN services without a proxy server.

The check box is cleared by default.

The Data Leak Prevention section lets you configure the DLP Module settings that are used by the security officer.

Enable DLP Module

Enabling the DLP Module to protect data against leakage.

If this check box is selected, the DLP Module is enabled so that the application monitors data leaks in real-time mode. If this check box is cleared, the application does not monitor data leaks.

The check box is selected by default.

The Allow running search tasks on the following servers list contains the names of servers on which the DLP Module is installed. Servers selected in the list become available to the information security officer for starting scan tasks.

The Diagnostics section lets you configure the parameters of Kaspersky Security application event logs.

Logs folder

Path to the folder containing application event logs.

The application stores the logs in the specified path. Do not use variables and masks when specifying the path to the folder. Do not specify an FTP server or a network folder as a location where the application logs are stored.

The default path is set to <Application installation folder>\logs.

Default

By using this link, the application restores the default path to the logs folder.

Log storage period

Limiting the storage term for log files

In this field, you can specify the number of days since the last record in a log during which the application will store the log. If no new records have been added to the log when this time period expires, the application deletes the log. The maximum storage term for logs is 365 days, the minimum term is 1 day.

The default limit is 14 days.

In the Log details section, you can configure the detail level of logs. The following detail levels are available:

  • Minimum. Kaspersky Security only logs main events, such as the start of an objects scan, start of an update, expiration of the license, as well as errors in the operation of the application components and errors occurred when updating the databases.
  • Custom. Kaspersky Security logs main events, as well as detailed information about the events that have been selected in the Diagnostics settings window.
  • Maximum. Kaspersky Security logs detailed information about all events in the application operation.

The current detail level set for logs is displayed in the Detail level field. The detail level depends on the number of events that have been selected in the Diagnostics settings window.

Settings

Clicking this button opens the Diagnostics settings window. In this window, you can select events that the application will record to a log file.

Reset

When clicking this button, the application changes the current detail level to minimum.

Record details of events to Content Filtering log

Record detailed information about events to content filtering log.

If this check box is selected, the application adds an event-related text fragment to the event log. If this check box is cleared, the application logs information about the content filtering according to the current detail level.

The check box is cleared by default.

The Backup section allows you to define the Backup size and enable automatic purging of Backup.

Clear Backup automatically if its size exceeds

Automatically removes objects from Backup.

If this check box is selected, you can specify the maximum size of Backup in the entry field. When the specified size is reached, the oldest objects are automatically deleted from Backup to keep its size below the specified limit. Possible Backup size values range from 1 MB to 1,048,576 MB. The default size of Backup is 3686 MB.

If this check box is cleared, the size of Backup purging is unlimited. The application will not delete any objects from Backup automatically.

The check box is cleared by default.

Use these settings for the following tasks

KSN Protection Settings

Enabling and disabling Data Leak Prevention

Configuring the detail level of event logs

Configuring the path to the logs folder

Configuring the log storage term

Configuring automatic Backup purging

See also

Failsafe support for SQL databases

Page top

About participation in Kaspersky Security Network

To protect SharePoint servers more effectively, Kaspersky Security uses data that is collected from users around the globe. Kaspersky Security Network is designed to process such data.

Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky Lab's online knowledge base with information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Lab applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives.

Your participation in Kaspersky Security Network helps Kaspersky Lab to gather real-time information about the types and sources of new threats, develop methods of neutralizing them, and reduce the number of false alarms. Participation in Kaspersky Security Network also lets you access reputation statistics for applications and websites.

When you participate in Kaspersky Security Network, certain statistics are collected while Kaspersky Security is running and are automatically sent to Kaspersky Lab. This information makes it possible to keep track of threats in real time. Also, additional checking at Kaspersky Lab may require sending files (or parts of files) that are imposed to an increased risk of being exploited by intruders to do harm to the user's computer or data.

Participation in Kaspersky Security Network is voluntary. To start using Kaspersky Security Network, you have to accept the terms of a special agreement – the Kaspersky Security Network Statement. You can also opt out of participating in Kaspersky Security Network at any time. No personal data of the user is collected, processed, or stored by the Kaspersky Security Network services. The types of data that Kaspersky Security sends to Kaspersky Security Network are also described in the Kaspersky Security Network Statement. You can use Kaspersky Security Network services if the application license has not yet expired and the key has not been blacklisted.

Page top

About logs

Details of the application operation are recorded into Kaspersky Security logs (hereinafter referred to as "logs") and into Microsoft Windows Event Log.

About Windows Event Log

Details of the application operation in Windows Event Log are recorded by Kaspersky Security services (see page ). For events related to the activities of Kaspersky Security, the Sourcecolumn indicates the name of the service that has detected those events. The names of all the services start from "KSH".

About event logs in Kaspersky Security

Details of the application operation in Kaspersky Security logs are recorded by the application's components and software modules. The application records information to the end of the most recent log. Records of new events are grouped at the top of the list. When the log reaches100 MB in size, the application archives it and creates a new one.

Event logs are created in TXT format and saved to the default folder <Application installation folder>/Logs. If necessary, you can track events across the log by their respective IDs.

You can define the following settings of Kaspersky Security logs:

You can also enable the logging of event details for the Content Filtering log.

Data saved in a log may contain confidential information. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to personally protect files of the application log.

Page top

About the log of content filtering

The log of Content Filtering allows you to check if Content Filtering is configured properly.

The log of Content Filtering is located in the folder <Application installation folder>\logs\content_filtering\content_filtering_incidents_log_YYYYDDMM.csv, where YYYYDDMM stands for the log creation date.

The log of Content Filtering is created on a daily basis and contains the details of content filtering incidents for the relevant day. Logs for the previous days are stored in the folder <Application setup folder>\logs\content_filtering in archives with the corresponding names.

When a Content Filtering incident is triggered by the name or the content of a file, the following details are recorded in the log of Content Filtering:

  • Incident ID
  • Path to the file
  • File name
  • The word or phrase that caused the Content filtering incident
  • The Kaspersky Lab section or user category to which the specific word belongs

The log of Content Filtering will additionally record a sequence of characters from the text that has been extracted from the file or the field of a SharePoint web object by the corresponding filter of Kaspersky IFilter Utility.

When a content filtering incident is caused by the content of a SharePoint web part, the following details are recorded in the log of content filtering incidents:

  • Incident ID
  • Path to the SharePoint web object
  • Name of the field of the SharePoint web object in which unwanted content has been detected
  • The word that caused the content filtering incident
  • The Kaspersky Lab section or user category to which the specific word belongs

For a more detailed check of the operation of Content Filtering, you can enable the detailed logging of events to the log of Content Filtering. The log records a sequence of 10 words located in the text before the word that caused the Content filtering incident, the word itself, and 10 words located in the text after the word that caused the incident. If these 10 words contain more than 100 characters, the sequence is limited to 100 characters before and after the word that caused the Content filtering incident.

Data in the Content filtering log is not encrypted. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to personally protect files of the application log.

Page top

KSN Protection Settings

To configure the KSN protection settings:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
  2. In the Use of Kaspersky Security Network section, select the I have read the KSN Statement and accept all of the conditions therein check box if you accept all of the conditions of the Kaspersky Security Network Statement. You can view its text by clicking the KSN Participation Agreement button.
  3. To use KSN cloud services for protection of SharePoint web objects, select the Use Kaspersky Security Network check box.

    Information received from Kaspersky Security Network services is used during anti-virus scans and scans of web objects for phishing threats.

  4. Set the Maximum waiting time when requesting KSN. The default wait time for a response from the cloud is 10 seconds.
  5. Select the Use proxy server to access KSN check box if you want to exchange information with KSN services using a proxy server.

    The way to configure the proxy server settings is described in the automatic database update configuration instructions.

  6. Click the Save button.

See also

About participation in Kaspersky Security Network

Page top

Enabling and disabling Data Leak Prevention

The DLP (Data Leak Prevention) Module is a Kaspersky Security component designed to protect data against leaks. The component monitors file uploads by users to SharePoint in real time, checking the file contents for any confidential data. Settings of the DLP Module are configured by the Security Officer.

The Data Leak Prevention section is displayed in the Settings node if the DLP Module component has been installed on the SharePoint server. Data Leak Prevention is enabled by default.

Disabling the DLP Module can affect the workflow of the Security Officer.

To enable / disable data

leak protection:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
  2. In the Data Leak Prevention section, perform one of the following actions:
    • Select the Enable DLP Module check box if you want the application to monitor data leaks in real-time mode.
    • Clear the Enable DLP Module check box if you do not want the application to monitor data leaks in real-time mode.
  3. If necessary, in the Allow running search tasks on the following servers list, select the check boxes next to servers on which the security officer will be able to run scan tasks to search SharePoint servers for confidential data.

    During a search task, the load on SharePoint servers increases.

  4. To keep the changes, click the Save button in the upper part of the window.

Information about changes in the component operation is displayed in the Control Center node and in the root node of the Security Officer.

See also

Role-based access restriction in Kaspersky Security for SharePoint Server

Page top

Configuring the path to the logs folder

To configure the path to the logs folder:

  1. In the Management Console tree, select and open the node that corresponds to the relevant SharePoint server, then select the Settings node.
  2. In the Diagnostics section, in the Logs folder entry field, specify the path to the logs folder.

    Do not use variables and masks when specifying the path to the folder. Do not specify an FTP server or a network folder as a location where the application logs are stored.

    The application will save logs using the specified path. If you configure the path to the folder on a server within a farm, the configuration will cover the entire server farm.

  3. If necessary, click the Default link to restore the default path to the logs folder.
  4. Click the Save button in the upper part of the window.

If the application does not save logs using the specified path, check the rights of access to that folder.

See also

About logs

Page top

Configuring the log storage term

To configure the storage term for log files:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
  2. In the Diagnostics section, in the Log storage period field, specify a value for the log storage term (in days).

    The application will store logs during the specified number of days since the last record is added to the log. If no new records have been added to a log over the specified time period, the application deletes the log.

  3. Click the Save button in the upper part of the window.

See also

About logs

Page top

Configuring the detail level of event logs

To configure the detail level of event logs:

  1. In the Management Console tree, select and open the node that corresponds to the relevant SharePoint server, then select the Settings node.
  2. Click the Settings button in the Log details section.

    This opens the Diagnostics settings window.

  3. Select events that must be recorded in detail.
  4. Click OK to save the changes and close the window.

    If you have selected multiple events in the window, the detail level changes to Custom. The application will record main events in the application operation, as well as detailed information for the events that you have specified.

    If you have selected all of the events in the window, the detail level changes to Maximum. The application will record detailed information about all events to logs.

    When maintaining a log with the advanced detail level, this log contains web addresses that have been scanned for phishing.

  5. If you want to reset the current detail level of a log, click the Reset button.

    The application changes the detail level to Minimum. Logs will only contain basic events from the application operation, such as scan results, updates of databases, and keys added.

  6. If necessary, select the Record details of events to Content Filtering log check box.

    The application will record to the Content Filtering log a text fragment that is related to a content filtering event.

  7. Click the Save button in the upper part of the window.

See also

About the log of content filtering

Page top

Diagnostics settings window

The Diagnostics settings window displays a list of events. In the Enable detailed logging of events list, you can select events in the application operation that the application will record to a log.

All boxes are cleared by default.

Use these settings for the following tasks

Configuring the detail level of event logs

Page top

Failsafe support for SQL databases

Kaspersky Security supports the following failsafe technologies for SQL databases:

  • Failover Clustering. Supported automatically.
  • Database Mirroring. Supported automatically.
  • Log Shipping. When the database used by the application (primary database) fails, the server hosting the restored database needs to be specified manually in order to switch to this database.

Using Database Mirroring technology

If your SQL server is configured to use the Database Mirroring failover support technology, the application automatically switches from the primary database that has failed to a mirror database, and then back to the primary database after it has been restored.

If the SQL server is running in High Performance Mode or High Safety Mode Without Automatic Failover for Database Mirroring, manual switchover to Database Mirroring is required by means of the SQL server if the main database used by Kaspersky Security fails.

Using Log Shipping technology

If your SQL server is configured to use the Log Shipping failover support technology, you can switch to using a restored database when the primary database fails. This switch is performed manually.

To switch to the restored database when using Log Shipping technology:

  1. In the folder <Application installation folder>\Configuration, open the file BackendDatabaseConfiguration.config in a text editor.
  2. Specify the name of the SQL server (indicating the SQL server instance) that hosts the failover partner in the line <SqlServerName>SQL server name\instance</SqlServerName>.
  3. Save the file.

    The changes will take effect within one minute.

If Kaspersky Security is installed on a SharePoint farm, the corresponding changes to the file BackendDatabaseConfiguration.config need to be made on all SharePoint farm servers.

Page top

Licensing

Show all | Hide all

The Licensing node displays information about the license of Kaspersky Security. In this node, you can activate the application and renew your license.

If you have not performed the activation during the initial setup of the application, this node displays the Active key section. You can select a key file for the application activation by clicking the Add button.

The appearance of the Active key section changes if a key has been added. The section shows information about the key status, license type, license expiry date, the company's representative, and the number of users. This section allows replacing or removing the active key.

Replace

Clicking this button opens the Open window. In this window, you can specify the path to a new key file (in KEY format).

Delete

Clicking the button causes the application to delete the active key. After deleting the key, the application's functionality is limited.

The Additional key section allows adding a key that entitles you to use the application but is not currently in use.

Add

Clicking this button opens the Open window. In this window, you can specify the path to a key file.

The Active key of DLP Module section allows adding a key for activation of the DLP Module component. If a key has been added already, the section shows information about the key status, license type, license expiry date, the user's representative, and the number of users.

Add

Clicking this button opens the Open window. In this window, you can specify the path to a key file.

Use these settings for the following tasks

Activating Security Server

Activating the DLP Module

Replacing a key

Removing a key

Page top

Activating Security Server

Security Server activation lets you use the full functionality of Anti-Virus protection and Content filtering and update application databases.

To activate Security Server:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Licensing node of the relevant server.
  3. Click the Add button in the Active key section.
  4. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

The application adds the Security Server key corresponding to the license. The appearance of the Active key section changes. The section displays the following information:

  • Key status. Details of the active Security Server key.
  • Key. A unique alphanumeric sequence required to receive technical support from Kaspersky Lab.
  • License type. Trial or commercial.
  • Representative. Name of the representative of the company that executed the agreement to purchase the application.
  • Number of users. The maximum number of employees with access to the SharePoint server protected by the application.
  • Expiration date. The date when the Security Server license expires.

If you add a key on a server in a farm, the Active key on the servers of the farm table appears in the workspace of the Licensing node. The table contains a list of servers belonging to the farm and information about the status of keys on these servers.

If Kaspersky Security is installed on a standalone SharePoint server, the key status details are displayed in the Licensing section in the workspace of the Control Center (<Server name>) node.

See also

Activating the DLP Module

Replacing a key

Removing a key

Page top

Activating the DLP Module

DLP Module activation enables the security officer to use the full functionality of the DLP Module and manage Data Leak Prevention.

The DLP Module can be activated after activating Security Server. The DLP Module key validity period may not exceed the Security Server key validity period.

To activate the DLP Module:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Licensing node of the relevant server.
  3. In the Active key of DLP Module section, click the Add button.
  4. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

The application adds the DLP Module key corresponding to the license.

The appearance of the Active key of DLP Module section changes. The section displays the following information:

  • Key status. Details of the active DLP Module key.
  • Key. A unique alphanumeric sequence required to receive technical support from Kaspersky Lab.
  • License type. Trial or commercial.
  • Representative. Name of the representative of the company that executed the agreement to purchase the application.
  • Number of users. The maximum number of company employees with access to management of Data Leak Prevention.
  • Expiration date. DLP Module license expiration date.

Information on the DLP Module license is displayed in the Control Center node on all servers.

Application functionality is limited when the DLP Module license expires. The application stops scanning files in real time as they are uploaded to SharePoint, creating new incidents, and searching for data belonging to specific categories. The security officer can view information about previously created incidents, create categories, policies and reports. After the Security Server license has expired, the application stops updating DLP Module databases.

See also

Activating Security Server

Replacing a key

Removing a key

Page top

Replacing a key

You can replace an active key with a key that has a longer validity period or allows more users of Kaspersky Security (if any).

Replacing an active key does not interfere with on-access scans, on-demand scan tasks, or database updates.

To replace the active key for Kaspersky Security:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
  2. Click the Replace button in the workspace.
  3. In the displayed File name dialog specify path to the key file (file with the .key extension) and click Open.

To replace an additional key:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
  2. In the workspace, click the Replace button in the Additional key section.
  3. In the displayed File name dialog specify path to the key file (file with the .key extension) and click Open.

See also

Activating Security Server

Activating the DLP Module

Removing a key

Page top

Removing a key

To remove a key for Kaspersky Security:

  1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
  2. In the workspace, click the Delete button in the Active key or Additional key section.

When Kaspersky Security is installed on a SharePoint farm and a key is removed from one SharePoint server within the farm, it is also removed from all servers of the SharePoint farm.

Page top

To security officer

This Help section is intended for professionals tasked with ensuring the security of confidential data, providing data leak prevention or preventing unauthorized access to data, and constantly monitoring the information security system and supporting its security hardware.

Information in this Help is arranged in accordance with the standard tasks that a data security officer performs using Kaspersky Security.

Page top

Kaspersky Security 9.0 for SharePoint Server

Kaspersky Security 9.0 for SharePoint Server (hereinafter "the application") is designed to protect the SharePoint platform against viruses and other malware and to scan the content of web resources for unwanted content, protect personal data of users and confidential data of companies on SharePoint websites against data leaks.

Kaspersky Security 9.0 for SharePoint Server offers the following capabilities for the Security Officer:

  • Detect data leaks in real time
  • Block files containing confidential data at the time when they are uploaded to a SharePoint server
  • Assign priorities to data leaks according to corporate security requirements
  • Configure permissions to upload files to SharePoint for individual employees and organizational units
  • Use statuses to monitor the processing of registered data leaks
  • Save and archive data leak records
  • Determine the exact location of files with confidential data on SharePoint
  • Automatically send data leak notifications to email addresses
  • Automatically or manually generate application reports and send them to email addresses

In this Help section

About the system of role-based access in Kaspersky Security

About Data Leak Prevention

Page top

About the system of role-based access in Kaspersky Security

Kaspersky Security supports the system of role-based user access for managing different functions of the application. User access to Kaspersky Security functions is granted depending on the user role.

Kaspersky Security supports the following roles:

  • Administrator;
  • Security officer

The Administrator role is intended for installing and administering Kaspersky Security. The administrator has access privileges for managing keys, configuring and upgrading the application, functions of anti-virus protection of SharePoint servers and web content scanning.

The administrator assigns roles for managing different application functions, performs installation and initial configuration of Kaspersky Security for the security officer. During initial configuration, the administrator:

  • Adds the active key of the application
  • Connects the SharePoint server to Administration Console of Kaspersky Security on the computer of the security officer
  • Activates the DLP Module component of Kaspersky Security, which is intended for use by the security officer

Prior to using Kaspersky Security, make sure that the administrator has performed initial configuration of the application.

The Security Officer role is intended to ensure the required level of corporate security on SharePoint websites. The Security Officer has access rights for managing protection of data against leaks.

The Security Officer can perform the following operations in the application:

  • Create and modify the criteria of confidential data recognition on SharePoint web resources
  • Configure methods of data leak detection and application actions upon leak detection
  • Configure data leak notifications to email addresses
  • View details of data leaks
  • Archive old data leak entries and recover them from the archive
  • Configure the settings of the search for files with confidential data on SharePoint websites;
  • Generate data leak reports for different periods and configure the delivery of reports to email addresses
  • View finished data leak reports
Page top

About Data Leak Prevention

Kaspersky Security comprises the DLP (Data Leak Prevention) Module designed to protect data against leaks. The component monitors file uploads by users to SharePoint websites in real time and detects data leaks according to the following parameters:

  • Type of data in the file and data contents;
  • Name of the user transferring the file;
  • SharePoint website to which the file is transferred.

You can configure these settings using application categories and policies.

If a user attempts to transfer a file containing confidential data (such as salary information of fellow employees) to a SharePoint website through which a leak may occur (such as a publicly accessible portal), the application registers this event as a data leak.

If national law requires notifying individuals that their network activity is being monitored, you must warn users about the operation of the DLP Module in advance.

You can configure the operations of Kaspersky Security as it registers data leaks. The application can perform the following operations automatically:

  • Generate incidents (records documenting instances of corporate security violations)
  • Assign priorities to incidents according to corporate security requirements
  • Block file uploads to SharePoint
  • Notify users and other officers about corporate security violations.

Information contained in incidents can be used to investigate corporate security violations.

Page top

Using categories. Assigning data to categories

The application uses categories to monitor data leakage and find information on SharePoint websites. Data categories contain criteria by which the application recognizes data on SharePoint websites, which are covered by the corporate security policy.

In this application usage scenario, you will learn how to categorize data and use categories in the operation of Kaspersky Security. You can begin using the application by analyzing the data that needs to be protected against leaks and assigning such data to different categories.

Data categories are required to classify information that you need to protect against leakage.

Data category. A set of data united with a common feature or subject and corresponding to specific criteria (e.g., a combination of words used in text in a certain order). The application uses data categories for recognizing information in files being uploaded and stored on SharePoint. The application allows using preset Kaspersky Lab data categories and creating custom data categories.

Kaspersky Lab categories. Predefined data categories developed by Kaspersky Lab specialists. Categories can be updated during application database updates. A security officer cannot modify or delete those predefined categories.

You can create data categories manually upon the following criteria:

  • Quotations from documents. Text fragments from documents that must be protected against leakage.
  • Document templates. Files with text data used as patterns for creation of new documents. The application protects against leakage all documents that have been created on the basis of those templates.
  • Keywords. Word, phrase, or sequence of characters that the application uses for recognizing data in files being uploaded to and stored on SharePoint, which need to be protected against leakage. Keywords can be added to data categories.
  • Table data. Information organized in a table format that must be protected against leakage. Table data is processed in Kaspersky Security using CSV (Comma Separated Values) files.

Scenario of data distribution by categories

  1. Prepare the documents that you need to protect against leakage and distribute them by groups in accordance with general criteria (for example, accounting records, personal data, or information about new technologies).
  2. In accordance with those general criteria, distribute data by categories:
    • To recognize text fragments precisely, use categories with quotations from documents. You manually add to a category documents from which quotations need to be tracked. The application recognizes quotation from documents by comparing data in the category against data uploaded to and stored on SharePoint.
    • To recognize full text from documents, use categories with document templates. You manually add to a category files with text data that need to be tracked.
    • To recognize text information (such as details of the organization's technologies and workflows), use keyword categories. You add keywords to the category manually. The application recognizes the data by keywords or expressions, selecting them from multiple keywords that have been specified in the category settings.
    • To recognize information stored in tables (such as personal records of employees or information about their wages), use table data categories. You add table data to the category manually. The application recognizes the data by the number of matches with table cells that has been specified in the category settings.
    • Use preset Kaspersky Lab categories to recognize data belonging to the most common categories (such as medical records, personal data, and bank details).

You can use categories to monitor and prevent data leaks and to search SharePoint websites for data.

See also

Adding a category of keywords

Keywords. Making expressions using operators

Adding a category of table data

Table data. Setting up the match level

Editing a category

Deleting a category

Monitoring and preventing data leaks

Searching SharePoint websites for data

Page top

About Kaspersky Lab data categories

Kaspersky Lab categories are preset categories that have been developed by Kaspersky Lab specialists. Each category includes data subcategories (that is, more specific categories).

Subcategory is a nested, embedded data category included in a larger-scale category. Each subcategory describes a set of category data combined with a specific feature. For example, the "Magnetic stripe data" subcategory makes part of the "Banking cards" category.

You can change the contents of a category by excluding or including subcategories. When a Kaspersky Lab data category is used, the application considers the data subcategories selected as part of this category. Subcategories that have been excluded from the category are ignored. For example, you can exclude subcategories upon which the application generates false positive incidents.

Kaspersky Lab categories are provided as part of the Kaspersky Security distribution kit. Categories can be updated during application database updates. The application records information about new Kaspersky Lab categories received during the update in the Windows Event Log. To receive information about preset Kaspersky Lab categories that have been added or modified, you can enable automatic notifications. Notifications contain information about the number of new and modified categories with their descriptions.

Kaspersky Lab categories

Category name

Category description

Administrative documents

This category allows you to detect words and expressions that are used in standard forms of administrative and regulating documents. These include orders, notices, job descriptions, and applications from employees. Sets of data on administrative documents depend on the country they are used in.

Alcohol, tobacco and narcotic substances

This category allows you to detect words and expressions that, directly or indirectly, are associated with alcoholic products, tobacco goods, and narcotic and / or psychoactive substances. These include advertising descriptions, instructions on the use or preparation of such substances.

Discrimination

This category allows you to detect words and expressions that may infringe upon the rights and legitimate interests of various groups of people. Any meaningful distinction of a person may become a pretext for discrimination; this may be his or her sex, race, religious beliefs, sexual orientation, nationality, or occupation.

Confidential documents

This category allows you to detect words and expressions that are used in confidential documents. These include documents with tags indicating their confidential character: "For internal use only", "Confidential", or "Not for external distribution".

Medical data (UK)

Medical data (Germany)

Medical data (Russia)

Medical data (USA)

Medical data (France)

These categories allow you to check files for the numbers of medical insurance policies, medical case histories, diagnoses, and medical advice. Sets of data on drugs, treatments, and social insurance data depend on the country in which a person receives medical assistance. (Registered trademarks and service marks are the property of their respective owners.)

Violence

This category allows you to detect words and expressions that are associated with depiction of violence and acts of cruelty. This category also allows you to detect words and expressions that induce to actions, which may threaten life and / or health (including those inducing to self-injury or suicide).

Discontent

This category allows you to detect words and expressions that may indicate employees' depressed state or discontent. For example, employees may give unfavorable opinions on the managerial staff, colleagues, and customers, express discontent of their job or salary. Such opinions may indicate a negative emotional state of employees and lead to degradation of working performance.

Explicit language

This category allows you to detect rude and abusive words and expressions, as well as explicit language.

Weapons and explosives

This category allows you to detect words and expressions that are associated with production and use of weapons, explosives, and pyrotechnical goods. These include descriptions of military operations, historical, industrial, and encyclopedic data related to weapons, explosives, and pyrotechnical goods.

Personal data (UK)

Personal data (Germany)

Personal data (Russia)

Personal data (USA)

Personal data (France)

These categories allow you to check files for personal data that can be used to ascertain a citizen's identity or location (for example, date of birth, address of residence, data from the passport or driver's license, social security number and social insurance number, banking card data and numbers of banking accounts). The set of data classified as personal depends on the laws of the country whose citizenship the person holds.

Payment cards

This category allows you to check files for data that are protected by the PCI DSS (Payment Card Industry Data Security Standard). The requirements of this standard cover companies that work with international payment systems. These requirements protect personal data of payment card owners when they are processed, transmitted, and stored. This category allows you to detect the data of a payment card and its magnetic strip.

U.S. Federal Law HIPAA

This category allows you to check files for data protected by the HIPAA (The Health Insurance Portability and Accountability Act). This act is aimed at protection of confidential information about the physical and mental state of patients. The requirements of this act cover health care institutions and medical employees who transmit information about the state of patients in electronic form.

Russian Federal Law No. 152

This category allows you to check files for data protected by the Russian Federal Law No. 152. This law is aimed at protection of personal data when they are processed, stored, and used. The requirements of this law cover personal data operators (public authority, local authority, juridical or physical person who manages or performs personal data processing, as well as defines the goals and content of personal data processing). These requirements regulate activities that concern collection, processing, storage, and transmission of citizens' personal data.

Financial documents

This category allows you to detect words and expressions that are used in standard forms of financial documents. These include contracts, accounts and invoices, payrolls, and orders. The sets of data on financial documents depend on the country they are used in.

Erotica and pornography

This category allows you to detect words and expressions that are associated with the sexual side of human relationship. These include descriptions of human genitals, coitus, sexual perversions, or masturbation.

Page top

Monitoring and preventing data leaks

Kaspersky Security allows you to track and prevent data leakage on SharePoint websites by means of policies.

Policy is a collection of application settings that provide data protection against leakage. The policy defines the conditions on which users can handle confidential data, as well as actions that must be taken by the application when possible data leakage is detected.

According to the policy, the application scans files uploaded to SharePoint, using the following settings:

  • By the name of the user account under which the file is uploaded
  • By the address of the SharePoint website to which the file is uploaded
  • By the match between data in the uploaded file and data in the category

If the conditions set for file upload to SharePoint meet the settings defined in the policy, the application registers a policy violation.

A policy violation means user actions leading to a violation of the conditions applied to the handling of confidential data on SharePoint servers. The application views an event as a policy violation if the user specified in the policy uploads to a SharePoint website some data from a category prohibited by the policy.

You can set up actions that the application will take in case of a policy violation, in accordance with one of the following scenarios:

  • If you want to prevent leakage of data protected by the policy, we recommend that you configure the policy so that Kaspersky Security blocks files from being uploaded by users to SharePoint websites. This option is recommended if leakage of protected data poses a threat for data security in the organization.

    You can additionally set up notification delivery to email addresses in order to receive up-to-date information about policy violations

  • If you want to track possible leakage of data protected by the policy, we recommend that you configure the policy so that Kaspersky Security does not block files from being uploaded to SharePoint websites. The application will not affect user activities on SharePoint servers. This option is recommended if information about policy violations is analyzed during incident management.

Policy adding scenario

Before adding a policy, we recommend that you create relevant data categories or select relevant data categories in the list of preset categories.

  1. In the list of categories and policies, select the category, which contains data that you need to protect.
  2. Create a new policy for the selected data category.

    Multiple policies can be added for a single category.

The application will track and / or prevent data leakage if the policy is active.

See also

Adding a file to exclusions by web address

New Policy Wizard

Searching for policies by users

Deleting a policy

Page top

Categories and policies

Show all | Hide all

In this node, you can configure protection of data against leakage.

The node's workspace displays a list of categories and policies configured to protect data against leakage.

Kaspersky Lab categories are marked with the ks90_pict_dlp_KLcategory symbol. User-added categories are marked with this icon ks90_pict_dlp_Usercategory.

Clicking the button located on the left from the name of a category opens a list of policies set for that category. Policies are marked with icons that reflect their status:

  • ks90_pict_policy_block – the policy is active; when the policy is violated, the application blocks file transmission to SharePoint.
  • ks90_pict_policy_detect – the policy is active; when the policy is violated, the application does not block file transmission to SharePoint.
  • ks90_pict_policy_disabled – the policy is inactive.

Clicking the name of a category or a policy in the right part of the section displays detailed information about the category or policy that has been selected.

New category

Button with a list in which you can select the type of a category to be added. Clicking this button allows you to add a new category of keywords or table data.

Selecting the type of added category results in the opening of the category settings configuration window.

New policy

Clicking this button runs the New Policy Wizard. The Wizard adds a new policy for the data category selected from the list.

Settings

Clicking this button opens the settings window of the selected object.

Delete

Clicking this button removes the selected categories and policies without any option of recovery. Removing a category affects the following objects:

  • Policies that have been set for the category will be removed along with that category.
  • Scan tasks that have been using the category will be modified automatically.

After a category or a policy is removed, the corresponding data will be saved in the information about incidents. Kaspersky Lab categories cannot be removed.

This button is available if one or several objects are selected in the list of categories and policies.

The Policies search section allows searching for policies associated with specific users.

On users without Active Directory accounts

The application locates all policies that control file uploads to SharePoint by users without Active Directory accounts.

On selected users

The application searches for policies configured for users whose accounts are included in Active Directory. You can find policies assigned to specific users by selecting their accounts via the Select button.

This option is selected by default.

Find

Clicking this button displays a list of policies assigned for specific users. The list displays the following information about each policy:

  • Policy name
  • Category for which the policy is installed
  • Action performed by the application on the file when the policy is violated

See also

Using categories. Assigning data to categories

Settings of a category of keywords

Settings of a category of table data

New Policy Wizard. Step 1

Page top

Settings of a category of table data

Show all | Hide all

In the Category settings window, you can configure the conditions for data search across SharePoint using table data.

Name

Category name The name must differ from the names of other categories.

Path to file

The path to a CSV file with table data. You can specify the path by clicking the Browse button.

Browse

Clicking this button opens the Open file window. In this window, you can proceed to the folder in which the CSV file is stored, and select that file.

Column separator

In the Column separator dropdown list, you can select the symbol to be used as the column separator in the CSV file that you are uploading:

  • Comma
  • Semicolon
  • Tab.

This setting is editable if the Path to file field contains the full path to the location of the CSV file.

By default, the comma is set as the column separator.

The Match level block of settings allows you to configure data search across SharePoint by the contents of table data cells added from the CSV file. The number of cells involved in the search is defined as the number of unique intersections between columns and lines in the table. By using the threshold value of rows and columns, you can set up the minimum number of table data cells involved in the search. The application searches for matches with data in cells across files stored on SharePoint.

Threshold value for lines

In this entry field, you can specify the number of table data lines from the CSV file that will be used for creating cells.

By default, 2 lines are set.

Threshold value for columns

In this entry field, you can specify the number of table data columns from the CSV file that will be used for creating cells.

By default, 2 columns are set.

Comments

Additional information pertaining to data in the category, for example, a link to a document that regulates the information security rules in the organization.

Help on configuring the match level

Clicking this link opens a context help window that describes how to handle table data categories and provides examples of how to set up the level of matching.

See also

Table data. Setting up the match level

Settings of a category of keywords

Category: <Category name>

Use these settings for the following tasks

Using categories. Assigning data to categories

Adding a category of table data

Page top

Table data. Setting up the match level

The match level  is the number of table data cells against which the application is searching SharePoint for matches. The number of cells involved in the search is defined as the number of unique intersections between columns and lines in the table. The match level has two parameters:

  • Threshold value for lines. The minimum number of rows containing data for which the application searches SharePoint for matches.
  • Threshold value for columns. The minimum number of columns containing data for which the application searches SharePoint for matches.

By finding a match to table data, the application detects a file containing data from the specified number of columns in the specified number of rows. There is no requirement for the same columns to match in different rows.

Example:

A table of CSV format containing the following table data has been added to the category:

 

Column 1

Column 2

Column 3

Column 4

Column 5

1946

2718

0

0

0

3376

2753

58

1

4

3370

2746

67

9

4

3373

2731

6

1

7

 

The following match level for table data is configured: the threshold value of rows is 2, the threshold value of columns is 3.

The application detects files whose data match six cells of table data. The matching data must be located in at least two rows at once, and at least three cells must produce a match in each row. For example:

 

 

Column 1

Column 2

Column 3

Column 4

Column 5

1946

2718

0

0

0

3376

2753

58

1

4

3370

2746

67

9

4

3373

2731

6

1

7

 

 

Given this match level, the application will also detect a file containing the following table data:

 

Column 1

Column 2

Column 3

Column 4

Column 5

1946

2718

0

0

0

3376

2753

58

1

4

3370

2746

67

9

4

3373

2731

6

1

7

 

Files with a lesser number of matches are ignored by the application. For example:

 

 

Column 1

Column 2

Column 3

Column 4

Column 5

1946

2718

0

0

0

3376

2753

58

1

4

3370

2746

67

9

4

3373

2731

6

1

7

 

In the example above, table data in three cells match a CSV table only in one row. The file does not match the specified threshold value of rows (2) and is therefore ignored by the application.

Page top

Settings of a category of keywords

Show all | Hide all

In the Category settings window, you can configure the conditions of data search across SharePoint sites using keywords.

Name

Category name The name must differ from the names of other categories.

Help on adding keywords

Clicking this link opens a context help window that contains the descriptions of operators and examples of how to use them.

In this entry field, you can specify keywords and expressions that the application should use to find matches on SharePoint sites. Keywords should be put into quotes. The application ignores words or phrases that have not been put into quotes.

Words and phrases that have been specified as keywords and put into quotes, can be separated with whitespaces and other symbols (for example, "#", "%", "+", "@", "&", and punctuation symbols). Keywords can be combined into expressions by using such operators as AND, OR, NEAR(n), and ONEAR(n).

Comments

Additional information pertaining to data in the category, for example, a link to a document that regulates the information security rules in the organization.

See also

Keywords. Making expressions using operators

Settings of a category of table data

Category: <Category name>

Use these settings for the following tasks

Using categories. Assigning data to categories

Adding a category of keywords

Page top

Keywords. Making expressions using operators

A keyword is a word, phrase, or sequence of characters that the application needs in order to recognize confidential data in text.

Words and phrases that have been specified as keywords and put into quotes, can be separated with whitespaces and other symbols (for example, "#", "%", "+", "@", "&", and punctuation symbols). Keywords can be combined into expressions by using such operators as AND, OR, NEAR(n), and ONEAR(n) (see table below).

Using operators in expressions

Operator

Description of use

Result

!

The "!" character is used at the beginning of a keyword to make it case-sensitive.

If the keyword consists of several words, the case operator applies to each word included in the keyword. For example, "!Kaspersky Lab".

The application detects files whose text includes the "Kaspersky Lab" keyword beginning with upper-case letters. Files containing this keyword in lower-case (such as "kaspersky lab") are skipped.

AND

Use the AND operator to detect two or more keywords included in the text at the same time. For example, "anti-virus" AND "security".

The order in which the keywords are enumerated does not affect the search.

 

 

The application detects files whose text includes the words "anti-virus" and "security" at the same time. Files containing only one of these words are skipped.

OR

Use the OR operator to detect one of the keywords or several keywords in the text. For example, "security" OR "computer protection".

The OR operator is applied automatically to keywords typed in the entry field beginning with a new line.

The application detects files in which the text includes the word "security" or the word combination "computer security", or both.

NEAR(n)

The NEAR operator is used to detect several keywords separated by several other words in text. Specify the number of words separating the keywords in brackets. For example, "security" NEAR(6) "system".

The order in which keywords have been entered is disregarded during the search.

The application detects files in whose text the word "security" appears before or after the word "system" with six or fewer words between them.

Use several operators to create complex expressions from keywords. Use round brackets to specify the order in which the operators should be applied.

Example:

The category contains the following expression consisting of keywords:

"security" AND ("!Kaspersky Lab" NEAR(5) "program code")

The application detects files whose content matches the following criteria:

  • They include words and word combinations "security", "Kaspersky Lab", and "program code".
  • The words "Kaspersky Lab" begin with upper-case letters.
  • The word combination "program code" is used before or after the word combination "Kaspersky Lab" with five or fewer words between them.

For example: "...protect the program code of the application against hacking. At the conference, Kaspersky Lab will showcase an improved version of the product that makes networking more secure".

The search for expressions “term1” NEAR(n) (“term2” AND “term3”) and “term1” NEAR(n) (“term2” NEAR(m) “term3”) is not supported. When the application searches for data using these type of expressions, uncertainty arises when the brackets are removed.

Page top

Category: <Category name>

Show all | Hide all

In the window with the settings of the selected Kaspersky Lab category, you can view the category details or change the composition of this category.

<Category name>

Name of a preset Kaspersky Lab category.

This name cannot be edited.

The Subcategories section displays a list of subcategories included in the selected category. You can change the category contents by selecting the check boxes next to the data subcategories by which the application must recognize information. Subcategories that have been excluded from the category are ignored. For example, you can exclude subcategories upon which the application generates false positive incidents.

All check boxes are selected by default.

See also

About Kaspersky Lab data categories

Settings of a category of keywords

Settings of a category of table data

Page top

New Policy Wizard. Step 1

Show all | Hide all

The New Policy Wizard lets you create a new data leak prevention policy and configure the policy settings. The Wizard consists of a sequence of windows. You can switch between Wizard windows by clicking the Next and Back buttons. You can quit the Wizard at any time by clicking the Cancel button.

Policy name

Policy name. The names of policies set for a single category cannot be identical.

Activate policy

Enable data leak prevention in accordance with the settings defined in the policy.

If this check box is selected, the policy is active. The application tracks leaks of data in real-time mode in accordance with the settings defined in the policy.

If this check box is cleared, the policy is inactive.

The check box is selected by default.

Link to guidance document

In the entry field, you can specify a link to the guidance document based on which the policy was created. You can provide the link either as the path to the document file stored on SharePoint, or as plain text.

See also

Adding a file to exclusions by web address

Steps of the Wizard

New Policy Wizard. Step 2

New Policy Wizard. Step 3

New Policy Wizard. Step 4

Page top

New Policy Wizard. Step 2

Show all | Hide all

At this step of the Wizard, you can configure permissions for file transfer to SharePoint by company employees.

The application supports the following file formats: DOC, DOCX, PPT, PPTX, XLS, XLSX, XLSB, ONE, RTF, VSD, PDF, HTML, XML, ODP, ODS, ODT, TXT. The application does not control users' access to files of other formats. Please find your own solution for protection of files of other formats.

The Policy applies to block of settings allows you to select users to be covered by the policy. The application controls file transfers to SharePoint performed by these users.

Select users to be covered by policy

The application controls file transfers to SharePoint performed by all users whose accounts are included in Active Directory.

This is the default option.

Selected Active Directory users

The application controls file transfers to SharePoint performed by users whose accounts are specified on the list. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

The Exclude the following users from policy section allows selecting Active Directory users who are out of scope of the policy. The application does not control file transfers to SharePoint performed by these users. The following buttons are designed for creating a list of users:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Monitor users missing in Active Directory

Apply the policy to users whose accounts are not included in Active Directory.

If this check box is selected, the policy covers users who are not present in Active Directory. The application controls file transfers to SharePoint performed by these users.

If this check box is cleared, the policy does not cover users who are not present in Active Directory.

The check box is selected by default.

See also

Adding a file to exclusions by web address

Steps of the Wizard

New Policy Wizard. Step 1

New Policy Wizard. Step 3

New Policy Wizard. Step 4

Page top

New Policy Wizard. Step 3

Show all | Hide all

At this step of the Wizard, you can configure the control area. The application will control the uploading of files to the selected SharePoint websites. When users specified at the previous step of the Wizard upload files to the selected SharePoint websites, the application registers a policy violation.

Select child items

This selects the check boxes next to subsections of websites that make part of the SharePoint structure.

Deselect child items

This clears the check boxes next to subsections of websites that make part of the SharePoint structure.

The section in the bottom part of the window allows you to configure exclusions from the control area. You can create a list of web addresses to which files will be uploaded by users without being controlled by the application.

Add exclusion

Clicking this button opens the Web address window. In this window, you can specify a web address on a SharePoint website that you need to exclude from the control area.

Delete

Clicking this button causes the application to remove the selected web address from the exclusions. After saving changes in the policy, the application will control the uploading of files by users to that web address.

Steps of the Wizard

New Policy Wizard. Step 1

New Policy Wizard. Step 2

New Policy Wizard. Step 4

See also

Adding a file to exclusions by web address

Page top

New Policy Wizard. Step 4

Show all | Hide all

At this step of the Wizard, you can configure automatic actions to be performed by the application when the policy is violated.

Block file upload to SharePoint

Block transfers of files to SharePoint if they contain data matching the category.

If this check box is selected, the application blocks transfers of files to SharePoint if they contain data matching the category. This restriction covers users and websites that are specified in the policy settings.

If this check box is cleared, the application does not block file transfers to SharePoint when the policy is violated.

Regardless of whether the check box is selected or cleared, when the policy is violated, the application logs the event as a possible data leakage and creates an incident.

The check box is cleared by default.

Create incidents with priority

Assessment of the danger of a potential data leak.

In the Create incidents with priority drop-down list, you can specify the priority that the application should assign to an incident when the policy is violated:

  • Low
  • Medium
  • High

Attach file to incident details

Add the file to the incident details.

If this check box is selected, when creating an incident, the application updates the incident details, adding the file that caused the policy violation while being transferred to SharePoint. You can open the file on SharePoint when handling the incident.

If this check box is cleared, the incident details display only the web address of the file on SharePoint.

The check box is selected by default.

Record event to Windows Event Viewer

Adding of policy violation records to Windows Event Viewer.

If the check box is selected, the application records policy violation events in Windows Event Viewer.

If the check box is cleared, events are not recorded in Windows Event Viewer.

The check box is cleared by default.

Send notification by email

Automatically send notifications of policy violations to the following email addresses:

  • To security officer;

You can specify the email address of a security officer in the Data Leak Prevention node.

  • To user (to the user associated with the incident);
  • To user's manager;
  • Additionally(you can specify additional email addresses in this entry field, separating them with semicolons).

If the check box next to a recipient's name is selected, the application automatically sends notifications of policy violation to this email. The application uses email addresses specified in Active Directory accounts when sending notifications to the user associated with the incident and to his or her manager. If no email addresses are specified in Active Directory accounts, no notifications will be sent.

If this check box is cleared, automatic sending of notifications is disabled.

By default, the Send notification by email check box is cleared.

Steps of the Wizard

New Policy Wizard. Step 1

New Policy Wizard. Step 2

New Policy Wizard. Step 3

See also

Adding a file to exclusions by web address

Page top

File formats to scan

To protect data against leakage, Kaspersky Security scans files uploaded to SharePoint for data of specific categories. The application determines the format of each file being scanned by analyzing its structure, which defines the way the file is stored or displayed on the screen. The extension of a file may not match its format. The application unpacks archived files down to the 64-th nesting level and scans all embedded objects. The file formats that the application handles are listed below.

File formats to scan

File type

Formats

Archives

7Z; ARJ; BZ2; CAB; CPIO; DMG; EXE; GZ; ISO; JAR; OBD; RAR; RPM; TAR; TBZ2; ZIP

Databases

DB; DB3; DBF

Documents

AMI; DCA; DOC; DOCX; DOX; .DW5; FFT; FW3; JTD; JBW; JTT; HWP; IWP; JBW; JTD; JTT; KEY; M11; MAN; MANU; MNU; NUMBERS; ODT; PAGES; PDF; PUB; PW; PW1; PW2; QA; QA3; RFT; SAM; SDW; SXW; WPD; WRI; WS; WSD; WS2; WSx; XY

E-mail messages.

EML; EMLX; MBOX; MBX; MHT; MSG; PST; OST; OFT

Presentations

ODP; ODS; PPT; PPTX; SXI; SDI; SDP

Tables

CSV; FW3; ODS; SX, SXC; SXS; WK; WK3; WK4; WKS; WPS; XLS; XLSB; XLSX

Text

CHM; DCA; EMF; HTM; HTML; ONETOC; RTF; SGML; TXT; XML; WMF

The application does not monitor uploads of other file formats to SharePoint by users. If other file formats also contain any confidential information, advanced tools and techniques of data leakage control are advised to use along with the application.

Page top

Policy settings – Policy

Show all | Hide all

On the Policy tab, you can activate a policy, change its name, or specify some additional information about the policy's purpose.

Policy name

Policy name. The names of policies set for a single category cannot be identical.

Activate policy

Enable data leak prevention in accordance with the settings defined in the policy.

If this check box is selected, the policy is active. The application tracks leaks of data in real-time mode in accordance with the settings defined in the policy.

If this check box is cleared, the policy is inactive.

The check box is selected by default.

Link to guidance document

In the entry field, you can specify a link to the guidance document based on which the policy was created. You can provide the link either as the path to the document file stored on SharePoint, or as plain text.

Use these settings for the following tasks

Monitoring and preventing data leaks

See also

Policy settings – Users

Control scope

Policy settings – Actions

Page top

Policy settings – Users

Show all | Hide all

On the Users tab, you can set up permissions to transfer files to SharePoint for the organization's employees.

The Policy applies to block of settings allows you to select users to be covered by the policy. The application controls file transfers to SharePoint performed by these users.

Select users to be covered by policy

The application controls file transfers to SharePoint performed by all users whose accounts are included in Active Directory.

This is the default option.

Selected Active Directory users

The application controls file transfers to SharePoint performed by users whose accounts are specified on the list. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

The Exclude the following users from policy section allows selecting Active Directory users who are out of scope of the policy. The application does not control file transfers to SharePoint performed by these users. The following buttons are designed for creating a list of users:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Monitor users missing in Active Directory

Apply the policy to users whose accounts are not included in Active Directory.

If this check box is selected, the policy covers users who are not present in Active Directory. The application controls file transfers to SharePoint performed by these users.

If this check box is cleared, the policy does not cover users who are not present in Active Directory.

The check box is selected by default.

Use these settings for the following tasks

Monitoring and preventing data leaks

See also

Policy settings – Policy

Control scope

Policy settings – Actions

Page top

Control scope

Show all | Hide all

On the Monitoring scope tab, you can configure the control area. The application will control the uploading of files to the selected SharePoint websites.

Select child items

This selects the check boxes next to subsections of websites that make part of the SharePoint structure.

Deselect child items

This clears the check boxes next to subsections of websites that make part of the SharePoint structure.

The section in the bottom part of the window allows you to configure exclusions from the control area. You can create a list of web addresses to which files will be uploaded by users without being controlled by the application.

Add exclusion

Clicking this button opens the Web address window. In this window, you can specify a web address on a SharePoint website that you need to exclude from the control area.

Delete

Clicking this button causes the application to remove the selected web address from the exclusions. After saving changes in the policy, the application will control the uploading of files by users to that web address.

Use these settings for the following tasks

Monitoring and preventing data leaks

See also

Policy settings – Policy

Policy settings – Users

Policy settings – Actions

Page top

Web address

In the entry field, you can specify the web address of a file or a library. The application will not control the uploading of files to the specified web addresses by users.

If the specified web address has already been added to the list of exclusions for the policy, the application displays an error message. Non-existent web addresses cannot be added to exclusions.

Page top

Policy settings – Actions

Show all | Hide all

On the Actions tab, you can configure automatic actions to be performed by the application when the policy is violated.

Block file upload to SharePoint

Block transfers of files to SharePoint if they contain data matching the category.

If this check box is selected, the application blocks transfers of files to SharePoint if they contain data matching the category. This restriction covers users and websites that are specified in the policy settings.

If this check box is cleared, the application does not block file transfers to SharePoint when the policy is violated.

Regardless of whether the check box is selected or cleared, when the policy is violated, the application logs the event as a possible data leakage and creates an incident.

The check box is cleared by default.

Create incidents with priority

Assessment of the danger of a potential data leak.

In the Create incidents with priority drop-down list, you can specify the priority that the application should assign to an incident when the policy is violated:

  • Low
  • Medium
  • High

Attach file to incident details

Add the file to the incident details.

If this check box is selected, when creating an incident, the application updates the incident details, adding the file that caused the policy violation while being transferred to SharePoint. You can open the file on SharePoint when handling the incident.

If this check box is cleared, the incident details display only the web address of the file on SharePoint.

The check box is selected by default.

Record event to Windows Event Viewer

Adding of policy violation records to Windows Event Viewer.

If the check box is selected, the application records policy violation events in Windows Event Viewer.

If the check box is cleared, events are not recorded in Windows Event Viewer.

The check box is cleared by default.

Send notification by email

Automatically send notifications of policy violations to the following email addresses:

  • To security officer;

You can specify the email address of a security officer in the Data Leak Prevention node.

  • To user (to the user associated with the incident);
  • To user's manager;
  • Additionally(you can specify additional email addresses in this entry field, separating them with semicolons).

If the check box next to a recipient's name is selected, the application automatically sends notifications of policy violation to this email. The application uses email addresses specified in Active Directory accounts when sending notifications to the user associated with the incident and to his or her manager. If no email addresses are specified in Active Directory accounts, no notifications will be sent.

If this check box is cleared, automatic sending of notifications is disabled.

By default, the Send notification by email check box is cleared.

Use these settings for the following tasks

Monitoring and preventing data leaks

See also

Policy settings – Policy

Policy settings – Users

Control scope

Page top

Searching SharePoint websites for data

Data search functionality lets you scan files on SharePoint sites for data belonging to specific categories.

You can use data search to perform the following operations:

  • Detect all SharePoint sites that currently store files containing data that belongs to specific categories.
  • Scan selected SharePoint sites for files containing data that belongs to specific categories. For example, you can receive information on files with employees' financial or personal data that are stored in improper locations.
  • Use data categories to search SharePoint sites for specific files. For example, you can detect a file if its name and format are unknown but you know what type of data it may contain and on which SharePoint website it may be stored.

During data search, the load on SharePoint servers increases. To maintain a balanced load, the administrator can limit the list of SharePoint servers on which data search is available. If the Status column next to a running task displays the No servers available message, contact the administrator for a permission to run the task. The administrator modifies the DLP Module settings.

Managing search tasks

The SharePoint site data search function is implemented in the form of search tasks.

You can configure the following settings for each task:

  • Scan type (full or incremental)
  • Data categories according to which the search is performed
  • SharePoint sites on which the search is performed
  • Task run mode and schedule
  • Application actions on detecting files that match the search conditions

    On detecting files, the application can create incidents and log event information in Windows Event Viewer.

You can add several search tasks to scan various SharePoint servers for files containing data that belongs to various categories. You can edit search task settings, if necessary.

If data categories selected for running the search are modified while the search task is in progress (for example, certain keywords are removed or new table data is added), the application continues to search for files according to the modified data categories. The application does not re-scan the files that have been found.

The application searches for data in background mode. Regardless of the task run schedule, you can manually start or stop a search task at any time.

The application does not scan system files during a search task.

The progress of the search task is displayed in the form of a progress bar. The progress bar shows the percentage ratio of files that have been scanned against the total number of files on the selected SharePoint servers.

Data search optimization

During repeated runs of a task, the application can perform an incremental scan, i.e.,scan only files that have been modified since the previous task run. Incremental scanning allows minimizing the task runtime and reducing the workload on the SharePoint server. You can enable incremental scanning in the task settings. If incremental scanning is disabled, the application scans all files that meet the search criteria.

Processing search results

The application generates a report on search results after the task is completed.

Each report contains a table with a list of files matching the search parameters. The report name is created automatically and matches the name of the task based on which it has been generated.

If necessary, you can save the report to view search results without opening Management Console.

Search results make it possible to analyze the current status of data protection on SharePoint and edit policy settings, if necessary.

See also

Adding a search task

Editing the search task settings

Starting and stopping a data search

Viewing the search results

Saving search results

Deleting the search results

Deleting a task

Page top

Search

Show all | Hide all

In this node, you can configure search of data across SharePoint by various categories, as well as view search results.

The Search tasks section contains a list SharePoint file search tasks. In this section, you can manage search tasks by adding new ones, modifying or removing existing tasks, as well as starting and stopping tasks run.

Create

Clicking this button opens the Task settings window. In this window, you can create a new task for search of files across SharePoint and configure it.

Start

Clicking this button causes the application to run the file search task that has been selected from the list of tasks.

Stop

Clicking this button causes the application to stop running the file search task that has been selected from the list of tasks.

Change

Clicking this button opens the Task settings window. In this window, you can edit the settings of the search task that has been selected in the list of tasks.

Delete

Clicking this button causes the application to delete one or several tasks that have been selected in the list, without any option of restoration.

The Search resultss section contains a list of reports on the results of search tasks. In this section, you can view and delete reports, as well as save reports to disk.

View

Clicking this button opens the selected report in the default web browser window.

Delete

Clicking this button causes the application to delete one or several reports that have been selected in the list.

Save

Clicking this button opens the Save as window. In this window, you can save the selected report in CSV format.

By default, the application saves the report under the name specified in the list of reports.

See also

Adding a search task

Starting and stopping a data search

Viewing the search results

Deleting the search results

Use these settings for the following tasks

Searching SharePoint websites for data

Page top

Features of incremental scan

Incremental (partial) scan is a type of file scan during which the application only scans files that have been modified since the previous scan. By default, incremental scanning is enabled. The application performs a full scan at the first task run; all further runs enable incremental scans. The application does not scan files that have not been modified. Modifying the scan task may cause the scan scope to include files that have not yet been scanned. The application performs a full scan of those files.

Dependency of the incremental scan on changes made to the scan task settings

Scan setting

Setting modification

Scan type

Files scanned by the application

Data categories

 

No. No data categories have been modified in the task.

Incremental

Modified files only.

Yes. A new data category (or multiple ones) has been added to the scan task.

Full and incremental

All files are scanned for presence of the specified new categories.

Modified files for presence of specified categories that have been used during the previous task run.

Yes. The contents of a data category (or multiple ones) have been modified.

Incremental

Only modified files by updated categories.

Scanned websites

 

No.

Incremental

Modified files only.

Yes. A new SharePoint website (or multiple websites) has been selected.

Full and incremental

All files located on new SharePoint websites.

Modified files on websites that have been scanned during the previous task run.

Page top

Task settings – General

Show all | Hide all

Task name

Name of the search task. The task name cannot coincide with the names of other search tasks on the list.

Scan modified files only

Enabling incremental (partial) scanning.

If this check box is selected, when running the task, the application only scans files that have been modified since the previous task run. The application does not scan files that have not been modified. This allows minimizing the task runtime and reducing the workload on the SharePoint server.

The results of the incremental scan depend on changes in the search task settings (if, for example, some new data categories have been added). In this case, in addition to modified files, the application also scans files that meet the new search criteria but have not yet been scanned earlier.

If this check box is cleared, incremental scanning is disabled. The application scans all files that meet the search criteria, i.e., modified files and files that have not been modified since the previous task run.

The check box is selected by default.

Create incidents

Create incidents when detecting files that meet the search criteria.

If this check box is selected, the application creates an incident every time a file that meets the search criteria is detected. When creating an incident, the application does not add the detected file to the incident details.

If this check box is cleared, no incidents will be created.

The check box is cleared by default.

Log events in Windows Event Viewer

Record to Windows Event Viewer information about files found in accordance with the search criteria.

If this check box is selected, the application records to Windows Event Viewer information about an event every time a file that meets the search criteria is detected on SharePoint.

If this check box is cleared, no records will be added to Windows Event Viewer.

This check box is available if the Create incidents check box is selected. The check box is cleared by default.

Use these settings for the following tasks

Adding a search task

Editing the search task settings

See also

Task settings – Run mode

Task settings – Scan scope

Page top

Task settings – Categories

The Categories tab displays a list of categories that you can use in the task. The list contains Kaspersky Lab categories and user-created categories. The application searches for data across SharePoint by categories selected in the list.

Use these settings for the following tasks

Searching SharePoint websites for data

See also

Task settings – General

Task settings – Scan scope

Task settings – Run mode

Page top

Task settings – Scan scope

Show all | Hide all

On the Search scope tab, you can select SharePoint websites on which the application will perform data search according to the selected categories.

Select child items

This selects the check boxes next to subsections of websites that make part of the SharePoint structure.

Deselect child items

This clears the check boxes next to subsections of websites that make part of the SharePoint structure.

The section in the bottom part of the window allows you to configure exclusions from the search scope. You can create a list of web addresses on which the application will not scan files during the data search.

Add exclusion

Clicking this button opens the Web address window. In this window, you can specify the web address of a SharePoint website that you need to exclude from the search scope.

Delete

Clicking this button causes the application to remove the selected web address from the exclusions. During the next task run, the application will scan files located on the specified web address.

Use these settings for the following tasks

Adding a search task

Editing the search task settings

See also

Task settings – General

Task settings – Run mode

Page top

Web address

In the entry field, you can specify the web address of a file or a library. During the search, the application will not scan files located on the specified web address.

If the specified web address has already been added to the list of exclusions for the search task, the application displays an error message. Non-existent web addresses cannot be added to exclusions.

Page top

Task settings – Run mode

Show all | Hide all

On the Schedule tab, you can select the task run mode and set up a schedule that the application will use to run the search task.

Manually

Scheduled startup of the task is disabled. You can run the task manually at any time you like.

This is the default option.

Once

The application automatically runs the task once, on the day and at the time that you have specified.

If you select this option, the Start day and Start time fields become available so that you can set up the task run mode.

Weekly

The application automatically runs the task weekly, according to the schedule that you have set up.

If you select this option, the Start day and Start time fields become available so that you can configure the task run schedule.

Use these settings for the following tasks

Adding a search task

Editing the search task settings

See also

Task settings – General

Task settings – Scan scope

Page top

Managing incidents

An incident is a record about an application event associated with a possible data leak. Kaspersky Security generates incidents in the following cases:

  • When a policy is violated
  • While searching SharePoint for data

Each incident contains detailed information about incident-related files and users and the reason why the incident has been generated. This information is needed to analyze and investigate possible data leaks.

The incident workflow process is regulated by job descriptions of security officers and may vary depending on the incident workflow regulations adopted within an organization.

Managing the incident workflow process

The incident workflow process can be managed as follows:

  • Using incident statuses

    The incident status is information about the current incident status. The incident status can be changed at any time. Information about the incident status change and the author of changes is saved in the incident history.

    The application lets you change the status of several incidents at once.

  • Using comments

    Comments may contain information about the reasons for incident status changes and about an investigation of the circumstances under which the incident occurred.

Incident comments can be added while changing the incident status or viewing the incident history.

Selecting incidents to manage

The application adds all incidents that have been generated to the list of incidents in the Incidents node. You can change the appearance of the incident list by changing the incident information displayed in the table.

The application automatically assigns the New status to an incident when it is generated. New incidents available for processing can be displayed by refreshing the incident list.

You can use the incident filter to search for incidents according to specific criteria (such as incidents related to a specific user). You can use the search for similar incidents to handle similar incidents, i.e., those who share identical data.

Viewing incident details and processing incidents

You can start managing new incidents by viewing the incident details.

Incidents assigned for processing must have their status changed to In progress. If the company has several security officers, this will help them to coordinate their workflows.

To make a decision on an incident, you have to look at the context of the policy violation. The violation context is displayed in the incident details window. The violation context contains all text fragments that contain data indicating the violation. Keywords or table data in each fragment are highlighted in red. If the context of the violation is insufficient to make a decision on an incident, you can open the incident-related file on SharePoint.

When you point the mouse pointer on a text fragment that indicates a violation, a tooltip with the name of the data subcategory appears next to the pointer (see figure below). A subcategory is a nested, embedded data category included in a larger category. The subcategory name helps to define more accurately the area of the category to which data belongs.

ks90_pict_subcategory

The subcategory name is displayed in a pop-up hint.

You can add the web address of the file associated with the incident to exclusions. This helps you to reduce the number of false positive incidents generated when scanning template-based documents (such as uniform contracts or statements). The application adds the web address of a file to exclusions as follows:

  • If the incident has been created due to a policy violation, the web address will be added to the policy's exclusions. The application will not control the uploading of files by users to that web address.
  • If the incident has been created when running the search task, the web address will be added to the search task's exclusions. The application will not scan files located on that web address.

If the incident was generated while running a search task of Kaspersky Security 9.0 , you cannot add the file's web address to exclusions for the search task.

If you need to export incident information to prepare an official memo, you can copy the incident details to clipboard.

Finishing incident management

Following analysis of incident information, an incident can be assigned one of the following statuses:

  • Closed (processed), if incident processing has been completed.
  • Closed (false positive), if the policy violation was a false positive (e.g., a mistake was made while configuring the policy).
  • Closed (not an incident), if the policy violation was admissible as an exclusion.
  • Closed (other) in any other cases.

After finishing incident processing, you can remove them from the list of incidents by archiving them.

You are advised to perform archiving of incidents once the number of incidents exceeds 100,000. Kaspersky Security can be unstable when the number of incidents increases to 300,000.

Recovering incidents

You can consult archived incidents, if necessary, by restoring incidents. The application automatically assigns Archival status to all restored incidents.

After you finish processing these incidents, you can remove them from the list.

See also

Updating the list of incidents

Viewing incident details

Changing the status of an incident

Changing incident details displayed in the table

Archiving incidents

Restoring incidents from the archive

Deleting archived incidents

Page top

Incidents

Show all | Hide all

This node lets you view and process incidents.

The Incidents filter section lets you find incidents that need processing.

The section displays the incident filtering conditions. Each condition has two parameters: a criterion and a value. The drop-down list on the left lets you select an incident filtering criterion. Incident details are used as filtering criteria. In the drop-down list next to it you can specify the value of the selected criterion according to which filtering is performed. The appearance of the drop-down list depends on the filtering criterion selected.

By default, the incident filter contains one filtering condition. You can add several conditions to configure incident filtering flexibly. The application performs filtering according to all conditions added to the incident filter.

Add a condition

Clicking this button displays an additional condition for which you can configure filtering settings.

Search

Clicking this button causes the list to display incidents that match the search conditions.

You can remove an incident filtering condition by clicking the ks90_pict_dlp_del_filter button located on the right of the condition parameters.

The List of incidents section contains a table with a list of incidents. This list lets you view the details of each incident, change incident status, perform incident archiving and recover incidents from the archive.

The list of incidents appears one page at a time. The first page of the incident list displays 24 of the latest incidents. Use the buttons in the ks90_pict_dlp_list bottom right corner of the table to navigate the pages. The number of the page you are viewing is displayed in the field between buttons.

View

Clicking this button opens the Incident details window. In this window, you can view the incident details and history, as well as change the incident's status.

Change status

Button with a list in which you can select the method of changing the status of incidents. You can change the status of all incidents in the list or the status of selected incidents only.

Selecting the status change option opens the Changing status window. This window lets you assign a new status to an incident and specify the reason for the status change.

Refresh

Clicking the button causes the application to update the list of incidents. New incidents created since the time when the list was refreshed last are added to the list.

The list of incidents is not refreshed automatically.

Select columns

Clicking this button expands the Select columns to display section. This section lets you select the incident details to be displayed in the incident table by means of check boxes. Incident details next to which the icon \\HQAITFE\Data\Images\Kaspersky Security 9.0 for SharePoint\DLP_Edition appears are always displayed in the table.

You can right-click to open the context menu of the incident. The context menu allows you to change the incident's status, view the incident details, and find similar incidents (e.g., those associated with the same user or file).

Archive

Clicking this button causes the application to start the Incident Archiving Wizard. The Wizard lets you archive incidents that have been processed.

Archived incidents are removed from the list of incidents. If necessary, you can recover incidents from the archive.

Restore

Clicking this button causes the application to start the Incident Recovery Wizard that lets you recover incidents from the archive.

Delete archived

Clicking this button causes the application to remove all incidents with Archived status from the list of incidents.

Incidents can be recovered from the archive.

Use these settings for the following tasks

Managing incidents

See also

Updating the list of incidents

Searching for incidents using a filter

Changing incident details displayed in the table

Changing the status of an incident

Archiving incidents

Restoring incidents from the archive

Page top

Incident details – Review

Show all | Hide all

No

The No field displays the serial number of an incident. The number is assigned to an incident when one is created, and it is unique.

On the Browse tab, you can view detailed information about an incident, change the incident status, and send users notifications of violations of the corporate security requirements.

The Status field shows the current incident status. You can change the incident status by clicking the Change button.

User

The User field contains the account name of the employee associated with an incident (displayed as a link). Clicking this link opens an email window so that you can send a message to that employee.

After failing to determine the user's Active Directory account, the application displays the user's SharePoint account in this field. If the application failed to determine the user's SharePoint account, the application displays the Error receiving name notification in this field.

File

The File field displays the name of the file associated with an incident. Clicking the Actions button on the right of the file name opens a section in which you can select the action to be taken on the detected file:

  • Save as. The application saves the file to the specified location.
  • Open from SharePoint website. The application opens the page of a SharePoint website with the detected file.
  • Add to exclusions. The application adds the web address of the file to the list of exclusions.

If the incident has been created due to a policy violation, the web address will be added to the policy's exclusions. The application will not control the uploading of files by users to that web address.

If the incident has been created when running the search task, the web address will be added to the search task's exclusions. The application will not scan files located on that web address.

  • Copy data to clipboard. When you click this button, the application copies the incident details and processing history to the clipboard. The order and set of details being copied are the same as those displayed in the Incident details window. To continue handling the incident, you can paste the data from the clipboard to a text editor (such as Notepad or Microsoft Word).

You cannot add the web address to the exclusions of search tasks for incidents that have been created during the operation of Kaspersky Security 9.0.

The Manager field displays the account of the employee's manager that is present in Active Directory.

The Address field displays the web address of the file that has caused the policy violation while being transferred to SharePoint.

The Category field displays the name of the data category detected by the application in the file being transferred.

The Priority field displays the incident severity rate specified in the policy settings.

The Action field displays the action that has been applied by the application to the file.

The Created field displays the date and time of the incident creation. The internal SharePoint server time is used.

The Policy field displays the name of the violated policy.

The Violations field displays the number of text fragments that contain data matching the category.

The Violation context field displays all text fragments that contain data matching the category. Keywords or table data in each fragment are highlighted in red.

Use these settings for the following tasks

Managing incidents

See also

Viewing incident details

Changing the status of an incident

Page top

Incident details – History

Show all | Hide all

No

The No field displays the serial number of an incident. The number is assigned to an incident when one is created, and it is unique.

The History tab displays information on events relating to incident processing (such as incident status changes or incident recovery from the archive). Entries about events relating to incident processing are highlighted in blue. Each entry includes the date, time, and author of changes.

Comment

In this entry field, you can specify additional information relating to incident processing. Clicking the OK button saves information entered in the entry field.

Use these settings for the following tasks

Managing incidents

See also

Viewing incident details

Changing the status of an incident

Page top

Change status

Show all | Hide all

In this window, you can assign a new status to incidents and add comments on the reasons of the status change.

Status

The Status field displays information about the current incident status. You can change the incident status by clicking <Current status>. The dropdown list displays statuses that you can assign to an incident:

  • New. Assigned to an incident when one is created.
  • In progress. Assigned to an incident under processing.
  • Closed (processed). Assigned to an incident that has been already resolved.
  • Closed (false positive). Assigned to an incident if the policy violation was a false positive (for example, an error has been returned when configuring the policy).
  • Closed (not an incident). Assigned to an incident if the policy violation was admissible as an exclusion.
  • Closed (other). Assigned to an incident in all other cases.

In the entry field on the right, you can specify the reasons of the incident status change.

Comment

In this entry field, you can specify additional information that is related to the incident status change. These comments are displayed in the Incident details window, on the Browse tab.

Use these settings for the following tasks

Managing incidents

See also

Changing the status of an incident

Page top

Incident Archiving Wizard

Show all | Hide all

The Incident Archiving Wizard lets you perform incident archiving by following a sequence of steps.

Information on incidents that can be archived is displayed in the Wizard window that opens. This window lets you configure the settings of incident archiving.

Path to file

Path to the file of the archive for storing incidents. You can specify the path manually or select it by clicking the Browse button.

Browse

Clicking this button opens the Open file window. In this window, you can proceed to the folder in which the CSV file is stored, and select that file.

Next

Clicking this button causes the Wizard to start the incident archiving process.

The archiving progress bar is displayed in the Wizard window. Incident archiving may take some time.

Once archiving has been completed, the following archiving results are displayed in the Wizard window:

  • Number of successfully archived incidents
  • Number of errors encountered during the archiving process

Finish

Clicking this button finishes the Wizard.

Use these settings for the following tasks

Managing incidents

See also

Deleting archived incidents

Restoring incidents from the archive

Page top

Incident Recovery Wizard

Show all | Hide all

The Incident Recovery Wizard lets you recover incidents from an archive.

You can configure the incident recovery settings in the Wizard window that opens.

All incidents

The Wizard restores all incidents from the selected archive.

For period

The Interval block of settings contains entry fields in which you can select the start and end dates of the period (in days).

Path to file

Path to the file of the archive with incidents. You can specify the path manually or select it by clicking the Browse button.

Browse

Clicking this button opens the Open file window. In this window, you can proceed to the folder in which the CSV file is stored, and select that file.

Next

Clicking this button causes the Wizard to start the incident recovery process.

The recovery progress bar is displayed in the Wizard window. Incident recovery may take some time.

Once incident recovery has been completed, the following recovery results are displayed in the Wizard window:

  • Number of successfully recovered incidents
  • Number of incidents previously recovered from the archive
  • Number of errors encountered during the recovery process

Finish

Clicking this button finishes the Wizard.

Use these settings for the following tasks

Managing incidents

See also

Archiving incidents

Deleting archived incidents

Page top

Assessing the status of data protection

The status of data protection has to be assessed constantly in order to maintain the proper level of data security on SharePoint websites. Information about data protection is refreshed in real time in the Data Leak Prevention node.

The status of data protection can be assessed using the following criteria:

  • Status of the DLP Module, errors in the operation of the Module;

    If the DLP Module operates with errors, this decreases the level of protection. If the DLP Module is disabled, the application does not scan files that are uploaded by users to SharePoint.

  • Statistics on opened incidents;

    This information helps to evaluate the volume of incidents processed so far and plan further incident processing.

  • Statistics on closed incidents;

    This information helps to analyze the reasons why incidents have been closed. Analysis results help to detect weak spots in computer protection and modify policy settings accordingly.

  • Statistics on files uploaded to SharePoint.

    This information helps to monitor and evaluate application performance.

You can configure automatic delivery of notifications about changes in the protection status to email addresses.

See also

Viewing protection status details

Selecting categories for generating incident statistics

Configuring automatic notifications

Page top

Data Leak Prevention

Show all | Hide all

This node lets you view information about the status of data protection on SharePoint sites and incident statistics.

Kaspersky Security uses the DLP Module status section to notify the user about the following events in the operation of the DLP Module:

  • About changes in the status of the DLP Module (Enabled, Disabled, or Enabled, running with errors)
  • About DLP Module licensing problems
  • About application errors (such as no connection to the SQL database or a SharePoint server that is unavailable)

This section lets you specify the email addresses of Security Officers. The application automatically sends event notifications to these addresses.

Configure notifications

Clicking this button opens the Notification settings window. This window allows you to configure delivery of automatic notifications.

The Opened incidents section lets you view current data leak statistics.

The following information about open incidents is displayed in the upper part of the section:

  • Violators. The number of unique users that violated policies.
  • New incidents. The number of incidents with New status.
  • Incidents under processing. The number of incidents with In progress status.
  • Opened high-priority incidents. The number of opened incidents (in percentage points) to which a high priority of data leak danger has been assigned.
  • Top 3 violators. The rating of users with the highest number of policy violations.

A chart of statistics on opened incidents as associated categories is displayed in the lower part of the section. You can modify the list of categories for which statistics are displayed.

Select categories

Clicking this button opens a window where you can select categories for which statistics are displayed.

The Statistics section displays the following information about the operation of the DLP Module:

  • Files transferred. The number of files that users have uploaded to SharePoint.
  • Files scanned. The number of files that caused policy violations while being uploaded to SharePoint.
  • Incidents created. The number of incidents generated as a result of policy violations.
  • Files not scanned due to timeouts. The number of files that could not be scanned due to a SharePoint server connection time-out.
  • Files not scanned due to errors. The number of files that could not be scanned due to application errors.

    You can change the reporting period for which statistics are displayed by clicking the 30 days and 7 days links.

The Closed incidents section displays a chart with statistics on closed incidents. This chart makes it possible to analyze the reasons why incidents belonging to different categories have been closed. You can modify the list of categories for which statistics are displayed.

Select categories

Clicking this button opens a window where you can select categories for which statistics are displayed.

See also

Configuring automatic notifications

Selecting categories for generating incident statistics

Use these settings for the following tasks

Assessing the status of data protection

Viewing protection status details

Page top

Notification settings

Show all | Hide all

Addresses of information security specialists

This entry field lets you specify the email addresses of Security Officers. If the policies and reports have been configured to send notifications to the Security Officer, the application automatically sends incident notifications and generated reports to the email addresses specified in the entry field. When errors are encountered, the application automatically sends DLP Module status notifications to these addresses.

Use a semicolon to separate email addresses in the entry field.

No addresses are specified by default.

Notify when adding Kaspersky Lab categories

Sending automatic notifications when Kaspersky Lab categories are updated.

If this check box is selected, the application sends by email automatic notifications of added or modified Kaspersky Lab categories. Notifications contain information about the number of new and modified categories with their descriptions.

The check box is cleared by default.

See also

Configuring automatic notifications

Data Leak Prevention

Page top

Categories

The window displays the current list of categories. You can select categories for which statistics are displayed by selecting check boxes opposite the category names.

If the All categories check box is selected, when new categories are added the information about incidents related to such categories is automatically refreshed in the statistics chart.

By default, all categories are selected.

See also

Selecting categories for generating incident statistics

Data Leak Prevention

Page top

Generating application reports

Information on the operation of the application and the status of Data Leak Prevention can be saved in reports. Reports are generated on the basis of information stored in the database. You can generate a report manually or automatically (according to schedule).

You can use quick reports to generate reports manually.

You can use report generation tasks to generate reports automatically. Report generation tasks are started according to the schedule configured in task settings. If necessary, you can generate a report at any time without waiting for a scheduled task to start.

Selecting the report type

You can select the report type depending on the type of information you need to gather:

  • To gather full information on the results of application operation and the status of Data Leak Prevention during a specific period, generate a report on policy-related incidents. The report contains information about incidents related to the selected categories and policies.
  • To gather information about policy violations by specific users, generate a “user statistics” report. The report contains information about incidents related to the selected users.

    You can use the report to analyze the frequency of policy violations by users. For example, if a user has repeatedly violated the same policy, you have to notify the user's manager.

  • To check if the application is running properly, generate a system KPI (Key Performance Indicators) report. The report contains information on the key performance indicators of the application.

    You can track changes in the operation of the application based on this report. For example, if the application has not scanned a large number of files, this may indicate a need to modify policy settings.

  • To check if policies are configured correctly, generate an “incident status report”. The report contains information about incidents related to the selected data categories.

    This report lets you analyze relationships between policy violations and reasons for closing incidents. For example, if policy-related incidents are closed as false positives, this may indicate a need to change the policy settings.

When generating a “report on policy-related incidents” or a “user statistics report”, the application factors in the incidents restored from the archive.

Managing reports

The application adds all reports that have been generated to the list of reports in the View and create reports section in the Reports node. The following information is displayed for each report:

  • Name.
  • Creation date and time.
  • The reporting period.
  • Report type.

This information helps you to find reports that you want to view. If you generate a quick report, the application automatically opens the generated report in the window of the default browser.

If necessary, you can save the generated reports to manage them without opening Management Console.

See also

Generating a quick report

Adding a report generation task

Editing report generation task settings

Starting a report creation task

Viewing the incident status report

Viewing the report on users

Viewing the search results

Viewing protection status details

Saving reports

Deleting a report

Page top

Reports

Show all | Hide all

In this node, you can create and view reports on the status of confidential data protection on SharePoint.

The Report generation tasks section contains a list of tasks for automatic generation of reports. In this section, you can add new tasks and configure their settings.

New task

A button with a drop-down list that lets you select the type of report to be generated using the task being added:

  • Creating "Incidents by policies" report. Contains information about the reasons for incident generation and the incident status at the time of report generation.
  • Creating "Statistics by users" report. Contains information about policy violations by specific users.
  • Creating "System KPI" report. Contains information about errors and problems in the operation of the application.
  • Creating "Statistics on statuses of incidents" report. Contains information about relationships between violated policies and the reasons for closing incidents.

When you select a report type, a window opens in which you can configure the new task.

Change

Clicking this button opens the Task settings window. In this window, you can edit the settings of report generation and the run mode of the task selected from the list.

Delete

Clicking this button causes the application to delete one or several tasks that have been selected in the list, without any option of restoration.

Start task

Clicking this button causes the application to run the report generation in accordance with the settings of the task selected from the list.

The View and create reports section contains a list of generated reports. In this section, you can create reports in real-time mode, view and save generated reports.

New report

A button with a list in which you can select the type of the report being generated:

  • Incidents by policies. Contains information about the reasons for incident generation and the incident status at the time of report generation.
  • Statistics on users. Contains information about policy violations by specific users.
  • System KPI. Contains information about errors and problems in the operation of the application.
  • Statistics on statuses of incidents. Contains information about relationships between violated policies and the reasons for closing incidents.

When you select a report type, a window opens in which you can configure the quick report generation settings.

View

Clicking this button opens the selected report in the default web browser window.

Delete

Clicking this button causes the application to delete one or several reports that have been selected in the list.

Save

Clicking this button opens the Save as window. In this window, you can save the selected report in CSV format.

By default, the application saves the report under the name specified in the list of reports.

Use these settings for the following tasks

Generating application reports

See also

Adding a report generation task

Starting a report creation task

Saving reports

Generating a quick report

Deleting a report

Viewing the report on policy-related incidents

Viewing the system KPI report

Viewing the incident status report

Viewing the report on users

Page top

Main settings of the detailed report

Show all | Hide all

On the Basic tab, you can define the main settings of the report:

  • Reporting interval
  • Selection criteria for incidents to be reported on.

Interval

The Interval block of settings contains entry fields in which you can select the start and end dates of the period (in days).

In the Include incidents in report block of settings, you can select incidents associated with specific categories and policies to be reported on.

By all categories and policies

The application selects incidents associated with all categories and policies to add them to the report (including those associated with removed categories and policies).

This option is selected by default.

By selected categories and policies

The application selects incidents associated with the specified categories and policies to add them to the report.

If you select this option, a list of categories and policies becomes available.

The list contains the names of all currently available categories and policies. You can select incidents to be reported on by selecting the check boxes next to relevant categories and / or policies.

If the check box is selected next to the name of a category, the check boxes next to the names of the policies set for that category will be automatically selected.

In the Filter by users block of settings, you can select incidents associated with specified users to be reported on.

All Active Directory users

The application selects incidents associated with all users with Active Directory accounts to add them to the report.

This option is selected by default.

Selected users

The application selects incidents associated with the users that you have selected to add them to the report. If you select this option, the list of Active Directory users becomes available. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Include users missing from Active Directory

Select incidents associated with users without Active Directory accounts to be added to the report.

If this check box is selected, the application selects incidents associated with users who have no Active Directory accounts.

If this check box is cleared, the application does not select such incidents to be added to the report.

The check box is selected by default.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

See also

Additional report settings

Page top

Main settings of the report on users

Show all | Hide all

On the Basic tab, you can define the main settings of the report:

  • Reporting interval
  • Selection criteria for incidents to be reported on.

Interval

The Interval block of settings contains entry fields in which you can select the start and end dates of the period (in days).

In the Include incidents in report block of settings, you can select incidents belonging to specific categories for report generation.

By all categories

The application selects incidents associated with all categories for the report (including categories that had been deleted at the time of report generation).

This option is selected by default.

By selected categories

The application selects incidents belonging to the specified categories for the report. If you select this option, the list of categories becomes available.

The list contains the names of categories available at the time of report generation. You can select incidents for the report by selecting the check boxes next to relevant categories.

In the Filter by users block of settings, you can select incidents associated with specified users to be reported on.

All Active Directory users

The application selects incidents associated with all users with Active Directory accounts to add them to the report.

This option is selected by default.

Selected users

The application selects incidents associated with the users that you have selected to add them to the report. If you select this option, the list of Active Directory users becomes available. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Include users missing from Active Directory

Select incidents associated with users without Active Directory accounts to be added to the report.

If this check box is selected, the application selects incidents associated with users who have no Active Directory accounts.

If this check box is cleared, the application does not select such incidents to be added to the report.

The check box is selected by default.

Use these settings for the following tasks

Configuring the report on users

See also

Additional report settings

Page top

Additional report settings

Show all | Hide all

On the Additional tab, you can define the advanced settings for report generation:

  • Filtering incidents for the report on statuses
  • Procedure for grouping information about incidents in reports
  • Automatically sending a report to specified email addresses.

Include incidents with the following status in the report

The list of incident statuses selected for the report.

You can change the list of statuses based on which the application selects incidents for the report by clicking the Select button.

Sort data by columns

The list of incident details according to which incidents are arranged in the report table. The report starts with incidents for which the details specified in the field are the same.

You can change the order for grouping incidents with identical details by clicking the Select button.

The Email report list lets you select recipients to whom the application will automatically send the generated report.

To security officer

Automatically send the completed report to the email address of an information security specialist.

If this check box is selected, report sending is enabled. If this check box is cleared, report sending is disabled.

You can specify the email address of a security officer in the Data Leak Prevention node.

The check box is cleared by default.

Additionally

Automatically send the report to additional email addresses specified manually.

If this check box is selected, the application automatically sends the report to the email addresses specified in the entry field. Separate the email addresses with a semicolon.

If this check box is cleared, sending reports to additional addresses is disabled.

The check box is cleared by default.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

Configuring the report on users

See also

Main settings of the detailed report

Main settings of the report on users

Page top

Incident status

The Incident status window shows a list of all incident statuses. If the check box is selected opposite an incident status, incidents with this status are included in the report. If the check box is cleared, incidents with this status are excluded from the report.

The check boxes are selected for all statuses by default.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

Configuring the report on users

Page top

Incident data

The Incident details window lets you configure the settings that define the way incident data is displayed. The window shows the following list of incident data:

  • Created;
  • User;
  • Address;
  • No;
  • Status;
  • Violations;
  • Action;
  • Manager.

This window lets you configure the final appearance of the incident table in the report.

If the check box is selected opposite a list item, the report incidents are arranged in accordance with the details selected. If the check box is cleared, incidents are not arranged according to such details.

You can change the order of incident details in the list using the Up and Down buttons located to the right of the list. The order of list items defines the order in which incidents are arranged in the report.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

Page top

User data

The Incident details window lets you configure user details included in the report. The window shows the following list of user data:

  • Total incidents;
  • User;
  • Department.

This window lets you configure the final appearance of the incident table in the report.

If the check box is selected opposite a list item, the report incidents are arranged in accordance with the details selected. If the check box is cleared, incidents are not arranged according to such details.

You can change the order of incident details in the list using the Up and Down buttons located to the right of the list. The order of list items defines the order in which incidents are arranged in the report.

Use these settings for the following tasks

Configuring the report on users

Page top

System report settings

Show all | Hide all

In this window you can configure the following report generation settings:

  • The reporting period.
  • Automatically sending a report to specified email addresses.

Interval

The Interval block of settings contains entry fields in which you can select the start and end dates of the period (in days).

The Email report list lets you select recipients to whom the application will automatically send the generated report.

To security officer

Automatically send the completed report to the email address of an information security specialist.

If this check box is selected, report sending is enabled. If this check box is cleared, report sending is disabled.

You can specify the email address of a security officer in the Data Leak Prevention node.

The check box is cleared by default.

Additionally

Automatically send the report to additional email addresses specified manually.

If this check box is selected, the application automatically sends the report to the email addresses specified in the entry field. Separate the email addresses with a semicolon.

If this check box is cleared, sending reports to additional addresses is disabled.

The check box is cleared by default.

Use these settings for the following tasks

Configuring system KPI report settings

Page top

Main settings of the statistical report

Show all | Hide all

On the Basic tab, you can define the main settings of the report:

  • Reporting interval
  • Selection criteria for incidents to be reported on.

Interval

The Interval block of settings contains entry fields in which you can select the start and end dates of the period (in days).

By all categories

The application selects incidents associated with all categories for the report (including categories that had been deleted at the time of report generation).

This option is selected by default.

By selected categories

The application selects incidents belonging to the specified categories for the report. If you select this option, the list of categories becomes available.

The list contains the names of categories available at the time of report generation. You can select incidents for the report by selecting the check boxes next to relevant categories.

Use these settings for the following tasks

Configuring settings of the incident status report

See also

Additional settings of the statistical report

Page top

Additional settings of the statistical report

Show all | Hide all

The Additional tab lets you configure automatic sending of the report to email addresses.

The Email report list lets you select recipients to whom the application will automatically send the generated report.

To security officer

Automatically send the completed report to the email address of an information security specialist.

If this check box is selected, report sending is enabled. If this check box is cleared, report sending is disabled.

You can specify the email address of a security officer in the Data Leak Prevention node.

The check box is cleared by default.

Additionally

Automatically send the report to additional email addresses specified manually.

If this check box is selected, the application automatically sends the report to the email addresses specified in the entry field. Separate the email addresses with a semicolon.

If this check box is cleared, sending reports to additional addresses is disabled.

The check box is cleared by default.

Use these settings for the following tasks

Configuring settings of the incident status report

See also

Main settings of the statistical report

Page top

Main settings of the detailed report

Show all | Hide all

The Basic tab lets you configure the criteria for selecting incidents to be included in the report.

In the Include incidents in report block of settings, you can select incidents associated with specific categories and policies to be reported on.

By all categories and policies

The application selects incidents associated with all categories and policies to add them to the report (including those associated with removed categories and policies).

This option is selected by default.

By selected categories and policies

The application selects incidents associated with the specified categories and policies to add them to the report.

If you select this option, a list of categories and policies becomes available.

The list contains the names of all currently available categories and policies. You can select incidents to be reported on by selecting the check boxes next to relevant categories and / or policies.

If the check box is selected next to the name of a category, the check boxes next to the names of the policies set for that category will be automatically selected.

In the Filter by users block of settings, you can select incidents associated with specified users to be reported on.

All Active Directory users

The application selects incidents associated with all users with Active Directory accounts to add them to the report.

This option is selected by default.

Selected users

The application selects incidents associated with the users that you have selected to add them to the report. If you select this option, the list of Active Directory users becomes available. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Include users missing from Active Directory

Select incidents associated with users without Active Directory accounts to be added to the report.

If this check box is selected, the application selects incidents associated with users who have no Active Directory accounts.

If this check box is cleared, the application does not select such incidents to be added to the report.

The check box is selected by default.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

See also

Additional task settings

Run mode

Page top

Main settings of the report on users

Show all | Hide all

The Basic tab lets you configure the criteria for selecting incidents to be included in the report.

In the Include incidents in report block of settings, you can select incidents belonging to specific categories for report generation.

By all categories

The application selects incidents associated with all categories for the report (including categories that had been deleted at the time of report generation).

This option is selected by default.

By selected categories

The application selects incidents belonging to the specified categories for the report. If you select this option, the list of categories becomes available.

The list contains the names of categories available at the time of report generation. You can select incidents for the report by selecting the check boxes next to relevant categories.

In the Filter by users block of settings, you can select incidents associated with specified users to be reported on.

All Active Directory users

The application selects incidents associated with all users with Active Directory accounts to add them to the report.

This option is selected by default.

Selected users

The application selects incidents associated with the users that you have selected to add them to the report. If you select this option, the list of Active Directory users becomes available. The following buttons are designed for creating a list:

  • ks90_pict_dlp_add_button – add an account to the list;
  • ks90_pict_dlp_del_button – remove the selected account from the list.

The list is empty by default.

Include users missing from Active Directory

Select incidents associated with users without Active Directory accounts to be added to the report.

If this check box is selected, the application selects incidents associated with users who have no Active Directory accounts.

If this check box is cleared, the application does not select such incidents to be added to the report.

The check box is selected by default.

Use these settings for the following tasks

Configuring the report on users

See also

Additional task settings

Run mode

Page top

System report settings

Show all | Hide all

In this window you can configure the following report generation task settings:

  • Task run mode
  • Automatically sending a report to specified email addresses.

Generate scheduled report

Enabling automatic report generation.

If the check box is selected, the application automatically generates the report according to the schedule configured in the task. If the check box is cleared, the report is not generated automatically.

The check box is selected by default.

Every N days

The application automatically starts the task at the specified time and at the specified interval in days.

If you select this option, theEvery N days and Start time fields become available for configuring the task run mode.

Weekly

The application automatically runs the task weekly, according to the schedule that you have set up.

If you select this option, the Start day and Start time fields become available so that you can configure the task run schedule.

Monthly

The application automatically starts the task once per month on the selected day of the month and at the specified time.

If you select this option, theDay of month and Start time fields become available for configuring the task run schedule.

The Email report list lets you select recipients to whom the application will automatically send the generated report.

To security officer

Automatically send the completed report to the email address of an information security specialist.

If this check box is selected, report sending is enabled. If this check box is cleared, report sending is disabled.

You can specify the email address of a security officer in the Data Leak Prevention node.

The check box is cleared by default.

Additionally

Automatically send the report to additional email addresses specified manually.

If this check box is selected, the application automatically sends the report to the email addresses specified in the entry field. Separate the email addresses with a semicolon.

If this check box is cleared, sending reports to additional addresses is disabled.

The check box is cleared by default.

Use these settings for the following tasks

Configuring system KPI report settings

Page top

Main settings of the report on policies

Show all | Hide all

The Basic tab lets you configure the criteria for selecting incidents to be included in the report.

By all categories

The application selects incidents associated with all categories for the report (including categories that had been deleted at the time of report generation).

This option is selected by default.

By selected categories

The application selects incidents belonging to the specified categories for the report. If you select this option, the list of categories becomes available.

The list contains the names of categories available at the time of report generation. You can select incidents for the report by selecting the check boxes next to relevant categories.

Use these settings for the following tasks

Configuring settings of the incident status report

See also

Additional settings of the statistical report

Run mode

Page top

Additional task settings

Show all | Hide all

On the Additional tab, you can configure advanced settings for the report generation task:

  • Incident filtering by status
  • The method of grouping incident information in the report
  • Automatically sending a report to specified email addresses.

Include incidents with the following status in the report

The list of incident statuses selected for the report.

You can change the list of statuses based on which the application selects incidents for the report by clicking the Select button.

Sort data by columns

The list of incident details according to which incidents are arranged in the report table. The report starts with incidents for which the details specified in the field are the same.

You can change the order for grouping incidents with identical details by clicking the Select button.

The Email report list lets you select recipients to whom the application will automatically send the generated report.

To security officer

Automatically send the completed report to the email address of an information security specialist.

If this check box is selected, report sending is enabled. If this check box is cleared, report sending is disabled.

You can specify the email address of a security officer in the Data Leak Prevention node.

The check box is cleared by default.

Additionally

Automatically send the report to additional email addresses specified manually.

If this check box is selected, the application automatically sends the report to the email addresses specified in the entry field. Separate the email addresses with a semicolon.

If this check box is cleared, sending reports to additional addresses is disabled.

The check box is cleared by default.

Page top

Run mode

Show all | Hide all

The Schedule tab lets you enable automatic report generation and configure the schedule according to which the application will run the task.

Generate scheduled report

Enabling automatic report generation.

If the check box is selected, the application automatically generates the report according to the schedule configured in the task. If the check box is cleared, the report is not generated automatically.

The check box is selected by default.

Every N days

The application automatically starts the task at the specified time and at the specified interval in days.

If you select this option, theEvery N days and Start time fields become available for configuring the task run mode.

Weekly

The application automatically runs the task weekly, according to the schedule that you have set up.

If you select this option, the Start day and Start time fields become available so that you can configure the task run schedule.

Monthly

The application automatically starts the task once per month on the selected day of the month and at the specified time.

If you select this option, theDay of month and Start time fields become available for configuring the task run schedule.

Page top

Additional instructions

This section lists instructions that help to configure application settings.

In this Help section

Archiving incidents

Enabling the incremental scanning

Restoring incidents from the archive

Selecting categories for generating incident statistics

Adding a search task

Adding a report generation task

Adding a category of keywords

Adding a category of table data

Adding a file to exclusions by web address

Starting a report creation task

Starting and stopping a data search

Editing the search task settings

Editing report generation task settings

Editing a category

Changing incident details displayed in the table

Changing the contents of a Kaspersky Lab category

Changing the status of an incident

Copying incident details to the clipboard

New Policy Wizard

Configuring automatic notifications

Configuring settings of the report on policy-related incidents

Configuring the report on users

Configuring system KPI report settings

Configuring settings of the incident status report

Updating the list of incidents

Searching for incidents using a filter

Searching for policies by users

Searching for similar incidents

Viewing incident details

Viewing the report on policy-related incidents

Viewing the system KPI report

Viewing the report on users

Viewing the incident status report

Viewing the search results

Viewing protection status details

Generating a quick report

Saving reports

Saving search results

Deleting archived incidents

Deleting a task

Deleting a category

Deleting a report

Deleting a policy

Deleting the search results

Page top

Archiving incidents

Incident archiving is a process of moving closed incidents to an archive in secure format.

Incident archiving reduces the size of the SQL database and the list of incidents displayed in Management Console.

To launch the Incident Archiving Wizard:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. Select closed incidents to be moved to the archive.
  4. Click the Archive button in the workspace of the node.

The application launches the Incident Archiving Wizard.

The interface of the Incident Archiving Wizard consists of a sequence of windows (steps). Use the Back and Next buttons to navigate the windows of the Wizard. To close the Wizard after it finishes, click the Finish button. To exit the Wizard at any step, click the Cancel button.

Starting the Wizard. Selecting incidents to archive

The first window of the Wizard shows information about incidents to be archived. You can archive incidents with the Closed status only.

In the Path to file field, specify the full path to the archive in which the application will save incidents. If you do not specify the name of an archive, the Incident Archiving Wizard creates a new incident archive. The archive name is assigned automatically and contains the date of creation of the earliest incident in the archive and the date of creation of the most recent incident in the archive. The application uses the dates when incidents were created on the server.

You cannot archive incidents with the New or In progress status, as well as incidents previously recovered from an archive.

Creating an archive with incidents

At this step the Wizard performs incident archiving. The incident archiving process is accompanied by a progress bar. Once incident archiving has been completed, the Wizard automatically proceeds to the next step.

Exiting the Wizard

At this step the Wizard announces that the incident archiving process has been completed and shows information on the number of incidents archived. If errors were encountered during the incident archiving process, the Wizard displays information about the incidents that could not be archived.

The following archiving process information is stored in the incident history:

  • Archive name
  • Date and time of the archiving process
  • Name of the user that performed archiving

Incidents added to the archive are removed from the SQL database and from the list of incidents in the Incidents node.

See also

Incident Archiving Wizard

Use these settings for the following tasks

Managing incidents

Page top

Enabling the incremental scanning

To enable the incremental scanning:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of tasks in the Search tasks section, select the task of which you want to edit the settings, and click the Change button.

    This opens the Task settings window.

  4. On the General tab, select the Scan modified files only check box.

    During repeated runs of the task, the application will scan files that have been modified since the previous task run.

  5. Click OK to save the changes.

Changes to scan task settings affect the performance of the incremental scan.

Page top

Restoring incidents from the archive

Incident recovery is a process of copying incidents from the archive to the SQL database.

You can recover incidents when you need to view the details of incidents that had been processed a long time ago.

To launch the Incident Recovery Wizard:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. Click the Restore button in the workspace of the node.

The application starts the Incident Recovery Wizard.

The interface of the Incident Recovery Wizard consists of a sequence of windows (steps). Use the Back and Next buttons to navigate the windows of the Wizard. To close the Wizard after it finishes, click the Finish button. To exit the Wizard at any step, click the Cancel button.

Starting the Wizard. Selecting incidents to recover

In the first window of the Wizard, select the incidents that you want to recover.

In the For period field, specify the period during which the relevant incidents were generated. In the Path to file field, specify the full path to the incidents archive file from which the application will recover the incidents.

Recovering incidents

At this step the Wizard performs incident recovery. The process of incident recovery from the archive is displayed in the Wizard window using a progress bar. Once incident recovery has been completed, the Wizard automatically proceeds to the next step.

Exiting the Wizard

At this step the Wizard announces that the incident recovery process has been completed and shows information on the number of incidents recovered. If errors were encountered during the incident recovery process, the Wizard displays information about the incidents that could not be recovered.

Recovered incidents cannot be archived or recovered again. It is impossible to change the status of recovered incidents.

All recovered incidents are displayed on the common list of incidents in the Incidents node. Archived status is added to the status of recovered incidents.

Use these settings for the following tasks

Managing incidents

See also

Incident Recovery Wizard

Page top

Selecting categories for generating incident statistics

To select categories to be included in the statistics chart:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Data Leak Prevention node.
  3. Perform one of the following steps:
    • To generate a chart of opened incidents, click the Select categories button in the Opened incidents section.
    • To generate a chart of closed incidents, click the Select categories button in the Statistics section.

      The List of categories dialog will appear.

  4. In the List of categories window, select data categories to be included in the statistics.

    The application generates incident statistics based on the categories selected.

    If the All categories check box is selected, information about incidents related to newly added categories will be automatically added to the statistics chart.

  5. Click OK to save the changes and close the window.

Data on incidents created according to the selected categories is reflected in the chart.

See also

Categories

Page top

Adding a search task

To add a search task:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the Search tasks section, click the Create button.

    This opens the Task settings window.

  4. On the General tab, in the Task name field, specify the task name.
  5. If necessary, select the Scan modified files only check box.

    During repeated runs of the task, the application will scan files that have been modified since the previous task run.

  6. If necessary, select the Create incidents and Log events in Windows Event Viewer check boxes.

    On detecting files that contain data of the specified categories, the application creates an incident for each file and logs file detection information in Windows Event Viewer.

  7. On the Categories tab, select the check boxes next to data categories for which the application should find matches on SharePoint websites.
  8. On the Schedule tab, select the task run mode and set up the task run schedule.
  9. On the Search scope tab, select the check boxes next to SharePoint websites on which the application will search for files.
  10. If necessary, click the Add exclusion button to configure exclusions for websites.

    The application will not scan files located on the web addresses that you have specified.

  11. Click OK to finish creating the task.

The newly added task is displayed in the table of tasks in the Search tasks section. You can start a task manually after creating it. If you have configured a task run schedule, the application runs a search for data at the specified time on the specified day.

See also

Task settings – General

Task settings – Run mode

Task settings – Scan scope

Page top

Adding a report generation task

To add a report generation task:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the Report generation tasks section, click the New task button.
  4. In the drop-down list that opens, select the type of report to be generated.

    This opens the Task settings window.

  5. In the window that opens, configure the settings of the report generation task.
  6. Click OK to add the task.

The new task is displayed on the list of tasks in the Report generation tasks section. The application starts the report generation task automatically according to the schedule configured in the task settings.

See also

Configuring settings of the report on policy-related incidents

Configuring the report on users

Configuring system KPI report settings

Configuring settings of the incident status report

Page top

Adding a category of keywords

A keyword is a word, phrase, or set of characters using which the application identifies data on SharePoint sites. To search SharePoint sites for data using keywords, you have to add keywords to a category. A category can contain a single keyword or an expression consisting of several keywords.

To add a category of keywords:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the workspace of the node, click the New category button and select Keywords in the list of category types that opens.

    The Category settings dialog will appear. This window lets you add keywords to a category and specify the category name.

  4. In the entry field, type the keywords to be included in the category.

    A keyword is a word or word combination enclosed in quotation marks. Use the "!" character at the beginning of the keyword to make it case-sensitive. Keywords can be combined into expressions by using such operators as AND, OR, NEAR(n), and ONEAR(n). Use round brackets to specify the order in which the operators should be applied.

    The OR operator is applied automatically to keywords typed in the entry field beginning with a new line. The application detects files whose text includes keywords consisting of one or more lines of the category.

     

    Example:

    The category contains the following expression consisting of keywords:

    "security" AND ("!Kaspersky Lab" NEAR(5) "program code")

    The application detects files whose content matches the following criteria:

    • They include words and word combinations "security", "Kaspersky Lab", and "program code".
    • The words "Kaspersky Lab" begin with upper-case letters.
    • The word combination "program code" is used before or after the word combination "Kaspersky Lab" with five or fewer words between them.

      For example: "...protect the program code of the application against hacking. At the conference, Kaspersky Lab will showcase an improved version of the product that makes networking more secure".

      For more details on how to add categories of keywords click the Help on adding keywords link in the Category settings window.

  5. Specify the category name in the Name field.
  6. In the Comments field, specify additional information pertaining to data included in the category.
  7. Click the OK button.

    The new category is added to the list of categories in the Categories and policies node.

You can use a category to search SharePoint sites for data and monitor data leaks.

See also

Settings of a category of keywords

Page top

Adding a category of table data

Table data describes information that is arranged in the form of tables. A common method of storing table data is a CSV (Comma Separated Values) file. Lines in CSV files correspond to table rows. Table rows in CSV files are separated using a special character known as the column separator. For example, a semicolon can be used to separate columns in a CSV files.

The application uses categories of table data to search for table data on SharePoint sites. The category contains the path to a CSV file with table data that needs to be monitored to prevent potential leaks, and also data search criteria.

A СSV file can be opened in such applications as Notepad, WordPad, or Microsoft Excel.

To add a category of table data:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the workspace of the node, click the New category button and select Keywords in the list of category types that opens.

    The Category settings dialog will appear. This window lets you add table data, configure data search settings, and specify the category name.

  4. In the Path to file field, enter the full path to the location of the CSV file with table data to be added to the category.

    For the category of table data to work properly, the CSV file must be saved using UTF-8 encoding.

  5. In the Column separator dropdown list, select the symbol to be used as the column separator in the CSV file that you are uploading.

    By default, the comma is used to separate columns.

  6. Configure the match level for table data.

    The match level is the minimum number of cells with table data whose content matches data in SharePoint files. The number of cells is created based on unique crossings between columns and rows of the table.

    • In the Threshold value for lines spin box, specify the number of table rows.

      By default, the application detects files with data present in any two table rows.

    • In the Threshold value for columns spin box, specify the number of table columns.

      By default, the application detects files with data present in any two table columns.

    For more details on how to add table data categories click the Help on configuring the match level link in the Category settings window.

  7. Specify the category name in the Name field.
  8. In the Comments field, specify additional information pertaining to data included in the category.
  9. Click the OK button.

    This opens a window showing the progress of table data being loaded into a category.

    When table data is added to a category, the first row in the CSV file is ignored (it is presumed that the first row contains table header data).

    If an error is encountered while table data is being added to a category, the application shows a notification with the number of the table row that caused the error.

    The new category is added to the list of categories in the Categories and policies node.

You can use a category to search SharePoint sites for data and monitor data leaks.

See also

Settings of a category of table data

Page top

Adding a file to exclusions by web address

To add an incident-related file to exclusions by its web address:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the list of incidents, select one for which the related file should be added to exclusions.
  4. Click the View button.

    This opens the Incident details window.

  5. In the File row, click the Actions button and select Add to exclusions in the dropdown list.

    The application adds the web address of the incident-related file to exclusions as follows:

    • If the incident was created due to a policy violation, the web address will be added to the policy's exclusions. The application will not control the uploading of files by users to that web address.
    • If the incident was created when running the search task, the web address will be added to the search task's exclusions. The application will not scan files located on that web address.

    If adding the web address to exclusions has failed (e.g., due to the policy or search task that had been removed), the application displays an error message.

  6. Click OK to save the changes.

See also

New Policy Wizard. Step 1

New Policy Wizard. Step 2

New Policy Wizard. Step 3

New Policy Wizard. Step 4

Use these settings for the following tasks

Monitoring and preventing data leaks

Page top

Starting a report creation task

To start a report generation task:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the Report generation tasks section, select the task to be run.
  4. Click the Start task button.

The application generates the report according to the configured task settings. The report will be displayed on the list of reports in the View and create reports section.

Page top

Starting and stopping a data search

To start or stop a search task manually:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of tasks, select the search task that you want to start or stop.
  4. Perform one of the following steps:
    • To run the search task, click the Start button.

      The application starts the data search on SharePoint websites.

    • To stop the search task, click the Stop button.

      The application stops running the task. After stopping the task, the application generates a report with information on files found before the task was stopped. The report will be displayed in the Search results section.

If the Status column next to a running task displays the No servers available message, contact the administrator to redefine the Allow running search tasks on the following servers setting.

Page top

Editing the search task settings

To edit search task settings:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of tasks in the Search tasks section, select the task of which you want to edit the settings, and click the Change button.

    This opens the Task settings window.

  4. Make changes to the task settings in the window that opens.
  5. Click OK to save the changes.

Changes to scan task settings affect the performance of the incremental scan.

See also

Searching SharePoint websites for data

Adding a search task

Page top

Editing report generation task settings

To edit the settings of a report generation task:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the Report generation tasks section, select a task and click the Change button.

    The Task settings dialog will appear.

  4. Make changes to the task settings.
  5. Click OK to save the changes.
Page top

Editing a category

To edit a category:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the list of categories, select the category of which you want to edit the settings and click the Settings button.

    The category settings window opens.

  4. Edit the category settings in the window that opens.
  5. Click OK to save the changes.
Page top

Changing incident details displayed in the table

To change incident details displayed in the table:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the List of incidents section, click the Select columns button.

    This opens the Select columns to display section.

  4. In the section, select check boxes opposite those incident details that you want displayed in the table.

Table changes are applied as soon as you select or clear a check box. Incident details next to which the icon \\HQAITFE\Data\Images\Kaspersky Security 9.0 for SharePoint\DLP_Edition appears are always displayed in the table.

Page top

Changing the contents of a Kaspersky Lab category

To change the contents of a Kaspersky Lab category:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the list of Kaspersky Lab categories, select the one you need to edit and click the Settings button.

    The category settings window opens.

  4. In the Subcategories section, select the check boxes next to the data subcategories that you want to remain in this category.
  5. Click OK to save the changes.
Page top

Changing the status of an incident

Incident status is information about the current incident status. You can change the incident status based on the results of incident processing. Incident statuses are used when generating application reports. The incident status can be changed either in the list of incidents or in the incident details window.

To change the incident status:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the list of incidents, select an incident whose status you want to change.

    You can select one or several incidents in the list.

  4. Click the Change status button and select Selected incidents in the dropdown list.

    You can change the status of all incidents in the list. To do this, in the Change status dropdown list, select All incidents.

  5. In the Changing status window that opens, in the Status list, select the status that you want to assign to the incident.
  6. If you need to specify the reason for the status change or other information pertaining to incident processing, add it in the Comment field.
  7. Click OK to save the changes.

The new status of the incident is displayed in the Status column of the incidents list in the Incidents node. Information about the status change and the author of changes is saved in the incident history.

You can change the status of an incident in the Incident details window by clicking the Change button.

See also

Change status

Use these settings for the following tasks

Managing incidents

Page top

Copying incident details to the clipboard

To copy the incident details to the clipboard:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the list of incidents, select the one of which you need to copy the details.
  4. Click the View button.

    This opens the Incident details window.

  5. In the File field, click the Actions button and select Copy data to clipboard in the dropdown list.

The application copies the incident details and processing history to the clipboard. The order and set of details being copied are the same as those displayed in the application window.

To continue handling the incident, you can paste the clipboard's contents to a text editor (such as Notepad or Microsoft Word).

Page top

New Policy Wizard

A policy is a way to specify data leak detection criteria for the application and configure its actions on leak detection. A policy contains a set of application settings for monitoring SharePoint sites for leaks of data belonging to a certain category. Initial configuration of policy settings is performed with the help of the Policy Wizard.

To launch the Policy Wizard:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. Select the data category for which you want to configure a policy.
  4. Click the New policy button.

The application starts the Policy Wizard.

The interface of the Policy Wizard consists of a sequence of windows (steps). Use the Back and Next buttons to navigate the windows of the Wizard. To close the Wizard after it finishes, click the Finish button. To exit the Wizard at any step, click the Cancel button.

Steps of the Wizard

Step 1. Policy rationale and status

Step 2. Configuring permissions to transfer files

Step 3. Selecting protected SharePoint sites

Step 4. Actions on policy violation

Page top

Step 1. Policy rationale and status

At this step, you can change the policy status and specify the rationale for creating it.

To change the policy status,

select the Activate policy check box.

When the wizard finishes, the application starts monitoring file uploads to SharePoint sites according to the settings configured in the policy.

To specify a rationale for a policy,

in the Link to guidance document field, specify the paragraph of the regulatory document that governs data confidentiality practices at the company.

A policy rationale is required to coordinate the efforts of several security officers working at the same company.

In the Policy name entry field, specify the name of the policy to be created. If the entry field has a red outline, this means that a policy with this name already exists.

Page top

Step 2. Configuring permissions to transfer files

At this step, you can configure permissions for file transfer to SharePoint sites by users.

To configure permissions for file transfers by users:

  1. In the Policy applies to list, select one of the following methods to apply the policy:
    • All Active Directory users
    • Selected Active Directory users.

      The application uses Active Directory accounts to monitor user activity. Creating and managing Active Directory groups is the job of the company's system administrator. The ks90_pict_dlp_add_button and ks90_pict_dlp_del_button buttons are designed to add and remove user accounts to which a policy applies.

  2. To specify users to be excluded from the scope of the policy, add their accounts to the Exclude the following users from policy list.

    Exclusions always have priority over permissions for file transfers by users. After a user account has been added to the exclusions list, the application stops monitoring this user's attempts to transfer files to SharePoint.

Page top

Step 3. Selecting protected SharePoint sites

At this step, you can configure the control scope of the policy by specifying SharePoint websites for which the application will monitor file transfers.

To configure the control scope:

  1. Select the check boxes next to SharePoint websites or use the Select child items and Deselect child items buttons to select the check boxes automatically.

    The application will control the uploading of files to the selected websites.

  2. Configure exclusions from the control scope:
    1. Click the Add exclusion button.

      This opens the Web address window.

    2. In the window that opens, specify a web address and click OK.

The web address appears on the list of exclusions. The application will not control the uploading of files by users to that web address.

Page top

Step 4. Actions on policy violation

A policy violation means user's actions leading to a violation of the conditions applied to the storage of confidential information on SharePoint websites. The user violates a policy by uploading policy-protected category data to SharePoint.

To configure application operations upon a policy violation:

  1. Select the Block file upload to SharePoint check box if you need to prevent leaks of data from this category.

    If the application detects data belonging to several categories while scanning a file, the file is blocked if at least one policy is configured to block data.

    If this check box is cleared, the application does not block file transfers to SharePoint but creates incidents when the policy is violated.

  2. In the Create incidents with priority dropdown list, select the priority that the application will assign to incidents upon a policy violation.
  3. If necessary, select the Attach file to incident details check box to view the file while handling the incident.
  4. If necessary, select the Record event to Windows Event Viewer check box to save information about policy violations in centralized mode and use it when resolving errors in the future.

    When a policy violation event is saved in Windows Event Viewer, it is assigned code 16000. Each record contains the incident number and incident information.

  5. In the Send notification by email list, select the check boxes next to the names of employees to be notified about policy violations. Select the Additionally check box to enter email addresses separated with a comma in the entry field.

    In the event of a policy violation, the application sends notifications to these addresses.

  6. Click Finish to close the New Policy Wizard.

A policy is assigned for a category of data. You can view the list of policies assigned for a category by clicking the button. You can minimize the list of policies by clicking the button. Policy lists are minimized automatically when you switch to another node of Management Console.

Page top

Configuring automatic notifications

To define the notification sending settings:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Data Leak Prevention node.
  3. Click the Configure notifications button in the DLP Module status section.

    This opens the Notification settings window.

  4. In the entry field, specify the email addresses to which notifications should be sent. Use a semicolon to separate email addresses in the entry field.

    The application uses the specified addresses to send notifications of new incidents and the status of the DLP Module, as well as ready reports.

  5. If necessary, select the Notify when adding Kaspersky Lab categories check box.

    The application sends automatic notifications of Kaspersky Lab categories that have been added or modified.

  6. Click OK to save the changes and close the window.

See also

Notification settings

Page top

Configuring settings of the report on policy-related incidents

To configure the settings of the report on policy-related incidents:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. Configure a detailed report generation task or a quick detailed report:
    • To configure an existing task for detailed report creation, select one in the Report generation tasks section and click the Change button.
    • To configure the quick detailed report, in the View and create reports section, click the New report button and select Incidents by policies.

      The report settings window opens.

  4. Make changes to the report settings.
  5. Click the OK button.

You can configure the settings of a detailed report as follows:

  • Select incidents for the report on policies and categories.

    When you select a category, all policies configured for the category are selected automatically.

  • Select incidents associated with specific users for the report.

    You can select individual users or groups of Active Directory users, anonymous users, or users without Active Directory accounts.

  • Select incidents with specific statuses for the report.
  • Configure the order for displaying incidents in the report.

    The application can group report incidents with the same information in the order that you specify.

  • Specify the reporting period.

    If you create a quick report, you can specify any reporting period. If you configure a report task, the reporting period depends on the task schedule. For example, if you configured the task to run weekly, the report is generated for the past week.

  • Configure the task launch schedule.

    The application generates reports automatically according to this schedule. If necessary, you can disable automatic launch of tasks.

  • Configure automatic delivery of the report via email.

    If necessary, you can specify additional email addresses in the entry field, separating them with a semicolon. The application automatically sends the generated report to these addresses.

Page top

Configuring the report on users

To configure the settings of the report on users:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. Configure a task to generate a report on policies and incidents or a quick report on policies and incidents:
    • To configure an existing task for creating a report on policies and incidents, select a task in the Report generation tasks section and click the Change button.
    • To configure the quick report on policies and incidents, in the View and create reports section, click the New report button and select Statistics on statuses of incidents.

      The report settings window opens.

  4. Make changes to the report settings.
  5. Click the OK button.

You can configure the settings of a report on users as follows:

  • Select users to be included in the report.

    You can select individual users or groups of Active Directory users, anonymous users, or users without Active Directory accounts. For users whose Active Directory accounts could not be determined, the SharePoint account may be displayed (for example: SharePoint\Kaspersky).

  • Select incidents for the report on categories.

    The application displays the number of violations related to the selected data categories for each user.

  • Select incidents for the report on statuses.
  • Configure the order for displaying user information in the report.

    The application can group information about users who committed the same violations in the order that you specify.

  • Specify the reporting period.

    If you create a quick report, you can specify any reporting period. If you configure a report task, the reporting period depends on the task schedule. For example, if you configured the task to run weekly, the report is generated for the past week.

  • Configure the task launch schedule.

    The application generates reports automatically according to this schedule. If necessary, you can disable automatic launch of tasks.

  • Configure automatic delivery of the report via email.

    If necessary, you can specify additional email addresses in the entry field, separating them with a semicolon. The application sends the generated report to these addresses.

Page top

Configuring system KPI report settings

To configure the settings of the system KPI report:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. Configure a system KPI report task or a quick system KPI report:
    • To configure an existing system KPI report task, select one in the Report generation tasks section and click the Change button.
    • To configure the quick report on system KPI, in the View and create reports section, click the New report button and select System KPI.

      The report settings window opens.

  4. Make changes to the report settings.
  5. Click the OK button.

You can configure the system KPI report settings as follows:

  • Specify the reporting period.

    If you create the report manually, you can specify any reporting period. If the report is created automatically, the reporting period depends on the task run schedule. For example, if you configured the task to run weekly, the report is generated for the past week.

  • Configure the task launch schedule.

    The application generates reports automatically according to this schedule. If necessary, you can disable automatic launch of tasks.

  • Configure automatic delivery of the report via email.

    If necessary, you can specify additional email addresses in the entry field, separating them with a semicolon.

Page top

Configuring settings of the incident status report

To configure the settings of the incident status report:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. Configure a task to generate a report on policies and incidents or a quick report on policies and incidents:
    • To configure an existing task for creating a report on policies and incidents, select a task in the Report generation tasks section and click the Change button.
    • To configure the quick report on policies and incidents, in the View and generate reports section, click the New report button and select Statistics on statuses of incidents.

      The report settings window opens.

  4. Make changes to the report settings.
  5. Click the OK button.

You can configure the settings of a report on policies and incidents as follows:

  • Select incidents for the report on categories.

    The application selects incidents with Closed status for the report. Incidents with other statuses will not be included in the report. For each incident related to the selected category, the policy and the reason of incident closing will be specified in the report.

  • Specify the reporting period.

    If you create a quick report, you can specify any reporting period. If you configure a report task, the reporting period depends on the task schedule. For example, if you configured the task to run weekly, the report is generated for the past week.

  • Configure the task launch schedule.

    The application generates reports automatically according to this schedule. If necessary, you can disable automatic launch of tasks.

  • Configure automatic delivery of the report via email.

    If necessary, you can specify additional email addresses in the entry field, separating them with a semicolon. The application sends the generated report to these addresses.

Page top

Updating the list of incidents

The list of incidents is not refreshed automatically. To manage new incidents, the list of incidents has to be refreshed manually.

To refresh the list of incidents:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. Click the Refresh button in the workspace of the node.

New incidents created since the time when the list was refreshed last are added to the list.

Page top

Searching for incidents using a filter

By default, the list of incidents displays all incidents irrespective of their generation time and current status. You can filter the list of incidents to display only incidents with a particular status or incidents generated during a certain period.

To find an incident using a filter:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the Incidents filter section, set the incident filtering condition.

    Each filtering condition has two parameters: a criterion and a value. The drop-down list on the left lets you select an incident filtering criterion. Incident details are used as filtering criteria. In the drop-down list next to it you can specify the value of the selected criterion according to which filtering is performed. The appearance of the drop-down list depends on the filtering criterion selected.

  4. If necessary, specify additional filtering conditions by clicking the Add a condition button.

    The application performs filtering according to all conditions added to the incident filter.

  5. Click the Search button to search for incidents.

The List of incidents section displays incidents that meet the search conditions.

Page top

Searching for policies by users

To search for policies created for specific users:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the Policies search section, select one of the following search options:
    • On users without Active Directory accounts to find policies configured for anonymous users and users without Active Directory accounts
    • On selected users to find all policies configured for specific users who have Active Directory accounts.

      Click the Select button to specify a user account for running a policy search. You cannot select multiple user accounts.

  4. Click the Find button to start the policy search.

The application displays the list of policies located. For each policy, the application displays the corresponding data category and the action taken by the application when this policy is violated. If the policy that has been found is inactive, the relevant information is displayed in the Action column.

Page top

Searching for similar incidents

To find similar incidents:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the list of incidents, select an incident whose details you want to view.
  4. Right-click to open the context menu of the incident and select Search for similar incidents.

    This opens a list of criteria according to which you can search for incidents similar to the selected incident.

  5. Select a criterion according to which you want to search for similar incidents:
    • Same category.
    • Same policy.
    • Same file.
    • Same user.

The application automatically configures the incident filtration conditions according to the selected criterion. The List of incidents section displays incidents that meet the search conditions.

Page top

Viewing incident details

To view incident details:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. In the list of incidents, select an incident whose details you want to view.
  4. Click the View button.

    This opens the Incident details window. In this window, you can view detailed information about the incident, change its status, and select an action for the incident-related file. You can switch between incidents on the list by clicking the Previous and Previous buttons.

    The Browse tab shows the details of incidents and the reasons why they were generated.

    The History tab shows information about the history of incident processing (such as changes of the incident status or incident archiving).

  5. Click the Cancel button to finish viewing the incident details.

If you have changed the incident status while viewing the incident details, click OK to save the changes.

Use these settings for the following tasks

Managing incidents

See also

Incident details – Review

Incident details – History

Page top

Viewing the report on policy-related incidents

To view the report on policy-related incidents:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the list of reports in the View and create reports section, select one for which the Report type column will show Incidents by policies.
  4. Click the View button.

The report opens in the default browser.

The report contains the following information:

  • Report parameters:
    • Report type.
    • Date and time of report generation.
    • Number of incidents selected for the report.
    • The reporting period.
    • The statuses based on which the application has selected incidents for the report.
    • The users for which the application has selected incidents for the report.
    • The categories and policies based on which the application has selected incidents for the report.
  • List of incidents selected for the report.

    The list of incidents contains a table with detailed information on each incident included in the report. Incidents in the table are arranged in the order of the incident details selected in the report settings.

Page top

Viewing the system KPI report

To view the system KPI report:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the list of reports in the View and create reports section, select one for which the Report type column shows System KPI.
  4. Click the View button.

The report opens in the default browser.

The report contains the following information:

  • Report parameters:
    • Report type.
    • Date and time of report generation.
    • The reporting period.
  • KPI data:
    • In scope of policies. Number of files whose data has been scanned by the application.
    • Clean. Number of files that have not been found to contain any data matching the categories.
    • Violations. Number of files that have been found to contain data matching the categories.
    • Errors. Number of files whose data has not been scanned due to errors (such as errors caused by the absence of access to user details).
    • Scan timeouts. Number of files whose data has not been scanned due to scan timeouts.
    • Beyond scope of policies. Number of files whose data has not been scanned because the users or SharePoint sites related to them are not specified in the policy settings.
    • Total. Number of files processed by the application during the specified period.
  • Violation data:
    • List of categories whose policies were violated during the reporting period. The number and ratio of category-specific violations to the total number of violations (in percentage points) is displayed for each category.
    • Total. Number of violations across all categories.
Page top

Viewing the report on users

To view the report on users:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the list of reports in the View and create reports section, select one for which the Report type column shows Statistics by users.
  4. Click the View button.

The report opens in the default browser.

The report contains the following information:

  • Report parameters:
    • Report type.
    • Date and time of report generation.
    • Number of incidents selected for the report.
    • The reporting period.
    • The statuses based on which the application has selected incidents for the report.
    • The users for which the application has selected incidents for the report.
    • The categories and policies based on which the application has selected incidents for the report.
  • The incident table.

    The Number of incidents by categories on users table contains a list of incidents selected for the report. For each user, the application displays the name of the department where the user works, the number of incidents associated with the user, and the names of categories to which these incidents belong.

Page top

Viewing the incident status report

To view the incident status report:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the list of reports in the View and create reports section, select one for which the Report type column displays the type of Statistics on statuses of incidents.
  4. Click the View button.

The report opens in the default browser.

The report contains the following information:

  • Report parameters:
    • Report type.
    • Date and time of report generation.
    • Number of incidents selected for the report.
    • The reporting period.
    • The categories based on which the application has selected incidents for the report.
  • The incident table.

    The Number of incidents by policies table contains a list of incidents selected for the report. Each category is shown with the policies configured for this category. The number of incidents created during policy violations is specified for each policy, along with the current status of all incidents.

Page top

Viewing the search results

To view the search results:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of reports in the Search results section, select one and click the View button.

The report opens in the default text editor.

The report contains the following information about the search results:

  • Task settings:
    • SharePoint sites on which the search was performed;

      If the SharePoint sites specified in the search settings cannot be accessed, the report shows only their addresses and access error information.

    • Categories according to which the search was performed.
    • Reasons why the task ended (for example, the task was stopped manually).
  • Search start and end times.
  • Number of files scanned.
  • List of files matching the search settings. The following information is displayed for each file:
    • File name and format;
    • Full path to the file on the SharePoint site;
    • File version;
    • Name of the user that uploaded the file to the SharePoint site (first version of the file);
    • Name of the user that made the last changes to the file (last file version);
    • Date and time when file scanning started;
    • Name of the category of data detected in the file.

      If data belonging to several categories has been detected in the file, information about each category detected is displayed in a separate table column.

    If the file has been found to contain data of the table data category, the report shows the number of rows from the CSV file loaded into the category.

  • Possible error information:
    • Access to the file is blocked
    • The file could not be opened
    • The file could not be scanned
Page top

Viewing protection status details

Information about the status of data protection is displayed in the workspace of the Data Leak Prevention node of Administration Console.

The DLP Module status section displays information about the current status of the Module and any notifications about Module errors:

  • Enabled. The administrator of Kaspersky Security has enabled the DLP Module, and the application runs correctly on all servers.
  • Enabled, running with errors. The administrator of Kaspersky Security has enabled the DLP Module, but the application has encountered errors during its operation. The application shows error information in the lower part of the section. For each type of error, the application shows the names of servers where errors of this type were detected. The following types of errors are possible:
    • Scan errors. The application is unable to scan files due to time-out, infrastructure errors, or interceptor errors.
    • DLP Module license error. The application is unable to scan files because a DLP Module license is missing, the license has expired, or the key has been black-listed.
    • Server unavailable. The application is unable to scan files because there is no access to the SharePoint server (the server may have been disabled by the administrator).
  • Disabled. Administrator disabled the DLP Module. The application does not scan files uploaded by users to SharePoint.

The Opened incidents section displays the following information about users and currently opened incidents:

  • The number of unique users with whom opened incidents are associated
  • The rating of users with the highest number of policy violations
  • The number of incidents with the New status
  • The number of incidents with the In progress status

Data on the ratio of incidents with New status to incidents with In progress status is presented in the form of a chart. The chart shows statistics on incidents associated with the selected categories of data. You can modify the list of categories for which statistics are displayed.

The Statistics section allows you to view information about files scanned and incidents closed over periods of 7 days or 30 days. Depending on the period selected, the following indicators change:

  • The number of files uploaded by users to SharePoint
  • The number of files scanned by the application
  • The number of incidents generated
  • The number of files that have not been scanned due to time-out
  • The number of files that have not been scanned due to errors

Information on the reasons why incidents have been closed is presented in the form of a chart. The chart shows statistics on incidents associated with the selected categories of data. You can modify the list of categories for which statistics are displayed.

Page top

Generating a quick report

To create a quick report, perform the following steps:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the View and create reports section, click the New report button.
  4. Select the type of report you are creating in the drop-down list.
  5. In the window that opens, configure the report generation settings.
  6. Click OK to start generating the report.

The final report is displayed in the list of reports in the View and create reports section and automatically opens in the browser window.

Use these settings for the following tasks

Configuring settings of the report on policy-related incidents

Configuring the report on users

Configuring system KPI report settings

Configuring settings of the incident status report

Page top

Saving reports

To save a report:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Reports node.
  3. In the list of reports in the View and create reports section, select one to be saved and click the Save button.
  4. In the window that opens, specify the folder to save the report to and click the Save button.

The application saves the report in an HTML file to the specified folder. By default, the name of the file being saved matches the report name.

Page top

Saving search results

To save search results:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of reports in the Search results section, select one and click the Save button.

The application saves the report in CSV format to the specified folder.

Page top

Deleting archived incidents

To delete archived incidents:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Incidents node.
  3. Click the Delete archived button under the list of incidents.

After deletion is confirmed, the application removes incidents with Archived status from the incident list.

Page top

Deleting a task

To delete a search task:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of tasks in the Search tasks section, select one to be deleted and click the Delete button.

After you confirm deletion, the application deletes the task permanently.

Page top

Deleting a category

To delete a category:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. In the list of categories, select one to be deleted and click the Delete button.

After you confirm deletion, the application deletes the category permanently.

If polices were assigned to this category, they are deleted together with the category.

If the deleted category was used in search tasks, the task settings are modified after the category has been deleted.

Page top

Deleting a report

To delete a report:

  1. Open Management Console.
  2. In the Management Console tree of nodes, select the Reports node.
  3. In the list of reports in the View and create reports section, select a report to be deleted and click the Delete button.

    You can delete several reports at once.

After you confirm deletion, the application deletes the selected reports permanently.

Page top

Deleting a policy

To delete a policy:

  1. Open Management Console.
  2. In the tree of nodes of Management Console, select the Categories and policies node.
  3. Select the category of confidential data for which you want to delete the policy and click the button..

    This opens a list of policies assigned for the category.

  4. In this list, select the policy to be deleted and click the Delete button.
  5. Confirm deletion of the policy in the dialog box.

The application deletes the policy permanently.

Page top

Deleting the search results

To delete search results:

  1. Open Management Console.
  2. In the Administration Console nodes tree, select the Search node.
  3. In the list of reports in the Search results section, select reports to be deleted and click the Delete button.

After you confirm deletion, the application deletes the selected reports on search results permanently.

Page top

Contacting the Technical Support Service

This section describes the ways to get technical support and the terms on which it is available.

In this Help section

Ways to receive technical support

Technical support by phone

Technical Support via Kaspersky CompanyAccount

Using Info Collector

Page top

Ways to receive technical support

If you cannot find a solution to your problem in the application documentation or in one of the sources of information about the application, we recommend that you contact Technical Support. Technical Support specialists will answer your questions about installing and using the application.

Technical support is only available to users who purchased the commercial license. Users who have received a trial license are not entitled to technical support.

Before contacting the Technical Support service, please read the support rules.

You can contact Technical Support in one of the following ways:

Page top

Technical support by phone

You can call Technical Support representatives in most regions of the world. You can find information about how to obtain technical support in you region and the contacts of Technical Support on the Kaspersky Lab Technical Support website.

Before contacting Technical Support, please read the technical support rules.

Page top

Technical Support via Kaspersky CompanyAccount

Kaspersky CompanyAccount is a portal for companies that use Kaspersky Lab applications. The Kaspersky CompanyAccount portal is designed to facilitate interaction between users and Kaspersky Lab specialists through online requests. You can use Kaspersky CompanyAccount to track the status of your online requests and store a history of them as well.

You can register all of your organization's employees under a single account on Kaspersky CompanyAccount. A single account lets you centrally manage electronic requests from registered employees to Kaspersky Lab and also manage the privileges of these employees via Kaspersky CompanyAccount.

The Kaspersky CompanyAccount portal is available in the following languages:

  • English
  • Spanish
  • Italian
  • German
  • Polish
  • Portuguese
  • Russian
  • French
  • Japanese

To learn more about Kaspersky CompanyAccount, visit the Technical Support website.

Page top

Using Info Collector

When you inform Technical Support of the problem, you may be asked to create an archive with data on the operation of the application using the InfoCollector utility, and to send it to Technical Support.

To get acquainted with the description of the Info Collector utility and download the utility, please go to the Kaspersky Security page in the Knowledge Base , section "Troubleshooting".

Page top

Glossary

Activating the application

Switching the application into full-function mode. Application activation is performed by the user during or after the application installation. You should have a key file to activate the application.

Active key

Key that is used at the moment to work with the application.

Active policy

A policy currently used by the application for Data Leak Prevention. The application can use several policies at once.

Additional key

Key that verifies the use of the application but is not used at the moment.

Anti-virus databases

Databases that contain information about computer security threats known to Kaspersky Lab as of the anti-virus database release date. Anti-virus database signatures help to detect malicious code in scanned objects. Anti-virus databases are created by Kaspersky Lab specialists and updated hourly.

Archived incident

An incident restored from the archive to Management Console (for example, to search for information about similar policy violations in the past).

Archiving

A process of moving closed incidents to an archive in secure format. The application removes incidents from Management Console after archiving them.

Backup

A dedicated storage area intended for saving backup copies of objects that are created prior to their disinfection or removal.

Black list of key files

Database that contains information about the key files blocked by Kaspersky Lab. The black list file content is updated along with the product databases.

Closed incident

An incident that has been processed, with a decision made on this incident.

Confidential data

Information that is not subject to disclosure and distribution beyond a limited circle of people. Confidential data usually include information listed as a state or trade secret, as well as personal data.

Control scope

SharePoint websites for which the application monitors file uploading. When the user uploads a file to a website within the control scope, the application scans the file for data protected by the active policies.

Corporate security

A scope of regulations and procedures aimed at the protection of a company's business interests. This may include, e.g., collection of information about the company's internal environment or competitors, analysis of market trends, and protection of intellectual property.

Data category

A set of data united with a common feature or subject and corresponding to specific criteria (e.g., a combination of words used in text in a certain order). The application uses data categories for recognizing information in files being uploaded and stored on SharePoint. The application allows using preset Kaspersky Lab data categories and creating custom data categories.

Data leak

Unauthorized access to confidential data with further uncontrolled distribution.

Data leak prevention

The scope of a security officer's actions aimed at preventing any unauthorized access to confidential information (such as blocking a file when it is uploaded to SharePoint).

Data search

Search for data from specified categories on SharePoint websites. The application searches for data in accordance with the settings of the search task.

Data subcategory

A nested data category included in a larger category. Each subcategory describes the set of data with a common attribute within a category. For example, the "Magnetic stripe data" subcategory makes part of the "Payment cards" category. You can manage the composition of a category by excluding or including some subcategories. E.g., you can exclude subcategories upon which the application must not monitor data leaks.

Disinfection

A method of processing infected objects that results in full or partial recovery of data. Not all infected objects can be disinfected.

DLP Module (Data Leak Prevention)

Component of Kaspersky Security that is designed for protection of information uploaded to or stored on SharePoint websites against leakage.

DLP Module status

The current state of the DLP Module. Using the DLP Module status, Kaspersky Security informs you of errors in the operation of the DLP Module and ways of fixing them.

False positive incident

This is an incident that has visible signs of a data leak without an actual leak occurring. For example, a false positive incident can be provoked by a user's attempt to send a file that contains no financial information but is a template for preparing financial reports.

File blocking

The application's action aimed at a possible data leak. The application can block a file that initiated a policy violation. If the application blocks a file, the user cannot upload the file to SharePoint.

Full scan

A type of file scan. When performing a full scan, the application searches for data from the specified categories in all files stored on SharePoint servers.

Incident

The record of an event in the application's operation associated with detection of a possible data leak. E.g., the application creates an incident when a policy is violated.

Incident status

The current state of an incident. The status shows the stage of incident processing. The statuses of incidents are can be used for management of incident processing.

Incremental scanning

A type of scheduled file scan. During an incremental scan, the application searches for data on SharePoint servers, only scanning files that have been modified since the previous scan.

Infected object

An object a portion of whose code completely matches part of the code of known malware. Kaspersky Lab does not recommend using such objects.

Kaspersky CompanyAccount

Portal designed for sending online requests to Kaspersky Lab and tracking their processing by Kaspersky Lab experts.

Kaspersky Lab categories

Predefined data categories developed by Kaspersky Lab specialists. Categories can be updated during application database updates. A security officer cannot modify or delete those predefined categories.

Kaspersky Lab update servers

HTTP and FTP servers of Kaspersky Lab from which Kaspersky Lab applications download database and application module updates.

Kaspersky Security Network (KSN).

Infrastructure of cloud services that provides access to the Kaspersky Lab online knowledge base containing information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Lab applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives.

Key file

A xxxxxxx.key file that allows using a Kaspersky Lab application on the terms of a trial or commercial license. You have to specify the path to the key file after the application has been installed. You may use the application only when you have a key file.

Keywords

Word, phrase, or sequence of characters that the application uses for recognizing data in files being uploaded to and stored on SharePoint, which need to be protected against leakage. Keywords can be added to data categories.

License certificate

This is a document that is provided to you by Kaspersky Lab together with a key file or activation code. It contains information about the license granted to the user.

License term

A time period during which you have access to the application features and rights to use additional services. Available functionality and specific additional services depend on the license type.

Management Console

Kaspersky Security application component. Provides a user interface for managing administrative tools and enables configuration of the application and management of the server component. The management module is implemented as an extension of the Microsoft Management Console.

Match level

Criterion showing how well the information in files being uploaded and stored on SharePoint matches a table data category. You can configure the match level when creating or editing a table data category.

A security officer can specify the number of cells that will affect the match level. The number of cells is created based on unique crossings between columns and rows of the table.

Object removal

The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder, network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot be disinfected.

On-access scan

A mode of a Kaspersky Lab application whereby files are scanned automatically on being uploaded to the server or downloaded from the server.

On-demand scan

Kaspersky Lab's program operation mode initiated by the user and designed to scan and check any resident files.

Opened incident

An incident that has been assigned New or In progress status.

Personal data

Information that can be used to identify a person, directly or indirectly.

Phishing

A kind of online fraud aimed at obtaining unauthorized access to confidential data of users.

Policy

Collection of application settings that provide data protection against leakage. The policy defines the conditions on which users can handle confidential data, as well as actions that must be taken by the application when possible data leakage is detected.

Policy violation

User actions leading to a violation of the conditions applied to the handling of confidential data on SharePoint servers. The application views an event as a policy violation if the user specified in the policy settings uploads to a SharePoint website or sends by email some data from a category prohibited by the policy.

Probably infected object

An object whose code contains a modified segment of code of a known threat, or an object resembling a threat in the way it behaves.

Search scope

SharePoint websites on which the application searches for data. If files are stored on a website within the search scope, the application scans the files for data from the categories specified in the search task.

Search task

A set of criteria and parameters based on which the application searches for data on SharePoint servers.

Security Officer

Employee who is in charge of controlling compliance with the corporate security requirements on SharePoint websites, as well as monitoring and preventing data leakage.

SharePoint server structure

A tree of nodes that makes it possible to manage the content of a SharePoint server. In nodes, you can select elements and specify the actions to take on them.

Skipping of an object

Processing method in which an object is allowed to pass to the user unchanged. If event logging is enabled for this event type, information about the object detected will be logged in the report.

System KPI (Key Performance Indicators)

It is type of application operation report. It contains information about the key performance indicators of the DLP Module.

Table data

Information organized in a table format that must be protected against leakage. Table data is processed in Kaspersky Security using CSV (Comma Separated Values) files.

Unwanted content

Information that is unsuitable for various groups of users. Unwanted content includes websites and messages that propagate violence, incite acts of terror, contain child pornography or profanity.

Update

A function performed by a Kaspersky Lab application that enables it to keep computer protection up-to-date. During the update, an application downloads updates for its databases and modules from Kaspersky Lab's update servers and automatically installs and applies them.

User category

A data category created by a data security officer.

Violation context

A text fragment with data that violates a policy when uploaded to SharePoint servers. The violation context is required for making a decision of an incident.

Virus

A program that infects other ones by adding its code to them in order to gain control when infected files are run. This simple definition allows exposing the main action performed by any virus – infection.

Working scenario

A sequence of actions that is recommended to a security officer for solving a standard task. A scenario includes both actions in the application interface and preparatory actions beyond the application (such as planning or analysis).

Page top

Kaspersky Lab AO

Kaspersky Lab software is internationally renowned for its computer protection against various types of threats, including viruses, malware, spam, network and hacker attacks.

In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). In Russia, according to IDC, Kaspersky Lab is the first choice among all computer protection vendors for home users (IDC Endpoint Tracker 2014).

Kaspersky Lab was founded in Russia in 1997. Today, Kaspersky Lab is an international group of companies running 34 offices in 31 countries. The company employs more than 3000 qualified specialists.

Products. Kaspersky Lab’s products provide protection for all systems—from home computers to large corporate networks.

The personal product range includes applications that provide data security for desktop, laptop, and tablet computers, and for smartphones and other mobile devices.

The company offers solution and technologies for control and protection of workstations and mobile devices, virtual machines, file servers and web servers, mail gateways, and firewalls. The company's portfolio also includes dedicated products for protection against DDoS attacks, protection of environments managed with industrial control systems, and fraud prevention. Used in conjunction with Kaspersky Lab’s centralized management system, these solutions ensure effective automated protection for companies and organizations of any scale against computer threats. Kaspersky Lab's products are certified by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are optimized to run on many hardware platforms.

Kaspersky Lab’s virus analysts work around the clock. Every day they uncover hundreds of thousands of new computer threats, create tools to detect and disinfect them, and include their respective signatures in the databases used by Kaspersky Lab applications.

Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by Kaspersky Lab. It is no coincidence that the program kernel of Kaspersky Anti-Virus is integrated into products by many other software vendors, such as Alcatel-Lucent, Alt-N, Asus, BAE Systems, Blue Coat, Check Point, Cisco Meraki, Clearswift, D-Link, Facebook, General Dynamics, H3C, Juniper Networks, Lenovo, Microsoft, NETGEAR, Openwave Messaging, Parallels, Qualcomm, Samsung, Stormshield, Toshiba, Trustwave, Vertu, and ZyXEL. Many of the company’s innovative technologies are patented.

Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. For example, according to tests and researches conducted in 2014 by the renowned Austrian anti-virus lab AV-Comparatives, Kaspersky Lab shared the leadership in the number of Advanced+ certificates awarded, which brought the Top Rated certificate to the company. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The company’s products and technologies protect more than 400 million users, and its corporate clients number more than 270,000.

 

Kaspersky Lab website:

http://www.kaspersky.com

Virus Encyclopedia:

http://www.securelist.com/

Anti-Virus Lab:

http://newvirus.kaspersky.com (for scanning suspicious files and websites)

Kaspersky Lab's web forum:

http://forum.kaspersky.com

 

Page top

Information about third-party code

Information about third-party code is contained in a file named legal_notices.txt and stored in the application installation folder.

Page top

Trademark notice

Registered trademarks and service marks are the property of their respective owners.

Active Directory, SQL Server, Microsoft, SharePoint, Windows, Windows Server, Windows Vista, Windows PowerShell, and Excel are trademarks of Microsoft Corporation registered in the USA and elsewhere.

Page top