Installing Kaspersky Endpoint Security for Android on corporate devices in a closed network
When deploying Kaspersky Endpoint Security for Android in corporate device operating mode via QR code on devices with pre-installed Google Mobile Services (GMS), their Wi-Fi connectivity to certain Google endpoints is checked. If a Wi-Fi network has no access to the internet, the connectivity check fails and the deployment finishes with an error.
To avoid the connectivity check, you can deploy the Kaspersky Endpoint Security for Android app on corporate devices in a closed network by using a Proxy Auto-Configuration (PAC) file.
To use a PAC file to deploy the Kaspersky Endpoint Security for Android app:
- Create a PAC file (for example, proxy.pac) with the following contents:
function FindProxyForURL(url, host) {
return "DIRECT";
} - Publish the created PAC file on a resource that will be available in the closed network (for example, on an IIS Web server).
Save a link to the PAC file (for example, https://intranet.mycompany.com/files/proxy.pac).
- Make sure the APK file of the Kaspersky Endpoint Security for Android app being deployed is available within the closed network. To do this, use one of the methods below:
- Download the app installation package from the Kaspersky Security Center server. If the server is accessible, the installation packages will be available there.
- Download the APK installation file from the Kaspersky website and upload it to the closed network.
Choose the general version of the app as the source.
- Send the app installation link and QR code to the user by following the instructions of Mobile device connection wizard.
On the Operating systems step of the wizard, in the Installation settings section, you will be asked to specify the network for downloading the Kaspersky Endpoint Security for Android app. At this step, configure the use of the previously created PAC file for network connection by linking it to the Wi-Fi network settings on a device. To do this, use one of the methods below:
- In the Installation network settings section, choose Prompt the user to select a Wi-Fi network on device. While deploying the app, the user will need to specify the link to the PAC file (step 2) in the network settings when choosing a Wi-Fi network on the device. After the connection is established, the user will be able to continue the device setup and activate the app by following the instructions of the app's Initial Configuration Wizard.
- In the Installation network settings section, choose Only use the specified Wi-Fi network (Android 9 or later), click the Select network button, and then insert the link to the previously created PAC file (step 2) in the PAC file URL field.
If the APK installation file has been downloaded from the Kaspersky website (step 3), you need to replace the link in the QR code with the address of the closed network link.
When deploying the app via an installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, a Blocked by Play Protect message may appear on the device. The issue is caused by the installation package's signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.
The Kaspersky Endpoint Security for Android app is installed on a device in corporate device operating mode in a closed network.