About Kaspersky Security 9.0 for SharePoint Server

Kaspersky Security 9.0 for SharePoint Server Maintenance Release 3 (hereinafter referred to as "Kaspersky Security", "the application") is designed to protect the SharePoint platform against viruses and other malware. The application lets you scan the content of websites and wiki blogs for unwanted content, protect personal data of users, and confidential corporate data on SharePoint websites against data leaks.

Kaspersky Security features:

• Scan files for malware and unwanted content in real time
• Block files containing malicious objects or unwanted content when they are accessed by users (for example, when copying the file from a SharePoint server to a computer)
• Monitor the content of blogs and wiki pages on SharePoint
• Form custom criteria of unwanted content
• Scan web addresses against lists of malicious or phishing links
• Receive anti-virus database updates from Kaspersky Lab servers during the license validity period
• Use file and link reputation data from Kaspersky Security Network services
• Run an on-demand scan of files on SharePoint
• select areas of the SharePoint structure to scan on demand, and exclude certain areas from the scan to reduce the load on the server;
• Configure the schedule and run mode of SharePoint file scan tasks
• Scan modified files only
• Move copies of infected objects to Backup before disinfecting or deleting them
• Automatically or manually generate application reports and send them to email addresses
• Define the settings for maintaining the application event logs
• Automatically send infected file notifications to email addresses
• Use the role-based access control system for accessing various application functions
• Create data categories to protect information that is valuable to the company;
• Scan file content for data of specific categories at the time when users upload files to SharePoint sites.

Distribution kit

Kaspersky Security 9.0 for SharePoint Server is supplied as part of Kaspersky Security for Collaboration Servers and Kaspersky Total Security.

You can buy the application through partner companies or Kaspersky Lab eStore.

If the application is purchased through an online store, it is downloaded from the online store's website. Information needed to activate the application, including the key file, will be emailed to you after you purchase a license.

Carefully review the End User License Agreement before installing and using the application.

Hardware and software requirements

Kaspersky Security has the following hardware and software requirements:

Hardware requirements

If installing Management Console and Security Server:

• For SharePoint Server 2010:
  • 64-bit quad-core processor
  • 4 GB RAM
  • 229 MB of available disk space
• For SharePoint Server 2013:
  • 64-bit quad-core processor
  • 8 GB RAM
  • 229 MB of available disk space
• For SharePoint Server 2016:
  • 64-bit quad-core processor
  • 8 GB RAM
  • 229 MB of available disk space

If installing only Management Console:

• Minimum 400 MHz processor (1 GHz recommended)
• 256 MB RAM
• 176 MB of available disk space

Depending upon the application settings and its mode of operation, more disk space may be required for Backup and other service folders. DLP Module additionally requires at least 4 GB free disk space. While DLP Module is running, files and memory dumps are generated, which may require a volume of memory that would significantly exceed 4 GB.

Software requirements

Kaspersky Security supports SharePoint servers of the following versions:

• Microsoft SharePoint Server 2010;
• Microsoft SharePoint Server 2013;
• Microsoft SharePoint Server 2016.

Kaspersky Security supports the following operating systems:

If installing Management Console and Security Server:

• For SharePoint Server 2010:
  • Windows Server 2008 R2 Service Pack 1;
  • Windows Server 2012 R2
• For SharePoint Server 2013:
  • Windows Server 2008 R2 x64 Service Pack 2
  • Windows Server 2012 x64;
  • Windows Server 2012 R2
• For SharePoint Server 2016:
  • Windows Server 2012 R2;
  • Windows Server 2016.

If installing only Management Console:

• Windows Server 2008 R2;
• Windows Server 2012 x64;
• Windows Server 2012 R2;
• Windows Server 2016;
• Windows 7 Professional Service Pack 1;
• Windows 7 Professional x64 Service Pack 1
• Windows 7 Enterprise Service Pack 1
• Windows 7 Enterprise x64 Service Pack 1
• Windows 7 Ultimate Service Pack 1
• Windows 7 Ultimate x 64 Service Pack 1
• Windows 8
• Windows 8 x64
• Windows 8.1;
• Windows 10.

The following components are required for installation of Kaspersky Security:

• Supported version of Microsoft SharePoint Server

  Standalone installation of Management Console does not require Microsoft SharePoint Server

• Microsoft .NET Framework 4.5;
• Microsoft Management Console 3.0

A locally or remotely installed SQL server is required for operation of the application. The following versions of Microsoft SQL Server are supported:

• Microsoft SQL Server 2016 Express, Standard, or Enterprise;
• Microsoft SQL Server 2014 Express, Standard, or Enterprise;
• Microsoft SQL Server 2012 Express, Standard, or Enterprise.

To install the administration plug-in, you must have Kaspersky Security Center 10 Service Pack 2 Maintenance Release 1.

What's new

Kaspersky Security now provides the following features:

1. Interaction with Kaspersky Security Center:
   • View information on the protection status of SharePoint servers (monitoring of the operation of the Anti-Virus, Anti-Phishing, and Content Filtering Modules, connection to the SQL database, and other aspects of the application's operation).
   • View statistics on the application's operation on SharePoint servers.
   • Distribute update packages for the Anti-Virus and DLP Module databases to protected SharePoint servers whose network settings block connections to external network resources.
   • Monitor the versions of the Anti-Virus and DLP Module databases to make sure they are up-to-date
   • Log information about the application's operation to the Kaspersky Security Center Administration Server Event Log.

   To install the administration plug-in, you must have Kaspersky Security Center 10 Service Pack 2 Maintenance Release 1.

2. Select servers for simultaneous on-demand scan for the purpose of distributing the load and reducing the task completion time.
3. Run an on-demand scan in incremental mode, i.e. scan modified files only.
4. Remove only the scanned infected versions of a file during an on-demand scan.
5. Log the following events to the Windows Event Log:
   • On-demand scan tasks are started or stopped.
   • The application configuration is modified.
   • The status of application modules is changed.
   • Anti-Virus databases become outdated and there are errors when attempting to update them.
   • Other application events.
6. Assign a user the KSH AV Operators or KSH AV Security Officers role for the purpose of restricting application access permissions.
7. Track data leaks based on the following new categories: Personal identification (Russia),U.S. Federal Law FCRA,and U.S. Federal Law GLBA.
8. Track data leaks based on the Document templates and Document quotations categories that can be configured by the user.
9. Add exclusions from scanning when tracking data leaks.
10. Monitor the application's operation via System Center Operations Manager.

The application uses the latest versions of the Anti-Virus, Anti-Phishing, and DLP Module kernels.

Application architecture

Kaspersky Security 9.0 for SharePoint Server includes the following components:

• Management Console. This is a snap-in for Microsoft Management Console (hereinafter referred to as MMC). This component is designed for interaction with the application through an interface.

  You can install Management Console separately from other application components. If you need to manage other components of the application, you can add computers with installed components to Management Console. If several administrators work concurrently, Management Console can be installed on each administrator's computer.

• Security Server. This component is designed for anti-virus protection of a SharePoint server (or server farm) and for scanning files, blogs, and wiki pages for unwanted content. Security Server is responsible for real-time protection, updating the application databases, background scanning of SharePoint servers, relaying data to Kaspersky Security Network services, and activating the application.
• DLP Module. This component is designed to protect SharePoint data against leaks. The DLP Module is part of Security Server and can be installed on a SharePoint server only together with Security Server. A separate key is required to use the DLP Module.

Some Kaspersky Security settings are stored in the memory of third-party software (Active Directory and Microsoft SQL Server). Kaspersky Security is unable to guarantee security of such data. To prevent unauthorized changes to these settings, you have to ensure their security on your own.

The figure below shows an example of application deployment within the Microsoft SharePoint Server structure.

Kaspersky Security 9.0 for SharePoint Server deployment example

About information stored in the SQL database

The application saves the following information to the SQL database:

• Details of Security Server's operation:
  • The component's configuration
  • The component's operation statistics
  • Ready reports
  • Backup copies of documents.
• Details of DLP Module's operation:
  • The component's configuration
  • Information about user categories
  • The component's operation statistics
  • Ready reports
  • Information about incidents (including files associated with incidents)
  • Information about the progress of scan tasks.

Files associated with incidents and backup copies of documents are not encrypted. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to protect files in the SQL database on your own.

Information about incidents may increase the size of the database significantly. An information security specialist can archive incidents. This procedure allows minimizing the volume of data stored in the SQL database.

Upgrading from a previous version of the application

This section describes the procedure for upgrading from the previous version of the application. This section includes upgrade instructions and describes the specifics of upgrading Kaspersky Security on a standalone SharePoint server and on a SharePoint server farm.

About Kaspersky Security upgrades

Kaspersky Security 9.0 Maintenance Release 2 (build 9.2.57185) can be upgraded to version 9.0 Maintenance Release 3. Upgrades of earlier application versions are not supported.

The following upgrade configurations of Kaspersky Security are available:

• Security Server and Management Console installed on a standalone SharePoint server
• Security Server and Management Console installed on a SharePoint server in a SharePoint farm environment.
• Management Console only

During the upgrade of a separately installed Management Console, tasks running on Security Server are not suspended. SharePoint server protection remains enabled.

Before upgrading Security Server for Kaspersky Security, you are recommended to complete all on-demand scan, report and database update tasks running on the server. Otherwise, these tasks are forcibly stopped prior to completion.

To run the application upgrade, the account under which Kaspersky Security is to be upgraded must have rights to handle SQL databases.

While the application is being upgraded, you may continue using the SQL database that was created in Kaspersky Security 9.0 Maintenance Release 2. If you install Kaspersky Security 9.0 Maintenance Release 3 after removing version 9.0 Maintenance Release 2, you must create a new SQL database. After removing Kaspersky Security 9.0 Maintenance Release 2, you will not be able to use the database in a new version of the application.

During the application upgrade process, Anti-Virus databases are rolled back automatically. For the safety of your computer, you are advised to start the database update after completing the application upgrade.

When the application upgrade is started, the I have read the KSN Statement and accept all of the conditions therein check box is automatically cleared in the Kaspersky Security settings. When the upgrade is complete, you can accept the KSN Statement and define the settings of KSN usage Other Kaspersky Security settings are transferred to the new version unchanged.

When upgrading Kaspersky Security 9.0 Maintenance Release 2 to version 9.0 Maintenance Release 3, failures may occur in the operation of the SharePoint Timer service. Errors in the Windows Event Log will indicate an operation failure. Text of error messages will start with the name of the SharePoint.Integration.Vsapi.Com.dll module. In this case, you will have to restart the SharePoint Timer service. The SharePoint Timer service must be restarted on all the servers on which Kaspersky Security is installed.

Tips for upgrading Kaspersky Security on a SharePoint farm

When upgrading Kaspersky Security on a SharePoint server farm, it is recommended that you complete the upgrade in the shortest possible time frame.

When upgrading Kaspersky Security on a SharePoint server farm, it is not recommended to perform any operations with the application until the upgrade has been completed on all SharePoint farm servers.

If you need to resume using the application before an upgrade is completed on a SharePoint server farm, the version number of Security Server should comply when being added to Management Console. You can add Security Server of the previous version to Management Console that has not yet been upgraded, or you can add Security Server of the new version to the upgraded instance of Management Console.

However, Security Server that has not yet been upgraded cannot be added to the upgraded instance of Management Console.

Upgrading Kaspersky Security on a standalone SharePoint server or the first server in a SharePoint farm

When upgrading Security Server and Management Console on the first server in a SharePoint server farm, or on a standalone SharePoint server, the following items are transferred to the new version:

• Active key and additional key that have been added before the application upgrade. The respective validity periods of the keys remain unchanged.
• Settings of Kaspersky Security that have been defined before the application upgrade.
• Objects moved to Backup before the application upgrade.
• Reports created before the application upgrade.

The application uses the application log to save the operation data of the Security Server version that has not yet been upgraded.

Operation statistics of Security Server that have been collected before the application upgrade, will not be saved nor displayed in the Control Center node. Reports that have been created after the application upgrade, will not contain any information about the application's activity before the upgrade.

If you modify any settings of the upgraded Security Server on the first server in a SharePoint server farm, the settings that have been modified will be applied to other SharePoint servers. Security Servers that have not yet been upgraded continue running under the settings defined before the upgrade start.

Starting the application upgrade

The user account under which the application upgrade will be run must be granted the rights to access the SQL database.

Before starting the upgrade of Kaspersky Security, Management Console must be closed on the computer from which the upgrade will be started.

To upgrade Kaspersky Security:

1. Run the setup.exe file from the application's distribution package on the computer on which you want to upgrade Kaspersky Security.

   This opens the welcome window of the install package.

2. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window to launch the Setup Wizard.
3. Click the Install button in the welcome screen of the Setup Wizard.

   The automatic upgrade of the application now starts. When the upgrade completes, the final screen of the Setup Wizard opens.

4. To complete the upgrade and close the Setup Wizard, click the Finish button.

The upgrade completes. When the upgrade of Kaspersky Security 9.0 Maintenance Release 2 to version 9.0 Maintenance Release 3 is complete, you need to restart SharePoint Timer.

SharePoint server protection is disabled during the upgrade because all services under the application are stopped until the upgrade of Security Server for Kaspersky Security completes.

During Kaspersky Security installation, the Setup Wizard adds the account of the computer running the installation to the KSH Administrators group in Active Directory. You will have to add the computer account to the KSH Administrators group if you need to manage Kaspersky Security through Kaspersky Security Center.

Restarting the SharePoint Timer service

SharePoint Timer needs to be restarted after Kaspersky Security 9.0 Maintenance Release 2 is upgraded to version 9.0 Maintenance Release 3. The SharePoint Timer service must be restarted on all the servers on which Kaspersky Security is installed.

To restart the SharePoint Timer service:

1. Run Windows PowerShell on behalf of the administrator.
2. In the PowerShell environment, run the Add-PSSnapin Microsoft.SharePoint.PowerShell command.

   The Windows PowerShell snap-in will be added.

3. Run the Get-SPTimerJob job-timer-recycle | Start-SPTimerJob command.

SharePoint Timer will be restarted.

Installing and removing the application

This section provides instructions on how to install and remove the application, as well as information about system changes after installation of the application.

Preparing to install

Before preparing your computer for Kaspersky Security installation, make sure that the hardware and software on your computer meet the requirements for the Security Server and Management Console.

To prepare your computer for Kaspersky Security installation:

1. Install all of the components required for the Kaspersky Security operation (if they are still missing):
   • Microsoft .NET Framework 4.5;
   • Microsoft Management Console 3.0

   The computer must be restarted after Microsoft .NET Framework 4.5 installation. Continuing the application installation without restart may cause failures in the Kaspersky Security operation.

   If Microsoft SharePoint Server is not installed on the computer, the application prompts you to install Management Console alone. In this case, the Security Server and the DLP Module cannot be installed on this computer.

2. Create an account to run Kaspersky Security services and grant it all the relevant rights.
3. Create an account under which Kaspersky Security installation will be run, and grant it all the relevant rights.

   If no access rights for the SharePoint_Config and SharePoint_AdminContent_<GUID> databases are provided, the anti-virus settings of the SharePoint server cannot be defined. At the final stage of the installation, when the files are being copied and the components registered, an error message appears. When the error message appears, click the Ignore button in the dialog box and, when the installation finishes, reboot the ISS server using the command iisreset / restart.

4. If necessary, create a database manually to store Backup configuration files and data.

   If the user account intended to handle the SQL database has been assigned the sysadmin role on the SQL server on which the database is to be created, you can skip this step. If these rights have been granted, the database will be created by the Application Installation Wizard automatically.

   Kaspersky Security does not provide channel encryption during data transmission between the server and the SQL database. To secure your data, manually encrypt data to be transmitted over communication channels.

5. Create an account for SQL database preparation and grant it all the relevant rights.
6. In Active Directory, create groups for role-based access to Kaspersky Security features. These groups can be created in any of the organization's domains. The group type is "Universal". Group names:
   • Ksh Administrators;
   • Ksh AV Security Officers;
   • Ksh AV Operators;
   • Ksh Security Officers.

   If the account under which Kaspersky Security is to be installed, has the rights to create groups in Active Directory, you can skip this step. The groups will be created automatically during the application installation.

7. Create an account for managing Kaspersky Security and grant it all the relevant rights.

   Kaspersky Security cannot be managed without those rights.

   Management Console connects to the Security Server over TCP using port 5014. The port must remain open to allow management of the Security Server.

Upon finishing your installation preparations, you can proceed to Kaspersky Security installation.

Page top

Access rights for managing Kaspersky Security

Kaspersky Security installation and management are based on the access rights granted to the account under which all actions on the application are performed. The rights required for various actions with Kaspersky Security are listed below.

Rights for Kaspersky Security

The account under which Kaspersky Security services will be run, must have the following set of rights:

• Local administrator rights on the SharePoint servers on which Kaspersky Security is to be installed
• Rights to modify the SharePoint configuration
• Rights to website collections that require protection using Kaspersky Security

You can grant rights to modify the SharePoint configuration and rights to website collections that require protection using one of two methods: manually or with a script.

Rights for installing Kaspersky Security

The account under which you run the application installation, must have the following set of rights:

• Local administrator rights on the computer on which Kaspersky Security is to be installed
• Rights for creating groups in Active Directory

  Without the rights for creating groups in Active Directory, the application cannot create role-based control groups automatically. If these rights have not been granted to the account, you have to create role-based control groups manually.

• using rights for SQL database preparation.

Rights for SQL database preparation

Kaspersky Security uses the SQL database to store Backup configuration files and data. You can provide the account selected for SQL database preparation with access to the database using one of the following methods:

• Assign the account the sysadmin role on the SQL server (on which a database for Kaspersky Security management already exists or is to be created).

  Users with the sysadmin role can perform any actions on the SQL server. If the user account has been assigned the sysadmin role, the database is automatically created under this user account when installing the application.

• Assign the account the db_owner role for a database that was created manually.

  If the database was created manually before the application installation, you will need to specify this database in the SQL server connection settings during the application installation. Users with the db_owner role can perform any actions on the database.

The account intended for SQL database creation and preparation will be used only when the Application Installation Wizard is running. It will not be used after installation of Kaspersky Security is complete.

Rights for managing Kaspersky Security

The user account under which Kaspersky Security will be managed must have read-write permissions to <application installation folder>\Configurations. By default, the account that has been granted the local administrator rights on the computer, has the read/write access in this folder.

In addition, the user account under which the Management Console is run must be added to the Active Directory group that defines the application user role.

Kaspersky Security cannot be managed without these rights.

How to grant rights to website collections and modify the SharePoint configuration

To ensure the proper functioning of Kaspersky Security, the user account under which Kaspersky Security will be run must be granted rights to modify the SharePoint configuration, as well as rights to website collections that need to be protected. Listed below are the methods of granting those rights to a user account.

Granting rights manually

You can grant rights manually through Microsoft SQL Server Management Studio or Microsoft SQL Server Management Studio Express.

The user account must be assigned the following:

• db_owner role for the SQL database, which contains the SharePoint configuration (by default, SharePoint_Config database).
• db_owner role for the SQL database, which contains the SharePoint configuration contents (by default, SharePoint_AdminContent database).
• SiteCollection Administrator rights to each of the website collections that need to be protected.

  These rights can be granted, for example, through the SharePoint admin center or the SharePoint command console.

• db_owner role for each SQL database with a website collection that needs to be protected.

Granting rights using a script

Use of scripts lets you automate the process of granting a user account the rights to website collections.

You can run the following scripts using Windows PowerShell:

• script for granting rights to modify the SharePoint configuration:

  Add-SPShellAdmin -UserName <domain\KSH_User>

• script for granting rights to each website collection that needs to be protected:

  $wa = Get-SPWebApplication <http://WebApp.domain.com>

  $wa.GrantAccessToProcessIdentity(<domain\KSH_User>)

  $wa.Update()

  Where:

  http://WebApp.domain.com is the web address or GUID of the web application on the SharePoint portal.

  domain\KSH_User is the user account name created for managing Kaspersky Security.

  You must run this script for each web application on which SharePoint website collections are located.

Creating an SQL database manually

To create an SQL database manually, run the following SQL script:

CREATE DATABASE [<database name>]

ON PRIMARY

(

NAME = [<name of database>_

<logical name of the primary data file> ],

FILENAME = '<full path to the primary data file>'

),

FILEGROUP [<name of database>_BACKUP_DATA_FILE_GROUP]

(

NAME = [<name of database>_BACKUP_DATA_FILE_GROUP],

FILENAME = 'full path to the secondary data file'

)

To manage the database that has been created manually, you must grant the relevant access rights to the account intended for database preparation.

Features of the application installation on a SharePoint farm

When Kaspersky Security is installed on a SharePoint farm, the application needs to be successively installed on all the SharePoint farm servers. When the installation completes on the first SharePoint farm server, you can use the Configuration Wizard to perform the initial setup of the application. The installation of Kaspersky Security on the other SharePoint farm servers uses the initial settings configured during installation of the application on the first SharePoint farm server.

The process of Kaspersky Security installation is accompanied by the Setup Wizard. The Setup Wizard will prompt you to configure the installation settings. Follow the Wizard's instructions.

Starting the application installation

Kaspersky Security installation on a computer is performed by the Setup Wizard. The Wizard interface contains a sequence of windows (steps). You can switch between windows in the Setup Wizard by clicking the Back and Next buttons.

To close the Setup Wizard, click the Finish button. To stop the Setup Wizard at any step, click the Cancel button.

To install Kaspersky Security:

1. Run the setup.exe file included in the Kaspersky Security distribution package.

   The Setup Wizard will run.

2. Follow the Setup Wizard instructions.

When the Setup Wizard is complete, Kaspersky Security will be installed.

During Kaspersky Security installation, the Setup Wizard adds the account of the computer running the installation to the KSH Administrators group in Active Directory. You will have to add the computer account to the KSH Administrators group if you need to manage Kaspersky Security through Kaspersky Security Center.

Step 1. Viewing the License Agreement

The End User License Agreement is an agreement between the application user and AO Kaspersky Lab. By selecting the I accept the terms of the License Agreement check box, you are confirming that you read the End User License Agreement and accepted its terms and conditions. You can print the text of the License Agreement by clicking the Print button.

After you accept the License Agreement, you can proceed to the next step of the Setup Wizard by clicking the Next button.

Step 2. Selecting the type of installation

You can select one of the following application installation types:

• Typical. By default, the application installs two Kaspersky Security components: Security Server and Management Console. The DLP Module will not be installed. The application files will be copied to the default application installation folder and the default data storage folder. If you select this installation type, the Wizard proceeds to Creating the database.
• Custom. You can manually select the application components that will be installed on your computer, as well as specify the application installation folder and the data storage folder. If you select this installation type, the Wizard proceeds to Select components.

Step 3. Selecting components and configuring component installation

At this step, you can select the application components that you need to install. Click to add or exclude an application component to be installed on your computer. The following options are available for component installation:

• Management Console, Security Server, and DLP Module (see the figure below)

  

  Component tree appearance with all the application components installed

• Management Console and Security Server (see the figure below)

  

  Component tree appearance with the DLP Module excluded from installation

• Management Console (see the figure below)

  

  Component tree appearance with Security Server excluded from installation

  The Management Console can be installed on a different computer for remote management of a Security Server of Kaspersky Security.

To configure component installation:

1. In the Destination folder field, specify the path to the application installation folder. You can specify a path manually, or select one by clicking the Browse button.

   By default, the application will be installed to C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security for SharePoint Server\.

2. In the Data storage folder field, specify the path to the folder, which will store application logs and databases. You can specify a path manually, or select one by clicking the Browse button.

   By default, the application will save data to C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security for SharePoint Server\data\.

   If you need to discard the settings you defined and return to the default settings, click the Reset button.

3. Click the Disk Usage button if you want to view information about free space available on local drives required to install the selected components.

   The window that opens displays information about local drives.

To continue to the next step of the Setup Wizard, click the Next button.

Step 4. Creating a database on an SQL server

To create a database on an SQL server:

1. In the Name of SQL server field, specify the name (or IP address) of the computer with SQL server installed, and the name of the SQL server, for example, MYCOMPUTER\SQLEXPRESS.

   Click the Browse button located next to the Name of SQL server field to select SQL servers that are available in the network.

   If the connection is to a remote SQL server, make sure that the SQL server is enabled to support TCP/IP as a client protocol.

2. In the Database name field, specify the name of the database where the application will store Backup data, statistics, and application configuration details.

   The user account that starts the Setup Wizard must have the rights to prepare the SQL database.

   You can use any of the following databases for handling the application:

   • Database created in advance by the SQL server administrator;
   • Database created automatically by the Setup Wizard

   When installing Kaspersky Security on a SharePoint server farm, you have to ensure integration of all servers on which the application is installed with the same SQL database. To this end, identical values must be specified in the Name of SQL server and Database name fields when you install the application on all farm servers.

3. In the Additional connection parameters field, specify the additional settings for connecting the Backup and statistics database to the SQL server.

   Optional field. For a description of the SQL server connection string settings, you can refer to the Microsoft website via the following link: connection string settings. After installation, you can also edit the connection string settings in the configuration file.

   Example:

   • Connection Timeout=30;Integrated Security=SSPI; MultiSubnetFailover=true

   In the Additional connection parameters field, it is not recommended to specify the Data Source and Database settings because they are defined in the Name of SQL server and Database name fields.

4. To finish the database configuration and proceed to the next step of the Setup Wizard, click the Next button.

Kaspersky Security does not provide channel encryption during data transmission between the server and the SQL database. To secure your data, manually encrypt data to be transmitted over communication channels.

Step 5. Configuring a user account for running Kaspersky Security services

For a proper functioning of the application, the user account under which Kaspersky Security services will be run must have required rights.

To configure a user account for running Kaspersky Security services,

specify the name and password of a user account in the Account and Password fields in the Setup Wizard window, or select a user account by clicking the Browse button.

To proceed to the final step of the Setup Wizard, click the Next button.

Step 6. Starting the application installation

To start installation of the application,

click the Install button.

It will initiate copying of the application files to the computer and registration of the components in the system. Once the files are copied and the components are registered, the Setup Wizard will display a notification informing about completion of the application installation.

To finish the application installation,

click the Next button.

The application installation is finished, and the Setup Wizard window closes.

If the application is installed on a standalone SharePoint server or the first server in a SharePoint farm, the Configuration Wizard starts automatically. The Configuration Wizard allows you to specify the initial application settings: activate the application, enable SharePoint server protection, and configure application database updates.

Changes in the system after installing the application

When Kaspersky Security is installed on the computer, the following changes are made:

• Kaspersky Security folders are created.
• Kaspersky Security are registered.
• Kaspersky Security keys are registered in the system registry.

In special cases, the application behavior can be modified by means of configuration files that need to be saved in the application folder. Contact Technical Support for more details.

Kaspersky Security folders

Kaspersky Security folders created on the computer

Kaspersky Security services

Kaspersky Security services

System registry keys

System registry keys

Page top

Getting started

If the application was installed on a standalone SharePoint server or the first server in a SharePoint farm, the Application Configuration Wizard starts automatically after the Setup Wizard has finished.

The Configuration Wizard allows you to specify the initial application settings: activate the application, enable SharePoint server protection, and configure application database updates.

If you are installing the application on the remaining servers of a SharePoint farm, the Application Configuration Wizard will not be started. Kaspersky Security on these SharePoint farm servers uses the settings defined in the Application Configuration Wizard during setup on the first server of the SharePoint farm.

You can close the Application Configuration Wizard by clicking the Cancel button in the welcome window of the Application Configuration Wizard, and perform the necessary configuration after starting Kaspersky Security.

Step 1. Activating the application

To activate the application:

1. Click the Add button in the Application Configuration Wizard.
2. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

   The key corresponding to the license that entitles the owner to use the entire functionality of Kaspersky Security for the specified time period will be added in the product then.

   The key added during installation on the first SharePoint farm server is automatically used to install the application on subsequent SharePoint farm servers.

To remove the key,

click the Delete button in the Application Configuration Wizard.

Step 2. Enable Anti-Virus protection

To configure the anti-virus protection settings for a SharePoint server or servers:

1. Select the Enable anti-virus protection check box to enable anti-virus scanning of files as they are uploaded to the server or downloaded from the server to the user's computer.

   If, when configuring the application on the first server of a SharePoint farm, you enable protection of this SharePoint server, protection of the remaining servers in the same SharePoint farm will automatically be enabled immediately after Kaspersky Security installation is complete on those servers.

2. Select the Enable automatic database updating check box if you want the application to update the anti-virus databases automatically as scheduled, or clear the check box if you want to run updates of the databases manually.

Step 3. Participating in Kaspersky Security Network

In the Use of Kaspersky Security Network window, you can view the Statement on the use of Kaspersky Security Network services for protection of your computer.

Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky Lab's online knowledge base with information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Lab applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives.

To participate in Kaspersky Security Network,

select the I accept the Kaspersky Security Network Statement and want to use KSN services for protection check box if you have read the KSN Statement and accepted all of its conditions.

Step 4. Configuring the proxy server settings

In the Configuring proxy server to retrieve updates and connect to Kaspersky Security Network window of the Application Configuration Wizard, you can define the proxy server settings for Kaspersky Security.

To configure the proxy server settings, perform the following steps:

1. Select the Use proxy server check box if you want the application to connect to Kaspersky Lab update servers via a proxy server.
2. Specify the proxy server address in the Proxy server address field.
3. Specify the proxy server port number in the Port field.

   The default port number is 8080.

4. If a password is required to access the proxy server, specify the proxy user authentication settings. To do this, select the Use authentication check box and fill in the Account and Password fields.

   The application uses the specified proxy server to retrieve updates and connect to Kaspersky Security Network

To finish configuration of the application and proceed to the final step in the Configuration Wizard, click the Next button.

Step 5. Completing application configuration

To stop the application configuring:

1. If you want Kaspersky Security Management Console to run automatically after closing the Configuration Wizard, leave the Start Management Console after the Application Configuration Wizard finishes check box selected.
2. To finish the configuration of the application and exit the Configuration Wizard, click the Finish button.

   The Configuration Wizard closes. If the Start Management Console after the Application Configuration Wizard finishes check box has been selected, Management Console starts as soon as the Configuration Wizard closes.

Restoring the application

If the application malfunctions (due to a damaged executable file of the application or the application databases, or a fault in the operation of VS API interceptor), you can restore the application using the Setup Wizard.

During restoration, the installer replaces the executable files and libraries used by Kaspersky Security with the files contained in the Distribution, application databases – databases in the Distribution, and replaces the registration of VS API interceptor.

The application's configuration and event logs are saved during the restoration process.

To restore Kaspersky Security:

1. Launch the setup.exe file from the application distribution package.

   This opens the welcome window of the install package.

2. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window to launch the Setup Wizard.
3. Click the Next button in the welcome screen of the Setup Wizard.

   This opens the Modify, recover, or remove application window.

4. In the Change, Repair or Remove the application window, click the Restore button.

   This opens the Restore window.

5. In the Restore window, click the Repair button.

   The process to replace the executable files, libraries, and databases of the application and register VS API interceptor begins.

Restoration of the application will not be possible if its configuration files are damaged. Removing and reinstalling the application is recommended in that case.

Removing the application

You can delete Kaspersky Security from the computer using:

• Standard Microsoft Windows tools to install/uninstall applications.
• Using the Setup Wizard.

To uninstall Kaspersky Security from the SharePoint farm, the application must be deleted from each SharePoint farm server.

To uninstall Kaspersky Security using the Setup Wizard:

1. Launch the setup.exe file from the application distribution package.

   This opens the welcome window of the install package.

2. Click the Kaspersky Security 9.0 for SharePoint Server link in welcome window of the install package to launch the Setup Wizard.

   This opens the start window of the Setup Wizard.

3. In the start window of the Setup Wizard, click the Next button.
4. In the Modify, recover, or remove application window click the Remove button.
5. In the Remove window, confirm your choice by clicking the Remove button.

   The process of removing application files from the computer and unregistering application components begins.

6. If you are removing the application from a standalone SharePoint server or from the last server of a SharePoint farm, once the files have been removed a window appears prompting you to delete the application database. Select one of the following operations in this window:
   • If you want to delete the database containing the application configuration, Backup and statistical data, click Yes.

     To delete the database, the account under which the removal process is running must possess the db_owner role for this database. If the account does not possess this role, in the window that appears clickNo. When Kaspersky Security is uninstalled, you need to delete the database manually.

   • If you choose not to delete the database so that you can use the database for a future re-installation of the application, click the No button.

Administration

This Help section is intended for specialists who perform Kaspersky Security installation and administration, as well as for those who provide technical support to organizations that use Kaspersky Security.

Information in this section is arranged in accordance with the interface of Kaspersky Security Management Console.

Working with personal data of users

Kaspersky Security processes the following personal data of users to perform its basic functions:

• Active Directory accounts.

  The application checks Active Directory accounts to implement the role-based user access control for the application features and services.

• Contents of files downloaded from / uploaded to SharePoint servers, and contents of blogs and wiki pages on SharePoint.

  The application checks the listed objects to provide anti-virus protection, anti-phishing protection, content filtering, and data leak prevention in accordance with the defined settings.

  The original objects that have triggered one of the protection components are saved in the application database. This enables to restore deleted objects via Backup.

  Texts contained in processed objects may be saved on the Security Server if the administrator has enabled detailed logging of events to application logs. This information can be used to provide technical support.

• Metadata of Backup objects.

  The metadata of objects that have triggered one of the protection components is saved in the application database. This enables to restore deleted objects via Backup.

  Metadata of objects may be transmitted to Kaspersky Security Center as part of information on application events if your organization uses this software solution.

  Metadata of objects is also saved in the application log, which is required for provision of technical support.

  Metadata of Backup objects may contain the following personal data of users:

  • Account name and user name of the user who performed the operation that resulted in the file being placed in Backup.
  • Account name and email address of the file creator.
  • Account name and email address of the user who made the latest modifications to the file.
  • File name
  • File path.

  The listed data is also saved in the file named backup.csv when the list of Backup objects is exported.

• Email addresses of the recipients of notifications and reports.

  The email addresses of the recipients of notifications and reports about application operation are saved in the application database along with other values of protection settings.

• Details of incidents associated with the violation of data leak prevention (DLP) policies.

  Details of incidents are stored in the application database and logs.

  Depending on the defined settings, incidents may contain personal data of any type. By default, the "Statistics by users" report indicates the names of user accounts that have violated DLP policies.

• Personal data contained in application settings.

  Application settings are saved in the application database, in application logs, and in the Windows Event Log. Depending on the modifications that were made, this information may contain the following personal data of users:

  • Account names of users who modified application settings.
  • Account names, email addresses, and user names of users who performed actions with files or web objects of SharePoint.
  • Account names of users for whom DLP policies have been set, and of users who have been excluded from a policy scope.
  • Any other personal data specified by the security officer in the settings of DLP categories and policies.
• Organization representative information.

  Information on the contact person of the organization that signed the End User License Agreement is used to validate the license. Depending on the application configuration, such information is stored either in Active Directory or locally on the Security Server.

The table below presents the specifics of storing the listed data.

Specifics of storing personal data of users in Kaspersky Security

You can restrict handling of personal data of users by the application as follows:

• Change the storage term for application logs.
• Configure automatic purging of Backup or manually purge it when necessary.
• Remove objects from Backup.
• Monitor the list of recipients of notifications and reports about application operation.
• Monitor the operation of the DLP Module.
• If you need to change the contact person of your organization, please contact the license provider.

Role-based access restriction in Kaspersky Security for SharePoint Server

Kaspersky Security for SharePoint Server allows you to apply role-based access to manage users. A unique group of access rights corresponds to each of the roles in Kaspersky Security. Roles allow you to grant users rights to use Kaspersky Security depending on their respective tasks.

A role is assigned to a user by adding the user account to an Active Directory group. A user can combine multiple roles. In this case, the account must be added to the Active Directory groups, which correspond to those roles. The user will be granted access rights in accordance with the roles assigned.

The table below shows the names and descriptions of roles, names of Active Directory groups corresponding to those roles, and a list of nodes, which are displayed in the Management Console for each role.

Description of roles in Kaspersky Security

You can create Active Directory groups manually before installing Kaspersky Security. If the account under which Kaspersky Security is being installed, has the rights to create groups in Active Directory, groups will be created automatically when installing the application. In this case, the user account under which the application is installed will be automatically added to the Ksh Administrators and Ksh Security Officers groups. If groups are automatically created in Active Directory, the Ksh Administrators group has rights to edit Ksh AV Security Officers and Ksh AV Operators.

Role assignment in Kaspersky Security through Active Directory groups applies to all servers of the SharePoint farm.

Modifying the additional settings of the SQL server connection string

You can change the additional settings of the SQL server connection string. When the application is installed, data in the SQL server connection string is saved in the following configuration file in XML format:

<application setup folder>\Configuration\BackendDatabaseConfiguration2.config

To change the additional settings of the SQL server connection string:

1. Open the SQL server configuration file in a text editor.
2. Find the tag named AdditionalConnectionParameters.

   When the application is installed, the value of this setting is automatically defined by the application based on the information provided by the administrator.

3. Use the text editor to make the necessary changes to the SQL server connection settings.

   For a description of the SQL server connection string settings, you can refer to the Microsoft website via the following link: connection string settings.

   In the Additional connection parameters field, it is not recommended to define the SqlServerName and DatabaseName settings because they are already defined in the Name of SQL server and Database name fields.

4. Save the file.

Changes made to the configuration file become effective within one minute.

Application licensing

This section provides information about general concepts related to the application licensing.

About the End User License Agreement

The End User License Agreement is a binding agreement between you and Kaspersky Lab AO, stipulating the terms on which you may use the application.

Carefully review the terms of the License Agreement before using the application.

You can view the terms of the License Agreement in the following ways:

• During installation of Kaspersky Security.
• By reading the license.txt file. This file is included in the application's distribution kit.

By confirming that you agree with the End User License Agreement when installing the application, you signify your acceptance of the terms of the End User License Agreement. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application.

About the license

A license is a time-limited right to use the application, granted under the End User License Agreement.

A license entitles you to the following kinds of services:

• Use of the application in accordance with the terms of the End User License Agreement
• Technical support

The scope of services and application usage term depend on the type of license under which the application is activated.

The following license types are provided:

• Trial – a free license intended for trying out the application.

  A trial license is of limited duration. When the trial license expires, all Kaspersky Security features become disabled. To continue using the application, you need to purchase a commercial license.

  You can activate the application under a trial license only once.

• Commercial – a pay-for license that is provided when you buy the application.

  When the commercial license expires, the application continues running with limited functionality (for example, Kaspersky Security database updates are not available). To continue using Kaspersky Security in fully functional mode, you must renew your commercial license.

We recommend renewing the license before its expiration to ensure maximum protection of your computer against security threats.

About the license certificate

License Certificate is a document provided together with a key file or activation code.

The License Certificate contains the following license information:

• Order ID;
• Details of the license holder
• Information about the application that can be activated using the license
• Limitation on the number of licensing units (devices on which the application can be used under the license)
• License start date
• License expiration date or license validity period
• License type.

About the key

A key is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement. A key is generated by Kaspersky Lab.

You can add a key to the application by using a key file. After you add a key to the application, the key is displayed in the application interface as a unique alphanumeric sequence.

Kaspersky Lab can black-list a key over violations of the End User License Agreement. If the key has been black-listed, you have to add a different key to continue using the application.

A key may be an "active key" or an "additional key".

An active key is the key that is currently used by the application. A trial or commercial license key can be added as the active key. The application cannot have more than one active key.

An additional key is a key that entitles the user to use the application, but is not currently in use. An additional key automatically becomes active when the license associated with the current active key expires. An additional key may be added only if the active key is available.

A key for a trial license can be added only as the active key. A trial license key cannot be installed as the additional key.

About the key file

A key file is a file with the .key extension that you receive from Kaspersky Lab. Key files are designed to activate the application by adding a key.

You receive a key file at the email address that you provided when you bought Kaspersky Security or ordered the trial version of Kaspersky Security.

You do not need to connect to Kaspersky Lab activation servers in order to activate the application with a key file.

You can recover a key file if it is accidentally deleted. You may need a key file to register with Kaspersky CompanyAccount.

To recover a key file, do one of the following:

• Contact the license seller.
• Obtain a key file on the Kaspersky Lab website based on your existing activation code.

About data provision

To increase the protection level, by accepting the terms of the License Agreement, you agree to provide the following information to Kaspersky Lab in automatic mode:

• Details of the currently used license;
• Data on the Kaspersky Security version currently in use.

When you participate in Kaspersky Security Network, information obtained as a result of the Kaspersky Security operation is automatically sent from the computer to Kaspersky Lab. The list of data sent is given in the Kaspersky Security Network Statement. You can read the terms of the Kaspersky Security Network Statement in the following ways:

• By clicking the KSN Participation Agreement link in the Settings node.
• By reading the ksn_agreement.rtf document located in the application installation folder.

Participation in Kaspersky Security Network is voluntary. You can opt out of participating in Kaspersky Security Network at any time. No personal data of the user is collected, processed, or stored.

Kaspersky Lab protects any received information pursuant to the legal requirements and effective Kaspersky Lab rules.

Kaspersky Lab uses any collected information in depersonalized format and as general statistics only. General statistics are automatically generated using collected original information and do not contain any private data or other confidential information. Originally collected information is cleared as it is accumulated (once per year). General statistics are stored indefinitely.

Activating Security Server

Security Server activation lets you use the full functionality of Anti-Virus protection and Content filtering and update application databases. Security Server is activated by adding a key for Security Server.

To activate Security Server:

1. Open Management Console.
2. In the Management Console tree of nodes, select the Licensing node of the relevant server.
3. In the Active key section, click the Add button.
4. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

The application adds the Security Server key corresponding to the license. The appearance of the Active key section changes. The section displays the following information:

• Key status. Details of the active Security Server key.
• Key. A unique alphanumeric sequence required to receive technical support from Kaspersky Lab.
• License type. Trial or commercial.
• Representative. Name of the representative of the company that executed the agreement to purchase the application.
• Users. The maximum number of employees with access to the SharePoint server protected by the application.
• Expiration date. The date when the Security Server license expires.

If Kaspersky Security is installed on a standalone SharePoint server, the key status details are displayed in the Licensing section in the workspace of the Control Center (<Server name>) node.

Activating the DLP Module

DLP Module activation enables the security officer to use the full functionality of the DLP Module and manage Data Leak Prevention. The DLP Module is activated by adding a key for the DLP Module.

The DLP Module can be activated after activating Security Server. The DLP Module key validity period may not exceed the Security Server key validity period.

To activate the DLP Module:

1. Open Management Console.
2. In the Management Console tree of nodes, select the Licensing node of the relevant server.
3. In the Active key of DLP Module section, click the Add button.
4. In the window that opens, specify the path to the key file (a file with the .key extension) and click the Open button.

The application adds the DLP Module key corresponding to the license.

The appearance of the Active key of DLP Module section changes. The section displays the following information:

• Key status. Details of the active DLP Module key.
• Key. A unique alphanumeric sequence required to receive technical support from Kaspersky Lab.
• License type. Trial or commercial.
• Representative. Name of the representative of the company that executed the agreement to purchase the application.
• Users. The maximum number of company employees with access to management of Data Leak Prevention.
• Expiration date. DLP Module license expiration date.

Information on the DLP Module license is displayed in the Control Center node on all servers.

Application functionality is limited when the DLP Module license expires. The application stops scanning files in real time as they are uploaded to SharePoint, creating new incidents, and searching for data belonging to specific categories. The security officer can view information about previously created incidents, create categories, policies and reports. After the Security Server license has expired, the application stops updating DLP Module databases.

Replacing a key

You can replace an active key or additional key with a key that has a longer validity period or a key that allows a greater number of users of Kaspersky Security (if any).

Replacing an active key does not interfere with on-access scans, on-demand scan tasks, or database updates.

To replace the active key for Kaspersky Security:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
2. In the workspace, click the Replace button.
3. In the displayed File name dialog specify path to the key file (file with the .key extension) and click Open.

To replace an additional key:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
2. In the workspace, in the Additional key section, click the Replace button.
3. In the displayed File name dialog specify path to the key file (file with the .key extension) and click Open.

Removing a key

To remove a key for Kaspersky Security:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Licensing node.
2. In the workspace of the Active key or Additional key section, click the Delete button.

If Kaspersky Security is installed on a SharePoint farm and a key is removed from one SharePoint server within the farm, the key is also removed from all servers of the SharePoint farm.

Licensing node

Show all | Hide all

The Licensing node displays information about the license of Kaspersky Security. In this node, you can activate the application and renew your license.

The Active key section displays information about the current license. If you did not complete activation when preparing the application for use, you can select a key file to activate the application by clicking the Add button.

This section shows information about the key status, license type, expiration date, the company's representative who executed the agreement to purchase the application, and the maximum number of users of the application. In this section, you can also replace or delete the active key.

Replace

Delete

The Additional key section allows adding a key that entitles you to use the application but is not currently in use.

Add

The Active key of DLP Module section is displayed if the DLP Module component is installed. This section lets you add a key for activation of the DLP Module. If a key has already been added, the section shows information about the key status, license type, expiration date, the company's representative who executed the agreement to purchase the application, and the maximum number of users of the application.

Add

Starting Management Console

The services of Kaspersky Security start automatically during the operating system start-up. Management Console is started manually.

To start Management Console, perform the following steps:

1. In the Start menu select Programs.
2. Select the Kaspersky Security 9.0 for SharePoint Server folder in the list of programs.
3. Select Kaspersky Security 9.0 for SharePoint Server in the menu.

When the Management Console starts, the Kaspersky Security snap-in connects to the Microsoft Management Console. The Management Console tree then displays an icon for the application and a node named Kaspersky Security 9.0 for SharePoint Server.

When Management Console is running, you can add servers on which the Security Server component has been installed (hereinafter referred to as "Protected servers") to Management Console.

The application records information about the starting or closing of Management Console to the Windows Event Log.

Kaspersky Security 9.0 for SharePoint Server node

Show all | Hide all

The Kaspersky Security 9.0 for SharePoint Server node displays information about the current version of the application and its purpose. In this node, you can view the list of SharePoint servers that have been added to the Management Console, as well as add new servers and proceed to servers in the Console tree.

In the Protected servers section, you can add to Management Console the SharePoint server on which Security Server has been installed (hereinafter referred to as protected SharePoint server or simply protected server). After adding a protected server, you can add other ones or proceed to that server's protection settings.

Add server

The Added servers list displays the names of protected SharePoint servers that have been added to Management Console. Clicking the <Server name> button takes you to the Control Center node of the selected Server in Management Console.

Adding protected servers to Management Console

To add protected servers to Management Console:

1. Start Management Console.
2. Select in Management Console tree the node of Kaspersky Security 9.0 for SharePoint Server.
3. In the workspace, click the Add server button.
4. Select the appropriate option in the displayed dialog Add server:
   • Local. The application adds to Management Console the SharePoint server on which Management Console and Security Server are installed. This is the default option.
   • Remote. The application adds to Management Console the SharePoint server on which Security Server is installed. If you select this option, use one of the following methods to specify the server name:
     • Click Browse and select the computer from the list in the window that opens.
     • Enter the server name manually as an IP address (in IPv4 or IPv6 notation) or DNS name.
5. Click the OK button.

The server will be added to Management Console and shown in the nodes tree.

If Kaspersky Security is installed on a farm of SharePoint servers, you can add any server of the farm to Management Console.

Add server window

Show all | Hide all

In the Add server window, you can select the protected SharePoint server that will be added to Management Console.

Local

Remote

Default protection

The protection status of the SharePoint server depends on the settings defined in the Application Configuration Wizard during installation. A detailed description of the Application Configuration Wizard is provided in the Installation Guide for Kaspersky Security 9.0 for SharePoint Server.

If the Enable Anti-Virus protection check box was selected in the Application Configuration Wizard during setup on the first SharePoint server, the application components are launched in the following mode at application startup:

• On-access scan:
  • Anti-Virus scan is enabled;
    • Action on infected and probably infected files: Disinfect;
    • Action on corrupted files and password-protected files: Skip;
  • Content filtering is enabled.
• On-demand scan:
  • On-demand scan tasks are not created. On-demand scan is not performed.

If the Enable Anti-Virus protection check box was cleared during application installation, the Anti-Virus scan and Content filtering components are disabled at application startup, and on-demand scanning is not performed.

If an application that collects information and sends it to be processed is installed on your computer, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from scanning by configuring Kaspersky Security as described in this document.

Viewing SharePoint server protection status details

The Information about server protection section shows the application version and the status of anti-virus scanning and Content Filtering. Available values:

• Enabled. Anti-Virus protection / Content filtering is enabled in the On-access scan node of Management Console and is working correctly on all SharePoint farm servers.
• Disabled. Anti-Virus protection / Content filtering is disabled
  on all SharePoint farm servers.
• Protection errors. Errors detected in the operation of Anti-Virus protection / Content filtering on at least one of the SharePoint farm servers.
• Unknown. The status of anti-virus protection / Content filtering on at least one of the SharePoint farm servers is unknown.

The section contains a description of any errors that occur.

Information about server protection

The Protection of farm servers section shows the current version of the application and the status of its components. The following component statuses are possible:

• Enabled. The component is enabled and runs correctly on all SharePoint farm servers.
• Disabled. The component is disabled on all the servers in the SharePoint farm.
• Protection errors. Errors have been detected in the operation the component on at least one of the SharePoint farm servers. The section contains a description of any errors that occur.
• Unknown. The status of Anti-Virus protection / Content filtering on at least one of the SharePoint farm servers is unknown.

Anti-virus settings of SharePoint

The Anti-Virus settings of SharePoint section displays information about the scan settings configured on the SharePoint server. If anti-virus protection is disabled on the SharePoint server, Kaspersky Security does not perform Anti-Virus scanning and Content filtering in real time.

Application licenses

Depending on the application components installed on the SharePoint server, the workspace may display the following sections with licensing information:

• Security Server license;
• DLP Module license.

The Key status field displays the details of the active key. Available field values:

• Current license. A key has been added, and the license has not expired.
• Errors on some farm servers. Licensing errors or violations have been detected on at least one of the SharePoint farm servers (for example, a key is missing or blacklisted). The error description is displayed in red, and the section itself is highlighted in orange.
• No key has been added. Licensing subsystem type: ##licensingSubsystemType##. No key has been added, and Management Console is deployed on a standalone SharePoint server.

The Expiration date field displays the expiration date of the license.

If the number of days remaining on the license is less than the number of days specified in the Notifications node, the expiration date in the field is displayed in red. You are advised to add an additional key in the Licensing node before the current license expires.

The Additional key field contains information about the availability of an additional key. Available values:

• Added. An additional key has been added, and the validity period of the active key has not expired yet.
• Not added. One of two possibilities:
  • an additional key is not added;
  • an additional key is installed, but the active key has expired.

The Number of users field contains information about the maximum number of company employees with access to a SharePoint server protected by the application.

The Functionality field contains information on available application features. Available field values:

• Full functionality. No limitations are imposed on the operation of Kaspersky Security.
• The license expired. Database updates and technical support are not available. The application does not update Anti-Virus protection, Content filtering, and DLP Module databases. You have to replace the key to be able to download the current databases.
• Management only. No key is installed, or the trial license has expired. Only management of Kaspersky Security is available. Anti-Virus protection and Content filtering are not performed, and updates are not available.
• Update only. The key is in the black list. Only database updates are available. Anti-virus scanning and content filtering are not performed.

Protection of SharePoint farm servers

The Protection of farm servers section displays information about the current protection status of servers in the SharePoint farm.

SharePoint farm servers that have not accessed the database within the past 60 seconds are considered inactive by the application. The number and list of such servers are shown in this section. Detailed information about why the database was not accessed is displayed in a table on the List of farm servers tab.

If Kaspersky Security is installed on a standalone SharePoint server, the Protection of farm servers section is not displayed in the workspace of the Control Center (<Server name>) node.

Database update

The Database update section shows information about the current state of the anti-virus databases, the date of the last update, and the number of records in the databases.

The Status field displays information about the status of databases currently in use by Kaspersky Security.

If Kaspersky Security is installed on a SharePoint farm, the Status field can take the following values:

• Databases are up to date on all farm servers. Databases used on all SharePoint farm servers were updated in the past 24 hours and are not corrupted.
• Databases outdated on some farm servers. Databases were not updated in the past 24 hours.
• Databases corrupted on some farm servers. Databases are missing or corrupted, and cannot be read by the application on at least one SharePoint farm server.

If Kaspersky Security is installed on a standalone SharePoint server, the Status field can take the following values:

• Databases are up to date. Databases were updated in the past 24 hours and are not corrupted.
• Update required. Databases were not updated in the past 24 hours.
• Databases corrupted. Databases are missing or corrupted and cannot be read by the application.

The Last update status field displays the date and result of the most recent update of the databases. If an error occurred during the last database update, the field contains a description of the error. In this case, the Database update section is highlighted in orange, and the description of the error is displayed in red.

If Kaspersky Security is installed on a standalone SharePoint server, the section displays the Last update field, which contains the date and time of the most recent attempt to update the databases.

The Release date and time field shows the release date of the earliest database on all SharePoint farm servers. If the databases are out of date, the date is displayed in red. In this case, it is recommended that you go to the Updates node and update the application databases.

The Number of records field contains information about the total number of records in the databases on the server since the time of the first update.

Statistics

The Statistics section contains statistics on the application's operation for the last week. The graph presents the following information about the number of positives returned by application components, the number of threats detected, files blocked, and clean files:

• ANTI-VIRUS PROTECTION:
  • Total files. The total number of files that are infected, probably infected, corrupted, password-protected, or clean, and files that returned an error during Anti-Virus scanning.
  • Threats. The number of malicious objects detected in scanned files.
  • Excluded. The number of files excluded from the scan scope.
  • Non-infected. The number of files scanned by the application and recognized as not infected.
  • Other. Files that do not match any other categories. The group includes, for example, files not scanned because of key errors or files that have caused errors while being processed.
• CONTENT FILTERING:
  • Total. The total number of files and SharePoint web objects that caused content filtering incidents (by content, by file type and format, and masks of unwanted file names, files with Non-infected status, and files that returned content filtering errors).
  • Files with unwanted content. The number of files found by Content filtering to contain unwanted words or phrases included in Kaspersky Lab categories and custom categories. You can configure custom categories in Content filtering settings.
  • Web objects with unwanted content. The number of SharePoint web objects that have been found by Content Filtering to contain unwanted words or phrases included in Kaspersky Lab categories and custom categories, and the number of web objects found to contain malicious or phishing URLs.
  • Files in unwanted formats. Number of files in unwanted formats.
  • Found clean. The number of files that are free from unwanted content (with the names and formats not matching the specified masks of unwanted file names and formats), malicious or phishing URLs.
  • Other. Files that do not match any other category including files unprocessed because of errors.

Control Center node

In the Control Center node, you can view the details of the protection status of a server or a farm of SharePoint servers.

The workspace of this node displays the Events and statistics and List of farm servers tabs, depending on the schemes for deployment of Kaspersky Security on the organization's network. The List of farm servers tab is displayed if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

Events and statistics tab

Show all | Hide all

The Events and statistics tab displays summary information about the protection status of a server or a farm of SharePoint servers, about the application components, as well as the application operation statistics for the last week.

The Protection of farm servers section displays the current version of the application, the statuses of the application subsystems (i.e., anti-virus protection and content filtering) and the DLP Module component.

• Enabled. This component / subsystem is enabled and operates properly on a server or a farm of SharePoint servers.
• Disabled. This component / subsystem is disabled on a server or a farm of SharePoint servers.
• Protection errors. Errors have been detected in the operation of this component / subsystem on at least one of the SharePoint servers. The section contains a description of any errors that occur.
• Unknown. The status of the subsystems on one of the SharePoint servers is unknown.

Real-time protection settings

The Anti-Virus settings of SharePoint section displays information about the anti-virus settings of SharePoint. The operation of Kaspersky Security in on-access scan mode depends on the anti-virus settings defined on SharePoint.

For example, if the scanning of files downloaded from SharePoint websites to a computer is disabled in the anti-virus settings of SharePoint, Kaspersky Security will not be able to scan those files.

Define anti-virus settings of SharePoint

The workspace displays the Security Server license section (always) and DLP Module license section (if components such as Security Server and DLP Module have been installed on the SharePoint server). The Security Server license and DLP Module license sections provide information about the status of the key for corresponding components, the license expiration date, as well as the number of users and availability of an additional key (added or not added).

If any key-related errors occur, the sections display information about those errors

Manage keys

The Database update section shows information about the current status of the anti-virus databases, their latest update, the number of records in the databases, as well as information about update-related errors.

Update settings

The Protection of farm servers section contains information about the current protection status on the farm of SharePoint servers. If Kaspersky Security is installed on a stand-alone SharePoint server, the Protection of farm servers section is not displayed.

List of farm servers

The Statistics section contains statistics on the application's operation for the last week. The charts present information about the number of positives returned by the application components, the number of threats detected, files blocked, and non-infected files.

Reports

List of farm servers tab

Show all | Hide all

The List of farm servers tab displays a table with a list of protected SharePoint servers included in the farm, as well as information about the protection status and the update status of Kaspersky Security databases on all of the servers.

Delete servers

Manage keys

Update settings

Participating in Kaspersky Security Network

To protect SharePoint servers more effectively, Kaspersky Security uses data that is collected from users around the globe. Kaspersky Security Network is designed to process such data.

Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky Lab's online knowledge base with information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Lab applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives.

Your participation in Kaspersky Security Network helps Kaspersky Lab to gather real-time information about the types and sources of new threats, develop methods of neutralizing them, and reduce the number of false alarms. Participation in Kaspersky Security Network also lets you access reputation statistics for applications and websites.

When you participate in Kaspersky Security Network, certain statistics are collected while Kaspersky Security is running and are automatically sent to Kaspersky Lab. This information makes it possible to keep track of threats in real time. Also, additional checking at Kaspersky Lab may require sending files (or parts of files) that are imposed to an increased risk of being exploited by intruders to do harm to the user's computer or data.

Participation in Kaspersky Security Network is voluntary. To start using Kaspersky Security Network, you have to accept the terms of a special agreement – the Kaspersky Security Network Statement. You can also opt out of participating in Kaspersky Security Network at any time. No personal data of the user is collected, processed, or stored by the Kaspersky Security Network services. The types of data that Kaspersky Security sends to Kaspersky Security Network are also described in the Kaspersky Security Network Statement. You can use Kaspersky Security Network services if the application license has not yet expired and the key has not been blacklisted.

KSN Protection Settings

To configure the KSN protection settings:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
2. In the Use of Kaspersky Security Network section, select the I have read the KSN Statement and accept all of the conditions therein check box if you accept all of the conditions of the Kaspersky Security Network Statement. You can view its text by clicking the KSN Participation Agreement button.
3. To use KSN cloud services for protection of SharePoint web objects, select the Use Kaspersky Security Network check box.

   Information received from Kaspersky Security Network services is used during anti-virus scans and scans of web objects for phishing threats.

4. Set the Maximum waiting time when requesting KSN. The default wait time for a response from the cloud is 10 seconds.
5. Select the Use proxy server to access KSN check box if you want to exchange information with KSN services using a proxy server.

   The way to configure the proxy server settings is described in the automatic database update configuration instructions.

6. Click the Save button.

On-access scan

On-access scan is an operation mode of Kaspersky Security in which Kaspersky Security subsystems scan objects on SharePoint servers in real time. The subsystems scan an object in the moment the SharePoint user handles it (for example, when copying it from a SharePoint server to a computer).

Each of the application subsystems performs a scan of a single type. The table lists scan types that the application performs in on-access scan mode, as well as objects to which the respective scans apply.

Processing objects in on-access scan mode

If the subsystems that scan an object detect no threats, malicious links, and unwanted content, the application allows the user to handle this object. If a subsystem detects a threat, malicious link, or unwanted content, the application performs the action that has been configured for each scan type.

Objects are scanned by subsystems one by one. If an object was blocked by the application during a scan by a subsystem, the remaining subsystems do not scan this object. If a file was blocked during an anti-virus scan, the application does not apply content filtering to this file.

If failures occur in the operation of the application subsystems, some file may remain unscanned. By default, unscanned files are skipped without being scanned. You can configure the application so that it will block all files that cannot be scanned. Contact Technical Support for additional details.

Status labels assigned to files following on-access scan

Based on the results of on-access scanning, the application assigns one of the following status labels to the file:

• Not infected. No threats detected in the file.
• Infected. A file a segment of whose code fully matches a code segment of a known threat.
• Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
• Password-protected. A password-protected archive.
• Corrupted. The file cannot be read by Kaspersky Security.

Based on the results of content filtering, the application assigns one of the following status labels to the file:

• Allowed. There is no unwanted content in the file.
• Forbidden format. The file has an unwanted format.
• Forbidden mask. The file name contains an unwanted mask.
• Forbidden content. The file has been found to contain unwanted words and phrases.

Based on the results of content filtering and phishing scanning, the application assigns one of the following status labels to the SharePoint web part:

• Allowed. The SharePoint web object does not contain unwanted content, malicious or phishing URLs.
• Forbidden content. The SharePoint web object has been found to contain malicious / phishing URLs or unwanted content.

About the restricted scan mode

If one of the scanning subsystems is freezing during an on-access scan, the application switches to the restricted scan mode by default. In this case, some objects may remain unscanned. When the application switches to the restricted scan mode, the following information is recorded to Windows Event Log:

• Date and time the restricted scan mode was enabled
• Name of the subsystem for which the mode was enabled
• Event level: Error
• Event category: Infrastructure
• Event ID: 6200

If the application switches to the restricted scan mode, the Control Center node displays a warning. For example, if a phishing scan is freezing, the following warning is displayed: Restricted scan mode enabled. Some objects can be skipped without being scanned for phishing. Information about files that have not been scanned by the application due to the restricted scan mode will be logged to the report with the Scan errors status.

The restricted scan mode does not affect on-demand scanning or data leak prevention.

The restricted scan mode can be disabled. For additional information about how to disable the restricted scan mode please contact Technical Support.

Kaspersky Security operation depending upon the SharePoint server settings

The operation of Kaspersky Security in on-access scan mode depends on the values of the anti-virus settings of SharePoint.

Anti-virus settings of SharePoint

The anti-virus protection settings of Kaspersky Security may conflict those of SharePoint. For example, if the Allow users to download infected files check box is selected in the anti-virus protection settings of SharePoint while the Block action is selected in the anti-virus protection settings of Kaspersky Security, the user will be able to download an infected file. Before downloading, the web browser window shows a warning message informing that Kaspersky Security recommends you to avoid downloading that file.

When a conflict arises between the anti-virus protection settings of Kaspersky Security and the anti-virus settings of SharePoint, the latter ones will have the higher priority.

Enabling and disabling on-access anti-virus scanning

To enable or disable anti-virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. On the General tab, perform one of the following actions:
   • Select the Enable Anti-Virus scan check box if you want the application to perform on-access anti-virus scanning of the file.
   • Clear the Enable Anti-Virus scan check box if you do not want the application to perform on-access anti-virus scanning of the file.
3. Click the Save button.

Configuring basic scan settings

To define the general settings of real-time protection:

1. In the Management Console tree, select the Server for which the real-time protection should be configured.
2. Select the On-access scan node.
3. In the workspace, select the General tab.
4. Select the Move files to backup check box if you want Kaspersky Security to add to Backup copies of files that have been blocked by Anti-Virus scanning and Content Filtering.
5. To limit the size of files to be scanned, select the Exclude from scanning any files larger than check box and specify the maximum size of files to be scanned (in MB). The default value is 10 MB.
6. Click the Save button.

Configuring object processing rules for on-access scanning

Kaspersky Security will handle infected, potentially infected, corrupted and password-protected files depending on the Anti-Virus scan settings of the SharePoint server.

To create object processing rules for anti-virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node and click the General tab in the workspace.
2. In the Anti-Virus scan section, open the Actions with infected and probably infected files dropdown list and select one of the following actions:
   • Disinfect. Kaspersky Security attempts to disinfect the file. If the file cannot be disinfected, Kaspersky Security blocks it (the file is not uploaded to the SharePoint server or downloaded from the server to the user's computer).
   • Block. Kaspersky Security blocks the file.
   • Allow. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
3. In the Anti-Virus scan section, open the Actions with password-protected files dropdown list and select one of the following actions:
   • Disinfect. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
   • Allow. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
4. In the Anti-Virus scan section, open the Actions with corrupted files dropdown list and select one of the following actions:
   • Block. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
   • Allow. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.

     If the Allow option is selected, Kaspersky Security does not take any action on the file, but assigns one of the status values to the file based on the scan results. Information about the file will be added to reports and statistics.

5. To save the changes, click the Save button.

To create object processing rules for content filtering:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node and click the General tab in the workspace.
2. In the Content filtering section, open the Actions with files that contain unwanted content dropdown list and select one of the following actions:
   • Block. Kaspersky Security blocks the file. The file cannot be uploaded to the SharePoint server or downloaded from the server to the user computer.
   • Allow. Kaspersky Security does not perform any action on the file. The file can be uploaded to the SharePoint server or downloaded from the server to the user computer.
3. To save the changes, click the Save button.

If the Allow option is selected, Kaspersky Security does not take any action on the file, but assigns one of the status values to the file based on the scan results. Information about the file will be added to reports and statistics.

Enabling and disabling on-access content filtering

To enable or disable Content Filtering:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. On the General tab, perform one of the following actions:
   • Select the Enable Content filtering check box if you want the application to perform content filtering of the file during on-access scanning.
   • Clear the Enable Content filtering check box if you do not want the application to perform content filtering of the file during on-access scanning.
3. Click the Save button.

For Content filtering to work properly, the Kaspersky Security account must have site collection administrator privileges (for all site collections) and administrator privileges for the SQL database containing the site collection.

Enabling and disabling SharePoint web object scanning

To enable or disable the scanning SharePoint web objects:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. On the General tab, perform one of the following actions:
   • Select the Scan SharePoint web content check box if you want the application to scan SharePoint web objects when they are created or modified.
   • Clear the Scan SharePoint web content check box if you do not want the application to scan SharePoint web objects when they are created or modified.

   Kaspersky Security scans SharePoint web objects if Content Filtering is enabled (the Enable Content filtering check box is selected).

   If the Scan SharePoint web content check box is selected, the application scans SharePoint web objects that are created or modified for unwanted words or phrases included in Kaspersky Lab categories and custom categories within the search scope configured in the Content filtering settings.

   On detecting unwanted content in a SharePoint web object, the application makes a corresponding record in the application log and the Windows event log. Kaspersky Security does not save the SharePoint web objects or move them to Backup. The application shows a message that such SharePoint web object cannot be saved or modified.

   If Kaspersky Security blocks a SharePoint web object under Microsoft SharePoint Server 2010, the application may fail to save the changes made to this SharePoint web object or the newly created SharePoint web object.

3. Click the Save button.

Creating on-access Anti-Virus scan exclusions

To reduce the load on the SharePoint server caused by on-access Anti-Virus scanning, you can specify file formats or file name masks to be excluded from scanning and set the maximum size of files to scan.

To exclude unwanted file formats from on-access anti-virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. In the workspace, select the Exclusions from Anti-Virus scan tab.
3. In the File formats list, select the check boxes next to the items in the file formats tree that correspond to the relevant formats.

   Make a convenient use of the tree with the Expand all and Minimize all buttons.

4. To save the changes, click the Save button.

To exclude files that match specific masks from Anti-Virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. In the workspace, select the Exclusions from Anti-Virus scan tab.
3. In the File masks list, select the check boxes next to file name masks to be excluded from the scan scope.
4. To add a mask to the list, open the Adding a file mask window by clicking the Add button, and specify the mask in the entry field. To save the mask and close the window, click OK. The mask will be displayed in the File masks field.

   If you want to define several masks, use a semicolon as a delimiter.

5. To save the changes, click the Save button.

Configuring additional settings for on-access content filtering

You can configure additional settings for on-access Content filtering: specify prohibited file formats, masks of unwanted file names, unwanted words or phrases.

To specify prohibited file formats:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. In the workspace, select the Content Filtering rules tab.
3. In the Unwanted file formats list, select the check boxes next to unwanted file formats.

   Make a convenient use of the tree with the Expand all and Minimize all buttons.

4. To save the changes, click the Save button.

To specify the masks for unwanted file names:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. In the workspace, select the Content Filtering rules tab.
3. In the Unwanted file names list, select the check boxes next to unwanted file name masks.

   In the Content filtering node you can add and edit the sets of unwanted file name masks using the Filter by masks tab.

4. To save the changes, click the Save button.

To define unwanted words and phrases:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. In the workspace, select the Content Filtering rules tab.
3. In the List of categories list, select the check boxes next to categories of unwanted words and phrases.

   You can add and edit custom categories of unwanted words and expressions in the Content filtering node using the tab Filter by keywords.

4. To save the changes, click the Save button.

On-access scan

The application scans files and web objects when they are accessed by users, i.e., when uploading files to SharePoint websites, when downloading files from SharePoint websites to the computer of a user, and when modifying web objects.

In the On-access scan node, you can enable and configure anti-virus protection and content filtering of files and web objects.

General

Show all | Hide all

On the General tab, you can configure the anti-virus protection and content filtering to perform on-access scanning. While on this tab, you can go to the website of SharePoint administration center in order to define the SharePoint anti-virus settings. The values of the anti-virus settings of SharePoint affect the application's operation.

Move files to backup

Exclude from scanning any files larger than

The Anti-Virus scan section allows enabling the anti-virus protection and configure the application's actions on files that users access.

Enable Anti-Virus scan

Actions with infected and probably infected files

Actions with password-protected files

Actions with corrupted files

The Content filtering section allows enabling content filtering, as well as configuring the application's actions on files with unwanted content.

Enable Content filtering

Actions with files that contain unwanted content

Scan SharePoint web content

Scan content of SharePoint web objects for phishing

The Anti-Virus settings of SharePoint section displays information about the anti-virus settings of SharePoint. The operation of Kaspersky Security in on-access scan mode depends on the anti-virus settings defined on SharePoint.

For example, if the scanning of files downloaded from SharePoint websites to a computer is disabled in the anti-virus settings of SharePoint, Kaspersky Security will not be able to scan those files.

Define anti-virus settings of SharePoint

Exclusions from anti-virus scan

Show all | Hide all

On the Exclusions from Anti-Virus scan tab, you can define the settings for exclusion of files from anti-virus scanning.

The File formats section displays a list of file formats grouped by type (executable files, data, multimedia, images, archives). Clicking the button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can configure exclusions from anti-virus scanning by selecting the check boxes next to relevant groups, subgroups, and specific file formats. The real-time protection settings will not be applied to files of selected formats. The application allows uploading files of specified formats to SharePoint websites, as well as downloading them from SharePoint websites to the computer.

All boxes are cleared by default.

Expand all

Minimize all

In the File masks section, you can create a list of file masks, as well as select file masks that will be used to exclude files from scanning.

If the check box is selected next to a mask, the application allows uploading to SharePoint websites files that correspond to that mask, as well as downloading such files from SharePoint websites to the computer.

Add

Change

Delete

File mask

In the entry field, you can specify / change a file mask. Use a semicolon to separate multiple masks.

Content filtering rules

Show all | Hide all

On the Content Filtering rules tab, you can create content filtering rules (such as prohibition of some words and expressions, prohibition of some file names, and blocking of specific file formats on SharePoint websites). In accordance with those rules, the application tracks unsolicited data in SharePoint files and web objects.

The List of categories section displays a list of categories of unwanted words and phrases. The list of categories is divided into the following groups:

• Kaspersky Lab categories. Preset categories of unwanted words and phrases compiled by Kaspersky Lab experts.
• Custom categories. Categories of unwanted words and phrases created by the user manually in the Content filtering node.

Clicking the button next to a group of categories expands the list of categories included in that group. You can select the check boxes for categories that will be included in a rule for prohibition of some words and expressions. In accordance with the rule, the application scans SharePoint files and web objects for unwanted words and phrases belonging to the selected categories. When handling files that contain unwanted words and phrases, the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file names section displays a list of file mask sets. You can create sets of file masks in the Content filtering node. You can select the check boxes for sets that will be included in a rule for prohibition of some file names on SharePoint. In accordance with the rule, the application checks if the names of files match the masks. When handling files that match the mask(s), the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file formats section displays a list of file formats grouped by their type. Clicking the button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can select the check boxes for file formats that will be included in a rule for prohibition of specific file formats on SharePoint websites. When handling such files, the application performs the action that has been defined on the General tab.

All boxes are cleared by default.

Expand all

Minimize all

Phishing scan

Phishing scan is a feature of Kaspersky Security designed to protect the user's personal data.

While scanning the content of SharePoint web objects, the application checks links against lists of malicious and phishing URLs.

Checking links against the list of malicious URLs allows the application to detect URLs redirecting to infected websites. Malicious URLs can be contained in the text of messages disguised as ads. The ad text prompts you to find out more about a product or service by clicking a link. The link takes you to a website with viruses, and the computer gets infected. The computer is infiltrated by viruses and malware that can access your private data and relay it to criminals.

By checking links against the list of phishing web addresses, the application is able to detect links redirecting to fraudulent websites. A phishing attack can be disguised, for example, as an email message from your bank with a link to its official website. The link takes you to an exact copy of the bank's website where you can even see the bank site's address in the browser despite actually being on a spoofed website. From this point forward, all of your actions on the site are tracked and can be used to steal your private data.

A phishing scan of SharePoint web objects detects malicious and phishing URLs embedded in the text of web objects. Malicious and phishing URLs are designed to steal your personal data or information entered in a web form. The application performs a phishing scan when a SharePoint web object is created or modified. If the phishing scan detects at least one web address appearing on lists of malicious and phishing ones, the application assigns the Phishing status to the web object.

On detecting a phishing or malicious URL in a SharePoint web object, the application performs the action configured in theContent filtering section. If the action is set to Block, the application shows a dialog saying that web content cannot be created or modified.

To protect SharePoint servers against phishing, the application uses a list of URLs of web resources that have been labeled as malicious or phishing URLs by Kaspersky Lab. The database is regularly updated and is part of the Kaspersky Security delivery kit.

For additional protection of SharePoint servers against phishing, you can use Kaspersky Security Network services that let you receive up-to-date information about threats before they are included in the anti-phishing databases of Kaspersky Lab.

Enabling and disabling Anti-Phishing scanning of web content

To enable or disable Anti-Phishing scanning of web content:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-access scan node.
2. On the General tab in the Content filtering section, perform one of the following actions:
   • Select the Scan content of SharePoint web objects for phishing check box if you want the application to scan the content of a created or modified SharePoint web object for links appearing on the lists of malicious or phishing URLs.
   • Clear the Scan content of SharePoint web objects for phishing check box if you do not want the application to scan the content of a created or modified SharePoint web object for links appearing on the lists of malicious or phishing URLs.

   Kaspersky Security scans web content for malicious and phishing links if Content Filtering is enabled (the Enable Content filtering check box is selected) and scanning of SharePoint web objects is enabled (the Scan SharePoint web content check box is selected).

   If the Scan content of SharePoint web objects for phishing check box is selected, the application checks URLs against the Kaspersky Lab database of malicious and phishing URLs when web content is created or modified. If Kaspersky Security Network is used to protect a server or servers, information about the malicious / phishing URL can be relayed to KSN services.

   On detecting a phishing threat in a SharePoint web object, the application logs information about it in Reports.

3. Click the Save button.

On-demand scan

On-demand scanning is files scanning on SharePoint servers that is performed manually or according to a schedule created in advance.

Kaspersky Security scans the following objects on-demand:

• SharePoint files;
• all SharePoint web objects (such as wiki pages and forums hosted on the SharePoint server);
• SharePoint service files.

You can perform on-demand scans simultaneously on several SharePoint servers. This will reduce scanning time considerably.

The application scans only the last versions of files and SharePoint web objects hosted on the SharePoint server.

During on-demand scanning, Kaspersky Security performs:

1. Performs anti-virus file scanning in accordance with the scan exclusions settings.
2. Searches for unwanted file formats and unwanted file names.
3. Scans files and SharePoint web objects for unwanted content.

Status labels assigned to files based on scan results

Based on the results of Anti-Virus scanning, Kaspersky Security assigns one of the following status labels to the file:

• Not infected. No threats detected in the file.
• Infected. A file a segment of whose code fully matches a code segment of a known threat.
• Probably infected. A file whose code contains a modified segment of code of a known threat, or a file resembling a threat in the way it behaves.
• Password-protected. A password-protected archive.
• Corrupted. The file cannot be read by Kaspersky Security.

Based on the results of content filtering, Kaspersky Anti-Virus assigns one of the following status labels to the file:

• Allowed. There is no unwanted content in the file.
• Forbidden format. The file has an unwanted format.
• Forbidden mask. The file name contains an unwanted mask.
• Forbidden content. The file has been found to contain unwanted words and phrases.

Based on the results of content filtering, the application assigns one of the following status labels to the SharePoint web part:

• Allowed. The SharePoint web object does not contain unwanted content.
• Forbidden content. The SharePoint web object has been found to contain unwanted content.

On-demand scan tasks

To run on-demand scan tasks, you have to configure an on-demand scan task or tasks in Kaspersky Security. You can configure anti-virus scanning and content filtering settings for each on-demand scan task, and define a schedule.

On-demand scan tasks can be run manually or scheduled to run automatically. The application generates a report with the results of each scan task.

The list of on-demand scan tasks is displayed in a table in the workspace of the On-demand scan node. The on-demand scan tasks that were not run or could not be run at the scheduled time are highlighted in red. Color highlighting is not used for other tasks.

The reasons for not running the tasks are displayed in the Status column:

• Task servers are missing. Kaspersky Security Server has been deleted from all SharePoint servers specified in the on-demand scan task settings. You can specify other servers on which the Security Server has been installed in the task settings.
• Task not executed. All SharePoint servers specified in the on-demand scan task settings were unavailable at the time scheduled for the start of the task. SharePoint server availability must be checked. You can run the task manually.

Adding an on-demand scan task

To add an on-demand scan task:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. Click the Create button in the workspace.

   This opens the Task settings window on the General tab.

3. In the Task name field, specify the name of the task. It can contain no more than 100 symbols and not use % ? ? \ | / : * < >.
4. Specify the application's actions when running this task.
   • If necessary, select the Scan modified files only check box. During repeated runs of the task, the application will scan only those files that have been modified since the previous scan.
   • If necessary, select the Move files to backup check box. When running the task, Kaspersky Security will place copies of the scanned files in Backup.
   • If necessary, select the Scan service files check box. When running the task, Kaspersky Security will scan service files of SharePoint.
5. Select the scan type for objects and configure the actions to be performed by the application during the selected type of scan:
   • Anti-Virus scan.

     To select this type of scan, select the Enable Anti-Virus scan check box and specify the action the application should perform when running the task for the following file types:

     • infected and probably infected files
     • password-protected files
     • corrupted files.
   • Enable Content filtering.

     To select this type of scan, select the Enable Content filtering check box and configure the actions to take on files containing unwanted content by selecting them from the Actions with files that contain unwanted content drop-down list. If you want the application to scan SharePoint web objects (such as wiki pages and forums hosted on a SharePoint server) with Content Filtering, select the Scan SharePoint web content check box.

6. Configure limits for running the task:
   • If you want to limit the duration of task execution, select the Use task execution timeout (h : m) check box and specify a value in the field on the right (in hours and minutes). When performing a task the application automatically stops the task after the specified time has passed. In the scroll box on the right, you can specify the maximum allowed task duration in hh:mm format. On-demand task duration limits:
     • If the task is not completed when the specified time interval expires, the application stops the task.
     • The maximum task run time is 30 minutes.
     • The default task run time is 3 hours.
     • If this check box is cleared, the task run time is unlimited.
     • The check box is cleared by default.
   • If you want to limit the duration for a scan of each individual file, select the Use object scan timeout (s) check box and enter a value (in seconds) in the field on the right. If this check box is selected, the application limits the object scan time (e.g., when scanning a file). In the spin box on the right, you can specify the maximum allowed scan time (in seconds). When the specified time expires, the application stops the object scan and proceeds to another object. Object scanning duration limits:
     • If an object scan has been stopped due to the expiration of the specified time interval, the application assigns the Not infected status to the object.
     • Possible values in this field span from 30 to 60,000 seconds.
     • The default scan timeout is 30 seconds.
     • If the check box is cleared, the object scan time is unlimited.
     • The check box is cleared by default.
7. In the workspace, select the Schedule tab.
   1. In the Schedule section, set up a schedule for the on-demand scan task:
      • If you want to run the on-demand scan task manually at your convenience, select manually.
      • If you want the on-demand scan task to run once at the specified time, select Once and specify the date and time for task start.
      • If you want the on-demand scan task to run automatically every week, select Weekly and specify the days and time for task start.

        If the Once or Weekly option is selected, the application uses the time set on the SharePoint server where the task will be run.

   2. In the Start on-demand scan tasks on the following servers section, select the check boxes next to those servers the application needs to scan on-demand.

      Default check box selections:

      • If you are using one SharePoint server, the box next to the only SharePoint server is selected by default.
      • If you are using several SharePoint servers, all boxes will be unselected by default.
8. Click the OK button.

The new task will be added to the list of tasks in the workspace of the On-demand scan node.

Starting and stopping on-demand scan tasks

To start an on-demand scan task:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. Select an on-demand scan task from the list in the workspace.
3. Click the Start button to run the on-demand scan task, or click the Stop button to stop the task.

Viewing a report on the results of an on-demand scan

To view a report on the results of an on-demand scan:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the workspace of the node in the Scan results section, you will see a list of prepared reports.
3. Select the report you need in the list and click the View button.

The report will be displayed in a new window of your browser.

Details of scan results

If you are viewing a report generated by Kaspersky Security 9.0 for SharePoint Server Maintenance Release 2, the fields in the report will be different from those described in this reference material.

All reports contain the following details of scan results:

• The report header includes the following data:
  • Report generation date.
  • Task name. A unique task name assigned by the user in the task settings.
  • Scan type. Scan type:
    complete

    A type of file scan. When performing a full scan, the application searches for data from the specified categories in all files stored on SharePoint servers.

    or
    incremental

    A type of file scan. During an incremental scan, the application searches for data on SharePoint servers, only scanning files that have been modified since the previous scan.

    .
  • Start method. Whether the task is run manually or automatically, according to a schedule
  • Information about application components that performed the scan (for example, Content filtering, Anti-Virus scan, Scanning SharePoint web objects).
  • Status. A task completion result summary generated based on the task status for each SharePoint server:
    • Completed successfully;
    • Error;
    • Error caused by license restrictions;
    • Stopped by the user;
    • Task timed out.
• Task servers. A table containing statuses used to perform on-demand scans on each of the SharePoint servers.
  • Server name.
  • Task execution status on server. Possible values:
    • Completed successfully;
    • Error;
    • Error caused by license restrictions;
    • Stopped by the user;
    • Task timed out.
• Table of locations to scan. A table of paths to areas in the SharePoint structure entered by the user in the task settings.
  • Path. A list of paths to scanned areas in the SharePoint structure.
  • Excluded. A list of paths to areas of the SharePoint structure excluded manually by the user in the task settings (for example, you can exclude a large area that does not require scanning).
  • Included. A list of paths to areas in the SharePoint structure added manually by the user in the task settings (for example, you can add a small area requiring scanning that is a part of a larger area excluded from and does not require scanning).
• Subheader of the report for the SharePoint server.
  • Server name. SharePoint server on which the task was performed
  • Status. The task completion result may have the following values:
    • Completed successfully;
    • Error;
    • Error caused by license restrictions;
    • Stopped by the user;
    • Task timed out.
  • Scan results. General information about the results of task implementation.
    • Start. Local scan start time on the SharePoint server specified in the subheader.
    • Finish. Local scan end time on the SharePoint server specified in the subheader.
    • Processing errors. The number of files skipped by the application because of processing errors.
    • Scanned items. Total number of scanned files.
    • Virus threats found. The number of malicious objects detected (the number Anti-Virus component incidents).
    • Content filtering component positives. The number of Content Filtration incidents logged whenever the application discovers unwanted content, type and format of such files, the detection of masks of unwanted file names, as well as Content Filtration incidents logged whenever the application discovers unwanted content in web-based objects.
• Table of positives. A table with information about all files found to contain malicious objects or violations of Content filtering rules. If the scan has not detected any virus threats or violations of content filtering rules, the File scan detected no incidents message is displayed instead of the table of positives.
  • File name. The name and path to the file where malicious objects or violations of content filtering rules have been found.
  • Version. File version on the SharePoint server.
  • Action. Operation performed on the file based on the scan results in accordance with the defined settings.
  • Anti-Virus scan. Status assigned to the file by the anti-virus scanning component. This column displays the Corrupted or Password-protected status label for corrupted or password-protected files. For infected or probably infected files, the column displays the name of the malicious object detected in the file.
  • Content filtering. Status assigned to the file by the content filtering. Policies whose violation triggered the content filtering component.
  • Backup. Information about creation of a backup copy for the file in Backup.
  • Restored version. The version to be assigned to the restored file (if it can be disinfected).
  • Incident ID. The universal ID of the positive. The incident ID simplifies the search for information about the incident in the report, Backup, and file log. It is also displayed in the properties of a backup copy of the file in Backup and in notifications about violations of security policies during on-demand scanning.
• SharePoint web objects scan alarms. A table with the details of SharePoint web objects found to contain unwanted words or phrases. If no unwanted words or phrases have been detected during a scan of SharePoint web objects, the SharePoint web objects scan detected no incidents message is displayed instead of this table.
  • Name and version. Name and version of a SharePoint web object found to contain unwanted words or phrases included in Kaspersky Lab sections and user categories within the search scope configured in the Content filtering settings. The name consists of: <Site name> / <List name> / <Object ID>. The field contains n/a if the version information of the scanned SharePoint web object is unavailable.
  • Categorized as. List of SharePoint web object fields found to contain unwanted words or phrases, and categories to which the detected words and phrases belong.
  • Incident ID. The universal ID of the positive. You can use the incident ID to search for information about the incident in the report and log files.

Saving a report on the results of an on-demand scan

To save a report on the results of an on-demand scan task:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the workspace of the node, in the Scan results section, select the on-demand scan task of which you need to save the results.
3. Click Save and, in the window that opens, select the folder to which the application will save the report.

The application saves the report in HTML format to the specified folder.

Deleting an on-demand scan task

To delete an on-demand scan task:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the workspace, select the task that you want to remove and click the Delete button.

Selecting and excluding from on-demand scanning areas of the SharePoint structure

You can specify areas of the SharePoint structure to be scanned during an on-demand scan task. You can also exclude individual areas of the SharePoint structure from scanning.

To define the scan scope in a SharePoint structure:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window on the Scan scope tab.
3. Specify the scan scope in the SharePoint structure in one of the following ways:
   • In the SharePoint server structure tree, select check boxes corresponding to the SharePoint structure areas that you want to include in the scan scope. All check boxes are selected by default (all available SharePoint structure areas are scanned during the on-demand scan task).

     The tree only displays the SharePoint structure areas, for which administrator access is allowed to the account used to start the application services.

   • Add SharePoint structure areas manually. To do this, in the Additional web addresses section, perform the following actions:
     1. Click the Add button. In the window that opens, enter the path to the area that you want to add and click OK.

        The following types of paths are supported:

        • http://<SharePoint portal name>.local/content/;
        • https://<SharePoint portal name>.local:8080/content/file.txt;
        • http://<SharePoint portal name>/.

        To remove an area, select one in the list and click the Delete button.

     2. Select the check box opposite the path to a SharePoint structure area, and select Include in the drop-down list.
     3. Clear the check box opposite the path to a SharePoint structure area, and select Exclude in the drop-down list.
4. Click OK to save the changes and close the window.

To exclude SharePoint structure areas from an on-demand scan:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window on the Scan scope tab.
3. Exclude a SharePoint structure area from scanning in one of the following ways:
   • In the SharePoint server structure tree, clear the check boxes corresponding to the areas which you want to exclude from the scan scope.
   • In the Additional web addresses section, select the Exclude action in the dropdown lists for the areas that you want to exclude from scanning.
4. Click OK to save the changes and close the window.

Creating on-demand Anti-Virus scan exclusions

To ease the load on the SharePoint server, you can exclude files from the scope of on-demand Anti-Virus scanning specific formats or file name masks, restrict scanning duration for individual files, as well as disable scanning of archives.

To exclude specific file formats from on-demand anti-virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window, then select the Exclusions from Anti-Virus scan tab.
3. In the File formats list, select the check boxes next to the file formats that you want to exclude from scanning.

   Make a convenient use of the tree with the Expand all and Minimize all buttons.

4. To save the changes and close the window, click OK.

To exclude files that match specific masks from on-demand Anti-Virus scanning:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window and select the File formats tab.
3. In the File masks list, select the check boxes next to file name masks to be excluded from the scan scope.
4. To add a mask to the list, open the Adding a file mask window by clicking the Add button, and specify the mask in the entry field.

   If you want to define several masks at once, use a semicolon as a separator.

5. To save the changes and close the window, click OK.

Configuring content filtering

For on-demand scan tasks, you can configure the application to look for specific file formats, file name masks, and the categories of unwanted words and phrases.

To configure Content Filtering rules for an on-demand scan:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the On-demand scan node.
2. In the list of tasks displayed in the workspace, select the on-demand scan task that you want to modify. Click the Change button to open the Task settings window and select the Content filtering rules tab.
3. Configure the following Content filtering settings:
   • In the List of categories, select the check boxes next to the categories of Kaspersky Lab and user categories, which the application should seek while running the on-demand scan task.
   • In the Formats list, select check boxes next to the file formats that should be scanned. To expand / collapse the entire list of formats and extensions, use the Expand all and Minimize all button.
   • In the Mask sets list, select check boxes next to the sets of file name masks to be scanned during on-demand scanning.
4. To save the changes and close the window, click OK.

You can specify the file formats and file name masks and the set of categories of unwanted words and phrases in the Content filtering node.

Task settings – General

Show all | Hide all

Under the General tab, you can select the general settings of the task, as well as set up anti-virus scanning and real-time content filtering modes. You can set up different modes of anti-virus scanning and content filtering for various tasks.

Task name

In the Actions section, you can configure the application's actions during the task run.

Scan modified files only

Move files to backup

Scan service files

In the Restrictions section, you can set up the waiting time for task runs and object scans.

Use task execution timeout (h : m)

Use object scan timeout (s)

In the Anti-Virus scan section, you can enable the anti-virus scanning and set up rules for processing objects with an anti-virus scan.

Enable Anti-Virus scan

Actions with infected and probably infected files

Actions with password-protected files

Actions with corrupted files

The Content filtering section allows enabling content filtering, as well as configuring the application's actions on files with unwanted content.

Enable Content filtering

Actions with files that contain unwanted content

Scan SharePoint web content

On-demand scan

Show all | Hide all

In the On-demand scan tasks section, you can add new tasks and manage their execution progress.

Create

Start

Stop

Copy

Change

Delete

In the Scan results section, you can view and save reports with scan results.

View

Save

Delete

Connecting the Management Console to a SharePoint farm when upgrading Kaspersky Security

If Kaspersky Security is installed on a SharePoint server farm, you can connect the Management Console to any of the servers in the SharePoint farm.

When upgrading Kaspersky Security on a SharePoint server farm, you are advised to avoid performing any operations with the application until the upgrade is complete on all the servers of the SharePoint farm.

If you need to use the application before the upgrade is complete on all the servers of the SharePoint farm, you must make sure that the Management Console version and the SharePoint server version are matching. The previous version of the Management Console must be connected to servers with the application version that has not yet been upgraded, while the new version of the Management Console must be connected to servers with Kaspersky Security that has already been upgraded.

During the application upgrade process, Anti-Virus databases are rolled back automatically. For the safety of your computer, you are advised to start the database update after completing the application upgrade.

Task settings – Scan scope

Show all | Hide all

On the Scan scope tab, you can select SharePoint websites that the application will scan when running the task.

The Select areas of the SharePoint structure to scan section shows a list of websites hosted on the protected SharePoint server. You can create a scan scope by selecting the check boxes for certain websites or their websites.

Select child items

Deselect child items

In the Additional web addresses section, you can add SharePoint web addresses to the scan scope manually, as well as configure exclusions from the scan scope. In the dropdown list on the right of the web address that has been added, you can specify the action that the application will take on that address:

• Exclude. The address will be excluded from the scan scope.
• Include. The address will be added to the scan scope.

Add

Delete

Web address

In this entry field, you can specify the SharePoint web address for which you want to set up specific scanning conditions. The application supports the following syntax of web addresses:

• https://<SharePoint portal name>.local:8080/content/file.txt
• http://<SharePoint portal name>.local/content/;
• http://<SharePoint portal name>/.

Task settings – Schedule

Show all | Hide all

Under the Schedule tab, you can configure the task launch mode and select those SharePoint servers that require on-demand scanning.

In the Schedule section, you can select the task run mode (manual or automatic) and set up the schedule of automatic scan run.

Manually

Once

Weekly

The Start on-demand scan tasks on the following servers section will display SharePoint servers on which Security Server has been installed. You can change the list of selected servers by selecting check boxes next to the servers the application needs to scan on-demand.

Default check box selections:

• If you are using one SharePoint server, the box next to the only SharePoint server is selected by default.
• If you are using several SharePoint servers, all boxes will be unselected by default.

Task settings – Exclusions from anti-virus scan

Show all | Hide all

On the Exclusions from Anti-Virus scan tab, you can define the settings for exclusion of files from anti-virus scanning.

The File formats section displays a list of file formats grouped by type (executable files, data, multimedia, images, archives). Clicking the button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can configure exclusions from anti-virus scanning by selecting the check boxes next to relevant groups, subgroups, and specific file formats. The anti-virus scan settings will not be applied to files of selected formats. When running the task, the application will not scan files of specified formats.

All boxes are cleared by default.

Expand all

Minimize all

In the File masks section, you can create a list of file masks, as well as select file masks that will be used to exclude files from scanning.

If the check box is selected next to a mask, the application will not scan files matching that mask when running the task.

Add

Change

Delete

Task settings – Content filtering rules

Show all | Hide all

On the Content Filtering rules tab, you can create content filtering rules (such as prohibition of some words and expressions, prohibition of some file names, and blocking of specific file formats on SharePoint websites). In accordance with those rules, the application scans SharePoint files and web objects for unwanted information.

The List of categories section displays a list of categories of unwanted words and phrases. The list of categories is divided into the following groups:

• Kaspersky Lab categories. Preset categories of unwanted words and phrases compiled by Kaspersky Lab experts.
• Custom categories. Categories of unwanted words and phrases created by the user manually in the Content filtering node.

Clicking the button next to a group of categories expands the list of categories included in that group. You can select the check boxes for categories that will be included in a rule for prohibition of some words and expressions. In accordance with the rule, the application scans SharePoint files and web objects for unwanted words and phrases belonging to the selected categories. When handling files that contain unwanted words and phrases, the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file names section displays a list of file mask sets. You can create sets of file masks in the Content filtering node. You can select the check boxes for sets that will be included in a rule for prohibition of some file names on SharePoint. In accordance with the rule, the application checks if the names of files match the masks. When handling files that match the mask(s), the application applies the action defined on the General tab.

All boxes are cleared by default.

The Unwanted file formats section displays a list of file formats grouped by their type. Clicking the button next to the name of a group opens a list of file formats (or subgroups) included in that group.

You can select the check boxes for file formats that will be included in a rule for prohibition of specific file formats on SharePoint websites. When handling such files, the application performs the action that has been defined on the General tab.

All boxes are cleared by default.

Expand all

Minimize all

File mask

In this entry field, you can add or edit one or several file masks. If you enter multiple file masks in the field, use semicolons to separate them (e.g., test; win*; img).

Content filtering

Kaspersky Security performs content filtering of files placed on the SharePoint server during on-access scanning and on-demand scanning.

Content is filtered by:

• file format
• file name mask You can specify masks for unwanted file names and formats.
• By the text content and names of the files. Kaspersky Security includes a preset collection of categories of unwanted words and phrases created by the experts at Kaspersky Lab. The preset collection of unwanted words and phrases cannot be modified nor updated. The window for adding new user categories of words and phrases.

File content is scanned using the libraries of filters that support the management interface used by IFilter. To enable or disable filters available on a server, you can use IFilter utility, which is installed along with Kaspersky Security.

More details about IFilter can be found at http://msdn.microsoft.com/en-us/library/ms691105%28v=vs.85%29.aspx.

When the application is installed, filters included in following standard filter packs are enabled by default:

• Windows Server (installed with the operating system).
• SharePoint (installed with the SharePoint server).
• Office 2007 Filter Pack
• Office 2010 Filter Pack

If other filters are installed on the SharePoint server, they are disabled by default and content filtering by format is not performed for files scanned using these filters. Use Kaspersky IFilter Utility to enable such filters.

You can enable / disable the installed filters and also install necessary additional filters using utility.

You can start the utility from the menu Start → Programs → Kaspersky Security 9.0 for SharePoint Server → Kaspersky IFilter Utility.

For more details on the Kaspersky IFilter Utility, please refer to the online Help file.

About the white list

The while list is a list of words and / or phrases that should be skipped by Content filtering.

The white list contains words and / or phrases that, although included in prohibited categories of Kaspersky Lab, should be ignored by Content Filtering. By using the white list, it is possible to avoid false positives of the application component on detecting words and / or phrases that are permissible in and specific to the field of the company's business.

The white list is local. It is created separately for each farm server. When a word and / or phrase is included in the white list, all of its word forms should be specified for the application component to work properly.

Changes made to the list are applied with a delay of no more than 5 seconds.

Creating the white list

To create a white list of permissible words and / or phrases:

1. Open the folder with SharePoint server configuration files by performing the following:
   • If the application is installed on a farm of SharePoint servers, open the application setup folder and go to the folder of the corresponding farm server. Then open the Configuration folder.
   • If the application is installed on a standalone SharePoint server, open the application setup folder and go to the Configuration folder.
2. Create an XML file with the name ContentFilteringWhitelist.

   The ContentFilteringWhitelist.config file must have the following structure:

   <?xml version="1.0" encoding="utf-16"?>

   <configuration version="1.0">

   <ContentFilteringWhitelistSubset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

   <Items>

   <string></string>

   </Items>

   </ContentFilteringWhitelistSubset>

   </configuration>

3. Type the word or phrase to be skipped by Content filtering between the <string> and </string> tags.

   Type each new word or phrase and their word forms in a new line between the <string> and </string> tags.

4. Save changes to the file in Unicode format.

If you save the file in a different format, words and / or phrases with language-specific characters may be displayed incorrectly.

Creating, renaming, and deleting user categories of unwanted words and phrases

To create a new user category of unwanted words and phrases:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, select the Filter by keywords tab and click the Create button in the List of categories section.
3. In the Category name window that opens, enter a name for the new category.
4. Click the OK button.

To rename a user category of unwanted words and phrases:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by keywords tab, select the category that you want to rename, and click the Rename button.
3. In the Category name window that opens, enter the name of the category and click OK.

To delete a category for unwanted words and phrases:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by keywords tab, in the List of categories section, select the category that you want to delete, and click the Delete button. Selected category will be removed from the list.

   Only user categories can be created, renamed or deleted. You cannot change the preset collection of Kaspersky Lab categories included in the application.

Importing a list of unwanted words and phrases into a user category from a text file

You can import from a text file a list of unwanted words and phrases into a user category.

The words and phrases in such file must comply with the following conditions:

• Each line must contain just one term with its word forms.
• The term should be separated from its word forms with the "|" character.
• Term length may not exceed 127 characters.

  If a term contains special symbols or multibyte characters, for example, UTF-8 (encoded using three or more bytes), the term length must not exceed 64 characters.

To import a list of unwanted words and phrases into a user category:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, select the Filter by keywords tab, and in the List of categories field, select the category to which you want to import the list.
3. In the List of categories field, click the Import from file button. In the displayed window specify the path to the necessary file.

   The Import from file button is only available for custom categories of unwanted words and phrases.

4. To save the changes, click the Save button.

Adding, changing, and deleting unwanted words and phrases in user categories

To add an unwanted word or phrase to a user category:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by keywords tab, and in the List of categories field, select the custom category to which you want to add a word or phrase.
3. In the Category structure field, click the Add button. Type the word or phrase in the field within the displayed dialog.
4. If you want the application to consider case while searching for a word or phrase, select the Case-sensitive check box.
5. Click the OK button.

   You can specify several words or phrases. Use the "|" character as a delimiter.

To edit a word or phrase within a selected user category:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by keywords tab, and in the List of categories field, select the custom category containing the word or phrase that you want to edit.
3. In the Category structure field, select the word or phrase that you want to edit, and click the Change button.
4. Edit the word or phrase in the displayed window. If necessary, select the Case-sensitive to enable case sensitivity.
5. Click the OK button.

To delete a word or phrase from a selected user category:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, select the Filter by keywords tab, and in the List of categories field, select the custom category containing the word or phrase that you want to delete.

   You can select several words of phrases in the list while holding the SHIFT key pressed.

3. In the Category structure field, select the word or phrase that you want to delete, and click the Delete button.

   Only user categories can be created, edited or deleted. You cannot change the preset collection of Kaspersky Lab categories included in the application.

Creating, renaming, and deleting a set of masks for unwanted file names

To create a new set of forbidden file name masks:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, on the Filter by masks tab, click the Add button. This opens the Set name window.
3. Enter in the displayed dialog the name for the new set of masks.
4. Click the OK button.

To rename a set of masks for unwanted file names:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, on the Filter by masks tab, select the set of masks that you want to rename, and click the Rename button.
3. Enter the new name for the set of masks in the window that opens, and click OK.

To delete a set of unwanted file name masks:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, on the Filter by masks tab, select the set of masks that you want to delete, and click the Delete button.

File name mask creation rules

Please follow these guidelines on creating masks:

• The following wildcards are supported:
  • * – an arbitrary string of characters. For example, the "abc*" mask stands for any file with the name beginning with the "abc" string: abc.exe, abc1.com, abc2.rar.
  • ? – any single character. For example, the "abc?.exe" mask stands for any file with the name beginning with the "abc" string followed with an arbitrary single character, like abc1.exe. However, the file abc12345.exe will not match the mask.
• Observe the following restrictions:
  • Masks cannot contain the following characters: >, <, \, /, |, ", ;.
  • It is not recommended to use masks that match the file extensions of SharePoint service files (for example, *.aspx, *.html, *.mht) in the content filtering settings. Deleting SharePoint service files could disrupt the operation of SharePoint.

Changing a set of unwanted file name masks

To add an unwanted file name mask to a set:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, select the Filter by masks tab, and in the Mask sets field, select the set to which you want to add a mask.
3. In the Masks in set field, click the Add button. In the window that opens, specify the mask of the unwanted file name in the field.

   You can specify several masks. Use a semicolon as a delimiter.

To edit the unwanted file name masks in a set:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by masks tab, and in the Mask sets field, select the set in which you want to edit masks.
3. In the Masks in set field, select the mask that you want to edit, and click the Edit button.
4. In the window that opens, edit the mask and click OK.

To delete an unwanted file name mask from a set:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Content filtering node.
2. In the workspace, click the Filter by masks tab, and in the Mask sets field, select the set from which you want to delete masks.

   You can select several masks in the set while holding the SHIFT key pressed.

3. In the Masks in set field, select the mask that you want to delete, and click the Delete button.

   If multiple masks have been selected within a set, you can only delete the selected masks. No other operations with them will be available.

Content filtering

Show all | Hide all

In the Filter by keywords section, you can prepare data categories that the application will use during content filtering. The left part of the section displays the List of categories. This list contains two types of categories:

• User categories (marked with )
• Kaspersky Lab categories (marked with )

Create

Rename

Delete

Import from file

In the right part of the section, you can create and view the set of custom categories.

Add

Change

Delete

In the Filter by masks section, you can prepare sets of masks that the application will use during content filtering. The left part of the section displays the Mask sets list.

Add

Rename

Delete

In the left part of the section, you can create and view the contents of sets.

Add

Change

Delete

Category name

In this entry field, you can specify / edit the name of a user category.

Keyword settings

Show all | Hide all

In the entry field, you can specify a word and / or word combination. Use the semicolon to separate words or word combinations. Term length may not exceed 512 characters.

Case-sensitive

Set name

In this entry field, you can specify / change the name of a set of masks.

File mask

In the entry field, you can specify / change a file mask. When specifying file name masks, you must follow the file name mask creation rules. Use a semicolon to separate multiple masks.

Preparing the DLP Module

The DLP (Data Leak Prevention) Module is a Kaspersky Security component designed to protect data against leaks. The component monitors file uploads by users to SharePoint in real time, checking the file contents for any confidential data. Settings of the DLP Module are configured by the Security Officer.

The Data Leak Prevention section is displayed in the Settings node if the DLP Module component has been installed on the SharePoint server. Data Leak Prevention is enabled by default.

Disabling the DLP Module can affect the workflow of the Security Officer.

To enable or disable DLP functionality:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
2. In the Data Leak Prevention section, perform one of the following actions:
   • Select the Enable DLP Module check box if you want the application to monitor data leaks in real-time mode.
   • Clear the Enable DLP Module check box if you do not want the application to monitor data leaks in real-time mode.
3. If necessary, in the Allow running search tasks on the following servers list, select the check boxes next to servers on which the security officer will be able to run scan tasks to search SharePoint servers for confidential data.

   During a search task, the load on SharePoint servers increases.

4. To keep the changes, click the Save button in the upper part of the window.

Information about changes in the component operation is displayed in the Control Center node and in the root node of the Security Officer.

Backup

Kaspersky Security saves in Backup copies of files that require action based on the results of Anti-Virus scanning and / or Content filtering (such as blocking or deletion). The application places in Backup copies of all harmful files, whether they can be disinfected or not.

Kaspersky Security places files to the Backup storage in encrypted form, which prevents the infection risk (files in Backup storage are not accessible without decryption).

Backup size

The data volume that can be stored in the Backup may be restricted by one of the two following parameters:

• Total number of files in Backup cannot exceed 50000. You cannot remove or change this restriction.
• The default size of Backup is 3686 MB. You can change the size of Backup.

Removing files from Backup

The application periodically (every time a new file is placed in Backup) checks compliance with the set restrictions on the size of Backup.

If the restrictions are exceeded, the application:

• Stops placing files in Backup, if the number of files in storage is exceeded.
• Frees up the necessary disk space by deleting the oldest files, if the restriction on storage size is exceeded by the addition of another file. The files stored for the longest amount of time are deleted first.

You can also delete files from Backup manually. For example, you may need to delete files that have been successfully restored after disinfection, or delete all files to purge Backup.

Viewing the list of files in Backup

You can view the list of files in Backup; it is displayed as a table with corresponding column headers.

To view the list of files in Backup:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The workspace displays information about Backup and a list of files moved to Backup.

   The top right corner of the workspace displays the number of files moved to Backup and the total size of these files.

   The bottom right corner of the workspace displays the following information:

   • The range of lines in the table listing files.
   • The number of lines in the table listing files.
   • The page number of the files list.

   In the files list you can view the information about files stored in Backup. The appearance of the files list may differ depending on the columns selected for display.

   By default, the list contains the following file information:

   • File name. File name.
   • Path to file. The path to the original location of the file on the server.
   • Account. Account of the user who had performed the operation that resulted in file addition to Backup.
   • Restored. Date and time of file restoration on server.
   • Detected. Date and time of object detection in file.
   • Component. The module, that scanned the file - anti-virus scan or content filtering.
   • Reason why moved to Backup. Name of the object detected in the file.
   • Scan type. The type of scan which detected the object – on-demand or on-access scan.
2. Configure the appearance of the files list (if necessary) by selecting the columns to be displayed in the table:
   1. Click the Select columns button.

      This opens the Select columns to display window.

      The columns in the table of files will appear and disappear as you select or clear their corresponding check boxes.

      The File name column is always displayed. It cannot be hidden.

   2. Click outside the Select columns window to close it.
3. You can sort the files list in the table by any of the columns in ascending or descending order, as required. To do this, click the header of the column that you want to sort files by, for example, File name, Path to file, or Component. If you want to reverse the sorting order, click the header once again.

   The list of files will be sorted by the selected column. The sorting symbol will appear in the header of the selected column:

   • – sorted in ascending order
   • – sorted in descending order

To view the details of a specific file, select it in the file list using the buttons to navigate to the next / previous, first / last pages of the file list. To find files in the list, you can also use the quick search and extended filter functions.

Quick file search in Backup

To quick-search files in Backup:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The workspace displays a list of files moved to Backup.

2. Enter the pattern string for file search in the Quick search field. The pattern string supports masks.

   Quick search begins acting immediately as soon as you enter the template string.

   The table lists only files that match the search condition. A file will match the search condition if the entered pattern string can be found in at least one of the following file properties:

   • File name
   • Path to file
   • Account
   • File originator
   • File originator email
   • Last edit by
   • Last editor email
   • Incident ID.

If you want to cancel quick search, click the icon next to the Quick search field.

Extended file search in Backup

To find files in Backup using the extended filter:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The results window will display the list of files stored in Backup.

2. Click the icon to maximize the extended filter section.

   The extended filter section will be displayed. The section contains the list of filter conditions. By default, the list contains three lines where you can specify the conditions that will be used to filter document copies. Each filter condition consists of three parts: the file property to check, the pattern string and the comparison rule applied while matching the property and the pattern string.

3. To define a filtration condition:
   1. Select the property to check from the drop-down list in the left part of the line.

      You can pick any of the following values as the property to check:

      • File name
      • Path to file
      • User name
      • Account
      • Incident ID
      • File originator
      • File originator email
      • Last edit by
      • Last editor email
      • Scan type.
   2. Select the comparison rule from the drop-down list in the middle of the line. 

      The set of values in the list will correspond to the selected value of the property to check. For example, when checking the File name property, the list contains the following values: Contains, Does not contain, Empty field.

      If you have selected Empty field, the entry field in the right part of the line will become inactive.

   3. Enter the template string in the entry field in the right part of the line. The pattern string supports masks.

      Specified filter condition will be applied to the list of files in Backup immediately as soon as you specify all its three parts. The files list only displays files matching all specified filtering conditions.

4. If you need to define more than three filter conditions, you can append additional lines to the list of conditions. To do this, click the Add a condition button.

   A new line will appear in the lower part of the filter conditions section.

5. If you want to delete an additional filter condition, click the  icon in the filtering condition line.

   The selected line will be deleted from the list of filter conditions. The list of files will be refreshed to match the remaining filter conditions.

For convenience, you can minimize the extended filter section by clicking the icon. Minimized extended filter will continue to function. If you want to cancel extended filtering, click the Reset filter link.

Restoring files from Backup

To restore files from Backup:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The workspace displays a list of files moved to Backup.

2. Select the files that you want to restore in the table.

   Restoring files containing viruses and malicious objects can cause the computer to be infected.

3. Click the Restore button.

   Selected files will be decrypted and restored to the original locations in SharePoint structure. The files will be restored in the same format and under the same names they had when they were added to Backup.

   While restoring objects, the application updates in SharePoint the following relevant information:

   • Account. The application records to the field the account name of its administrator.
   • Comment. The application records in this field the application name, date when an object was placed in Backup and file version.
   • Version. The application updates the file version.

   After file restoration its copy and relevant information remains in Backup.

Rules for restoring files when version control is enabled in SharePoint

When files are being restored from Backup, it is possible that the path specified in SharePoint points to a file of the same name. Restoration of files of the same name depends on version control settings configured on the SharePoint server.

The following version control options exist:

• Major. File versions are available to all users of the SharePoint server.
• Minor. File versions are available to a limited group of users.

Restoring a file of the same name with version control enabled

If there is no file of the same name in SharePoint, the application restores the object from Backup as a file with the first minor or major version, depending on the version of the file when a copy of it was placed in Backup. If major version control is enabled in SharePoint, the file will be restored as a file with the corresponding major version.

If there is a file of the same name in SharePoint, Kaspersky Security restores the file according to the following rules:

• Kaspersky Security restores the new minor version if minor/major version control is enabled in SharePoint and the file in Backup has a minor version.
• Kaspersky Security restores the new major version in all other cases.

If the file being restored has no version, the application restores the file as a file with a new minor version (if minor/major version control is enabled in SharePoint), or as a file with a new major version (if major version control is enabled).

Restoring a file of the same name with version control disabled

In this instance, Kaspersky Security prompts you to replace the file of the same name with the file being restored.

You can select one of the following actions in the window with the prompt to replace the file:

• Yes. The file in SharePoint is replaced with the file being restored.
• No. The file in SharePoint is not replaced with the file being restored. In this case, the file being restored remains in Backup.

When several files are being restored from Backup and there is a file of the same name of at least one of them in SharePoint, Kaspersky Security prompts you to replace the file / files of the same name with the file / files being restored.

You can select one of the following actions in the window with the prompt to replace the file / files:

• Yes, restore the file. The file in SharePoint will be replaced with the restored file.
• No, do not restore the file. The file in SharePoint will not be replaced with the restored file.

Saving files from Backup to disk

To save files in Backup to disk:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The results window will display the list of files stored in Backup.

2. If you want to save a single file to disk:
   1. Select in the files list the file, which you want to save to disk. You may use quick search or extended filter to find the file.
   2. Click the Save button.

      The standard file saving dialog will appear.

   3. Select the destination folder for the file.
   4. If you want to save the file under a different name, enter one in the File name field.
   5. Click the Save button.

      Selected file will be saved in the destination folder.

3. If you want to several files to disk:
   1. Select in the list the files, which you want to save to disk. You may use quick search or extended filter to find the files.
   2. Click the Save button.

      The standard destination selection dialog will appear.

   3. Select the destination folder where you want to save the files and click Save.

   Selected files will be saved in the destination folder.

Removing files from Backup

To delete files from Backup:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.

   The results window will display the list of files stored in Backup.

2. Select in the list the files, which you want to delete. You may use quick search or extended filter to find the files.

   Kaspersky Security permanently removes files from Backup.

3. Click the Delete button.

   A warning dialog will appear.

4. Click the Yes button.

   Selected files will be deleted from Backup.

Purging Backup manually

You can purge Backup by deleting all the objects inside it.

To purge the Backup:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Backup node.
2. In the workspace, click the Purge Backup button below the list of files moved to Backup.

   The application permanently deletes all files in Backup.

Configuring automatic Backup purging

To configure automatic Backup purging:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Settings node.
2. Select the Clear Backup automatically if its size exceeds check box.
3. Enter in the entry field maximum Backup size (MB).

   Supported parameter values are 1 –1048576 MB. If there is a storage size restriction and the addition of a new file exceeds this restriction, the application frees up the necessary space by deleting the oldest files. The default size of Backup is 3686 MB.

4. To save the changes, click the Save button in the upper part of the application window.

Backup

Show all | Hide all

The Backup node lets you view information about malicious objects detected by the application.

Configure automatic Backup cleansing

The upper part of the workspace displays the Quick search entry field. Here you can specify the name of an object (or a mask) that must be found in Backup. Clicking the button on the right of the entry field opens the block of advanced search settings. The drop-down lists on the left let you select an object filtering criterion. Details of the object or users related to it are used as filtering criteria. In the next dropdown list, you can specify the rate of the match between the criterion and the value. In the entry field on the right, you can specify a value for the selected criterion.

By default, the block contains three filtering conditions. You can add several conditions to configure object filtering flexibly. The application performs filtering according to all conditions added to the advanced search settings.

Add a condition

Reset filter

A table with information about Backup objects follows. For your convenience, you can set up the appearance of the table and sort objects by any of the columns that are displayed at the time of sorting.

Delete

Restore

Save to disk

Select columns

Clear

Export to CSV

In the bottom part of the workspace, you can view the object's details. Clicking the button opens a section with the details of the object that has been selected in the table.

Database update

Kaspersky Security database updates keep SharePoint servers protected against new viruses and other threats. Databases contain the latest information about threats and ways to neutralize them.

Databases contain descriptions of all malicious programs known to date and ways of disinfecting objects that have been corrupted by malware, as well as descriptions of programs that may be used by criminals to do harm to the user's computer or data.

While updating the databases, the application does not update the set of Kaspersky Lab categories.

It is important to keep all databases up to date. You are advised to update the databases as soon as you install the application because the databases included in the distribution kit will already be out of date. The databases on Kaspersky Lab's update servers are updated every hour.

Databases can be updated from the following sources:

• Kaspersky Lab's update servers on the Internet
• Local updates source, such as a local or a network folder
• Another HTTP or FTP server, such as your Intranet server

The updating is performed either manually or automatically, according to a schedule. After the files are copied from the specified update source, the application automatically connects to the new databases.

For added protection of SharePoint files, you can use Kaspersky Security Network services in addition to database updates. These services provide up-to-date information about threats and malware before it appears in Anti-Virus and Anti-Phishing databases.

During setup on several SharePoint farm servers, you can define local update settings for each individual server or propagate the global update settings to all servers.

The application's functionality may change after an update of the application databases.

Configuring automatic database updates

To configure automatic database updates:

1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
2. In the workspace, click the General tab, and in the Updates on servers section, select an update source for the databases:
   • Kaspersky Lab's servers to download updates from Kaspersky Lab servers.
   • HTTP server, FTP server, local or network folder to download updates from some of the listed update sources.

     If you select this option, specify in the corresponding text box the server address, local or network folder.

   If Kaspersky Security is installed on a standalone SharePoint server, the update source is selected in the Updates on servers section of the workspace, which appears on selecting the Updates node in the Management Console tree.

3. The Run mode dropdown list allows you to set up a schedule for updates of the databases:
   • Manually. The update starts when you click the Run database update on all servers button.
   • Periodically. The update starts at the specified intervals.
   • Daily. The update starts at the specified time (the local time of the SharePoint server is used).
   • On selected day. The update starts on the specified days of the week.

   If Kaspersky Security is installed on a standalone SharePoint server, the run mode for automatic updates of databases is configured in the Database update settings section of the workspace, not on the tab.

4. In the Connection settings section, specify the required connection settings:
   • If you connect to the Internet using a proxy server, select the Use proxy server check box and specify the proxy server address and number of the port used for connection. The default proxy server port number is 8080.
   • If the proxy server requires authentication, specify the name and password of the user account. To do this, select the Use authentication check box and fill in the Account and Password fields.
   • Specify the timeout duration in the Connection timeout entry field. By default, the timeout is set to 60 seconds.

     This proxy server is used to exchange information with KSN cloud services if KSN protection is enabled.

   If Kaspersky Security is installed on a standalone SharePoint server, connection settings should be defined in the Connection settings section of the workspace displayed when you select the Updates node in the console tree.

5. Click the Save button.

Configuring the local database update settings on SharePoint servers of the farm

To configure the local database update settings on a SharePoint server within a farm:

1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
2. In the workspace, click the Updates on servers tab, select the required server in the table, and click the Modify local settings button.
3. In the Server settings window that opens, in the General settings section, select a source of updates:
   • Kaspersky Lab's servers to download updates from Kaspersky Lab servers.
   • HTTP server, FTP server, local or network folder to download updates from some of the listed update sources.

     If you select this option, enter the server address, local or network folder in the entry field.

4. In the Database update settings section, in the Run mode dropdown list, set up a schedule for updates of the databases:
   • Manually. The update starts when you click the Run update button.
   • Periodically. The update starts at the specified intervals.
   • Daily. The update starts at the specified time (the local time of the SharePoint server is used).
   • On selected day. The update starts on the specified days of the week.
5. In the Connection settings section, define the connection settings:
   • If you connect to the Internet via a proxy server, select the Use proxy server check box and specify the proxy server address and number of the port used for connection. The default proxy server port number is 8080.
   • If the proxy server requires authentication, specify the name and password of the user account. To do this, select the Use authentication check box and fill in the Account and Password fields.
   • Specify the timeout duration in the Maximum connection timeout entry field. By default, the timeout is set to 60 seconds.
6. Click the Save button.

Viewing the information about updates to the anti-virus database

To view the information about database updates:

1. Select and open in the Management Console tree the Control Center (<Server name>) node corresponding to the relevant SharePoint server. Then select the Updates node.
2. In the workspace, open the Updates on servers tab.

   You will see a table with information about database updates on each SharePoint farm server. The table contains the following columns:

   • Server name. Server within a SharePoint farm, on which Kaspersky Security is installed.
   • Status of the last database update. The result of the last database update.
   • Database release date (UTC). The time when databases currently used by the application were published on Kaspersky Lab servers.
   • Time of last database update. The time of the latest database update on the server.
   • Settings. Update settings used on the server (local or global).

If Kaspersky Security is installed on a standalone SharePoint server, update-related information is displayed in the workspace of the Update settings section, not on the Updates on servers tab.

Updating databases manually

You can start the database update procedure on all servers of the farm or on a few selected ones.

To update the database on all servers manually:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
2. In the workspace, go to the General tab, and, in the General settings configuration section, click the Run database update on all servers button.

To update the database on several selected servers manually:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
2. In the workspace, open the Updates on servers tab.
3. Select the servers in the table and click the Run update@ button.

Propagating global database update settings to SharePoint farm servers

To apply the global database update settings on all SharePoint servers of the farm:

1. Select and open in the Management Console tree the node corresponding to the necessary SharePoint server. Then select the Updates node.
2. In the workspace, click the Updates on servers tab, select the required server in the table, and click the Propagate global settings button.

Updates

In the Updates node, you can configure the updating of databases.

In this node, the General and Updates on servers tabs can be displayed, depending on the schemes for deployment of Kaspersky Security on the organization's network. The Updates on servers tab is displayed if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database of application configuration and Backup.

Updates – General

Show all | Hide all

The Database update section displays information about the number of records in the databases, as well as their respective release dates. If the databases are outdated, this section displays a notification stating that the databases need to be updated. This section is displayed in the local settings of the Server if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

In the General settings section, you can specify the source from which the application will download updates, as well as set up the update run mode and schedule.

Kaspersky Lab's servers

HTTP server, FTP server, local or network folder

Run mode

Run update

In the Connection settings section, you can define the proxy server settings for updates downloading.

Proxy server address

Use authentication

Use proxy server

Maximum connection timeout

Updates – Database update settings

Show all | Hide all

The Updates on servers tab displays a table, which lists Servers included in the farm. You can define the local settings for updates of the databases on each of those Servers, or use shared settings for all of them.

Run update

Modify local settings

Propagate global settings

Run database update on all servers

SharePoint server database update settings

Show all | Hide all

The Database update section displays information about the number of records in the databases, as well as their respective release dates. If the databases are outdated, this section displays a notification stating that the databases need to be updated. This section is displayed in the local settings of the Server if Kaspersky Security is installed on a farm of SharePoint servers that handle a single database for configuration of the application and Backup.

In the General settings section, you can specify the source from which the application will download updates, as well as set up the update run mode and schedule.

Kaspersky Lab's servers

HTTP server, FTP server, local or network folder

Run mode

The Connection settings section allows specifying the address of the proxy server through which an Internet connection will be established and configure the connection via the proxy server.

Proxy server address

Use authentication

Use proxy server

Maximum connection timeout

Notification delivery

Notification is an email message that contains information about an event, which occurred on a protected SharePoint Server.

Kaspersky Security supports the delivery of notifications on the following events in the application:

• Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-access scan
• Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-demand scan
• Change of database status and condition
• Execution of an on-demand scan task and its results
• Detection of inactive SharePoint servers
• License-related events

Kaspersky Security sends event notifications by email. The application uses a SMTP server to send notifications. You can select an SMTP server used on SharePoint or specify a different SMTP server.

You can specify notification recipients for each event. By default, no notification recipients are specified.

You can edit the text in the automatic notification of events that are logged by anti-virus scanning and content filtering. When making templates for notifications about events related to on-access and on-demand scans, you can use the following variables:

Variables in notification templates

For other events (such as changes in the database status and condition, or license-related events), the notification text remains unchanged.

Notifications about license-related events

Kaspersky Security checks licenses of Security Server and the DLP Module after each database update. The application sends notifications about license-related events in the following cases:

• If the license expires soon

  The application sends the notification once per day (at 12:00 A.M. UTC) if both the active key and the additional key expire. By default, the application starts sending notifications 15 days before this event. You can change the term for sending the license expiration notification.

• If the license already expired

  The application sends the notification once per day (at 12:00 A.M. UTC) if the active key expired and no additional key is available.

• If the active key has been added to the black list of keys

  When updating anti-virus databases, the application checks the black list of keys for active keys. The application sends a notification if at least one active key has been found in the black list of keys.

Kaspersky Security sends special notifications about events related to Security Server and DLP Module licenses.

SMTP server configuration for delivery of notifications

To define the SMTP server settings for sending notifications:

1. In the Management Console tree, select the protected SharePoint server on which you want to configure the SMTP server.
2. In the node tree of this server, select the Notifications node.

   The workspace of this node displays the notification settings.

3. Configure the following settings in the SMTP server settings section:
   • Email addresses of SharePoint administrators.

     The application sends any notifications of application operation events to those addresses. You can configure notifications in the Event notifications node.

     Use a semicolon to separate email addresses in the entry field.

     No addresses are specified by default.

   • Email address from which the application will send notifications of events in the application operation.

     By default, the application sends email messages from the email address, which is specified in the SMTP server settings on SharePoint.

4. Select the method of SMTP server configuration from the following options:
   • Use SMTP server settings on SharePoint.

     The application uses the settings of the SMTP server defined on SharePoint. If the settings of the SMTP server have not been defined on SharePoint, the application will not be able to send email messages.

     This is the default option.

   • Use custom SMTP server settings.

     The application uses the settings of the SMTP server that have been specified manually.

     If you select this option, the SMTP server address, Account, and Password fields become available. In this fields, you can specify the settings of the SMTP server that you intend to use for sending email messages.

5. If you need to test the operation of the SMTP server that has been configured manually, click the
   Send a test message

   

   The program sends a test email message according to the current settings of the SMTP server.

   If the test message has been sent successfully, the application recommends checking the administrator's email. If the test message has not been sent, the application displays information about errors that occurred during the attempt to send the message.

   The button is active when the administrator's email address and the SMTP server address are specified.

   button.
6. Click the Save button in the upper part of the window.

The application saves the SMTP server settings for sending notifications.

Configuring notifications of events in the application operation

To configure automatic notifications of events in the application operation:

1. In the list of protected servers that have been added to Management Console, select the SharePoint server on which you need to configure notifications of events in the application operation.
2. In the node tree of this server, select the Notifications node.

   The workspace of this node displays the notification settings.

3. In the Event notifications section, configure notifications as follows:
   1. In the left part of the section, in the Notification subjects list, select an event of which the application will notify you by email.

      The right part of the section displays a list of recipients that can be sent notifications.

   2. Select the check box next to the recipients that will be automatically notified of this event by the application. You can specify the following recipients:
      • Administrator. Email address(es) of the administrators specified in the Event notifications section.
      • Author. Email address of the document author (user who uploaded the first version of this document to SharePoint). The author's email address is contained in the settings of the SharePoint server on which the document is stored.
      • User. Email address of a user associated with the event. The user's email address is contained in the settings of the SharePoint server on which the document is stored.
      • Additional addresses. Email address(es) specified in the entry field. Use a semicolon to separate email addresses in the entry field.
   3. If necessary, edit the notification text by clicking the Template button.
4. Click the Save button in the upper part of the window.

The settings of notifications about events in the application operation will be saved.

Changing the term of sending license expiration notifications

To change the term of sending license expiration notifications:

1. In the list of protected servers that have been added to Management Console, select the SharePoint server on which you need to configure license expiration notifications.
2. In the node tree of this server, select the Notifications node.

   The workspace of this node displays the notification settings.

3. In the left part of the Event notifications section, in the Notification subjects list, select License-related events.

   The right part of the section then displays the settings of license-related event notifications.

4. In the Notify about license expiration in advance (days before) spin box, specify how many days before the license expiration the application must start sending notifications.

   By default, the application sends the first notification 15 days before the license expires.

   Notifications are sent once per day (at 12:00 A.M. UTC).

5. Click the Save button in the upper part of the window.

The notification settings are saved. The application starts sending license expiration notifications on the specified day.

Notifications node

Show all | Hide all

In the Notifications node, you can configure the sending of automatic notifications of the application operation by email.

The SMTP server settings section allows you to configure the SMTP server for sending email messages on behalf of the application.

Administrator address

Sender name

Use SMTP server settings on SharePoint

Use custom SMTP server settings

Send a test message

In the Event notifications section, you can configure the delivery of notifications about events in the operation of the application.

The left part of the section displays the Notification subjects list. In this list, you can select events of which the application will notify recipients from the right part of the section, by email.

In the right part of the section, you can select recipients for each notification, edit the text of notifications, or define the advanced settings for notifications about events. The set of notification recipients may vary depending on the event selected in the Event notifications list in the left part of the section. Additional notification settings will also be available for defining.

In the Recipients of notifications list, you can select one or several recipients to whom the application will send a notification about the selected event. Use a semicolon to separate email addresses in the entry field.

You can edit the text in this automatic notification by clicking the Template button on the right of each recipient. This feature is available for events that were logged by anti-virus scanning or content filtering.

On-access scan. Malicious objects

On-access scan. Unwanted content

On-demand scan. Malicious objects

On-demand scan. Unwanted content

Change databases status and condition

Reports on on-demand scan tasks

Inactive Kaspersky Security on SharePoint server

License-related events

Notification template

Show all | Hide all

In the Notification template window, you can edit the contents of the notification that the application will send to a specified recipient.

Subject

Message text

Default

Preparing application reports

Kaspersky Security allows you to generate anti-virus protection, content filtering and operational reports. Reports allow you to analyze information about the protection status of a SharePoint server. Reports provide information on the number of clean and infected files and the number of files disinfected and removed.

Ready reports are displayed in the workspace of the Reports node, on the Generate and view reportstab. You can view a report in the web browser window.

You can generate reports using one of the two following methods:

• Generate reports manually

  The application generates a report upon your request.

• Generate reports through a report task

  The application generates reports automatically according to the defined task settings. You can set up a report generation schedule or delivery of notifications about created reports by email. If necessary, you can run report generation tasks manually.

  The list of report generation tasks is displayed in the workspace of the Reports node on the Report generation tasks tab. Report generation tasks that were or could not be run at the scheduled time are highlighted red.

If a report generation task has not been executed, information about this event is displayed in the list of tasks, in the Status column:

• Deleted: <Server name>. Security Server of Kaspersky Security has been deleted from the SharePoint server specified in the report generation task settings. You can specify a different SharePoint server in the task settings.
• Task not executed. The SharePoint server specified in the report generation task settings was not available at the time scheduled for the start of the task. The availability of the server needs to be checked.

Configuring automatic report generation

Kaspersky Security allows you to automate your activities when generating application reports. You can assign the application report generation tasks that it will run according to the specified schedule. The application will generate reports in accordance with the requirements specified in the task settings.

Current report generation tasks are displayed in the workspace of the Reports node, in the Report generation tasks section. Report generation tasks that have not yet been executed or cannot be run at the scheduled time are highlighted with red. The details of reasons that interfere with execution of a task are displayed in the task table as follows:

Reasons that interfere with the task execution

If necessary, you can run report generation tasks manually.

To configure automatic report generation:

1. In the Management Console tree, select and expand the protected SharePoint server on which you need to configure automatic report generation. Then select the Reports node.

   The workspace of this node displays the report settings.

2. In the Report generation tasks section, click the Create button.

   The Task settings dialog will appear.

3. In the Task name field, specify the task name. The task name must be unique.
4. Select the Run on schedule check box for the application to run the task at the specified time. The check box is selected by default.
5. In the Report generation server dropdown list, select the protected SharePoint server on which you need to generate reports automatically.
6. In the Schedule section, select the time interval for automatic task run and define its settings:
   • Every N days. The report will be created at the interval with the specified number of days, at the specified time. The report contains data for the last N days (by default, collected from 12:00 AM of the first day of the interval to 12:00 AM of the report generation day). You can change the report generation time in the Start time entry field.
   • Weekly. The report will be created at the defined time on the specified day of the week. The report contains data for the last 7 days (by default, from 12:00 AM of the first specified day of the week to 12:00 AM of the report generation day, for example, from Monday to Monday). You can change the report generation time in the Start time entry field.
   • Monthly. The report will be created at the defined time on the specified day of the month. The report contains data for the last month (by default, collected from 12:00 AM of the specified date of the previous month to 12:00 AM of the specified date of the report generation month). You can change the report generation time in the Start time entry field.

   If you clear the Run on schedule check box, the settings in the Schedule section will not be available.

7. Select the Send to administrator check box for the application to send newly generated reports to the administrator email address.

   If the administrator email address has been specified, it is displayed on the right from the check box. If no address has been specified, you can define this setting in the Notifications node.

8. Select the Send to recipients check box and enter email addresses for the application to send reports to them. If several addresses are defined, use a semicolon as a delimiter.
9. To save the settings and close the window, click OK.

The newly created task is displayed in the Report generation tasks section. The application will automatically run the task in accordance with the schedule that you have set up.

Starting a report generation task

To run a report generation task manually:

1. In the Management Console tree, open and expand the protected server on which you need to run the report generation task. Then select the Reports node.

   The workspace of this node displays the report settings.

2. In the Report generation tasks section, select the report generation task that you need to run at the moment.

   The task control buttons become available.

3. Click the Report generation server button.

The application generates the report according to the configured task settings. The application automatically opens the recently generated report in the default web browser window.

Generating reports manually

To generate a report manually:

1. In the Management Console tree, open and expand the protected server on which you need to generate a report. Then select the Reports node.

   The workspace of this node displays the report settings.

2. In the Reports section, click the New report button.

   This opens the Report settings window.

3. In the Create report list, specify the time interval over which you need to generate a report:
   • For 24 hours.

     If you select this option, use the section on the right to select the day for which the report will be generated.

   • Over period.

     If you select this option, use the section on the right to specify the start date and end date of the reporting period for which the report will be generated.

4. Click the OK button.

The application generates a report for the selected time interval. The application automatically opens the newly generated report in the default web browser window.

You can also generate a report manually by means of report generation tasks.

Viewing reports

To view a report:

1. In the Management Console tree, open and expand the protected server about which you would like to view a report. Then select the Reports node.

   The workspace of this node displays the report settings.

2. In the Reports section, select the report that you would like to view and click the View button.

The report opens in the default browser.

The generation date and time are displayed for each report, as well as the name of the protected server for which it has been generated, and the reporting period that it covers. The report displays blocks with statistical information about objects that have been scanned by the application.

Report on operations with files section

This section displays the number of files that were scanned by the application over the reporting period, as well as statistics on statuses that were assigned to files during the scan.

General statistics on files scanned by the application

Section Report on status of server protection

This section displays the number of files that have undergone anti-virus scanning, as well as statistics on statuses that were assigned to files during the virus scan.

Statistics on files scanned by Anti-Virus

Content filtering report section

This section displays the number of files that have undergone content filtering, as well as statistics on statuses that were assigned to files during filtering. During content filtering, the application can assign multiple statuses to a single file. Statistics reflect all statuses that have been assigned to files.

Statistics on content filtering of files

SharePoint web objects scan report section

This section displays the number of web objects that have undergone content scanning, as well as statistics on statuses that were assigned to web objects detected during the scan.

Statistics on web objects scanned

Page top

Saving reports to a file

To save a report to a file:

1. In the Management Console tree, select and expand a protected server. Then select the Reports node.

   The workspace of this node displays the report settings.

2. In the Generate and view reports section, select the report that you need to save, and click the Save button.

   The standard Save as window of Microsoft Windows opens.

3. Select a folder to save the report in and change the report file name, if necessary. By default, the application assigns the following name to the report file: <report name> <report creation date>.

The application saves the report in an HTML file to the folder that you have specified.

Reports

Show all | Hide all

The Report generation tasks section displays a table with a list of report generation tasks. Clicking column headers allows you to sort the list of tasks shown in the table. If a task is selected in the table, buttons for managing this task become available.

Create

Change

Delete

Start

The Generate and view reports section displays a table with a list of reports. Clicking column headers allows you to sort the list of reports displayed in the table. If a report is selected in the table, buttons for managing this report become available.

New report

View

Delete

Save