Converting policies and tasks

After upgrading the application, you can use the configured policies and tasks of the previous version of Kaspersky Security.

If you upgraded Kaspersky Security for Virtualization 5.0 Agentless, policies and tasks are automatically converted to policies and tasks of Kaspersky Security for Virtualization 6.0 Agentless after policy protection settings and task scan settings are edited and saved for the first time.

If you upgraded Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless or older, you need to do the following:

1. Convert policies and tasks using the Policies and Tasks Batch Conversion Wizard of Kaspersky Security Center.

   You can convert policies and tasks that were configured in one of the following versions of the application:

   • Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless
   • Kaspersky Security for Virtualization 4.0 Service Pack 1 Agentless
   • Kaspersky Security for Virtualization 4.0 Agentless

   Converted policies and tasks are named as follows: "<name of original policy or task> (converted)".

2. Copy all converted policies and tasks from the administration group containing the KSC cluster for SVMs of the previous version of the application into the administration group containing the new cluster "VMware vCenter Agentless".

   The administration group containing the KSC cluster for SVMs of the previous version of the application is named as follows: VMware vCenter "<name of the VMware vCenter Server, if it is defined>" (<IP address of the VMware vCenter Server>).

   The administration group containing the new "VMware vCenter Agentless" cluster is named as follows: VMware vCenter Server '<name of the VMware vCenter Server, if one is defined>' (<IP address or domain name of the VMware vCenter Server>) Agentless.

   For more detailed information about copying policies and tasks, please refer to the Kaspersky Security Center documentation.

   After completing an application upgrade, you can delete policies and tasks that were created for the previous version of the application, and delete the administration group containing the KSC cluster for the previous version of the application.

If you upgraded Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless or older, you can also use the New Policy Wizard to create new policies based on the existing policies. To do so, at the Entering the group policy name step, you must select the Use settings from policy for previous application version check box (for more details, please refer to the Kaspersky Security Center documentation).

Procedure for converting Kaspersky Security policies and tasks

To convert Kaspersky Security policies and tasks from a previous version:

1. In the Kaspersky Security Center Administration Console, select the Administration Server node.
2. In the context menu of the node, select All Tasks → Policies and Tasks Batch Conversion Wizard.

   The Policies and Tasks Batch Conversion Wizard starts.

3. At the first step of the Wizard, in the Application name list, select Kaspersky Security for Virtualization 6.0 Agentless.

   Proceed to the next step of the wizard.

4. Select the policies to convert. To do so, select the check box on the left of the relevant policy name.

   Proceed to the next step of the Policies and Tasks Conversion Wizard.

   The Kaspersky Security Network window opens. You can read the Kaspersky Security Network Statement in this window.

   To continue the procedure for converting policies and tasks, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:

   • If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
   • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.

   If necessary, you will be able to change your decision later.

5. Select the tasks to convert. To do so, select the check box on the left of the relevant task name.

   Proceed to the next step of the Policies and Tasks Conversion Wizard.

6. Exit the Policies and Tasks Conversion Wizard.

The converted policies are named "<original policy name> (converted)". The converted tasks are named "<original task name> (converted)".

Special considerations when converting policies and tasks if the application is upgraded

The converted policies and tasks use the values from the settings of policies and tasks of the previous version of Kaspersky Security. Settings that were absent from the policies and tasks of the previous version of the application take the default values.

Selecting the protected infrastructure for a policy

Policies are converted as follows depending on the protected infrastructure selected in the policy of the previous version of the application:

• If a protected infrastructure was selected and protection profiles were assigned to virtual infrastructure objects, conversion will result in the creation of a policy for one VMware vCenter Server. The protected infrastructure selected in the policy and the assignment of protection profiles to virtual infrastructure objects are retained.
• If the protected infrastructure was not selected, the conversion will result in the creation of a policy for entire protected infrastructure. The main protection profile is assigned to all objects of the virtual infrastructure.

  It is recommended to change the protected infrastructure or the location of this policy within the structure of administration groups so that the protected infrastructure selected for the policy matches the location of the policy:

  • If the policy is located in the group that contains the "VMware vCenter Agentless" cluster, the VMware vCenter Server corresponding to this cluster must be selected as the protected infrastructure for the policy.
  • If the policy is located in the Managed devices folder or in the group that contains the "VMware vCloud Director Agentless" cluster, the entire protected infrastructure must be selected as the protected infrastructure for the policy.

Select action automatically option

The Select action automatically option is absent from converted policies and tasks. If this option was selected in a policy or task of the previous version of the application, the following action is selected in the converted policy or task:

• Action on threat detection when protecting virtual machines (policy): Disinfect. Delete if disinfection fails.
• Action on threat detection when scanning virtual machines (task):
  • For powered on virtual machines: Disinfect. Delete if disinfection fails.
  • For powered off virtual machines and virtual machine templates: Block.
• Action on network attack detection (policy): Terminate connection and block traffic from sender's IP address.
• Action on suspicious network activity detection (policy): Terminate connection.
• Action on detection of a dangerous or undesirable web address (policy): Block.

Web Addresses Scan

If Web Addresses Scan was enabled in a policy of the previous version of the application, the Web Addresses Scan settings in the converted policy take the following values:

• Analysis by using the database of malicious web addresses – enabled.
• Analysis by using the database of phishing web addresses – enabled, if it was enabled in the policy of the previous version of the application.
• Scanning web addresses to check if they belong to the category of web addresses that are used for showing advertisements or are associated with the distribution of adware – enabled, if analysis by using the database of malicious web addresses was enabled in the policy of the previous version of the application.
• Scanning web addresses to check if they belong to the category of web addresses associated with the distribution of legitimate applications that could be exploited to harm a virtual machine or user data – disabled.

If Web Addresses Scan was disabled in a policy of the previous version of the application, it is also disabled in the converted policy.

Case of characters in file extensions

The Network paths are case sensitive parameter is missing from converted policies. When protecting virtual machines running Windows operating systems, Kaspersky Security is not case sensitive regarding the characters in the extensions of files that are to be included in the protection scope.

Main protection profile

In converted policies, the protection profile that is generated automatically when a policy is created is called the "main protection profile". It was called the "root protection profile" in policies of Kaspersky Security for Virtualization 4.0 Service Pack 1 Maintenance Release 1 Agentless or earlier versions.

Special considerations when converting tasks

Converted custom scan tasks use the task scope that was specified in tasks of the previous version of the application.

Converted tasks use the run schedule that was specified in tasks of the previous version of the application.