Contents
- About this Help Guide
- About Kaspersky Security for Virtualization 5.2 Light Agent
- Distribution kit
- Hardware and software requirements
- Requirements for Kaspersky Security Center components
- Requirements for the Integration Server installation
- Requirements for the virtual infrastructure
- Requirements for SVM resources with Kaspersky Security Protection Server
- Virtual machine requirements for installing the Light Agent for Windows
- Virtual machine requirements for installing the Light Agent for Linux
- Light Agent functional components
- Advanced features of the application
- What’s new
- Application architecture
- Preparing for application installation
- Installing the application
- Considerations for deploying the application when using Kaspersky Security Center 15 Linux
- Installing Kaspersky Security management MMC plug-ins and the Integration Server
- Automatic creating of tasks and default policy for Protection Server
- Starting the Integration Server Console
- Installing the Protection Server
- Selecting an action
- Selecting infrastructure for SVM deployment
- Selecting the SVM image
- Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
- Specifying SVM settings
- Specifying SVM settings (infrastructures based on OpenStack)
- Configuring SVM network settings (infrastructures based on OpenStack)
- Configuring IP address settings for SVM
- Specifying Kaspersky Security Center connection settings
- Creating the configuration password and the root account password
- Starting SVM deployment
- Starting SVM deployment (infrastructures based on OpenStack)
- SVM deployment
- Finishing SVM deployment
- Preparing the Protection Server for operation
- Installing Kaspersky Security Center Network Agent on virtual machines
- Installing Light Agent for Windows
- Installing Light Agent for Windows via Kaspersky Security Center
- Installing Light Agent for Windows using the Installation Wizard
- The Start window of the Installation wizard
- Viewing Kaspersky Security End User License Agreement
- Selecting the type of installation
- Selecting installation components
- Selecting the installation folder
- Configuring the trusted zone
- Starting the installation
- Installing components
- Finishing the installation
- Installing Light Agent for Windows from the command line
- Installing Light Agent for Windows using Active Directory Group Policies
- Installing Light Agent for Windows on the virtual machine template
- Compatibility with Citrix App Layering technology
- Compatibility with Citrix Provisioning (Citrix Provisioning Services) technology
- Compatibility with VMware App Volumes technology
- Changing the composition of installed Light Agent for Windows components
- Installing Light Agent for Linux
- Preparing Light Agents for operation
- Changes in the Kaspersky Security Center Administration Console after installing Kaspersky Security
- Installing Kaspersky Security web plug-ins
- Viewing the list of SVMs connected to the Integration Server
- Viewing the list of Light Agents connected to SVMs
- Upgrading from a previous version of the application
- Removing the application
- Removing the Protection Server component
- Uninstalling the Light Agent for Windows component
- Uninstalling the Light Agent for Linux component
- Removing Kaspersky Security Center Network Agent on virtual machines
- Removing Kaspersky Security management plug-ins and the Integration Server
- Application management concept
- About managing the application using Kaspersky Security Center
- About managing the application using the Light Agent for Windows local interface
- Managing the application using Kaspersky Security Center policies
- Managing the application using tasks
- Manage tasks via Kaspersky Security Center
- Manage tasks via Light Agent for Windows local interface
- Managing Light Agent for Linux tasks from the command line
- Creating tasks
- Modifying task settings
- Starting and stopping tasks
- Configuring automatic pausing of scan tasks
- Viewing information on the progress and results of task execution
- Managing the application using Kaspersky Security Center Web Console
- About access rights to the settings of policies and tasks in Kaspersky Security Center
- About Integration Server Console
- Licensing of the application
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About license key
- About the activation code
- About the key file
- About subscription
- About application activation
- Application activation procedure
- Renewing a license
- Renewing subscription
- Viewing information about the license keys used in Kaspersky Security Center
- Viewing information about the license key in a local interface
- Starting and stopping the application
- Virtual machine protection status
- Configuring the Integration Server connection settings
- Configuring the settings for connecting Light Agents to SVMs
- Configuring the general anti-virus protection settings
- Selecting types of detectable objects
- Configuring the trusted zone
- Configuring a trusted zone of Light Agent for Windows
- Creating an exclusion
- Enabling and disabling the use of an exclusion or exclusion category
- Deleting an exclusion or exclusion category
- Adding an application to the list of trusted applications
- Including or excluding a trusted application or category of trusted applications from scans
- Deleting a trusted application or category of trusted applications
- Creating the Light Agent for Linux exclusions
- Configuring a trusted zone of Light Agent for Windows
- Advanced Disinfection technology
- Protecting the file system of a virtual machine. File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Windows
- Enabling and disabling of File Anti-Virus for Windows
- Automatically pausing File Anti-Virus
- Changing the file security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Scanning of compound files by File Anti-Virus
- Optimizing file scanning by File Anti-Virus
- Changing the scan mode
- Using of Heuristic Analyzer with File Anti-Virus
- Using of iSwift technology in the operation of File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Linux via Kaspersky Security Center
- Enabling and disabling of File Anti-Virus for Linux
- Changing the file security level
- Changing the File Anti-Virus action to take on infected files
- Editing the protection scope of File Anti-Virus
- Scanning of compound files by File Anti-Virus
- Changing the scan mode
- Using of Heuristic Analyzer with File Anti-Virus
- Using of iChecker technology in the operation of File Anti-Virus
- Configuring File Anti-Virus of Light Agent for Windows
- AMSI Protection
- Mail protection. Mail Anti-Virus
- Enabling and disabling Mail Anti-Virus
- Changing the mail security level
- Changing the action to take on infected email messages
- Editing the protection scope of Mail Anti-Virus
- Scan compound files that are attached to messages
- Filtering attachments in messages
- Using Heuristic Analyzer with Mail Anti-Virus
- Scanning emails in Microsoft Office Outlook
- Protecting virtual machine web traffic. Web Anti-Virus
- Enabling and disabling Web Anti-Virus
- Changing the web traffic security level
- Changing the action to take on malicious web traffic objects
- Checking web addresses against the database of phishing and malicious web addresses
- Using Heuristic Analyzer with Web Anti-Virus
- Editing the list of trusted web addresses
- Monitoring network traffic
- Firewall
- Enabling or disabling Firewall
- Changing the network connection status
- Managing network packet rules
- Managing network rules for applications and application groups
- Creating and editing a network rule for an application or an application group
- Changing the Firewall action for network rules of an application group via Kaspersky Security Center
- Changing the Firewall action for network rules in a local interface
- Changing the priority of a network rule for an application or an application group
- Enabling or disabling a network rule for an application or an application group
- Removing a network rule for an application or an application group
- Network Attack Blocker
- System Watcher
- Application Startup Control
- About Application Startup Control rules
- Enabling and disabling Application Startup Control
- Getting information about applications that are installed on protected virtual machines
- Creating the Inventory task
- Creating and editing the Application Startup Control rule
- Changing the operating status of an Application Startup Control rule
- Removing the Application Startup Control rule
- Configuring startup control of executable modules and drivers
- Editing Application Startup Control message templates
- Application Privilege Control
- Enabling and disabling Application Privilege Control
- Managing trust groups
- Working with application control rules
- Changing application control rules for trust groups and groups of applications
- Editing an application control rule in a local interface
- Disabling downloads and updates of application control rules from the Kaspersky Security Network database
- Disabling inheritance of restrictions from the parent process in a local interface
- Excluding specific application actions from application control rules in a local interface
- Configuring storage settings for control rules that govern unused applications
- Protecting operating system resources and personal data
- Device Control
- About rules of access to devices and connection buses
- Standard decisions on access to devices
- Enabling and disabling Device Control
- Editing a device access rule
- Editing a connection bus access rule
- Actions with trusted devices
- Editing templates of Device Control messages
- Providing access to a blocked device
- Web Control
- System Integrity Monitoring
- Enabling and disabling Real-Time System Integrity Monitoring
- Configuring the system integrity monitoring scope and the System Integrity Check scope
- Creating and updating the baseline
- Checking system integrity by schedule or on demand
- Viewing information about system integrity on a virtual machine
- System integrity status reset
- Network Monitor
- Scanning the virtual machine
- Creating a Virus scan task
- Configuring virus scan task settings for Light Agent for Windows
- Configuring virus scan task settings for Light Agent for Linux
- Configuring scan task settings in a local interface
- Specifics of scanning symbolic and hard links
- Scanning removable drives when they are connected to the virtual machine
- Managing unprocessed objects
- Interaction with other Kaspersky solutions
- Updating databases and application modules
- Enabling and disabling application module updates
- Automatically downloading the application module and database update package to SVMs
- Creating a Protection Server database update task
- Creating an SVM application module update task
- Configuring the update task run mode in a local interface
- Updating Light Agent for Windows databases and modules on a virtual machine template
- Rolling back the last update of databases and application modules
- Participating in Kaspersky Security Network
- Configuration of additional application settings
- Configuring the display of advanced policy properties for the Protection Server
- Configuring advanced settings of SVM operation
- Application Self-Defense
- Password-protecting access to application settings in a local interface
- Specifying a reason when terminating the application or disabling protection components in a local interface
- Configuring user interaction with the local interface
- Restoring the standard application settings in a local interface
- Using a configuration file
- Backup
- Reports and notifications
- SVM reconfiguration
- Selecting an action
- Selecting SVM for reconfiguration
- Entering the configuration password
- Editing SVM network settings
- Editing SVM network settings (infrastructures based on OpenStack)
- Changing SVM IP settings
- Changing Kaspersky Security Center connection settings
- Changing the configuration password and root account settings
- Starting SVM reconfiguration
- Starting SVM reconfiguration (infrastructures based on OpenStack)
- SVM reconfiguration
- Finishing SVM reconfiguration
- Viewing and editing Integration Server settings
- Monitoring SVM status
- Application components integrity check
- Using Kaspersky Security for Virtualization 5.2 Light Agent in multitenancy mode
- Deploying tenant protection infrastructure
- Configuring the Integration Server connection settings to the Kaspersky Security Center Administration Server
- Creating a tenant and a virtual Administration Server
- Configuring SVM location and Protection Server settings
- Configuring SVM discovery settings for Light Agents and general tenant protection settings
- Installing Light Agent on tenant virtual machines
- Registering tenant virtual machines
- Activating the tenant
- Registering existing tenants and their virtual machines
- Enabling and disabling tenant protection
- Getting tenant information
- Receiving tenant protection reports
- Removing virtual machines from the protected infrastructure
- Removing tenants
- Using Integration Server REST API in multi-tenancy scenarios
- Deploying tenant protection infrastructure
- Managing Light Agent for Linux from the command line
- Managing Light Agent for Windows from the command line
- Contacting Technical Support
- How to get technical support
- Technical Support via Kaspersky CompanyAccount
- Getting information for Technical Support
- About Protection Server and Light Agent dump files
- About the Kaspersky Security components installation Wizard trace files
- About Light Agent for Windows Installation Wizard trace files
- About trace files of the Integration Server and Integration Server Console
- Trace files of SVMs, Light Agent, and Kaspersky Security management plug-ins
- The SVM Management Wizard log
- Using the utilities and scripts from the Kaspersky Security distribution kit
- Appendices
- Using the klconfig script API to define SVM configuration settings
- Executing configuration commands
- Using the SVM first startup script
- Configuring SVM configuration settings
- Description of commands
- accept_eula_and_privacypolicy
- apiversion
- checkconfig
- check_viis_infra_accessibility
- connectorlang
- dhcp
- dhcprenew
- dns
- dnslookup
- dnssearch
- dnsshow
- getdnshostname
- gethypervisordetails
- hostname
- listpatches
- manageservices
- nagent
- network
- ntp
- passwd
- permitrootlogin
- productinstall
- reboot
- resetnetwork
- rollbackpatch
- setsshkey
- settracelevel
- test
- timezone
- version
- Settings in the setup.ini file
- Settings in the ScanServer.conf file
- Settings in the LightAgent.conf file
- Object ID values for SNMP
- Using the klconfig script API to define SVM configuration settings
- Sources of information about the application
- Glossary
- Activation code
- Active key
- Administration Server
- Application activation
- Application databases
- Backup
- Backup copy of a file
- Compound file
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Heuristic Analysis
- Infectable file
- Integration Server
- Kaspersky CompanyAccount
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- Keylogger
- License
- License certificate
- License key (key)
- Light Agent
- OLE object
- OpenStack domain
- OpenStack project
- Phishing
- Protected virtual machine
- Reserve key
- Server key
- Signature Analysis
- Startup objects
- SVM
- SVM Management Wizard
- Update source
- Information about third-party code
- Trademark notices
About this Help Guide
This Help Guide describes how to work with Kaspersky Security for Virtualization 5.2 Light Agent and with the Kaspersky Security update known as Kaspersky Security for Virtualization 5.2.1 Light Agent (hereinafter also referred to as the "Kaspersky Security 5.2.1 update").
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
Page top
About Kaspersky Security for Virtualization 5.2 Light Agent
Kaspersky Security for Virtualization 5.2 Light Agent (including the Kaspersky Security 5.2.1 update), hereinafter also referred to as "Kaspersky Security", is an integrated solution that provides comprehensive protection of virtual machines against various types of information security threats, network attacks, and fraud.
Kaspersky Security protects virtual machines on the following virtualization platforms:
- VMware vSphere.
- Citrix Hypervisor.
- Microsoft Hyper-V.
- KVM (Kernel-based Virtual Machine).
- Proxmox VE.
- Skala-R.
- HUAWEI FusionSphere.
- Nutanix Acropolis.
- Enterprise Cloud Platform VeiL.
- SharxBase.
- TIONIX Cloud Platform.
- OpenStack.
- ALT Virtualization Server.
- "Brest" Virtualization Tools software package.
- zVirt virtualization environment.
- ROSA Virtualization Environment Management System.
- RED Virtualization.
- Astra Linux.
- SpaceVM Cloud Platform.
- VK Cloud platform.
- R-Virtualization server virtualization system.
- Yandex Cloud Platform.
Some limitations apply to the installation and operation of the application in virtual infrastructures running on the Enterprise Cloud Platform VeiL, SharxBase, "Brest" Virtualization Tools software package, zVirt Virtualization System, ROSA Virtualization, RED Virtualization, SpaceVM Cloud Platform, R-Virtualization server virtualization system, and Yandex Cloud Platform. Please refer to the Knowledge Base for details.
Kaspersky Security is optimized to support maximum performance of the virtual machines that are protected by the application.
The application protects virtual machines running guest operating systems for servers and guest operating systems for desktops.
Kaspersky Security can be used in multitenancy mode. This application usage mode allows you to protect isolated virtual infrastructures in the tenant organization or units within an organization (hereinafter also referred to as "tenants").
The application comprises the following components:
- Kaspersky Security Protection Server (hereinafter "Protection Server") Supplied as an SVM (secure virtual machine) image. To install the Protection Server component, you must deploy SVMs on hypervisors in the virtual infrastructure.
- Kaspersky Security Light Agent (hereinafter "Light Agent"). The Light Agent component must be installed on each virtual machine that you want to protect using Kaspersky Security.
- Integration Server. It facilitates interaction between Kaspersky Security components and the virtual infrastructure.
Each type of threats is handled by a separate Light Agent functional component.
Application can be managed using:
- Kaspersky Security Center.
- Light Agent for Linux or Light Agent for Windows command line.
- Light Agent for Windows local interface (hereinafter also referred to as the "local interface").
Distribution kit
For information about purchasing the application, please visit Kaspersky website at https://www.kaspersky.com or contact our partners.
The distribution kit includes the following files:
- Files required for installing application components:
- File for starting the Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console installation wizard.
- SVM (secure virtual machine) images Protection Server.
- Files for installing Light Agent for Windows and Light Agent for Linux, including the files that contain the texts of the End User License Agreements and the Privacy Policy.
- Files for installing management web plug-ins that let you manage the application through the Kaspersky Security Center Web Console.
- MIB file that you can use to receive SVM status information with the aid of the SNMP Monitoring system.
On the Kaspersky website, you can download the files that are included in the Kaspersky Security distribution kit and the files necessary for installing Kaspersky Security Center.
The contents of the distribution kit can vary from region to region.
Information required to activate the application is forwarded by email after payment.
Page top
Hardware and software requirements
This section contains the hardware and software requirements of Kaspersky Security.
Requirements for Kaspersky Security Center components
For the installation and operation of Kaspersky Security in an organization's local network, one of the following versions of Kaspersky Security Center must be installed:
- Kaspersky Security Center 15 Linux.
Interaction with the Kaspersky Security Center Linux Administration Server is performed using Kaspersky Security Center Web Console.
- Kaspersky Security Center 15.1 Windows.
- Kaspersky Security Center 14 Windows.
- Kaspersky Security Center 13 Windows.
- Kaspersky Security Center 12 Windows.
This Guide describes how to work with Kaspersky Security Center 13 Windows.
The operation of Kaspersky Security requires the following Kaspersky Security Center components:
- Administration Server.
The following services must be configured on Administration Server:
- The activation proxy service is used when activating Kaspersky Security. The activation proxy service is configured in the properties of the Kaspersky Security Center Administration Server. If the activation proxy service is disabled, the application cannot be activated using the activation code.
- The KSN Proxy service facilitates data exchange between Kaspersky Security and Kaspersky Security Network. The KSN Proxy service is configured in the properties of the Kaspersky Security Center Administration Server.
For more detailed information about the activation proxy service and KSN Proxy service, please refer to the Kaspersky Security Center help.
- Network Agent. Network Agent is responsible for interaction between Administration Server and virtual machines on which Kaspersky Security is installed.
Network Agent must be installed on all virtual machines that you want to protect:
The Network Agent does not need to be installed on SVMs because this component is included in the SVM images.
- Kaspersky Security Center Administration Console. You can use the MMC-based Administration Console (hereinafter also referred to as "Administration Console") or Kaspersky Security Center Web Console (hereinafter also referred to as "Web Console").
For information on installing Kaspersky Security Center components, please refer to the Kaspersky Security Center help.
The operating system of the device on which Kaspersky Security Center is installed must meet the requirements of the Integration Server component.
Page top
Requirements for the Integration Server installation
The device must have one of the following operating systems to support installation and operation of the Integration Server and Integration Server Console:
- Windows Server 2022 Standard/Datacenter/Essentials
- Windows Server 2019 Standard/Datacenter/Essentials
- Windows Server 2016 Standard/Datacenter
- Windows Server 2012 R2 Standard/Datacenter/Essentials
- Windows Server 2012 Standard/Datacenter/Essentials
On the device where you want to install the Integration Server Console, the operating system must be installed in the Desktop Experience mode.
The Microsoft .NET Framework 4.6 platform is required for the operation of the Integration Server, Integration Server Console, and Kaspersky Security management MMC plug-ins. If the platform is not installed and Internet access is available, the Kaspersky Security Components Installation Wizard will suggest installing it during the installation of the Integration Server, Integration Server Console and MMC plug-ins.
The device must meet the following minimum hardware requirements to support the installation and operation of the Integration Server and Integration Server Console:
- Quad-core 2 GHz virtual processor
- Available disk space:
- 4 GB for the Integration Server Console
- 4 GB for the Integration Server
- Available RAM:
- 4 GB for the Integration Server Console
- 4 GB for the Integration Server
The required volume of RAM and free disk space may change depending on the size of the virtual infrastructure. To improve the performance of the Integration Server, 10 GB of free disk space is recommended.
Windows PowerShell version 4.0 or later is required for the operation of PowerShell cmdlets. A cmdlet is used to replace the self-signed SSL certificate of the Integration Server. It is recommended to replace it after installation of the Integration Server. Windows PowerShell is not required for the operation of Kaspersky Security and protection of the virtual infrastructure.
Page top
Requirements for the virtual infrastructure
Installation and operation of Kaspersky Security application is supported on the following virtualization platforms:
- Microsoft Hyper-V platform.
To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:
- Microsoft Windows Server 2019 Hyper-V (Desktop experience/Core) hypervisor
- Microsoft Windows Server 2016 Hyper-V (Desktop experience/Core) hypervisor with all available updates
- Microsoft Windows Server 2012 R2 Hyper-V (Desktop experience/Core) hypervisor with all available updates
The application can be installed and run on Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service. Cluster Shared Volumes technology must be enabled on cluster nodes.
To deploy SVMs on Microsoft Windows Server Hyper-V hypervisors, you can use a Microsoft System Center Virtual Machine Manager (referred to as Microsoft SCVMM) of one of the following versions:
- Microsoft SCVMM 2019 with the latest updates.
- Microsoft SCVMM 2016 with the latest updates.
- Microsoft SCVMM 2012 R2 with the latest updates.
- Citrix Hypervisor platform.
For Kaspersky Security to install and run in the virtual infrastructure, Citrix Hypervisor 8.2 LTSR hypervisor must be installed in the virtual infrastructure.
- VMware vSphere platform.
To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:
- VMware ESXi 8.0 hypervisor with the latest updates.
- VMware ESXi 7.0 hypervisor with the latest updates.
- VMware ESXi 6.7 hypervisor with the latest updates.
- VMware ESXi 6.5 hypervisor with the latest updates.
VMware vCenter Server 8.0, VMware vCenter Server 7.0, VMware vCenter Server 6.7, or VMware vCenter Server 6.5 virtual infrastructure administration server with all available updates must be installed in virtual infrastructure. There is support for the installation and operation of the application in an infrastructure managed by standalone VMware vCenter servers and by a group of VMware vCenter servers running in Linked mode.
If you are using VMware NSX Manager in an infrastructure running the VMware vSphere platform, Kaspersky Security can assign security tags to the protected virtual machines. Kaspersky Security supports compatibility with one of the following types of VMware NSX Manager:
- VMware NSX-V Manager from VMware NSX Data Center for vSphere 6.4.6 package.
- VMware NSX-T Manager from VMware NSX-T Data Center 3.0.0 package.
- VMware NSX-T Manager from VMware NSX-T Data Center 2.5.1 package.
Simultaneous use of VMware NSX-V Manager and VMware NSX-T Manager for the same VMware vCenter Server is not supported.
To deploy SVMs on VMware ESXi hypervisors, you can use a Microsoft SCVMM virtual infrastructure administration server of one of the following versions:
- Microsoft SCVMM 2019 with the latest updates.
- Microsoft SCVMM 2016 with the latest updates.
- Microsoft SCVMM 2012 R2 with the latest updates.
- KVM (Kernel-based Virtual Machine) platform.
For Kaspersky Security to install and run in the virtual infrastructure, KVM hypervisor based on one of the following operating systems must be installed:
- Ubuntu 20.04 LTS.
- Ubuntu 18.04 LTS.
- Red Hat Enterprise Linux Server 7.9.
- CentOS 7.9.
To deploy an SVM on KVM hypervisors running the CentOS operating system, you must delete or comment out the "Defaults requiretty" line in the /etc/sudoers configuration file of the hypervisor’s operating system.
If you are using VMware NSX-T Manager in an infrastructure running the KVM platform, Kaspersky Security can assign security tags to the protected virtual machines. Kaspersky Security supports compatibility with one of the following versions of VMware NSX-T Manager:
- VMware NSX-T Manager from VMware NSX-T Data Center 3.0.0 package.
- VMware NSX-T Manager from VMware NSX-T Data Center 2.5.1 package.
- Proxmox VE platform.
To install and run Kaspersky Security in the virtual infrastructure, one of the following hypervisors must be installed:
- Proxmox VE 6.4 hypervisor
- Proxmox VE 6.3 hypervisor
Only KVM-based Proxmox VE is supported. Operation of the application on a Proxmox VE hypervisor using LXC (Linux Containers) is not supported.
- Skala-R platform.
R-Virtualization hypervisor 7.0.13 must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
Skala-R Management 1.93 virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on R-Virtualization hypervisors.
- HUAWEI FusionSphere platform.
HUAWEI FusionCompute CNA hypervisor 8.0 and later must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
HUAWEI FusionCompute VRM 8.0 and later virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on HUAWEI FusionCompute CNA hypervisors.
- Nutanix Acropolis platform.
Nutanix AHV 5.19.1 hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
Nutanix Prism 5.19.1 and later virtual infrastructure administration server must be installed in the virtual infrastructure to support deployment and operation of an SVM on Nutanix AHV hypervisors.
- Enterprise Cloud Platform VeiL platform.
A VeiL Node 5.1.2 hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
There are some limitations on the installation and operation of the application in a virtual infrastructure running the Enterprise Cloud Platform VeiL platform. Please refer to the Knowledge Base for details.
- SharxBase platform.
SharxBase 5.10.x hypervisor must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
There are some limitations on the installation and operation of the application in the SharxBase virtual infrastructure. Please refer to the Knowledge Base for details.
- TIONIX Cloud Platform.
For Kaspersky Security to install and run, one of the following TIONIX Cloud Platform versions must be installed: 2.8, 2.9 or 3.0.
The following microservices must be installed as part of the TIONIX Cloud Platform:
- Keystone – authentication microservice.
- Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
- Cinder – microservice used for operations with storages.
- Glance – microservice used for operations with virtual machine images.
- Neutron – microservice used for operations with networks.
A KVM hypervisor must be installed in the virtual infrastructure.
- OpenStack platform.
For Kaspersky Security to install and run, one of the following OpenStack platform releases must be installed: Stein, Victoria, Wallaby or Xena.
The following microservices must be installed as part of the OpenStack platform:
- Keystone – authentication microservice.
- Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
- Cinder – microservice used for operations with storages.
- Glance – microservice used for operations with virtual machine images.
- Neutron – microservice used for operations with networks.
A KVM hypervisor must be installed in the virtual infrastructure.
- ALT Virtualization Server.
The ALT Virtualization Server version 10.0 platform is required for installation and operation of the Kaspersky Security application.
A basic hypervisor of the ALT Virtualization Server 10.0 platform (KVM-based hypervisor) must be installed as part of the platform.
- Brest Virtualization Software Platform.
Brest Virtualization Software Platform version 2.9 or 3.2 is required for installation and operation of the Kaspersky Security application.
A KVM hypervisor must be installed in the virtual infrastructure.
There are some limitations on the installation and operation of the application in a virtual infrastructure running on the Brest Virtualization Software Platform. Please refer to the Knowledge Base for details.
- zVirt virtualization environment.
A zVirt Node 3.x and 4.x hypervisor must be installed in the virtual infrastructure to support installation and operation of Kaspersky Security.
There are some limitations on the installation and operation of the application in a virtual infrastructure running the zVirt Virtualization Environment. Please refer to the Knowledge Base for details.
- ROSA Virtualization Environment Management System Platform.
ROSA Virtualization Environment Management System Platform version 2.1 is required for installation and operation of the Kaspersky Security application.
A KVM hypervisor must be installed in the virtual infrastructure.
There are some limitations on the installation and operation of the application in a virtual infrastructure running on the ROSA Virtualization Environment Management System Platform. Please refer to the Knowledge Base for details.
You can remove the limitations related to use of the Integration Server in a virtual infrastructure running on the ROSA Virtualization platform. If you want to use the extended functionality for SVM discovery by Light Agents (use the Integration Server and the advanced SVM selection algorithm), you can manually add infrastructure information to the Integration Server. Please refer to the Knowledge Base for details.
- RED Virtualization platform.
RED Virtualization platform version 7.3 is required for installation and operation of the Kaspersky Security application.
A KVM hypervisor must be installed in the virtual infrastructure.
There are some limitations when installing and operating the application in a virtual infrastructure running the RED Virtualization platform. Please refer to the Knowledge Base for details.
- Astra Linux Platform.
Installation and operation of Kaspersky Security requires Astra Linux Special Edition RUSB.10015-01 (regular update 1.7) with Update 2022-1221SE17MD installed (operational update 1.7.3.UU.1).
A KVM hypervisor must be installed in the virtual infrastructure.
- SpaceVM Cloud Platform.
SpaceVM Cloud Platform 6.2 required for installation and operation of the Kaspersky Security application in the virtual infrastructure.
There are some limitations on the installation and operation of the application in the virtual infrastructure on SpaceVM Cloud Platform. Please refer to the Knowledge Base for details.
- VK Cloud platform
To install and run the Kaspersky Security solution, you need one of the following OpenStack platform releases: Havana, Stein, Newton, Victoria, Zed, or Antelope.
The following microservices must be installed as part of the VK Cloud platform:
- Keystone – authentication microservice.
- Compute (Nova) – microservice used for creating virtual machine and operations with infrastructure.
- Cinder – microservice used for operations with storages.
- Glance – microservice used for operations with virtual machine images.
- Neutron – microservice used for operations with networks.
A KVM hypervisor must be installed in the virtual infrastructure.
- R-Virtualization server virtualization system.
R-Virtualization hypervisor 7.0.13 or later must be installed in the virtual infrastructure to support installation and operation of the Kaspersky Security application.
Some limitations apply to the installation and operation of the application in a virtual infrastructure based on the ROSA Virtualization platform. Please refer to the Knowledge Base for details.
- Yandex Cloud Platform.
Yandex Cloud Platform is required to install and run Kaspersky Security in a virtual infrastructure.
There are some limitations on the installation and operation of the solution in a virtual infrastructure on the Yandex Cloud Platform. Please refer to the Knowledge Base for details.
Requirements for SVM resources with Kaspersky Security Protection Server
To run Kaspersky Security on an SVM, the following minimum system resources are required:
- Dual-core virtual processor
- 30 GB available disk space
- 2 GB available RAM
- Virtualized network interface with bandwidth of 100 Mbit/s
Virtual machine requirements for installing the Light Agent for Windows
To install and operate the Light Agent for Windows, the virtual machine must meet the following minimum hardware requirements:
- 1.5 GHz virtual processor
- 2 GB available disk space
- 2 GB available RAM
- Virtualized network interface with bandwidth of 100 Mbit/s
For installation and proper operation of Light Agent for Windows together with Kaspersky Endpoint Agent, the virtual machine must meet the following minimum hardware requirements:
- Two 2.4 GHz virtual processors
- 3 GB available disk space
- 4 GB available RAM
- Virtualized network interface with bandwidth of 100 Mbit/s
Kaspersky Security for Virtualization 5.2 Light Agent can be integrated with Kaspersky Endpoint Agent 3.11.
Before installing Light Agent for Windows on a virtual machine managed by Citrix Hypervisor, the XenTools application must be installed.
The VMware Tools kit must be installed before installing the Light Agent for Windows on a virtual machine powered by a VMware ESXi hypervisor.
The HUAWEI Tools kit must be installed before installing the Light Agent for Windows on a virtual machine powered by a HUAWEI FusionCompute CNA hypervisor.
Before installing Light Agent for Windows on a virtual machine managed by Microsoft Windows Server (Hyper-V) hypervisor, an Integration Services package must be installed.
QEMU Guest Agent must be installed before installing Light Agent for Windows on a virtual machine managed by a KVM hypervisor (including those running on the OpenStack Platform, VK Cloud platform, TIONIX Cloud Platform, and Astra Linux Platform) or by an ALT Virtualization Server platform basic hypervisor.
One of the following guest operating systems must be installed on the virtual machine to support the installation and operation of the Light Agent for Windows:
- Windows 11 21H2 Pro/Enterprise/Education
- Windows 10 Desktop Pro 19H1/19H2/20H1/20H2/21H1 (32 / 64-bit)
- Windows 10 Enterprise 2016 LTSC/2019 LTSC/19H1/19H2/20H1/20H2/21H1 (32 / 64-bit)
- Windows 8.1 Update 1 Professional/Enterprise (32 / 64-bit)
- Windows 7 Professional/Enterprise Service Pack 1 (32/64-bit)
- Windows Server 2022 Standard/Datacenter/Essentials (Desktop experience/Core)
- Windows Server 2019 Standard/Datacenter (Desktop experience/Core)
- Windows Server 2016 Standard/Datacenter (Desktop experience/Core)
- Windows Server 2012 R2 Standard/Datacenter/Essentials (Desktop experience/Core)
- Windows Server 2012 Standard/Datacenter/Essentials (Desktop experience/Core)
- Windows Server 2008 R2 Service Pack 1 Standard/Enterprise/Datacenter (Desktop experience/Core)
The set of Light Agent functional components that you can use on a virtual machine depends on the guest operating system of the virtual machine.
To avoid delays in installing the application under Windows 7 and Windows Server 2008 R2, make sure that the Windows operating system automatically updates lists of trusted and untrusted (revoked) software vendor certificates online via Windows Update. For systems without access to Windows Update or systems on which automatic updating of lists of trusted and untrusted certificates is disabled, these lists must be kept up to date manually in accordance with the Microsoft technical support recommendations at: https://support.microsoft.com/en-us/kb/2677070 and https://support.microsoft.com/en-us/kb/2813430.
The Light Agent for Windows can protect virtual machines that are part of an infrastructure employing the following virtualization solutions:
- Citrix Virtual Apps and Desktops 7 1912 LTSR with the latest updates installed.
- Citrix XenApp and XenDesktop 7.15 LTSR with the latest updates installed.
- Citrix Provisioning 7 1912 LTSR with the latest updates installed.
- Citrix Provisioning Services 7.15 LTSR with the latest updates installed.
- VMware Horizon 8.2 (2103).
- VMware App Volumes (2103).
- HUAWEI FusionAccess 8.0 and later.
Virtual machine requirements for installing the Light Agent for Linux
To install and operate the Light Agent for Linux, the virtual machine must meet the following minimum hardware requirements:
- 1.5 GHz virtual processor
- 2 GB available disk space
- 2 GB available RAM
- Virtualized network interface with bandwidth of 100 Mbit/s
Software requirements for installation and operation of Light Agent for Linux:
- Perl interpreter: version 5.0 or later, (visit http://www.perl.org)
- The which utility
- Installed dmidecode package
- The procedure for remote installation of Light Agent for Linux requires that the sudo package is installed
Before installing Light Agent for Linux on a virtual machine managed by Citrix Hypervisor, the XenTools application must be installed.
The VMware Tools kit must be installed before installing the Light Agent for Linux on a virtual machine powered by a VMware ESXi hypervisor.
The Huawei Tools kit must be installed before installing the Light Agent for Linux on a virtual machine powered by a HUAWEI FusionCompute CNA hypervisor.
Before installing Light Agent for Linux on a virtual machine managed by Microsoft Windows Server (Hyper-V) hypervisor, an Integration Services package must be installed.
QEMU Guest Agent must be installed before installing Light Agent for Linux on a virtual machine managed by a KVM hypervisor (including those running on the OpenStack Platform, VK Cloud platform, TIONIX Cloud Platform, and Astra Linux Platform) or by an ALT Virtualization Server platform basic hypervisor.
One of the following guest server operating systems must be installed on the virtual machine to support the installation and operation of the Light Agent for Linux:
- Astra Linux Special Edition RUSB.10015-01 (regular update 1.7) (without support for capability-based access restriction and closed software environment modes)
- Astra Linux Special Edition RUSB.10015-16 (version 1) (regular update 1.6) (without support for capability-based access restriction and closed software environment modes)
- Astra Linux Special Edition RUSB.10015-01 (regular update 1.6) (without support for capability-based access restriction and closed software environment modes)
- Astra Linux Special Edition RUSB.10015-01 (regular update 1.5) (without support for capability-based access restriction and closed software environment modes)
- CentOS 8.0 and later (64-bit)
- CentOS 7.3 and later (64-bit)
- Debian GNU/Linux 10.1 or later (32/64-bit).
- Debian GNU/Linux 9.4 or later (32/64-bit)
- Oracle Linux 8.0 and later (64-bit)
- Oracle Linux 7.3 and later (64-bit)
Before installing Light Agent for Linux on a virtual machine running Oracle Linux, the tar archiver must be installed.
- Red Hat Enterprise Linux Server 8.0 or later (64-bit).
- Red Hat Enterprise Linux Server 7.3 and later (64-bit)
- SUSE Linux Enterprise Server 15 SP2 (64-bit)
- Ubuntu 20.04 LTS (64-bit).
- Ubuntu 18.04 LTS (64-bit).
- ALT 8 SP (64-bit).
- Red OS 7.3 (64-bit).
Due to the limitations of the fanotify technology, Light Agent for Linux does not support the following file systems: autofs, aufs, binfmt_misc, cgroup, configfs, debugfs, devpts, fuse, fuse.gvfsd-fuse, gvfs, hpsa_fuse, hugetlbfs, mqueue, nfsd, proc, pstore, rpc_pipefs, securityfs, selinuxfs, sysfs.
Page top
Light Agent functional components
Each type of threats is handled by a separate Light Agent functional component. You can enable, disable and configure the functional components independently of each other.
The following Light Agent functional components are considered to be protection components:
- File Anti-Virus prevents infection of the file system of the protected virtual machine’s operating system. The component starts together with the application, continuously remains active in computer memory, and scans all files that are opened, saved, or started in the operating system of the protected virtual machine. File Anti-Virus intercepts every attempt to access a file and scans the file for viruses and other malicious programs.
- Mail Anti-Virus scans incoming and outgoing email messages for viruses and other malware.
- Web Anti-Virus scans inbound and outbound web traffic of a protected virtual machine, and checks web addresses against the databases of malicious and phishing web addresses.
- Firewall protects personal data that is stored in the operating system of the protected virtual machine and blocks all possible threats to the operating system while the protected virtual machine is connected to the Internet or to a local area network. Firewall filters all network activity according to two types of rules: network rules for applications and network packet rules.
- Network Attack Blocker scans inbound network traffic for activity that is typical of network attacks. When the application detects an attempted network attack that targets the protected virtual machine, it blocks network activity originating from the attacking device.
- System Watcher receives information about application activity in the operating system of the protected virtual machine and provides this information to other components for more effective protection. The System Watcher can also protect shared folders against external encryption by monitoring operations performed from a remote device.
- AMSI Protection allows Microsoft Office applications and other third-party programs to send requests for scanning objects for viruses and other threats using Windows Antimalware Scan Interface (AMSI).
The following Light Agent functional components are considered to be control components:
- Application Startup Control keeps track of user attempts to start applications and regulates the startup of applications.
- Application Privilege Control logs the activity of applications in the operating system of the protected virtual machine, and regulates application activity depending on the group to which the application was assigned by Application Privilege Control. A set of rules is specified for each group of applications. These rules regulate applications’ access to personal data and operating system resources. Personal user data includes user files (the My Documents folder, cookies, user activity information) and files, folders, and registry keys that contain operation settings and important data for the most frequently used applications.
- Device Control lets you set flexible restrictions on access to devices that are sources of information (for example, hard drives, removable drives, CD/DVD discs), tools for transferring information (for example, modems) or for converting information to hard copy (for example, printers), or interfaces used by devices to connect to the protected virtual machine (for example, USB or Bluetooth).
- Web Control lets you set flexible restrictions on access to web resources for different user groups.
- System Integrity Monitoring can track changes in the protected virtual machine’s operating system.
The operation of control components is based on the following rules:
- Application Startup Control uses Application Startup Control rules.
- Application Privilege Control uses Application Control rules.
- Device Control uses device access rules and connection bus access rules.
- Web Control uses web resource access rules.
- System Integrity Monitoring uses System Integrity Monitoring rules.
The set of Light Agent functional components that you can use on a virtual machine depends on the guest operating system of the virtual machine.
- On a virtual machine with a Microsoft Windows desktop operating system, you can install the following functional components:
- All protection components
- Control components, except for System Integrity Monitoring
Installation and operation of the AMSI Protection functional component is not supported on virtual machines with guest OS version lower than Windows 10.
- On a virtual machine with a Microsoft Windows server operating system, you can install the following functional components:
- protection components:
- File Anti-Virus
- Mail Anti-Virus
- Firewall
- Network Attack Blocker
- System Watcher
- AMSI Protection
- control components:
- Application Startup Control
- System Integrity Monitoring
Installation and operation of the AMSI Protection functional component is not supported on virtual machines with guest OS version lower than Windows Server 2016.
The System Integrity Monitoring functional component operates only on the virtual machines that have NTFS or FAT32 file system.
- protection components:
- You can install only the File Anti-Virus protection component on a virtual machine with a Linux operating system.
Advanced features of the application
Kaspersky Security contains a number of advanced functions. Advanced functions are meant to keep the application up to date, expand its functionality, and assist the user with operating it.
- Licensing. When used under a premium license, all functions, database and application module updates, and detailed information about the application are available.
- Database update. Kaspersky Security downloads updated databases and application modules that keep the operating system of the protected virtual machine secure against viruses and other malware.
- Kaspersky Security Network. Participation in Kaspersky Security Network ensures better protection for the operating system of the virtual machine through the use of information about the reputation of files, web resources, and software obtained from users worldwide.
- Managed Detection and Response. Interaction with Kaspersky Managed Detection and Response solution enables continuous search, detection and elimination of threats aimed at your organization.
- Integration with Kaspersky Endpoint Agent. You can install Kaspersky Endpoint Agent on a virtual machine with the Light Agent for Windows component installed. Kaspersky Endpoint Agent provides interaction between Kaspersky Security and other Kaspersky solutions designed to detect complex threats.
- Backup. If the application detects an infected file while running a virus scan of the operating system of a protected virtual machine, it blocks this file and deletes it from its original folder. The application places copies of disinfected and deleted files in Backup.
- Reports. During its operation, the application keeps a report on each functional component and task of the application. The report contains a list of events that occur during operation of the application, and all operations that the application performs. In case of an incident, you can send reports to Kaspersky, where Technical Support will look into the issue in more detail.
- Notifications. The application uses notifications to inform the user about the current protection status of the protected virtual machine’s operating system. The application can display notifications on the screen or send them by email.
- Support. All registered users of Kaspersky Security can contact Technical Support for assistance. You can visit the Technical Support website or send a request through the Kaspersky CompanyAccount portal.
The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality may not be available in the solution in the territory of the USA.
Page top
What’s new
Kaspersky Security for Virtualization 5.2 Light Agent (including the Kaspersky Security 5.2.1 update) has the following new capabilities:
- A new functional component – AMSI protection – has been added. AMSI Protection allows Microsoft Office applications and other third-party programs to send requests for scanning objects for viruses and other threats using Windows Antimalware Scan Interface (AMSI).
- The capability to integrate with the following Kaspersky solutions is implemented:
- Kaspersky Endpoint Agent. Kaspersky Endpoint Agent provides interaction between Kaspersky Security and Kaspersky solutions designed to detect complex threats: Kaspersky Anti Targeted Attack Platform, Kaspersky Sandbox, Kaspersky Endpoint Detection and Response Optimum.
- Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response solution enables continuous search, detection and elimination of threats aimed at your organization.
- The list of supported guest operating systems (Windows and Linux) for the virtual machines has been expanded.
- The capability to protect virtual infrastructures running on the Enterprise Cloud Platform VeiL, SharxBase platform, OpenStack platform, and TIONIX Cloud Platform has been implemented.
There are some limitations on the installation and operation of the application in the virtual infrastructures on the Enterprise Cloud Platform VeiL and SharxBase platforms. Please refer to the Knowledge Base for details.
- The application deployment procedure in the Nutanix Acropolis infrastructure is optimized. Now you can simultaneously deploy your SVMs on Nutanix AHV hypervisors and on other types of hypervisors.
- Integration Server for Kaspersky Security for Virtualization Light Agent and Integration Server for Kaspersky Security for Virtualization Agentless now work independently.
- The application user interface has been changed in order to improve the application usability.
- Kaspersky Security update 5.2.1 offers enhanced support for TIONIX Cloud Platform. You can install, remove, or configure Kaspersky Security components in virtual infrastructure running on TIONIX Cloud Platform using the application's regular features.
- Kaspersky Security update 5.2.1 offers enhanced support for OpenStack platform. You can install, remove, or configure Kaspersky Security components in the virtual infrastructure running on OpenStack platform using the application regular features.
- Kaspersky Security Update 5.2.1 implements the capability to protect virtual infrastructures running on the ALT Virtualization Server platform, Brest Virtualization Software platform, zVirt Virtualization System platform, ROSA Virtualization Environment Management System Platform, RED Virtualization platform, Astra Linux, SpaceVM Cloud Platform, and VK Cloud Platform.
There are some limitations on the installation and operation of the application in virtual infrastructures running on the Brest Virtualization Software platform, zVirt Virtualization System platform, ROSA Virtualization Environment Management System platform, RED Virtualization and SpaceVM Cloud Platform. Please refer to the Knowledge Base for details.
- Update 5.2.1 of Kaspersky Security adds compatibility with Kaspersky Security Center 15 Linux. You can manage application components through Kaspersky Security Center Web Console using the Kaspersky Security web management plug-ins.
Application architecture
Protection Server component
A Protection Server is delivered in the form of a SVM image that is to be deployed on hypervisors in a virtual infrastructure. A secure virtual machine (SVM) is a virtual machine on which the Protection Server component is installed.
Protection Server performs the following functions:
- Scans the fragments of files sent by Light Agents installed on virtual machines for viruses and other malware. The SharedCache technology is used for scan. It optimizes the speed of file scan by excluding files that have been already scanned on another virtual machine. During its operation, Kaspersky Security caches in the SVM information about scanned files in order to exclude them from future scans.
- This ensures that the application receives an update package from the Kaspersky Security Center Administration Server repository containing database and application module updates necessary for operation of the application.
- Manages license keys and licensing restrictions.
Light Agent component
The Light Agent component can be installed on virtual machines running Windows operating systems, including on virtual machine templates and virtual machines that use Citrix Provisioning Services, and on virtual machines running Linux operating systems. A virtual machine with the Light Agent component installed is called protected virtual machine.
The Light Agent component must be installed on each virtual machine that you want to protect using Kaspersky Security. The Light Agent for Windows component is installed locally on the virtual machine or remotely through Kaspersky Security Center, or using Active Directory Group Policies. The Light Agent for Linux component is installed locally from the command line or remotely through Kaspersky Security Center.
The Light Agent component performs the following functions:
- Protects the virtual machine on which it is installed from viruses and other threats in accordance with the configured functional protection components settings.
- Controls operation of applications and devices on the protected virtual machine, and monitors changes in the virtual machine's operating system in accordance with the configured functional control components settings.
At startup, Light Agent installs and maintains connection with SVM.
Integration Server component
Integration Server component facilitates interaction between Kaspersky Security components and the virtual infrastructure.
The Integration Server is used for performing the following tasks:
- Deploys, removes, and reconfigures SVMs. The Wizard used for performing these procedures is started from the Integration Server Console.
- Receiving information from the virtual infrastructure about the protected infrastructure and transmission of this information to Protection Server component that is installed on SVM. The Integration Server can connect to hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices to acquire this information (depending on the type of virtual infrastructure).
- Light Agents' retrieval of information about SVMs. SVMs relay to the Integration Server the information required for connecting Light Agents to SVMs. Light Agents receive the list of SVMs available to connect to and information about them from the Integration Server. Based on this information, Light Agents select the SVM to connect to.
- Application deployment and usage in the multitenancy mode.
To use the Integration Server, you must configure the settings for connecting SVMs and Light Agents to the Integration Server.
After configuring the settings for connecting SVM to the Integration Server, SVM transmits the following information to the Integration Server every 5 minutes:
- IP address and number of ports for connecting to the SVM
- Information about the SVM location in the virtual infrastructure
- License information
- Information about the average load on the SVM
Light Agents that have Integration Server connection settings configured attempt to connect to the Integration Server once every 30 seconds if the Light Agent has no information about any SVM and the last attempt to connect the Light Agent to the Integration Server failed. After Light Agents receive information about SVMs from the Integration Server, the interval between Light Agent connections to the Integration Server increases to 5 minutes.
During its operation, the Integration Server saves the following information:
- Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
- Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
- If the application is used in multitenancy mode: the list of registered tenants and information about the time during which the virtual machines were protected by the application.
- Internal information about the SVM.
All data is stored in encrypted form. Information is stored on the device on which Integration Server is installed and is not sent to Kaspersky.
Management plug-ins and Network Agent
The interface for managing Kaspersky Security using Kaspersky Security Center is provided by Kaspersky Security management plug-ins.
The Kaspersky Security Center component named Network Agent facilitates the interaction between Kaspersky Security and Kaspersky Security Center and provides the capability to manage Kaspersky Security components through Kaspersky Security Center.
SVM deployment options
VMware vSphere platform
The following options are available for deploying SVMs on VMware virtual infrastructure:
- Deployment on a standalone VMware ESXi hypervisor managed by a VMware vCenter Server.
- Deployment on VMware ESXi hypervisors that are part of a cluster managed by a VMware vCenter Server.
After deployment, the SVM is automatically assigned to the hypervisor, i.e. it does not migrate to other VMware ESXi hypervisors within the cluster.
- Deployment on VMware ESXi hypervisors managed by VMware vCenter servers in Linked mode.
To deploy SVMs on VMware ESXi hypervisors, you can use a Microsoft SCVMM virtual infrastructure administration server.
Citrix Hypervisor platform
The following options are available for deploying SVMs on Citrix Hypervisor virtual infrastructure:
- Deployment on a standalone Citrix Hypervisor.
- Deployment on a hypervisor that is a part of a Citrix Hypervisor pool.
An SVM can be deployed in the local hypervisor storage or in the shared storage of a Citrix Hypervisor pool.
After startup, an SVM deployed in shared storage is run on the hypervisor within the Citrix Hypervisor pool that has most resources and/or is least load. If a key with a limitation on the number of processor cores key has been installed on an SVM, the number of processor cores on the hypervisor the SVMs are running on is considered when checking the license restrictions.
Microsoft Hyper-V platform
The following options are available for deploying SVMs on Microsoft Hyper-V virtual infrastructure:
- Deployment on a standalone Microsoft Windows Server (Hyper-V) hypervisor.
- Deployment on Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service.
During deployment of an SVM on a Microsoft Windows Server (Hyper-V) hypervisor, all files required for operation of the SVM are stored in a separate folder. This folder is assigned the same name as the SVM.
To deploy SVMs on Microsoft Windows Server (Hyper-V) hypervisors, you can use a Microsoft SCVMM virtual infrastructure administration server.
KVM platform
SVM deployment on a standalone KVM hypervisor is supported.
Proxmox VE platform
SVM deployment on a standalone Proxmox VE hypervisor is supported.
Skala-R platform
SVM deployment on R-Virtualization hypervisors that are part of a hypervisor cluster managed by a Skala-R Management server is supported.
HUAWEI FusionSphere platform
The following options are available for deploying SVMs on HUAWEI virtual infrastructure:
- Deployment on a standalone HUAWEI FusionCompute CNA hypervisor managed by a HUAWEI FusionCompute VRM server.
- Deployment on HUAWEI FusionCompute CNA hypervisors that are part of a cluster managed by a HUAWEI FusionCompute VRM server.
Nutanix Acropolis platform
The following options are available for deploying SVMs on Nutanix Acropolis virtual infrastructure:
- Deployment on Nutanix AHV hypervisors that are a part of a hypervisor cluster managed by a Nutanix Prism Element server.
- Deployment on Nutanix AHV hypervisors that are a part of a hypervisor cluster managed by a Nutanix Prism Element server that is managed by Nutanix Prism Central.
OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform
SVMs are deployed on hypervisors used within .
ALT Virtualization Server platform
An SVM can be deployed on a standalone hypervisor of the ALT Virtualization Server platform.
Astra Linux Platform
SVM deployment on a standalone KVM hypervisor running on the Astra Linux Platform is supported.
Page top
Connecting Light Agent to SVM
To ensure proper operation of the application, the Light Agent installed on the virtual machine must be connected to an SVM with Protection Server.
Light Agent can connect only to an SVM on which the version of the Protection Server component is compatible with the version of the Light Agent component. The versions of the Light Agent and Protection Server components are compatible within a single version of Kaspersky Security.
Light Agent establishes and supports a connection with SVMs to send fragments of files to the Protection Server for scanning. If Light Agent is not connected to any SVM, the Protection Server does not scan files. If Light Agent loses a connection to an SVM for more than 5 minutes while running scan tasks, the scan tasks are paused and return an error.
Information about loss and restoration of connection between Light Agent and SVM can be saved as Kaspersky Security Center events and in the local interface of Light Agent for Windows.
To connect to an SVM, Light Agent must receive information about the SVMs to which a connection can be made. Light Agent selects an available SVM that is optimal for connection according to the SVM selection algorithm.
It is recommended to take into account that availability of some Light Agent functions depends on the type of the license used to activate the application on the SVM to which the Light Agent is connected.
About SVM discovery
Light Agent can discover SVMs running on the network in one of the following ways:
- Using the Integration Server. SVMs relay information about themselves to the Integration Server. The Integration Server compiles a list of SVMs available for connection, and sends this list to Light Agents.
In a large-sized virtual infrastructure running the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, you can limit the size of the list of SVMs available for connection that the Integration Server relays to Light Agents. The Integration Server can transfer information only about the limited number of available SVMs, which you specified in the Integration Server configuration file.
To use this method of SVM discovery, you must connect SVMs and Light Agents to the Integration Server.
- With the use of the list of SVM addresses. You can create a list of SVMs to which Light Agents can connect in the Light Agent policy.
If you use the application under an enterprise license and an advanced SVM selection algorithm is applied, it is recommended to select the Integration Server as the method used by Light Agents to detect SVMs.
You can configure the SVM discovery method used by Light Agents for Windows in the policy for Light Agent for Windows or in the local interface of Light Agent.
You can configure the SVM discovery method used by Light Agents for Linux in the policy for Light Agent for Linux.
You can select only one of the two available SVM discovery methods for Light Agent.
You can receive information about the SVM to which Light Agent is connected:
- For Light Agent for Windows – in the local interface of Light Agent for Windows in the Support window.
- For Light Agent for Linux – using the svminfo command.
About the SVM selection algorithms
Light Agents can apply one of the following SVM selection algorithms for connection:
If you use the application under an enterprise license, you can specify the SVM selection algorithm to be used by the Light Agents, and configure advanced SVM selection settings.
If you use the application under a standard license, Light Agents use the standard SVM selection algorithm to select SVMs for connection.
Regardless of the algorithm used in selecting SVMs, Light Agents also take into account the following parameters:
- Availability of a valid license (the SVM possesses a license key that is not in the denylist, and the license associated with the key has not expired). Light Agent first connects to the SVM on which the solution is activated (possess a key).
- Type of the license key added to the SVM. If you add a server or desktop key to the SVM, the Light Agent first connects to the SVM on which the key type corresponds to the operating system installed on the virtual machine with Light Agent.
- Encrypting the connection between a Light Agent and SVM. A Light Agent for which connection encryption is enabled can connect only to SVMs on which connection encryption is also enabled. A Light Agent for which connection encryption is disabled can connect only to SVMs on which connection encryption is also disabled or protection is enabled, but a non-secure connection is allowed.
- Tags for connecting to the SVM (only if you use application under an enterprise license). If a Light Agent has been assigned a tag, this Light Agent can connect only to SVMs for which connection of Light Agents with the specified tag is allowed.
About data processing
During their operation, Kaspersky Security components may save and send to other application components and to other Kaspersky applications the following information that may contain personal and confidential data:
- In support of protection and while scan tasks are running, Light Agents send the Protection Server the information necessary for scanning objects. The transmitted information may include the names of files and paths to them in the file system, the checksums of files, web addresses, and the scanned objects or their fragments.
- To generate reports and events, the Protection Server and Light Agents send information about application operation to the Kaspersky Security Center Administration Server. The transmitted information may include user names, names of processed files and paths to them in the file system, and processed web addresses.
- To ensure the capability to work with Backup objects and the list of unprocessed objects in Kaspersky Security Center, Light Agents send the Kaspersky Security Center Administration Server information about objects that have been placed in Backup on protected virtual machines, and information about objects that have been added to the list of unprocessed objects. The transmitted information may include user names, the object name and path to it in the file system. If requested by the administrator, Kaspersky Security Center may be sent information about the objects placed in Backup or the list of unprocessed objects.
- To support the operation of control components, Light Agent for Windows sends information about executable files to the Kaspersky Security Center Administration Server. The transmitted information may include the file name, path to it in the file system, and the checksum of the file. If requested by the administrator, the executable file itself may be sent to Kaspersky Security Center.
- While tasks are running on SVMs and protected virtual machines, the Protection Server and Light Agents send information about task settings and results to the Kaspersky Security Center Administration Server. The transmitted information may include the user name and password indicated in the task settings for the user account used to run the task.
- In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, Light Agents and the Protection Server may send the Integration Server information about security tags that are assigned to the protected virtual machine upon detection of viruses, malware, or activity that is typical of network attacks. The IDs of protected virtual machines are also sent.
- The Protection Server transmits the list of Light Agents connected to this SVM to Kaspersky Security Center Administration Server. The transmitted information may include the name of the protected virtual machine and the path to it in the virtual infrastructure. The list of connected Light Agents is displayed in the Kaspersky Security Center Administration Console and in the Web Console.
- During the operation of the Device Control component, Light Agent for Windows sends the Kaspersky Security Center Administration Server information about the devices running on a protected virtual machine. The transmitted information may include the device ID, device name, and device description.
- The Protection Server and Light Agents receive the policy-defined operating settings from the Kaspersky Security Center Administration Server. The transmitted information may include the paths to files and registry keys, web addresses, IP addresses of the Integration Server and SVMs, settings for connecting SVMs and Light Agents to the Integration Server, public and private keys of SVMs, and the public key of the Integration Server.
- During installation of the application and when reconfiguring SVMs, the SVM Management Wizard sends the user-defined passwords of the root and klconfig accounts to the SVMs.
- To support the installation and operation of the application, the Integration Server and SVM Management Wizard receive information from the virtual infrastructure, save that information, and share it with each other and the Integration Server. The transmitted data can contain names of the virtual machines, IP-addresses or names of the hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure.
- To receive information that is used when selecting an SVM to connect to, Light Agents send the ID of the protected virtual machine to the Integration Server and SVMs.
- The Integration Server Console sends the Integration Server the data necessary for configuring the application operating settings. The transmitted data can contain addresses of hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure. If the application is installed in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, the address and settings of the accounts used to connect to VMware NSX Manager may also be sent.
- When using the application in multitenancy mode, Integration Server receives the Integration Server API through REST and stores information about the tenants and their virtual machines in the database. The following data can be transmitted: tenant name, identifier, description, and other information about the tenant specified by the provider’s administrator; tenant virtual machine identifier; account settings for connecting to Kaspersky Security Center virtual Administration Server configured for the tenant; identifier of Kaspersky Security Center virtual Administration Server. Integration Server can transfer information stored in the database about the tenants and tenant virtual machines to the Integration Server Console for display or upon request to the Integration Server REST API.
- When using the application in multitenancy mode, the information necessary for generating tenant protection reports can be transmitted to the Integration Server from SVM Light Agents and from SVMs. The following data can be transmitted: identifiers of both SVM and the protected virtual machine, type and version of the guest operating system installed on the protected virtual machine, time intervals when the Light Agent was connected to the SVM.
- When using the application in multitenancy mode, the Integration Server transmits to the Kaspersky Security Center Administration Server information required to create a tenant protection infrastructure: tenant name, account settings for connecting to the Kaspersky Security Center virtual Administration Server, operation settings specified using policies, including IP addresses of the Integration Server and SVM.
- When Kaspersky Endpoint Agent is used in together with Light Agent for Windows, Light Agent can transmit data to Kaspersky Endpoint Agent and to the Windows tracing service (Event Tracing for Windows), from where it is taken by Kaspersky Endpoint Agent. For information on processing and transmitting data to Kaspersky Endpoint Agent, refer to the help of that Kaspersky solution for interacting with which you use Kaspersky Endpoint Agent, for example, Kaspersky Anti Targeted Attack Platform or Kaspersky Endpoint Detection and Response Optimum.
The specified information is transmitted over encrypted data channels (except for the information necessary for scanning objects, and the information that is used when selecting SVMs). The connection between Light Agents and SVMs is not encrypted by default. You can enable encryption of the data channel between Light Agents and SVMs in the application settings.
Page top
Preparing for application installation
Before installing the Kaspersky Security, you need to do the following.
General preparations
- Check the composition of Kaspersky Security Center components and verify that the Kaspersky Security Center components and virtual infrastructure components meet the hardware and software requirements of Kaspersky Security.
- Make sure that no anti-virus software is installed on the virtual machines that you want to protect using Kaspersky Security.
- Prepare the files required for installing the application:
- From Kaspersky website, download the file necessary for running the Kaspersky Security Components Installation Wizard.
- Using the Kaspersky Security Components Installation Wizard, download SVM images and SVM image description files from Kaspersky website.
- If you are not planning to use automatically created installation packages to install Light Agent, unpack the files, required for installation of Light Agent for Windows and Light Agent for Linux using the Kaspersky Security Components Installation Wizard.
- If you want to use the web interface to interact with Kaspersky Security Center, you can download the archives required for installing web plug-ins from Kaspersky website. The files required to install web plug-ins are also available in the Web Console.
- Make sure that the settings of the network equipment or software controlling traffic between virtual machines allows network traffic to pass through the ports used during installation and operation of the application.
- Make sure that you have configured the settings of the accounts that are required for installation and operation of the application.
- If the network uses dynamic IP addressing, ensure the capability to route network traffic from the SVM to the device on which the Kaspersky Security Center Administration Server is installed.
- Install the latest Windows updates prior to installing Light Agent for Windows, Integration Server, Integration Server Console, and Kaspersky Security MMC plug-ins.
- If you want virtual machines on which the Kaspersky Security components are installed to be automatically moved into administration groups after installation of the application, create the administration groups in the Kaspersky Security Center Administration Console and configure rules for automatically moving the virtual machines to administration groups.
To ensure a secure connection between the application and the hypervisor, you are advised to use the AES256 encryption algorithm to encrypt incoming connections on the hypervisor over TLS, SSH, and other similar protocols.
Additional steps for Microsoft Hyper-V platform
In the virtual infrastructure on the Microsoft Hyper-V platform, perform the following steps before installing Kaspersky Security:
- Ensure that the Integration Services package is installed on virtual machines that you want to protect.
- Ensure that the ADMIN$ shared network resource is enabled on the hypervisor. To enable the ADMIN$ shared network resource on Microsoft Windows Server 2012 R2 Hyper-V hypervisors, a File Server role must be assigned in advance using the server configuration wizard.
- Ensure that the drive where the ADMIN$ shared network resource is located has enough space for the SVM image. During installation of the Protection Server component, the SVM image is copied to the ADMIN$ shared network resource and then moved to the folder specified during SVM deployment.
- Ensure that hypervisors that are not included in Active Directory domain have Windows Remote Management (WinRM) Ver. 3.0 installed. Windows Remote Management (WinRM) version 3.0 is included in the Windows Management Framework 3.0 installation package that can be downloaded from the Microsoft website.
- If you want to use a domain account to connect the Integration Server to the hypervisor, make sure that the following conditions are met:
- Integration Server is able to determine the hypervisor address using the domain name service (DNS) of the domain of the hypervisor on which the SVM is deployed.
- The DNS server has forward and reverse records for the Integration Server.
- Zones containing records about the Integration Server and the hypervisor on which the SVM is deployed are integrated with Active Directory.
- The device from which SVM deployment is performed is able to resolve the names of hypervisors on which the SVM is deployed.
- If you want the hypervisor user name and password, which were specified during installation of the SVM, to be encrypted when transmitted, you can use an SSL certificate to configure a secure connection between the hypervisor on which the SVM will be deployed and the device where the Kaspersky Security Center Administration Console is installed.
Additional Steps for VMware vSphere platform
In the virtual infrastructure on the VMware vSphere platform, perform the following steps before installing Kaspersky Security:
- Make sure that the VMware Tools kit is installed on the virtual machines that you want to protect.
- If a proxy server is used to connect the device hosting the Kaspersky Security Center Administration Console to the VMware vCenter Server, make sure that the virtual machines are available via the proxy server.
Additional Steps for Citrix Hypervisor platform
In the virtual infrastructure on the Citrix Hypervisor platform, make sure that XenTools is installed on the virtual machines that you want to protect before installing Kaspersky Security.
Additional actions for Proxmox VE platform
In the virtual infrastructure on the Proxmox VE platform, make sure that there is at least 30 GB of free space in the /var/tmp directory before installing Kaspersky Security.
Additional actions for HUAWEI FusionSphere platform
In the virtual infrastructure on the HUAWEI FusionSphere platform, make sure that HUAWEI Tools package is installed on the virtual machines that you want to protect before installing Kaspersky Security.
While deploying an SVM in a virtual infrastructure based on the HUAWEI FusionSphere platform, the SVM Management Wizard installs the HUAWEI Tools package on the SVM. To receive this package, the Wizard queries the HUAWEI FusionCompute hypervisor. The HUAWEI Tools package is not included in the Kaspersky Security application distribution kit. It is recommended to make sure that the HUAWEI Tools package is available on the HUAWEI FusionCompute hypervisor.
Additional actions for Astra Linux Platform
Prior to starting installation of the application in a virtual infrastructure running on the Astra Linux Platform, you need to configure the user account that will be used for SVM deployment, removal and reconfiguration as follows:
- Run the following command:
$ sudo usermod -a -G kvm,libvirt,libvirt-qemu,libvirt-admin <user_name> - Open the sudoers configuration file by running the following command:
sudo visudo - Specify the following in the file:
<user name> ALL = (ALL) NOPASSWD: ALL<user name> refers to the name of the user account that will be used to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.
- Save the sudoers file and then close it.
Files required for installing the application
This section contains a list of the files that are required for the installation of Kaspersky Security components.
Kaspersky Security components installation Wizard
The Kaspersky Security Components Installation Wizard is required for the following tasks:
- Installing, upgrading and removing Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console.
- Downloading SVM images with the Protection Server component from Kaspersky website.
- Unpacking the files necessary for the installation of Light Agent for Windows and Light Agent for Linux into a selected folder.
The file named ksvla-components_5.2.X.X_mlg.exe (5.2.X.X represents the application version number) is required to start the Kaspersky Security Components Installation Wizard.
You need to download this file from Kaspersky website.
Kaspersky Security management MMC plug-ins and Integration Server
Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console are installed using the Kaspersky Security Components Installation Wizard. You need to save the ksvla-components_5.2.X.X_mlg.exe file on the device where Kaspersky Security Center is installed.
Kaspersky Security management web plug-ins
Kaspersky Security distribution kit includes the following archives for installing the web plug-ins:
- ksvla-web_plugin_wla_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used for installing Kaspersky Security for Virtualization 5.2 Light Agent for Windows web plug-in.
- ksvla-web_plugin_lla_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used for installing Kaspersky Security for Virtualization 5.2 Light Agent for Linux web plug-in.
- ksvla-web_plugin_svm_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used for installing Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server web plug-in.
Each archive includes a web plug-in distribution kit and a web plug-in description file in the TXT format. You can download these files from Kaspersky website.
Protection Server
To install the Protection Server, you need an SVM image file and an image description file (XML file). You can download archives containing SVM images and SVM image description files from Kaspersky website by using the Kaspersky Security Components Installation Wizard. To start the Wizard, you need the file named ksvla-components_5.2.X.X_mlg.exe.
The Kaspersky Security distribution kit includes archives for installing the Protection Server on hypervisors of various types:
- ksvla-svm_microsoft-hyper-v_5.2.X.X_mlg.zip (5.2.X.X refers to the application version number). This archive is used to install the Protection Server on a Microsoft Windows Server (Hyper-V) hypervisor. It contains the SVM image in VHDX format and the svm.image_manifest_5.2.X.X.xml image description file.
- ksvla-svm_citrix-hypervisor_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used to install the Protection Server on a Citrix Hypervisor. It contains the SVM image in XVA format and the svm.image_manifest_5.2.X.X.xml image description file.
- ksvla-svm_vmware-vsphere_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used to install the Protection Server on a VMware ESXi hypervisor. It contains the SVM image in OVA format and the svm.image_manifest_5.2.X.X.xml image description file.
- ksvla-svm_kvm_based_5.2.X.X_mlg.zip, where 5.2.X.X is the application version number. This archive is used to install the Protection Server on a KVM hypervisor (including on a KVM hypervisor running on the OpenStack platform, TIONIX Cloud Platform, VK Cloud platform, and Astra Linux Platform), on a Proxmox VE hypervisor, an R-Virtualization hypervisor, a HUAWEI FusionCompute CNA hypervisor, a Nutanix AHV hypervisor, or an ALT Virtualization Server platform basic hypervisor. The archive contains the SVM image in QCOW2 format and the image description file named svm.image_manifest_5.2.X.X.xml.
The SVM image file and the image description file (in XML format) must be located in the same folder on the device where the Kaspersky Security Center Administration Console is installed, or in the same folder on a network resource to which the user account performing the installation has read access. If you want to install the Protection Server on different types of hypervisors, SVM image files for each type of hypervisor and the image description file must be placed in the same folder.
Light Agent for Windows
The files required for installation of the Light Agent for Windows component are included in the Kaspersky Security Components Installation Wizard.
While installing Kaspersky Security management MMC plug-ins and Integration Server on the device where the Kaspersky Security Center Administration Server is installed, the Kaspersky Security Components Installation Wizard automatically creates an installation package for Light Agent for Windows remote installation in Kaspersky Security Center. This installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder with the name Kaspersky Security for Virtualization 5.2 Light Agent for Windows (5.2.X.X), where 5.2.X.X is the application version number.
You can also use the Wizard to unpack the Light Agent for Windows distribution package into a selected folder. The distribution package contains the files required for all methods of installing Light Agent for Windows. To start the Wizard, you need the file named ksvla-components_5.2.X.X_mlg.exe.
The Light Agent for Windows distribution package contains the following files:
- incompatible.txt – contains the list of applications that are incompatible with Kaspersky Security. This list is used when installing Light Agent for Windows.
- ksvla.kud – application description file. You can use this file as the distribution package when creating an installation package for Light Agent for Windows manually in Kaspersky Security Center.
- ksvla_x64.msi – an installation package in MSI format used to install Light Agent for Windows on a 64-bit operating system. You can use this file when installing Light Agent from the command line or using Active Directory Group Policies.
- ksvla_x86.msi – an installation package in MSI format used to install Light Agent for Windows on a 32-bit operating system. You can use this file when installing Light Agent from the command line or using Active Directory Group Policies.
- license.txt – a file containing the text of the End User License Agreement detailing the terms on which you may use the application, and the text of the Privacy Policy describing the handling and transmission of data. This file is used when installing Light Agent for Windows.
- setup.exe – you can use this file to run the Light Agent for Windows Installation Wizard.
Light Agent for Linux
The files required for installation of the Light Agent for Linux component are included in the Kaspersky Security Components Installation Wizard.
While installing Kaspersky Security management MMC plug-ins and Integration Server on the device where the Kaspersky Security Center Administration Server is installed, the Kaspersky Security Components Installation Wizard automatically creates an installation package for Light Agent for Linux remote installation in Kaspersky Security Center. This installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder with the name Kaspersky Security for Virtualization 5.2 Light Agent for Linux (5.2.X.X), where 5.2.X.X is the application version number.
You can also use the Wizard to unpack the Light Agent for Linux distribution package into a selected folder. The distribution package contains the files required for all methods of installing Light Agent for Linux. To start the Wizard, you need the file named ksvla-components_5.2.X.X_mlg.exe.
The Light Agent for Linux distribution package contains the following files:
- license.txt – a file containing the text of the End User License Agreement detailing the terms on which you may use the application, and the text of the Privacy Policy describing the handling and transmission of data. This file is used when installing Light Agent for Linux.
- lightagent.ini – a Light Agent for Linux initial setup configuration file.
- klnagent.ini – Kaspersky Security Center Network Agent initial setup configuration file.
- lightagent.kud – the application description file. You can use this file as the distribution package when creating an installation package for Light Agent for Linux manually in Kaspersky Security Center.
- lightagent-5.2.X-X-bundle.sh (5.2.X-X is the application version number). You can use this self-extracting Shar archive for installing Light Agent for Linux from the command line.
The lightagent-5.2.X-X-bundle.sh archive contains the installation script and packages required to install Light Agent for Linux and Kaspersky Security Center Network Agent.
Kaspersky Security Center Network Agent
For the interaction between Light Agent components installed on virtual machines and Kaspersky Security Center, you must install Network Agent on virtual machines where Light Agent will be installed. Network Agent does not need to be installed on SVMs because this component is included in the SVM images.
On a virtual machine running Windows operating system, you can install Network Agent that is included in a supported version of Kaspersky Security Center.
On a virtual machine with the Light Agent for Linux component installed, Kaspersky Security Center Network Agent that is included in the distribution kit of Kaspersky Security for Virtualization 5.2 Light Agent must be installed.
- The Network Agent installation package is included in the shar-archive that is used for installing Light Agent for Linux from the command line.
- Network Agent is included in the installation package for remote installation of Light Agent for Linux that is automatically created by the Kaspersky Security Components Installation Wizard. If you manually create an installation package for Light Agent for Linux, Network Agent will also be included in the package.
Downloading SVM images
In the Kaspersky Security Components Installation Wizard, the images necessary for deploying SVMs with the Protection Server component on hypervisors can be downloaded from Kaspersky website.
To download the SVM images:
- On the device where the Administration Console and Kaspersky Security Center Administration Server are installed, run the ksvla-components_5.2.X.X_mlg.exe file (5.2.X.X is the application version number). This file is included in the distribution kit.
Kaspersky Security components installation Wizard starts.
- Select the localization language of the Wizard and of the Kaspersky Security components and proceed to the next step of the Wizard.
By default, the localization language of the operating system installed on the device where the Wizard was started is used.
- Select the Download the SVM images option and proceed to the next step of the Wizard.
- Select the type of hypervisor on which you want to deploy SVMs.
If you want to download an SVM image for deployment on a basic hypervisor of the ALT Virtualization Server platform, you need to select KVM as the hypervisor type.
If you want to download an SVM image for deployment on the VK Cloud platform, select KVM hypervisor managed by OpenStack platform as the hypervisor type.
In the window of the default browser, the archive containing the SVM image and SVM image description file (XML file) will begin downloading.
- After the download completes, close the Wizard window (using the Cancel button) or return to the step for selecting the action of the Kaspersky Security Components Installation Wizard (using the Back button).
Information about the work of the Wizard is written to trace files of the Kaspersky Security Components Installation Wizard. If the wizard completed with an error, you can use these files when contacting Technical Support.
Page top
Unpacking the Light Agent distribution packages
The Kaspersky Security Components Installation Wizard contains the distribution packages of Light Agent for Windows and Light Agent for Linux. Using the Wizard, you can unpack the files necessary for all methods of installing Light Agent for Windows and Light Agent for Linux to the specified folder.
For remote installation of Light Agent for Windows and Light Agent for Linux, you can use the installation packages that are created automatically as a result of installing the Kaspersky Security MMC plug-ins and Integration Server on the device where Kaspersky Security Center Administration Server is installed.
To unpack the Light Agent distribution packages:
- Run the ksvla-components_5.2.X.X_mlg.exe file (where 5.2.X.X is the application version number). This file is included in the distribution kit.
Kaspersky Security components installation Wizard starts.
- Select the localization language of the Wizard and of the Kaspersky Security components and proceed to the next step of the Wizard.
By default, the localization language of the operating system installed on the device where the Wizard was started is used.
- Select Unpack Light Agent distribution packages and proceed to the next step of the Wizard.
- Select the folder in which you want the Wizard to place the files necessary for installing Light Agent for Windows and Light Agent for Linux, and proceed to the next step of the Wizard.
Unpacking of the Light Agent distribution packages begins. Wait for the wizard to finish.
After unpacking completes, you can open the unpacked folder by clicking the link in the window.
- Click Finish to close the Wizard window.
Information about the work of the Wizard is written to trace files of the Kaspersky Security Components Installation Wizard. If the wizard completed with an error, you can use these files when contacting Technical Support.
Page top
Configuring ports used by the application
To install and run application components, in the network hardware or software settings used to control network traffic between virtual machines, you must open the following ports as described in the table below.
Ports used by the application
Port and protocol |
Direction |
Purpose and description |
|---|---|---|
All platforms |
||
7271 TCP |
From the to the . |
To add virtual infrastructure connection settings to the Integration Server. |
7271 TCP |
From the device, from which the requests are made to the Integration Server REST API, to the Integration Server. |
To automate deployment and use of the application in multitenancy mode using the Integration Server REST API. |
22 TCP |
From the SVM Management Wizard to an . |
For SVM reconfiguration. |
7271 TCP |
From the SVM to Integration Server. |
For interaction between the SVM and Integration Server. |
7271 TCP |
From the to the Integration Server. |
For interaction between Light Agent and Integration Server. |
8000 UDP |
From an SVM to the Light Agent. |
For sending information about available SVMs to Light Agents using a list of SVM addresses. |
8000 UDP |
From Light Agent to SVM. |
To provide Light Agent with information about the status of SVM. |
11111 TCP |
From Light Agent to SVM. |
To transfer service requests (such as requests for license info) from Light Agent to an SVM over a non-secure connection. |
11112 TCP |
From Light Agent to SVM. |
To transfer service requests (such as requests for license info) from Light Agent to an SVM over a secure connection. |
9876 TCP |
From Light Agent to SVM. |
To send file scan requests from Light Agent to SVM over a non-secure connection. |
9877 TCP |
From Light Agent to SVM. |
To send file scan requests from Light Agent to SVM over a secure connection. |
80 TCP |
From Light Agent to SVM. |
For database and application modules updates on Light Agent. |
15000 UDP |
From Kaspersky Security Center to SVM. |
For management of the application on an SVM via Kaspersky Security Center. |
13000 TCP |
From SVM to Kaspersky Security Center. |
For management of the application on an SVM via Kaspersky Security Center over a secure connection. |
14000 TCP |
From SVM to Kaspersky Security Center. |
For management of the application on an SVM via Kaspersky Security Center over a non-secure connection. |
15000 UDP |
From Kaspersky Security Center to Light Agents. |
For management of the application on via Kaspersky Security Center. |
13000 TCP |
From Light Agent to Kaspersky Security Center. |
For management of the application on protected virtual machines via Kaspersky Security Center over a secure connection. |
14000 TCP |
From Light Agent to Kaspersky Security Center. |
For management of the application on Unprotected virtual machines via Kaspersky Security Center over a non-secure connection. |
13111 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the SVM and KSN proxy server. |
17000 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the SVM and Kaspersky activation servers. |
123 UDP |
From the SVM to NTP servers obtained via DHCP or specified manually. |
Synchronizing time on the SVM with a time server. |
VMware vSphere platform |
||
80 TCP 443 TCP |
From the SVM Management Wizard to VMware vCenter Server. |
To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
443 TCP |
From the SVM Management Wizard to an ESXi hypervisor. |
To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
80 TCP 443 TCP |
From the Integration Server to the VMware vCenter Server. |
For interaction between the Integration Server and the VMware ESXi hypervisor using the VMware vCenter Server. |
Microsoft Hyper-V platform |
||
135 TCP/UDP 445 TCP/UDP |
From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor. |
To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. |
135 TCP/UDP 445 TCP/UDP 5985 TCP 5986 TCP |
From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor. |
For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor. |
Citrix Hypervisor platform |
||
80 TCP 443 TCP |
From the SVM Management Wizard to Citrix Hypervisor. |
To deploy the SVM on Citrix Hypervisor. |
80 TCP 443 TCP |
From the Integration Server to Citrix Hypervisor. |
For interaction between the Integration Server and Citrix Hypervisor. |
KVM platform |
||
22 TCP |
From the SVM Management Wizard to a KVM hypervisor. |
To deploy the SVM on a KVM hypervisor. |
22 TCP |
From the Integration Server to the KVM hypervisor. |
For interaction between the Integration Server and the KVM hypervisor. |
Proxmox VE platform |
||
22 TCP 8006 TCP |
From the SVM Management Wizard to a Proxmox VE hypervisor. |
To deploy the SVM on a Proxmox VE hypervisor. |
8006 TCP |
From the Integration Server to the Proxmox VE hypervisor. |
For interaction between the Integration Server and the Proxmox VE hypervisor. |
Skala-R platform |
||
443 TCP |
From the SVM Management Wizard to Skala-R Management. |
To deploy an SVM on the R-Virtualization hypervisor using Skala-R Management. |
22 TCP |
From the SVM Management Wizard to an R-Virtualization hypervisor. |
To deploy an SVM on the R-Virtualization hypervisor using Skala-R Management. |
22 TCP |
From the SVM Management Wizard to Skala-R Management. |
To deploy an SVM on the R-Virtualization hypervisor using Skala-R Management. |
443 TCP |
From the Integration Server to Skala-R Management. |
For the Integration Server’s interaction with an R-Virtualization hypervisor using Skala-R Management. |
HUAWEI FusionSphere platform |
||
7443 TCP |
From the SVM Management Wizard to the HUAWEI FusionCompute VRM. |
To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
8779 TCP |
From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor. |
To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
7443 TCP |
From the Integration Server to the HUAWEI FusionCompute VRM. |
For interaction between the Integration Server and a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
Nutanix Acropolis platform |
||
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Central. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Element. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
9440 TCP |
From the Integration Server to Nutanix Prism Central. |
For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP |
From the Integration Server to Nutanix Prism Element. |
For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
VK Cloud platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For interaction of the Integration Server with the VK Cloud platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For interaction of the Integration Server with the VK Cloud platform. |
TIONIX Cloud Platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For interaction of the Integration Server with TIONIX Cloud Platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For interaction of the Integration Server with TIONIX Cloud Platform. |
OpenStack platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For the Integration Server’s interaction with the OpenStack platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For the Integration Server’s interaction with the OpenStack platform. |
ALT Virtualization Server platform |
||
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform. |
22 TCP |
From the Integration Server to a hypervisor. |
For the Integration Server to interact with a basic hypervisor of the ALT Virtualization Server platform. |
Astra Linux Platform |
||
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a KVM hypervisor running on the Astra Linux platform. |
22 TCP |
From the Integration Server to a hypervisor. |
For interaction between the Integration Server and a KVM hypervisor running on the Astra Linux platform. |
If you plan to use Kaspersky Endpoint Agent for interaction between Kaspersky Security and Kaspersky solutions designed to detect complex threats, open the following ports on the protected virtual machine:
- 443 TCP – for communication between Kaspersky Endpoint Agent and KSN service servers and Kaspersky activation servers.
- 80 TCP and 443 TCP – for communication between Network Agent and Kaspersky Security Center to receive databases and modules updates for Kaspersky Endpoint Agent.
- Ports that you configured for Kaspersky Endpoint Agent interaction with Kaspersky Sandbox and Kaspersky Anti Targeted Attack Platform servers.
During installation, Light Agent configures the settings of Windows Firewall to allow incoming and outgoing traffic for the avp.exe process. If a domain policy is used for Windows Firewall, you must configure rules for incoming and outgoing connections for the avp.exe process in the domain policy. If a different firewall is used, you must configure a rule for connections for the avp.exe process for the firewall.
If you use Citrix Hypervisor or VMware ESXi hypervisor, and promiscuous mode is enabled on the network adapter of the virtual machine guest operating system, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.
Page top
Accounts for installing and using the application
To install the Kaspersky Security management MMC plug-ins and the Integration Server, an account that belongs to the local administrator group on the device where installation is being performed must be used.
The following accounts can be used to start the Integration Server Console:
- If the device hosting Kaspersky Security Center Administration Console belongs to the Microsoft Windows domain, you can use an account that belongs to the local or domain KLAdmins group or an account that belongs to the local administrators group to start the Integration Server Console. You can also use the Integration Server administrator account created automatically during the Integration Server installation.
- If the device on which Kaspersky Security Center Administration Console is installed is not a member of a Microsoft Windows domain or your account is not a member of the local or domain KLAdmins group or the local administrators group, you can only use the Integration Server administrator account, that was automatically created when installing the Integration Server, to start the Integration Server Console.
VMware vSphere platform
The following accounts are required for installation and operation of the application on a VMware ESXi hypervisor:
- An administrator account with the following rights is required to deploy, delete, or reconfigure an SVM:
- Datastore.Allocate space
- Datastore.Low level file operations
- Datastore.Remove file
- Global.Cancel task
- Global.Licenses
- Host.Config.Virtual machine autostart configuration
- Host.Inventory.Modify cluster
- Network.Assign network
- Tasks.Create task
- vApp.Import
- Virtual machine.Change configuration.Add new disk (only for VMware vCenter Server 7.0 and VMware vCenter Server 6.7)
- Virtual machine.Configuration.Add new disk (only for VMware vCenter Server 6.5)
- Virtual machine.Change configuration.Add or remove device (only for VMware vCenter Server 7.0 and VMware vCenter Server 6.7)
- Virtual machine.Configuration.Add or remove device (only for VMware vCenter Server 7.0 and VMware vCenter Server 6.7)
- Virtual machine.Change configuration.Change memory (only for VMware vCenter Server 7.0 and VMware vCenter Server 6.7)
- Virtual machine.Configuration.Memory (only for VMware vCenter Server 6.5)
- Virtual machine.Interaction.Power Off
- Virtual machine.Interaction.Power On
- Virtual machine.Provisioning.Customize guest (only for VMware vCenter Server 7.0 and VMware vCenter Server 6.7)
- Virtual machine.Provisioning.Customize (only for VMware vCenter Server 6.5)
- Virtual machine.Inventory.Create new (only for VMware vCenter Server 6.5)
- Virtual machine.Inventory.Remove (only for VMware vCenter Server 6.5)
- To connect the Integration Server to the VMware vCenter Server, it is recommended to use an account that has been assigned the preset system role ReadOnly.
- Connection of the Integration Server to VMware NSX Manager requires a VMware NSX Manager account that has been assigned the Enterprise Administrator role.
Roles should be assigned to accounts at the top level of the hierarchy of VMware inventory objects, that is, at the level of VMware vCenter Server.
Microsoft Hyper-V platform
To deploy, delete, or reconfigure an SVM on a Microsoft Windows Server (Hyper-V) hypervisor, a built-in local administrator account or domain account that belongs to the Hyper-V Administrators group is required. For a domain account, you must also grant permissions for remote connection and use of the following WMI namespaces:
- root\cimv2
- root\MSCluster
- root\virtualization
- root\virtualization\v2 (for versions of Microsoft Windows server operating systems, beginning with Windows Server 2012 R2)
A built-in local administrator account or domain account that belongs to the Hyper-V Administrators group and has the permissions listed above is also used to connect the Integration Server to a Microsoft Windows Server (Hyper-V) hypervisor.
Citrix Hypervisor platform
The following accounts are required for installation and operation of the application on Citrix Hypervisor:
- To deploy, remove, or reconfigure an SVM, an account with Pool Admin rights is required.
- To connect the Integration Server to the Citrix Hypervisor, it is recommended to use an account with the Read Only role.
KVM platform
The following accounts are required for installation and operation of the application on a KVM hypervisor:
- Deploying, removing, or reconfiguring an SVM requires a root account or an account that has permission to perform actions as the root account.
- To connect the Integration Server to the KVM hypervisor, it is recommended to use an unprivileged user account with access to the "read only" Unix socket (libvirt-sock-ro) of the libvirtd service (libvirtd daemon).
Proxmox VE platform
The following accounts are required for installation and operation of the application on a Proxmox VE hypervisor:
- To deploy, remove, or reconfigure an SVM, the root account is required.
- To connect the Integration Server to the Proxmox VE hypervisor, it is recommended to use an account that has been granted access with the PVEAuditor role to the root directory (/) and all child directories.
Skala-R platform
The following accounts are required for installation and operation of the application on a R-Virtualization hypervisor:
- To deploy, remove, or reconfigure an SVM, an account with the "Main Administrator" role is required.
- To connect the Integration Server to the Skala-R Management virtual infrastructure administration server, it is recommended to use an account with the "Infrastructure Monitoring" role.
HUAWEI FusionSphere platform
The following accounts are required for installation and operation of the application on a HUAWEI FusionCompute CNA hypervisor:
- To deploy, remove, or reconfigure an SVM, an account with the VMManager role is required.
- To connect the Integration Server to a HUAWEI FusionCompute VRM, it is recommended to use an account with the Auditor role.
Nutanix Acropolis platform
The following accounts are required for installation and operation of the application on a Nutanix AHV hypervisor:
- To deploy, remove, or reconfigure an SVM, an account with Cluster Admin role is required.
- To connect the Integration Server to Nutanix Prism virtual infrastructure administration server, it is recommended to use an account with the Viewer role. In the infrastructure managed by Nutanix Prism Central, an account with the Viewer role is required on the Nutanix Prism Central server and on the Nutanix Prism Element servers.
OpenStack cloud platform, VK Cloud platform, and TIONIX Cloud Platform
The following accounts are required to install and operate the application in an infrastructure running on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform:
- An account with the following permissions is required to deploy, delete, or reconfigure an SVM:
Permissions for infrastructure object operations.
Permissions for sending requests to OpenStack microservices API
Keystone
Authentication.
Querying the state of authentication token for the current user.
auth/tokens (POST/GET)
Getting a list of all OpenStack domains.
domains (GET)
Getting a list of available OpenStack projects for the current user.
auth/projects (GET)
Compute (Nova)
Getting a list of virtual machines.
servers/detail (GET)
Getting virtual machine information.
servers/{server_id} (GET)
Getting a list of virtual machine types (instance types).
flavors/detail (GET)
Getting information about available OpenStack project resources.
limits (GET)
Getting a list of server groups.
os-server-groups (GET)
Getting a list of availability zones.
os-availability-zone (GET)
Getting a list of network interface of the virtual machine.
servers/{server_id}/os-interface (GET)
Creating a network interface for the virtual machine.
servers/{server_id}/os-interface (POST)
Creating the virtual machine.
servers (POST)
Starting/stopping the virtual machine.
servers/{server_id}/action (POST)
Removing network interface of the virtual machine.
servers/{server_id}/os-interface/{port_id} (DELETE)
Removing the virtual machine.
servers/{server_id} (DELETE)
Cinder
Getting a list of volume types.
{project_id}/types (GET)
Getting disk information.
{project_id}/volumes/{volume_id} (GET)
Creating the disk.
{project_id}/volumes (POST)
Removing the disk that was created by the current user.
{project_id}/volumes/{volume_id} (DELETE)
Glance
Getting image information.
images/{image_id} (GET)
Creating the image.
images (POST)
Downloading the image.
images/{image_id}/file (PUT)
Removing the image that was created by the current user.
images/{image_id} (DELETE)
Neutron
Getting a list of networks.
networks (GET)
Getting a list of security groups.
security-groups (GET)
Creating a network port
ports (POST)
Deleting a network port
ports/{port_id} (DELETE)
Getting the ID of a network port
ports/{port_id} (GET)
- An account with the following permissions is required to connect the Integration Server to the virtual infrastructure:
Permissions for infrastructure object operations.
Permissions for sending requests to OpenStack microservices API
Keystone
Authentication.
Querying the state of authentication token for the current user.
auth/tokens (POST/GET)
Getting a list of available OpenStack projects for the current user.
auth/projects (GET)
Compute (Nova)
Getting a list of virtual machines.
servers/detail (GET)
Getting virtual machine information.
servers/{server_id} (GET)
Getting a list of server groups.
os-server-groups (GET)
Getting a list of availability zones.
os-availability-zone (GET)
Getting a list of hypervisors.
This permission is required only if you intend to apply licensing scheme that uses number of processors or number of processor cores on hypervisors, on which the protected virtual machines operate.
/os-hypervisors/detail (GET)
ALT Virtualization Server platform
The following accounts are required for installation and operation of the application on a basic hypervisor of the ALT Virtualization Server platform:
- Deploying, removing, or reconfiguring an SVM requires a root account or an account that has permission to perform actions as the root account.
- To connect the Integration Server to a basic hypervisor of the ALT Virtualization Server platform, it is recommended to use an unprivileged user account with access to the "read-only" Unix socket (libvirt-sock-ro) of the libvirtd service (libvirtd daemon).
Astra Linux Platform
The following accounts are required for installation and operation of the application on a KVM hypervisor running on the Astra Linux platform:
- To deploy, delete, or reconfigure an SVM, a root account, or an account with the right to perform actions on behalf of the root account, is required.
Prior to starting installation of the application, you need to configure the user account that will be used for SVM deployment, removal and reconfiguration.
- To connect the Integration Server to a KVM hypervisor running on the Astra Linux platform, it is recommended to use an unprivileged user account with access to the read-only Unix socket (libvirt-sock-ro) of the libvirtd service (libvirtd daemon).
Configuring rules for moving virtual machines to administration groups
To control the operation of Kaspersky Security components installed on virtual machines via Kaspersky Security Center, you need to place the virtual machines into administration groups.
An administration group is a set of virtual machines combined according to some criterion for the purpose of controlling the virtual machines in the group as a common whole.
Before starting Kaspersky Security installation, you can create administration groups in Kaspersky Security Center for virtual machines on which application components are installed, and configure rules to automatically move virtual machines to these administration groups.
If no rules are configured to automatically move virtual machines to administration groups, after installation Kaspersky Security Center moves the virtual machines detected in the network to the Unassigned devices list. In this case, you need to manually move the virtual machines to the administration groups that you create.
You can configure the rules for moving virtual machines to administration groups using the Administration Console or using Kaspersky Security Center Web Console (for more details, refer to Kaspersky Security Center help).
To configure the rules for moving virtual machines to administration groups in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Unassigned devices folder.
- Open the Settings: Unassigned devices window using the Settings item of the context menu.
- In the Device relocation section, click Add.
- In the New rule window that opens, configure the rule for moving virtual machines to administration groups.
For more detailed information about configuring rules to move virtual machines to administration groups, see the Kaspersky Security Center help.
- To close the New rule window, click OK.
The new rule is displayed in the list of rules in the Device relocation section.
- To close the Settings: Unassigned devices window, click OK.
You can use tags when creating rules for moving virtual machines to administration groups. SVMs and protected virtual machines on which Kaspersky Security Center Network Agent is installed automatically relay information about tags to Kaspersky Security Center.
Page top
Installing the application
The process to install the application is different if using Kaspersky Security Center 15 Linux.
Installation of Kaspersky Security for Virtualization 5.2 Light Agent in the virtual infrastructure consists of the following stages:
- Installing Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console.
- The following management MMC plug-ins are used to manage the application using Kaspersky Security Center:
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux
- Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server
MMC plug-ins must be installed on the device where Kaspersky Security Center Administration Console is installed.
- The Integration Server must be installed on the device on which the Administration Server of Kaspersky Security Center is installed.
- The Integration Server Console must be installed on the device on which the Administration Console of Kaspersky Security Center is installed.
After installing Kaspersky Security MMC management plug-ins, Integration Server and Integration Server Console, it is recommended to run the download updates to the repository task in the Kaspersky Security Center Administration Console and make sure that the task completes successfully. For details, please refer to the Kaspersky Security Center help.
If the device on which the Integration Server is installed belongs to a Microsoft Windows domain and you want to use the web interface to interact with Kaspersky Security Center, change the default password for the Integration Server administrator account (admin) after you installed the Integration Server.
When the Kaspersky Security Center Administration Console starts for the first time after MMC plug-ins are installed, the Initial Configuration Wizard for the managed application is automatically started for each installed plug-in. The Wizard results in the creation of tasks and the default Protection Server policy.
- The following management MMC plug-ins are used to manage the application using Kaspersky Security Center:
- Installing Kaspersky Security web plug-ins if you intend to use the web interface to interact with Kaspersky Security Center. Web plug-ins are installed using the Web Console.
- The Kaspersky Security Protection Servers installation by deploying SVMs on hypervisors.
- If you are installing the application in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, you need to configure the connection of the Integration Server to VMware NSX Manager in the Integration Server Console after completion of SVM deployment.
- Preparing the Protection Servers for operation.
- Installing the Network Agent of Kaspersky Security Center on virtual machines and virtual machine templates.
Network Agent must be installed on virtual machines before installation of Light Agent for Windows, if you want to install Light Agent for Windows locally using the Installation Wizard, from the command line, or using the Active Directory Group Policies. If Network Agent is not installed, Light Agent for Windows installation fails. Network Agent may be installed automatically during remote installation of Light Agent for Windows through Kaspersky Security Center using the Remote Installation Wizard or the remote installation task.
On a virtual machine running Linux, Network Agent can be installed automatically during the installation of the Light Agent for Linux component.
Installation of Network Agent on the SVM is not required because it is included in the SVM image.
- Installing Light Agent for Windows and/or Light Agent for Linux to virtual machines.
You can install Light Agent for Windows on virtual machines that are part of an infrastructure employing the following virtualization solutions:
- Citrix Virtual Apps and Desktops (Citrix XenApp and XenDesktop).
- Citrix App Layering.
- Citrix Provisioning (Citrix Provisioning Services).
- VMware Horizon.
- VMware App Volumes.
- HUAWEI FusionAccess.
- Preparing Light Agents for operation.
Considerations for deploying the application when using Kaspersky Security Center 15 Linux
If you are planning to use Kaspersky Security Center 15 Linux to manage Kaspersky Security for Virtualization 5.2 Light Agent, the process of installing the application in a virtual infrastructure includes the following steps:
- Installing Kaspersky Security management web plug-ins
The web plug-ins provide an interface for managing Kaspersky Security with Kaspersky Security Center Web Console. Kaspersky Security Center 15 Linux does not support Kaspersky Security Center Administration Console and management MMC plug-ins.
- Installing Integration Server and Integration Server Console.
Installing and running Integration Server and Integration Server Console requires a device with a Windows OS. The installation process should be run under a local administrator account.
You will need a ksvla-components_5.2.X.X_mlg.exe file, where 5.2.X.X is the application version number. The file is available from the Kaspersky website, in the Kaspersky Security for Virtualization | Light Agent section (Build → Kaspersky Security Components Installation Wizard).
How to install Integration Server and Integration Server Console
After the installation process is completed, you can start Integration Server Console by opening Kaspersky.VIISConsole.UI.exe, which is located in %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\.
- The Kaspersky Security Protection Servers installation by deploying SVMs on hypervisors.
To Install Protection Server, you need an SVM image file and an image description XML file. You can download archives that contain these files with the help of Kaspersky Security Components Installation Wizard or on the Kaspersky website in the Kaspersky Security for Virtualization | Light Agent section.
SVMs are deployed with the help of the SVM installation wizard, which is started from Integration Server Console.
- If you are installing the application in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, you need to configure the connection of the Integration Server to VMware NSX Manager in the Integration Server Console after completion of SVM deployment.
- Preparing Protection Servers for operation. To prepare Protection Servers for operation, complete the following actions:
- Create a policy for Protection Server in Kaspersky Security Center Web Console and configure the policy settings for connecting SVMs to Integration Server.
- Activate the application on all new SVMs. To do this, create an application activation task in Kaspersky Security Center Web Console and start the task.
- Update the application databases on all new SVMs. To do this, create a Protection Server database update task in Kaspersky Security Center Web Console and start the task.
- Installing Light Agent for Windows and/or Light Agent for Linux on virtual machines.
The installation is performed remotely, with the help of Kaspersky Security Center Web Console, and consists of the following steps:
- Preparing installation packages.
The remote installation process uses installation packages, which you need to prepare in advance.
- Installing on Windows virtual machines requires a Light Agent for Windows installation package and a Kaspersky Security Center Network Agent installation package.
- Installing on Linux virtual machines requires a Light Agent for Linux installation package. A separate Kaspersky Security Center Network Agent installation package is not required, as Network Agent is part of a Light Agent for Linux installation package.
How to prepare a Light Agent for Windows installation package
How to prepare a Network Agent for Windows installation package
- Starting a remote installation task in Kaspersky Security Center Web Console.
Specify the prepared Network Agent installation package in the properties of the Light Agent for Windows remote installation task. For more information about the remote installation task, see the Kaspersky Security Center Help.
- Preparing installation packages.
- Preparing Light Agents for operation.
To prepare Light Agents for operation, Create a policy for Light Agent for Windows and/or a policy for Light Agent for Linux in Kaspersky Security Center Web Console and configure the policy settings for connecting Light Agents to SVMs:
Installing Kaspersky Security management MMC plug-ins and the Integration Server
You can install the Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console in one of the following ways:
- In interactive mode using the Wizard.
- In silent mode from the command line.
The MMC plug-ins, Integration Server, and Integration Server Console must be installed with the permissions of the account that belongs to the group of local administrators.
Installation requires at least 4 GB of free space on the drive containing the %ProgramData% folder.
Microsoft .NET Framework 4.6 or later is required for installation of the MMC plug-ins, Integration Server and Integration Server Console. You can install the Microsoft .NET Framework platform in advance or the Kaspersky Security components installation Wizard will suggest installing it during the installation of Kaspersky Security application components. Internet access is required to install Microsoft .NET Framework. If there are any problems with the installation of Microsoft .NET Framework, make sure that Windows updates KB2919442 and KB2919355 have been installed on the device.
Before starting installation of MMC plug-ins, Integration Server, and Integration Server Console, it is recommended to close Kaspersky Security Center Administration Console.
Depending on the availability of Kaspersky Security Center components installed on the device, the following operations are performed once installation is started:
- If only Kaspersky Security Center Administration Console is installed on the device, MMC plug-ins and Integration Server Console are installed.
- If the Kaspersky Security Center Administration Server and the Kaspersky Security Center Administration Console are installed on the device:
- MMC plug-ins, Integration Server and Integration Server Console are installed.
- Installation packages are created for remote installation of Light Agent for Windows and Light Agent for Linux. The created installation packages are stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder under the following names:
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows (5.2.X.X)
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux (5.2.X.X)
where 5.2.X.X is the application version number.
For successful installation of the Integration Server, in the settings of network equipment or traffic monitoring software you need to allow connections through the port that will be used by SVMs and Light Agents to connect to the Integration Server. By default, port number 7271 (TCP) is used.
A secure SSL connection is used for interaction between the Integration Server and the Integration Server Console, SVMs, Light Agents, and VMware vCenter Server. To eliminate known vulnerabilities in the operating system for the SSL protocol, changes described in the Microsoft technical support website are made to the operating system registry during installation of the Integration Server. These changes disable the following encryption ciphers and protocols:
- SSL 3.0
- SSL 2.0
- AES 128
- RC2 40/56/128
- RC4 40/56/64/128
- 3DES 168
While the Integration Server is being installed, the Integration Server's self-signed SSL certificate used for establishing a secure connection with the Integration Server and for encrypting the communication channel between SVMs and Light Agent is installed in the operating system registry. After installing the Integration Server, it is recommended to replace this self-signed certificate with a more secure certificate. The procedure for replacing a certificate is described in the Knowledge Base.
If an Integration Server was previously installed in your virtual infrastructure and was used to work with Kaspersky Security 5.1 or higher (including Kaspersky Security updates 5.1.1, 5.1.2, and 5.1.3 ), and if you save the data used in the Integration Server operation when uninstalling the Integration Server, this data is automatically used when installing the Integration Server.
Interactive mode installation using the Wizard
To install the MMC plug-ins, Integration Server, and Integration Server Console in interactive mode using the Wizard:
- On the device where the Administration Console and Kaspersky Security Center Administration Server are installed, run the ksvla-components_5.2.X.X_mlg.exe file (5.2.X.X is the application version number). This file is included in the distribution kit.
If the Kaspersky Security Center Administration Server is not installed on a device, the Integration Server will not be installed on that device. Only MMC plug-ins and Integration Server Console will be installed.
Kaspersky Security components installation Wizard starts.
- Select the localization language of the Wizard and of the Kaspersky Security components and proceed to the next step of the Wizard.
By default, the localization language of the operating system installed on the device where the Wizard was started is used.
- Make sure that the Install management components option is selected and proceed to the next step of the Wizard.
The Wizard checks the amount of free space on the drive that contains the %ProgramData% folder. If there is less than 4 GB of free space on the drive, the Wizard displays an error message and you cannot proceed to the next step of the Wizard. If this is the case, close the Wizard, free up space on the drive, and restart the Kaspersky Security Components Installation Wizard.
- At the next step, read Kaspersky Security End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
To continue the installation, you must confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy. To confirm, select both check boxes in the window of the Wizard.
Proceed to the next step of the wizard.
- If the Kaspersky Security Center Administration Server is installed on the device running the Wizard and this device does not belong to a Microsoft Windows domain, you must create a password for the Integration Server administrator account. The Integration Server administrator account (admin) is used for managing the Integration Server.
Enter a password in the Password and Confirm password fields. The account name cannot be edited.
A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters:
! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.Proceed to the next step of the wizard.
- If the Kaspersky Security Center Administration Server is installed on the device running the Wizard and port 7271 used to connect to the Integration Server by default is busy, you must specify a port number for connecting to the Integration Server.
In the Port field, specify a port number in the range of 1025–65535 and proceed to the next step of the Wizard.
- Review the information about the actions that the Wizard will perform on the administration plug-ins, Integration Server, and Integration Server Console, and click Next to begin performing the listed actions.
- Wait for the wizard to finish.
If an error occurs during wizard operation, the wizard rolls back the changes made.
- Click Finish to close the Wizard window.
After installation, Kaspersky Security management MMC plug-ins appear in the list of installed administration plug-ins in the properties of Kaspersky Security Center Administration Server.
Information about the work of the Wizard is written to trace files of the Kaspersky Security Components Installation Wizard. If the wizard completed with an error, you can use these files when contacting Technical Support.
Page top
Installing from the command line
To install the MMC plug-ins, Integration Server, and Integration Server Console from the command line,
run one of the following commands:
- if the device on which installation is performed belongs to a Microsoft Windows domain:
ksvla-components_5.2.X.X_mlg.exe -q --lang=<language ID> --accept-EulaAndPrivacyPolicy=yes - if the device on which installation is performed does not belong to a Microsoft Windows domain:
ksvla-components_5.2.X.X_mlg.exe -q --lang=<language ID> --accept-EulaAndPrivacyPolicy=yes --viisPass=<password>
where:
5.2.X.Xis the application version number.<language ID>is the ID of the language of components to install.The language ID must be indicated in the following format: ru, en, de, fr, zh-Hans, zh-Hant, ja. It is case-sensitive.
<password>is the password of the Integration Server administrator account. If the device on which Integration Server is installed does not belong to a Microsoft Windows domain, the Integration Server administrator admin account is used to manage the Integration Server.A password must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters:
! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.accept-EulaAndPrivacyPolicy=yesmeans that you accept the terms of Kaspersky Security End User License Agreement between you and Kaspersky and the Privacy Policy that describes processing and transmission of data. By setting this parameter toyes, you confirm the following:- You have fully read, understood and accept the terms and conditions of Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
The text of the End User License Agreement and Privacy Policy is included in the application distribution kit. You must accept the terms of the End User License Agreement and Privacy Policy if you want to install the Kaspersky Security MMC plug-ins, Integration Server, and Integration Server Console.
You can read the text of the End User License Agreement and the Privacy Policy by executing the following command:
ksvla-components_5.2.X.X_mlg.exe --lang=<language ID> --show-EulaAndPrivacyPolicyThe text of the End User License Agreement and the Privacy Policy is output to the license_<language ID>.txt file in the tmp folder.
You can also indicate the following optional parameters in the command:
--viisPort=<port number>Port number 7271 is used by default for connecting to the Integration Server. Specify this parameter if you want to use a different port to connect to the Integration Server.
If the Integration server is installed within the application update, the
--viisPortparameter is not supported.--log-path=<path to file>By default, information about installation results is logged to the trace files that are saved in the %temp%\Kaspersky_Security_for_Virtualization_<version number>_Light_Agent_BundleInitialInstall_logs_<date and time>.zip archive, where:
- <version number> refers to the number of the installed version of Kaspersky Security.
- <date and time> refers to the date and time when the installation was completed in the dd_MM_yyyy_HH_mm_ss format.
Indicate this parameter if you want save the installation results in a different file.
To view a description of all available parameters when installing Kaspersky Security components from the command line, use the --help parameter.
Installation of MMC plug-ins, Integration Server, and Integration Server Console may take some time. After installation, MMC plug-ins appear in the list of installed administration plug-ins in the settings of the Kaspersky Security Center Administration Server.
Page top
MMC plug-ins and Integration Server installation results
After installation of Kaspersky Security MMC plug-ins and the Integration Server is completed, in Kaspersky Security Center Administration Console, in the workspace of the Administration Server <Server name> node on the Monitoring tab in the Deployment section the Manage Kaspersky Security for Virtualization <version number> Light Agent link is displayed (<version number> refers to the installed Kaspersky Security version). This link is used to start the Integration Server Console.
The installed MMC plug-ins appear in the list of installed administration plug-ins in the settings of the Kaspersky Security Center Administration Server.
To view the list of installed administration plug-ins:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Administration Server <Server name> node and open the Administration Server properties window in one of the following ways:
- Using the Settings item of the Administration Server <Server name> node context menu.
- Using the Administration Server properties link located in the workspace of the Administration Server <Server name> node in the Administration Server section.
- In the list on the left, in the Additional section, select the Information about the installed application management plug-ins section.
Kaspersky Security MMC plug-ins are displayed in the right part of the window in the list of installed administration plug-ins:
- Kaspersky Security for Virtualization <version number> Light Agent – Protection Server
- Kaspersky Security for Virtualization <version number> Light Agent for Linux
- Kaspersky Security for Virtualization <version> Light Agent for Windows
where <version> refers to the number of the installed version of Kaspersky Security.
Automatic creating of tasks and default policy for Protection Server
When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security MMC plug-ins are installed, the Initial Configuration Wizard for the managed application is automatically started. The Wizard is started three consecutive times and lets you create a default Protection Server policy and the following tasks:
- Virus scan task for Light Agent for Windows.
- Virus scan task for Light Agent for Linux.
- Database update task on the Protection Server.
If the Initial Configuration Wizard for the managed application was not started automatically, you can manually start it.
To manually start the Initial Configuration Wizard:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Administration Server <Server name> node, open the context menu of the node and select All tasks → Managed Application Initial Configuration Wizard.
- Click Next on the welcome screen and at the next step select one of the following values for the managed application:
- Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server, if you want to create a default Protection Server policy and a Protection Server database update task.
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux, if you want to create a virus scan task for Light Agent for Linux.
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows, if you want to create a virus scan task for Light Agent for Windows.
The Kaspersky Security Initial Configuration Wizard starts.
To create a default Protection Server policy and all the tasks listed above, you need to start the Initial Configuration Wizard for the managed application three times consecutively.
Creating tasks
Tasks are created automatically. Your participation in the wizard is not required.
A virus scan task for Light Agent for Windows is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Windows component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.
A virus scan task for Light Agent for Linux is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Linux component installed that will be moved to the Managed devices administration group or to any nested administration group. You can change the task settings that were configured by default.
A database update task on the Protection Server is created for the Managed devices administration group and lets you download the application module and database update package to all SVMs that will be moved to the Managed devices administration group or to any nested administration group. This task is started every time an update package is downloaded to the Kaspersky Security Center Administration Server repository.
Creating default policy for Protection Server
A default Protection Server policy is created for the Managed devices administration group with the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server name and is applied on all SVMs that will be moved to the Managed devices administration group or to any nested administration group.
When creating a default Protection Server policy, the wizard prompts you to configure the following settings:
- Decide on whether or not to participate in Kaspersky Security Network.
Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky online knowledge base with information about the reputation of files, web resources, and software. Data from Kaspersky Security Network ensures faster response by Kaspersky Security to unknown threats, improves the performance of some protection components, and reduces the risk of false positive.
The following types are differentiated depending on the location of the infrastructure:
- Global KSN – this infrastructure is hosted by Kaspersky servers.
- Private KSN – the infrastructure is located within the corporate network or hosted by third-party servers of the service provider, for example on the Internet service provider's network.
Participation in KSN is voluntary. Before deciding on whether to participate in KSN, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
- If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
- If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
If necessary, you can change your decision regarding KSN participation later.
If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use the Private KSN, it must be enabled and configured in Kaspersky Security Center. See Kaspersky Security Center help for more information.
- If the device hosting Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to a local or domain KLAdmins group or to the group of local administrators, specify the settings for connecting SVMs to the Integration Server:
- Check the address and port used for connecting to the Integration Server in the Settings for connecting SVMs to the Integration Server window. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- In the Settings for connecting SVMs to the Integration Server window, click OK. In the Connection to the Integration Server window that appears, specify the Integration Server administrator password (admin account password).
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
After a connection has been established to the Integration Server under the administrator account, the account password is automatically relayed to the policy in order to connect SVM to the Integration Server.
- Check the address and port used for connecting to the Integration Server in the Settings for connecting SVMs to the Integration Server window. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
The other policy settings take the default values. You can configure them later.
If you have not configured the settings for connecting SVMs to the Integration Server or cannot connect with the specified settings, the policy is created with the Inactive policy status. Later you can configure the settings of this policy and activate it.
Page top
Starting the Integration Server Console
The SVM management wizard is started from the Integration Server Console. The wizard is used to deploy, remove, and reconfigure the SVM with the Protection Server component installed.
In the Integration Server Console, you can also view and configure Integration Server settings.
If the device hosting the Integration Server Console belongs to a Microsoft Windows domain, make sure that your domain account belongs to the local or domain KLAdmins group or the group of local administrators on the device where the Integration Server is installed.
To start the Integration Server Console:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Administration Server: <Server name> node.
- In the workspace of the node, on the Monitoring tab, in the Deployment section, click the Manage Kaspersky Security for Virtualization <version number> Light Agent link, where <version number> is the number of the installed version of Kaspersky Security.
- If one of the following conditions is satisfied, a window opens for entering the Integration Server connection settings:
- If the device hosting the Integration Server Console does not belong to a Microsoft Windows domain.
- If the device hosting the Integration Server Console belongs to a domain, but your domain account does not belong to a local or domain KLAdmins group or the group of local administrators on the device where the Integration Server is installed.
- If the device hosting the Integration Server Console belongs to a domain but a connection to the Integration Server could not be established, the connection address and port specified in the Integration Server settings are used.
Specify the following connection settings:
- Address and port of the Integration Server to which the connection is established.
The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the Integration Server Console is installed on the same device as the Kaspersky Security Center Administration Server, the address specified in the settings of the Kaspersky Security Center Administration Server is used to connect to the Integration Server by default. You can change this address in the properties window of the Installation packages folder in the console tree (Additional → Remote installation → Installation packages; the window opens when you select the Settings item in the context menu).
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- Account for connecting to the Integration Server:
- If the device hosting the Integration Server Console belongs to a domain, and your account belongs to the local or domain KLAdmins group or to the group of local administrators you can use your account. To do so, select the Use domain account check box.
To use the account of an Integration Server administrator, enter the administrator account password in the Password field.
- If the device hosting the Integration Server Console does not belong to a domain, or the device belongs to a domain but your domain account does not belong to a local or domain KLAdmins group or to the group of local administrators, you can use only the Integration Server administrator account. Enter the password of the Integration Server administrator account in the Password field.
- If the device hosting the Integration Server Console belongs to a domain, and your account belongs to the local or domain KLAdmins group or to the group of local administrators you can use your account. To do so, select the Use domain account check box.
Click the Connect button.
- The Console checks the SSL certificate received from the Integration Server. If the received certificate is not trusted or does not match the previously installed certificate, the Verify certificate window with the appropriate message opens. Click the link in this window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure.
To continue connecting to the Integration Server, click the Trust the certificate button in the Verify certificate window. The certificate that has been received is installed as a trusted certificate. The certificate is saved in the registry of the operating system on the device hosting the Integration Server Console.
The Integration Server Console opens.
Page top
Installing the Protection Server
The Protection Server is installed as a result of SVM deployment on the hypervisors in a virtual infrastructure. SVM deployment is performed by using the SVM Management Wizard.
Several SVMs can be deployed on one hypervisor.
Prior to beginning installation, you need to download new SVM images and SVM image description files from Kaspersky website by using the Kaspersky Security Installation Wizard.
To install the Protection Server component:
- Open Integration Server Console and connect to the Integration Server.
- In the SVM management section, click the SVM management button to start the SVM Management Wizard.
- Follow the wizard instructions.
You can also deploy SVMs using the virtual infrastructure tools and configure SVM settings by using the klconfig script API manually or by means of automation tools.
Selecting an action
At this step, choose the SVM deployment option.
Proceed to the next step of the wizard.
Page top
Selecting infrastructure for SVM deployment
At this step, you need to select the virtual infrastructure in which you want to deploy the SVM. If SVM deployment was not previously performed in this virtual infrastructure, you need to configure the connection of the SVM Management Wizard to the virtual infrastructure. Then select the hypervisors or OpenStack projects for SVM deployment depending on the type of virtual infrastructure.
To configure the connection of SVM Management Wizard to the virtual infrastructure:
- Click the Add button.
- In the Virtual infrastructure connection settings window that opens, specify the following settings:
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, you need to select KVM as the type of virtual infrastructure object that the SVM Management Wizard will connect to.
For a virtual infrastructure on the VK Cloud platform, select Keystone microservice (OpenStack platform) as the type of virtual infrastructure object to which you want SVM Management Wizard to connect.
- Protocol
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- Addresses
- OpenStack domain
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
- Password
- Type
- If you are deploying an SVM in a virtual infrastructure running on Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, OpenStack, ALT Virtualization Server, Astra Linux, VK Cloud platform, or TIONIX Cloud Platform, when connecting the Integration Server to the virtual infrastructure during Kaspersky Security operation, we recommend using an account with restricted permissions for virtual infrastructure operations. Select the An account with read-only permissions check box and specify the settings of the user account that the Integration Server will use to connect to the virtual infrastructure during Kaspersky Security operation.
If the check box is cleared, during Kaspersky Security operation the Integration Server will connect to the virtual infrastructure using the same user account that is used for SVM deployment, removal and reconfiguration.
In a virtual infrastructure running on the Microsoft Hyper-V platform, you can connect to the virtual infrastructure during Kaspersky Security operation only by using the same user account that is used for SVM deployment, removal and reconfiguration.
- Click the Connect button.
The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.
The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.
To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.
If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.
If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.
The table displays information about the virtual infrastructures to which connections are configured in the SVM Management Wizard. If SVMs are already deployed in the virtual infrastructure, the table also contains information about them. Each row of the table displays a hierarchical list of virtual infrastructure objects and the following information:
- Name/address
- State
- Protection
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of virtual infrastructure object that the SVM Management Wizard connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack Platform) is displayed as the type of virtual infrastructure object to which the SVM Management Wizard connects.
You can search the list of virtual infrastructure objects based on the Name/Address column. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.
You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
You can use buttons in the Name/address column to:
- Remove selected virtual infrastructure from the list.
The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.
- If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.
After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
To select infrastructure for SVM deployment:
- Depending on the type of the virtual infrastructure, select check boxes in the table to the left of the names of the hypervisors on which you want to deploy an SVM, or the OpenStack projects in which you want to deploy an SVM.
You can select hypervisors or OpenStack projects that are not subject to SVM deployment restrictions.
If SVMs are being deployed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous SVM deployment in different infrastructures is not supported. You can deploy SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.
The simultaneous deployment of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously deploy SVMs only in OpenStack projects that are running on the same Keystone microservice.
- If you want to enable concurrent SVM deployment on several hypervisors, or within several OpenStack projects, select the Allow parallel deployment on N hypervisors or Allow parallel deployment on N SVMs check box (depending on the type of the virtual infrastructure), and specify the number of hypervisors on which SVMs will be deployed concurrently, or the number of SVMs.
Proceed to the next step of the wizard.
Page top
Selecting the SVM image
At this step, select the file of the SVM image for deployment on the hypervisor. The SVM image file and the SVM image description file (in XML format) must be located in the same folder. If you are installing the Protection Server on different types of hypervisors, the SVM image files for each type of hypervisor and the SVM image description file must be located in the same folder.
To specify the SVM image, click Browse and in the window that opens select the SVM image description file (in XML format).
After a file has been selected, the field to the left of the button displays the full path to the file and its name. The Wizard automatically selects the required SVM image file:
- A VHDX file for deployment on a Microsoft Windows Server (Hyper-V) hypervisor.
- An XVA file for deployment on a Citrix Hypervisor.
- An OVA file for deployment on a VMware ESXi hypervisor.
- A QCOW2 file for deployment on a KVM hypervisor (including on a KVM hypervisor running on OpenStack platform, Astra Linux, VK Cloud Platform or TIONIX Cloud Platform), on a Proxmox VE hypervisor, on a R-Virtualization hypervisor, on a HUAWEI FusionCompute CNA hypervisor, on a Nutanix AHV hypervisor, or on an ALT Virtualization Server platform basic hypervisor.
The window displays the following information about the selected image:
The Wizard verifies the authenticity of the image. The verification results are displayed in the window as follows:
- If the image is authentic, the Publisher field displays the value AO Kaspersky Lab.
- If the authenticity of the image has not been verified, the upper part of the window displays an error message and the Publisher field shows Unknown.
If the authenticity of the image has not been verified, it is recommended to use a different image for SVM deployment. To do so, you must re-download the archive containing the files necessary for SVM deployment.
The SVM Image integrity check section displays information about the results of SVM image file integrity check for each type of hypervisor. If integrity check was not performed, the Validation not performed message is displayed.
It is recommended to validate the SVM image. To do so, click the Validate button in the SVM image integrity check section. The verification results are displayed in the window as follows:
- If the image file successfully passed the integrity check, the Valid message is displayed.
- If the image file gets modified or corrupted while being transmitted from the publisher to the end user or if the image format is not supported, the upper part of the window shows an error message and the SVM image integrity check section displays information about the detected problem.
If an SVM image file integrity check ended with an error, it is recommended to use a different image for SVM deployment. To do so, you must re-download the archive containing the files necessary for SVM deployment.
If the authenticity of an image has been verified and the image file integrity check completed successfully, proceed to the next step of the Wizard.
If the authenticity of an image has not been verified or an image file integrity check has not been performed or ended with an error but you accept the risk and want to use the selected SVM image, to proceed to the next step of the Wizard you need to select the check box located in the lower part of the window.
Page top
Selecting the number of SVMs for deployment (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, you must specify the number of SVMs to be deployed on the hypervisors within each selected OpenStack project. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
In the Number of SVMs column, specify the number of SVMs to be deployed on the hypervisors within the OpenStack project.
Proceed to the next step of the wizard.
Page top
Specifying SVM settings
This step is displayed if you are deploying an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
For this step, you must specify deployment options for each SVM to be deployed on the selected hypervisors. The Hypervisor column displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM will be deployed.
Specify the following settings required for SVM deployment:
If you are deploying an SVM in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.
Proceed to the next step of the wizard.
Page top
Specifying SVM settings (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
On this step, you must specify deployment settings for each SVM that is to be deployed within the selected OpenStack projects. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
Specify the following settings required for SVM deployment:
You can also specify the following settings:
Proceed to the next step of the wizard.
Page top
Configuring SVM network settings (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, you must specify network settings for each SVM to be deployed within the selected OpenStack projects. The OpenStack project column displays the name of the project that the SVM will be deployed in, as well as the project path in the infrastructure.
For each SVM, specify one or more virtual networks in the column.
You can also specify the following settings:
Proceed to the next step of the wizard.
Page top
Configuring IP address settings for SVM
For this step, you must specify IP addressing settings for all SVMs. You can use dynamic or static IP addressing.
If you want to use DHCP network settings for all SVMs:
- Select Dynamic IP addressing (DHCP).
By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM (the Use list of DNS servers received via DHCP check box is selected). If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.
- If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if you are deploying an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
- OpenStack project
The OpenStack project column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.
- Hypervisor
If you want to specify all network settings of the SVM manually, select:
- Select Static IP addressing. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if you are deploying an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
- OpenStack project
The OpenStack project column is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
- Network name
- Hypervisor
- Specify the following IP addressing settings for each SVM:
- SVM IP address
- Subnet mask
- Gateway
- DNS server
- Alternative DNS
If you specified several virtual networks for the SVM at the previous step, specify the settings for each virtual network.
Proceed to the next step of the wizard.
Page top
Specifying Kaspersky Security Center connection settings
This step is performed if the wizard cannot automatically determine the settings for connecting to Kaspersky Security Center.
At this step, you must specify the settings of SVM connection to the Kaspersky Security Center Administration Server.
Specify the following settings:
Proceed to the next step of the wizard.
Page top
Creating the configuration password and the root account password
At this step, you need to create a klconfig account password (configuration password) and a root account password on the SVM.
The configuration password is required for SVM reconfiguration. The root account is used for accessing the operating system on SVMs.
Enter passwords for each account into the Password and Confirm password fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
If you want to configure the settings for the root account to access the SVM using SSH, select the Allow remote access using SSH for root account check box.
Proceed to the next step of the wizard.
Page top
Starting SVM deployment
This step is displayed if you are deploying an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
For this step, the wizard window displays all previously entered settings required for deploying the SVM:
General settings for all SVMs:
- SVM image description file
- SVM IP settings
- Remote access for the root account via SSH
- Kaspersky Security Center connection settings
- Parallel deployment
Individual settings for each SVM:
- Hypervisor
- SVM name
- Storage
- Network name
- VLAN ID
The VLAN ID is displayed if you are deploying the SVM in the virtual infrastructure running on Microsoft Hyper-V platform.
- All IP addressing settings that you provided for the SVM.
To start deploying SVMs, go to the next step of the wizard.
Page top
Starting SVM deployment (infrastructures based on OpenStack)
This step is displayed if you are performing SVM deployment in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
For this step, the wizard window displays all previously entered settings required for deploying the SVM:
General settings for all SVMs:
- Keystone microservice address
- SVM image description file
- SVM IP settings
- Remote access for the root account via SSH
- Kaspersky Security Center connection settings
- Parallel deployment
Individual settings for each SVM:
- OpenStack project
- SVM name
- Virtual machine type
- Volume type
- Availability zone
- Server group
- Network name
- VLAN ID
- Security group
- All IP addressing settings that you provided for the SVM.
To start deploying SVMs, go to the next step of the wizard.
Page top
SVM deployment
At this step, SVMs are deployed on hypervisors. The process takes some time. Please wait until deployment is complete.
The window shows, one row at a time, the stages of deployment of each SVM with the status of each stage: Processing N%, Pending, Skipped, Completed, Error.
The last step of SVM deployment involves checking the connection of the SVM to the Integration Server. If a connection could not be established between the SVM and the device hosting the Integration Server, the window displays a warning. After SVM deployment is complete, you are advised to make sure that the Integration Server is running and can be accessed by the SVM over the network.
If an error occurs on a hypervisor during the SVM deployment process, the Wizard rolls back the changes on this hypervisor. Deployment continues on the other hypervisors.
When deployment is completed, SVM is turned on automatically.
Proceed to the next step of the wizard.
Page top
Finishing SVM deployment
This step displays information about the SVM deployment results in the virtual infrastructure.
You can use the links to open a brief report and the SVM Management Wizard log.
You can view the following information in the brief report:
- Addresses of the hypervisors on which SVMs were deployed, or OpenStack projects, within which SVMs were deployed (depending on the type of virtual infrastructure).
- Names of deployed SVMs.
- Brief description of the completed stages of deployment of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.
The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.
The SVM Management Wizard log saves information specified by you at every step of the wizard. If the SVM deployment process ends in an error, you can use the wizard log when contacting Technical Support.
The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.
Finish the wizard.
If your virtual infrastructure uses a Microsoft Windows Server (Hyper-V) hypervisor, after SVM deployment the event log may contain an event indicating the need to update the Integration Services package on the SVM. You can ignore this notification because the Integration Services do not need to be updated to operate the SVM.
Page top
Preparing the Protection Server for operation
After installing the Protection Server component, it is recommended to validate the SVM system date using the tools of the virtual infrastructure. If the system dates on the Kaspersky Security Center Administration Server and the SVM are not consistent, it could result in an error when connecting the SVM to Kaspersky Security Center or impair the operation of the application.
After deploying the SVM on a hypervisor, you can modify the resources allocated to the SVM, for example, to match those recommended by Kaspersky experts. You can regulate the performance of the SVM using the resources assigned to it.
After installing the Protection Server component, do the following:
- Make sure that new SVMs are connected to the Integration Server. You can view the list of connected SVMs in the Integration Server Console.
- Activate the application on all new SVMs.
To activate the application on SVMs, you must add a license key on the SVMs by using the application activation task. After the Light Agent component is installed on virtual machines, the Protection Server component relays license info to the Light Agent component.
- Update application databases on all new SVMs.
To download application module and database update packages to SVMs, you can use the automatically created database update task on the Protection Server.
Installing Kaspersky Security Center Network Agent on virtual machines
Network Agent installed on protected virtual machines facilitates interaction between protected virtual machines and the Kaspersky Security Center Administration Server, and lets you use Kaspersky Security Center to manage the operation of the Light Agent.
Installing on virtual machines with Windows operating systems:
You can install Network Agent, which is included in the distribution kit of a supported version of Kaspersky Security Center on a virtual machine where Light Agent for Windows will be installed.
If you are planning to install Light Agent for Windows on virtual machines locally using the Installation Wizard, from the command line, or by using Active Directory Group Policies, you need to install Network Agent on the virtual machines prior to installing Light Agent for Windows. Otherwise, installation of Light Agent for Windows ends with an error. Network Agent may be installed automatically during remote installation of Light Agent for Windows through Kaspersky Security Center using the Remote Installation Wizard or the remote installation task.
You can use one of the following methods to install Network Agent on virtual machines running Windows operating systems:
- Locally on each virtual machine using the Installation Wizard. This method is recommended for installing Network Agent on virtual machine templates.
- Remotely via Kaspersky Security Center using the remote installation wizard or the remote application installation task. Installation package for the Network Agent remote installation is generated automatically when Kaspersky Security Center is installed, and is located in the Administration Console in the Additional → Remote installation → Installation packages folder.
In the properties of the Network Agent installation package, in the Additional section, you are advised to select the Optimize settings for VDI (Virtual Desktop Infrastructure) check box. For details about remote installation of the application via Kaspersky Security Center, see the Kaspersky Security Center Help.
- During remote installation of Light Agent for Windows using the Remote Installation Wizard or remote installation task. If you are using the Remote Installation Wizard, Network Agent will be installed automatically. If you are using the remote installation task, you can select the Install Network Agent along with this application check box in the task settings.
To install Network Agent locally on a virtual machine or virtual machine template with the Windows operating system:
- On the virtual machine, run the executable file named setup.exe, which is included in the distribution kit of Kaspersky Security Center and located in the Packages\NetAgent folder.
The Installation Wizard starts.
- Follow the installation wizard instructions.
Select the Optimize Network Agent settings for the virtual infrastructure check box during the "Additional Settings" step. Selecting this check box disables inventory of applications and hardware, and scanning of executable files for vulnerabilities when the wizard is started.
If you are installing Network Agent to a virtual machine template, also select the Enable dynamic mode for VDI check box. If the box is checked, after the virtual machine is disabled, this virtual machine is not displayed in the Kaspersky Security Center Administration Console.
Installing on virtual machines running Linux operating systems
Network Agent, which is included in Kaspersky Security for Virtualization 5.2 Light Agent (Network Agent 12.0.1.60 for 32-bit operating systems or Network Agent 12.0.0.60 for 64-bit operating systems) distribution package, must be installed on the virtual machine where Light Agent for Linux will be installed.
You can use one of the following methods to install Network Agent on virtual machines running Linux operating systems:
- As a result of installing Light Agent for Linux from the command line.
- As a result of remote installation of Light Agent for Linux through Kaspersky Security Center.
Network Agent is included in the SHAR archive for installing Light Agent for Linux and in the Light Agent for Linux installation package that is automatically created by the Kaspersky Security Components Installation Wizard. If you manually create an installation package for Light Agent for Linux, Network Agent will be included in the package.
On a virtual machine running a Linux operating system, you can also just install Network Agent without installing Light Agent for Linux. To do so, you need to start installation of Light Agent for Linux from the command line with the --skip-product parameter.
For more detailed information about installing Kaspersky Security Center Network Agent, see the Kaspersky Security Center help.
Page top
Installing Light Agent for Windows
The Light Agent for Windows component can be installed on a virtual machine in several ways:
- Remotely from the administrator's workstation using Kaspersky Security Center.
- From the command line.
- Locally using the Installation Wizard.
- Remotely from the administrator's workstation using Active Directory Group Policies.
It is recommended to install Light Agent for Windows on virtual machine templates locally using the Installation Wizard or remotely using Kaspersky Security Center.
You need to take additional steps when installing Light Agent for Windows on virtual machines in virtual infrastructures that use the following virtualization solutions:
Before installing the Light Agent for Windows (including remotely), it is recommended to close all applications running in the operating system of the virtual machine.
During installation, Light Agent configures the settings of Windows Firewall to allow incoming and outgoing traffic for the avp.exe process. If a domain policy is used for Windows Firewall, you must configure rules for incoming and outgoing connections for the avp.exe process in the domain policy. If a different firewall is used, you must configure a rule for connections for the avp.exe process for the firewall. When started for the first time after installation, the Firewall component is enabled, which causes the Windows Firewall to be disabled.
Installation and operation of the AMSI Protection component is not supported on virtual machines with guest OS version lower than Windows 10 and Windows Server 2016.
Installing Light Agent for Windows via Kaspersky Security Center
You can install Light Agent for Windows remotely from the administrator's workstation using Kaspersky Security Center.
Installation is performed by using the Remote Installation Wizard or the remote installation task (for details, please refer to the Kaspersky Security Center help). Installation requires an installation package that contains the group of settings necessary for installing the application.
You can use the installation package automatically created by Kaspersky Security Components Installation Wizard during installation of management MMC plug-ins for Kaspersky Security and for the Integration Server, or create an installation package manually.
The automatically created installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder with the name Kaspersky Security for Virtualization 5.2 Light Agent for Windows (5.2.X.X), where 5.2.X.X is the application version number. By default the following functional components are selected in the settings of this installation package:
- For the virtual machines running Microsoft Windows desktop operating system – all protection components and all control components (except for the System Integrity Monitoring component).
- For the virtual machines with Microsoft Windows server operating systems, the File Anti-Virus and AMSI Protection components.
Light Agent integration with Kaspersky Endpoint Agent is disabled by default.
In the properties of the installation packages, you can change the Light Agent for Windows installation settings or fine-tune the installation settings (for example, change the set of installed Light Agent components).
Prior to beginning installation to the virtual machine, the virtual machine is searched for applications that could cause conflicts with Light Agents if allowed to run concurrently, and those applications are removed. If such applications could not be automatically removed, installation ends with an error.
If the installation package is intended for installing Light Agent for Windows to virtual machines on which Citrix Provisioning (Citrix Provisioning Services) technology is used, you need to perform one of the following actions:
- Prior to creating the installation package, manually make the following change to the ksvla.kud file from the Light Agent for Windows distribution package:
In the [Setup] section, at the end of the
Params=/s /pAKINSTALL=1 /pEULAANDPRIVACYPOLICY=1string, add the parameter/pINSTALLONPVS=1. - In the settings of the created installation package, select the Ensure compatibility with Citrix Provisioning (Citrix Provisioning Services) check box.
During remote installation of Light Agent for Windows through Kaspersky Security Center, Kaspersky Security Center Network Agent may be automatically installed.
Creating a Light Agent for Windows installation package
Prior to creating an installation package, you need to unpack the distribution package of Light Agent for Windows into a folder that can be accessed by the Kaspersky Security Center Administration Server.
To create a Light Agent for Windows installation package:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select Additional → Remote installation → Installation packages.
- Click the Create installation package button to start the New Package Wizard.
- In the wizard window that opens, click the Create installation package for a Kaspersky application button.
- In the window that opens, enter the name of the installation package and proceed to the next step of the wizard.
- Select the distribution kit of Kaspersky Security. To do so, open the standard window by using the Browse button and specify the path to the ksvla.kud file from the Light Agent for Windows distribution package.
After the file is selected, the application name will be displayed in the Wizard window.
The Copy updates from storage to installation package check box is selected by default in the Select application installation package for installation window of the wizard. Kaspersky Security Center includes in the installation package all Light Agent for Windows database and module updates that have been loaded into the Kaspersky Security Center storage. After the Light Agent for Windows component has been installed, databases and modules of Light Agent for Windows are updated automatically on the virtual machine.
Proceed to the next step of the wizard.
- Read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
To continue creating the installation package, confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy. To confirm, select both check boxes in the window of the Wizard.
Proceed to the next step of the wizard.
- The wizard downloads the files required for installation of the application to the Administration Server of Kaspersky Security Center. Wait for the download to finish.
- Do the following:
- Specify the components to be installed. Components for installation are grouped into two blocks: Components for installation on server OS and Components for installation on desktop OS. Select the check boxes for the components you want to install.
- If you plan to use Kaspersky Endpoint Agent for interaction between Kaspersky Security and Kaspersky solutions designed to detect complex threats, enable Light Agent integration with Kaspersky Endpoint Agent in the list of components by selecting the Integration with Kaspersky Endpoint Agent check box. Integration is disabled by default.
- Enter the path to the installation folder, if necessary. By default, Light Agent is installed to the following folder depending on the operating system:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\ – for 64-bit operating systems.
- %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\ – for 32-bit operating systems.
Proceed to the next step of the wizard.
- The wizard creates an installation package and displays a notification that the process has been completed. Finish the wizard.
The created installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder. You can use one and the same installation package multiple times.
After creating the installation package, you can change the Light Agent for Windows installation settings or fine-tune the installation settings (for example, change the set of installed Light Agent components).
Page top
Configuring the Light Agent for Windows installation package
To edit Light Agent for Windows installation package settings:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select Advanced → Remote installation → Installation packages.
- In the list of installation packages, select the Light Agent for Windows installation package and open the Settings: <installation package name> window by double-clicking it.
- In the window that opens, in the list on the left, select the Settings section and configure the installation package settings. You can perform the following actions:
- Specify the components that must be installed on the protected virtual machine:
- If the check box next to the name of a component is selected, the component will be installed on the virtual machine when installing Light Agent for Windows using this installation package. If the component is already installed, no changes are made.
- If the check box next to the name of a component is not selected, the component will be removed when installing Light Agent for Windows using this installation package. If the component was not installed, no changes are made.
- Enable or disable Light Agent integration with Kaspersky Endpoint Agent (the Integration with Kaspersky Endpoint Agent check box). Integration is disabled by default.
- Enable or disable protection of the Kaspersky Security installation process so that no process can change the contents of the application installation folder, embed itself in the installation process, or stop the process during application installation. Protection is enabled by default.
- Enable or disable the addition of the application installation folder path to the system environment variable %PATH%. By default, the path to the installation folder is added to the variable. As a result, you do not have to enter the path to an executable file in the application installation folder to start the file from the command line. It is enough to enter the name of the executable file.
- Enable or disable adding applications recommended by Microsoft Company for exclusion from scanning to the trusted zone. By default, applications that Microsoft recommends to exclude from scans are added to the trusted zone.
- Select the Installation on the template for temporary VDI pools check box. It is recommended to select this check box if the installation package is intended for installing Light Agent to a temporary virtual machine template that will be used to create a VDI infrastructure of one of the following types:
- Citrix XenDesktop random catalog.
- Citrix XenDesktop static catalog without saving changes made by the user.
- Automated pool of VMware Horizon of the Instant Clone type.
- Group of virtual machines of the Linked Clone type for HUAWEI FusionAccess.
If the check box is selected, updates that require restarting the protected virtual machine will not be installed on virtual machines created from this template. On receiving updates that require restarting the protected virtual machine, Light Agent sends a message to Kaspersky Security Center informing it that the databases and application modules need to be updated on the protected virtual machine template.
It is not recommended to select the Installation on the template for temporary VDI pools check box if the installation package will be used for installing Light Agent to a temporary virtual machine template that will be used to create a VDI infrastructure of one of the following types:
- Citrix XenDesktop static dedicated catalog with the use of local drives.
- Automated pool of VMware Horizon of the Full Clone type.
- Group of virtual machines of the Full Copy type for HUAWEI FusionAccess.
- Select the Ensure compatibility with Citrix Provisioning (Citrix Provisioning Services) check box. It is recommended to select this check box if the installation package is intended for installing Light Agent to a virtual machine on which Citrix Provisioning (Citrix Provisioning Services) technology is used.
- Enter the path to the destination folder in which you want to install Light Agent. By default, Light Agent is installed to the following folder depending on the operating system:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\ – for 64-bit operating systems.
- %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\ – for 32-bit operating systems.
Except for the Settings section, all sections in the Settings: <installation package name> window are identical to the standard sections used in Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.
- Specify the components that must be installed on the protected virtual machine:
- Click OK in the Settings: <installation package name> window.
Installing Light Agent for Windows using the Installation Wizard
Prior to beginning installation, you need to unpack the distribution package of Light Agent for Windows in a folder on the virtual machine that you want to protect.
To install the Light Agent for Windows component on the virtual machine using the Installation Wizard:
- In the operating system of the virtual machine that you want to protect, run the file setup.exe from the Light Agent for Windows distribution kit.
The Light Agent Installation Wizard starts.
- Follow the instructions of the Light Agent Installation Wizard.
The Installation Wizard checks whether the following conditions have been fulfilled:
- Compliance of the operating system on the virtual machine with the software requirements.
If a condition is not met, a notification is displayed on the screen.
- There is no incompatible software installed on the virtual machine.
The Installation Wizard performs a search of the virtual machine for applications that could cause conflicts with Light Agents if allowed to run concurrently. If such applications are found, the Installation wizard displays a list of them and prompts to confirm their deletion. After confirmation, the installation wizard attempts to remove the applications automatically. If the application uninstallation requires restart of the virtual machine, the Installation Wizard displays a warning that the virtual machine must be restarted.
If applications that cannot be deleted automatically are detected on the virtual machine, the Installation Wizard prompts you to remove them manually.
You can review the list of incompatible software in the incompatible.txt file that is included in the Kaspersky Security application distribution kit.
- Compliance of the operating system on the virtual machine with the software requirements.
During installation, the virtual machine is scanned for active infection. If a threat is detected and disinfection is not possible, installation finishes with an error. To neutralize the threat, it is recommended to use the utilities known as Kaspersky Virus Removal Tool and Rescue Disc. Please refer to the Knowledge Base for details.
The Start window of the Installation wizard
If the conditions for the installation of the Light Agent for Windows component meet the stated requirements, the Start window of the Installation Wizard opens. The Start window of the Installation Wizard contains information about the start of the installation of Light Agent for Windows on the virtual machine that you want to protect.
Go to the next step in the Installation wizard.
Page top
Viewing Kaspersky Security End-User License Agreement
At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
To continue installation, confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy. To confirm, select both checkboxes in the window of the Wizard.
Proceed to the next step of the wizard.
Page top
Selecting the type of installation
At this step, select the type of installation of Light Agent.
The set of Light Agent functional components that you can install depends on the guest operating system of the virtual machine.
If you are installing Light Agent on a virtual machine with a Microsoft Windows desktop operating system, the following options are available to choose from:
- Standard installation of protection components. Select this option to install the functional protection components on the virtual machine with the settings recommended by Kaspersky.
- Standard installation of protection and control components. Select this option to install the functional protection components and functional control components on the virtual machine with the settings recommended by Kaspersky.
- Custom installation. Select this check box if you want to select the folder where the application will be installed, and the functional components to be installed.
If you are installing Light Agent on a virtual machine with a Microsoft Windows server operating system, the following options are available to choose from:
- Standard installation. Select this option to install on the virtual machine the functional components recommended by Kaspersky.
- Custom installation. Select this option if you want to select the folder where the application will be installed, and the functional components to be installed.
Go to the next step in the Installation wizard.
Page top
Selecting installation components
This step is displayed if you selected the Custom installation check box or the Custom installation option during the "Selecting the type of installation" step.
At this step, you can select the Light Agent functional components that you want to install.
By default, the following functional components are selected for installation:
- For the virtual machines with Microsoft Windows desktop operating systems:
- All protection components if the "Installation of protection components" option has been selected.
- All protection components and all control components, except for System Integrity Monitoring, if the "Installation of protection and control components" option has been selected.
- For the virtual machines with Microsoft Windows server operating systems, the File Anti-Virus and AMSI Protection components.
To select a component for installation, click the icon next to the name of the component to display the menu, and select Component will be installed on local hard drive. Information about the tasks performed by the selected component and how much disk space is required for installation can be viewed in the lower part of the window of the Installation wizard.
For detailed information about the amount of available disk space on the virtual machine that you want to protect, click Disk. The information is displayed in the Disk space available window that opens.
To decline installation of a component, click the icon next to the name of the component to display the menu, and select Component will be unavailable.
To return to the list of components installed by default, click Reset.
In the list of components, you can also enable Light Agent integration with Kaspersky Endpoint Agent. To do this, open the menu of the Integration with Kaspersky Endpoint Agent item and select Component will be installed on local hard drive. Integration with Kaspersky Endpoint Agent is disabled by default.
Go to the next step in the Installation wizard.
Page top
Selecting the installation folder
This step is performed if you selected the Custom installation check box or chose the Custom installation option during the "Selecting the type of installation" step.
At this step, specify the path to the installation folder for Light Agent for Windows. To do so, click Browse and select the installation folder in the Select current destination folder window that opens.
To view information about the amount of available disk space on the virtual machine that you want to protect, click Disk. The information is displayed in the Disk space available window that opens.
Go to the next step in the Installation wizard.
Page top
Configuring the trusted zone
At this step, you can create a trusted zone for the Light Agent for Windows component.
A trusted zone is a system administrator-configured list of files, folders, objects, and applications that Kaspersky Security does not monitor when active, i.e. a list of exclusions from protection and scanning.
The list in the Exclusions window contains the names of applications or names of application vendors that you can include in the trusted zone or exclude from it.
To configure the trusted zone:
- Use the check boxes in the list to specify the applications or application vendors to be included in the trusted zone.
If the check box is selected, files, folders, and processes recommended for these applications are included in the trusted zone, and the executable files of these applications are automatically added to the list of trusted applications.
- By default, the trusted zone includes the applications recommended for desktop operating systems (if you are installing Light Agent to a virtual machine running a Microsoft Windows desktop operating system) and server operating systems (if you are installing Light Agent to a virtual machine running a Microsoft Windows server operating system).
If you want to exclude recommended applications from the trusted zone, clear the Create recommended exclusions for desktop operating systems check box or the Create recommended exclusions for server operating systems check box (depending on the operating system of the virtual machine on which you are installing Light Agent).
After installation of Light Agent for Windows is completed, you can configure the trusted zone settings in the Light Agent for Windows policy properties or in the local interface of the application.
Go to the next step in the Installation wizard.
Page top
Starting the installation
Considering that the operating system of the virtual machine that you want to protect could contain malicious programs that are capable of interfering with the installation of Light Agent for Windows, it is recommended to protect the installation.
Installation protection is enabled by default.
It is recommended to disable installation protection if Light Agent installation fails. For example, this may occur during remote installation via Windows Remote Desktop. The reason for this may be that installation protection is enabled for Light Agent for Windows. In this case, terminate the installation and restart the Installation wizard. At this step, clear the Protect the installation process check box.
If you install Light Agent on a virtual machine that uses Citrix Provisioning (Citrix Provisioning Services) technology, select the Ensure compatibility with Citrix Provisioning (Citrix Provisioning Services) check box. This check box is cleared by default.
If you are installing Light Agent for Windows on a template of temporary virtual machines, select the Installation on the template for temporary VDI pools check box. Updates that require restarting the protected virtual machine will not be installed on virtual machines created from this template. When it receives updates that require a restart of the protected virtual machine, Light Agent for Windows will send a message to Kaspersky Security Center informing it that the databases and application modules need to be updated on the protected virtual machine template. This checkbox is cleared by default.
For information about installing Light Agent for Windows to virtual machine templates, please also refer to the Knowledge Base.
The Add path to avp.com file in %PATH% system variable check box adds the path to the avp.com file to the %PATH% system variable. If the check box is selected, there is no need to enter the path to the executable file to start Light Agent for Windows or any Light Agent tasks from the command line. It is sufficient to enter the name of the executable file and the command to start the task. This check box is set by default.
To start installation of Light Agent for Windows, click Install.
Installation of Light Agent for Windows to the virtual machine may disrupt the current network connections.
Page top
Installing components
The selected components are installed at this step. Installation takes some time, so please wait until it finishes.
Page top
Finishing the installation
At this step, finish the wizard.
After Light Agent has been installed on virtual machines, you should prepare the application for operation.
Page top
Installing Light Agent for Windows from the command line
Light Agent installation from the command line must be performed with administrator privileges.
Prior to beginning installation, you need to unpack the distribution package of Light Agent for Windows.
You can use the following files while installing the application from the command line:
- Setup.ini. This file is created manually and contains the application installation settings.
- The configuration file install.cfg. This file is used for importing previously configured settings of Light Agent. You can create this file in the local interface of Light Agent.
If you are planning to use the setup.ini and/or install.cfg files, you need to place these files into the same folder as the files from the Light Agent for Windows distribution package.
Prior to beginning installation to the virtual machine, the virtual machine is searched for applications that could cause conflicts with Light Agents if allowed to run concurrently, and those applications are removed. If such applications could not be automatically removed, installation ends with an error. You can review the list of incompatible software in the incompatible.txt file that is included in the Kaspersky Security application distribution kit.
To install Light Agent for Windows from the command line in interactive mode:
- Run one of the following commands:
setup.exemsiexec /i <name of the installation package in MSI format>
- Follow the application installation wizard instructions.
The setup.exe file and installation package in MSI format are included in the distribution package Light Agent for Windows.
To install Light Agent for Windows from the command line in silent mode (without starting the Installation Wizard),
run one of the following commands:
setup.exe /s /pEulaAndPrivacyPolicy=1 /pALLOWREBOOT=1|0msiexec /i <name of the installation package in MSI format> EulaAndPrivacyPolicy=1 ALLOWREBOOT=1|0 /qn
where:
EulaAndPrivacyPolicy=1means that you accept the terms of Kaspersky Security End User License Agreement between you and Kaspersky and the Privacy Policy that describes processing and transmission of data. By setting this parameter to1, you confirm the following:- You have fully read, understood and accept the terms and conditions of Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
The text of the End User License Agreement and Privacy Policy is included in the application distribution kit. You must accept the terms of the End User License Agreement and the Privacy Policy to install the application.
ALLOWREBOOT=1|0means that automatic reboot of the virtual machine is allowed/blocked, if required after installation. The parameter is optional. If theALLOWREBOOTparameter value is not specified in the command, by default it means that you do not allow the virtual machine reboot after the application installation. Automatic reboot of the virtual machine is possible only in silent mode (with key/qn).A restart of the virtual machine may be required if third-party anti-virus software was detected and uninstalled during the installation of Light Agent for Windows.
You can use the following parameters while installing the application from the command line:
USEPVMDETECTION=1– to install Light Agent to a temporary virtual machine template.For example:
setup.exe /pUSEPVMDETECTION=1INSTALLONPVS=1– to install Light Agent on a virtual machine that uses Citrix Provisioning (Citrix Provisioning Services) technology.For example, to install Light Agent to a temporary virtual machine template that will be used to create a VDI infrastructure using Citrix Provisioning (Citrix Provisioning Services):
setup.exe /pINSTALLONPVS=1 /pUSEPVMDETECTION=1KLLOGIN=<user name> KLPASSWD=***** KLPASSWDAREA=<password scope>– for installing Light Agent with a password that secures operations with the application.For example:
setup.exe /pKLLOGIN=<user name> /pKLPASSWD=***** /pKLPASSWDAREA=<password scope>Instead of
<password scope>, you can specify one or more of the following values for theKLPASSWDAREAparameter, separated by a;:SET– set a password to modify the application settings.EXIT– set a password to exit the application.UNINST– set a password to remove the application from the virtual machine.DISPROTECT– set a password to disable protection components and stop scan tasks.ENPROTECT– set a password to enable protection components.DISCTRL– set a password to disable control components.ENCTRL– set a password to enable control components.DISPOLICY– set a password to disable the Kaspersky Security Center policy.REPORTS– set a password to view application reports.
ADDLOCAL=AntiAPTFeature– to enable integration with Kaspersky Endpoint Agent. Integration with Kaspersky Endpoint Agent is disabled by default.
Installing Light Agent for Windows using Active Directory Group Policies
You can use Active Directory Group Policies to install the Light Agent for Windows component on virtual machines associated with the selected Group Policy Object, without using Kaspersky Security Center.
More detailed information about working with Active Directory Group Policies can be found in the Microsoft Windows Help files.
Prior to beginning installation of the Light Agent for Windows component, it is recommended to close all applications that are running in the operating system of the virtual machine that you want to protect.
Prior to beginning installation, you need to unpack the distribution package of Light Agent for Windows.
You can use the setup.ini file during installation. This file is created manually and contains the application installation settings.
To install Light Agent for Windows using Active Directory Group Policies:
- Create a shared network folder on the same device on which the domain controller is installed, and place the following files from the Light Agent for Windows distribution package into the folder:
- Installation package in MSI format (depending on the operating system of the virtual machine that you want to protect).
- The file setup.ini with the parameter
EulaAndPrivacyPolicyset to 1.
- Open the Group Policy Management window in Microsoft Windows.
- In the tree of the Group Policy Management window, select a Group Policy Object with which virtual machines intended for Light Agent for Windows installation are associated.
- Open the context menu of the group policy object and select Edit.
The Directory Management Group Policies Editor opens.
- Create a new installation package in the Group Policies Editor. To do this, perform the following actions:
- In the console tree, select Group Policy Object → Computer Configuration → Policies → Application Configuration → Software installation.
- Open the context menu of the Software installation node and select Create → Package.
The standard Open window in Microsoft Windows opens.
- In the standard Microsoft Windows Open window, specify the path to the application installation package in MSI format.
The Deploy application window opens.
- In the Deploy application window, select Assigned.
- Click OK.
The group policy will be applied to each virtual machine associated with a Group Policy Object at the next startup of virtual machines. As a result, the Light Agent for Windows component is installed on all virtual machines associated with the selected Group Policy Object.
Page top
Installing Light Agent for Windows on the virtual machine template
To install the Light Agent for Windows component on the virtual machine template:
- On the hypervisor, enable the virtual machine being used as a virtual machine template.
- Install Kaspersky Security Center Network Agent on the virtual machine templates. It is recommended to perform installation locally using the installation wizard.
- Install the Light Agent for Windows component on the virtual machine template. You can perform installation in one of the following ways:
- In interactive mode using the Installation Wizard.
- Remotely via Kaspersky Security Center.
In the Installation Wizard or in the installation package settings, select the Installation on the template for temporary VDI pools check box if you are installing Light Agent to a virtual machine template that will be used to create a VDI infrastructure of one of the following types:
- Citrix XenDesktop random catalog.
- Citrix XenDesktop static catalog without saving changes made by the user.
- Automated pool of VMware Horizon of the Instant Clone type.
- Group of virtual machines of the Linked Clone type for HUAWEI FusionAccess.
The check box is displayed in the Installation Wizard at the "Starting installation" step and in the installation package settings.
If the check box is selected, updates that require restarting the protected virtual machine will not be installed on virtual machines created from this template. On receiving updates that require restarting the protected virtual machine, Light Agent sends a message to Kaspersky Security Center informing it that the databases and application modules need to be updated on the protected virtual machine template.
It is not recommended to select the Installation on the template for temporary VDI pools check box if you are installing Light Agent to a virtual machine template that will be used to create a VDI infrastructure of one of the following types:
- Citrix XenDesktop static dedicated catalog with the use of local drives.
- Automated pool of VMware Horizon of the Full Clone type.
- Group of virtual machines of the Full Copy type for HUAWEI FusionAccess.
- After installation is complete, configure the connection of Light Agent to an SVM in the local interface of Light Agent for Windows. After connecting, the Protection Server forwards license info to Light Agent. You need to wait for Light Agent to receive the license info.
- Light Agent checks the availability of an update package in the folder on the SVM to which it is connected. If an update package is available, Light Agent for Windows installs the application database and module updates required for its operation on the protected virtual machine.
You can wait for Light Agent to receive database updates and application module updates or run the update task manually in the local interface of Light Agent for Windows, and then scan the virtual machine template for malware.
We recommend reloading the virtual machine template to optimize operating system loading.
When Light Agent is installed on the virtual machine template, you can create virtual machines from this template. To learn more, see the virtual infrastructure documentation.
For information about installing Light Agent to virtual machine templates, please also refer to the Knowledge Base.
Page top
Compatibility with Citrix App Layering technology
If you plan to use the Full User Layer to save the state of non-persistent virtual machines, you must do the following before installing the Light Agent on a virtual machine template:
- Create the file C:\Program Files\Unidesk\Uniservice\UserExclusions\KESLA.txt and add the following exclusions to it:
C:\ProgramData\KasperskyLab\C:\ProgramData\Kaspersky Lab\C:\Program Files (x86)\Kaspersky Lab\
- Make the following changes to the operating system registry:
- In the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Unifltr registry key, create a new DWORD key with the name MiniFilterBypass and the value 1.
- In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Unirsd registry key, create a new MULTI_SZ key with the name ExcludeKey and the value \Registry\Machine\SOFTWARE\WOW6432Node\KasperskyLab.
- Restart the virtual machine.
To install on virtual machines in an infrastructure that uses Citrix App Layering technology, you need to do the following:
- Install Kaspersky Security Center Network Agent and Light Agent for Windows on a virtual machine template on the Application Layer.
- Create a multi-layer virtual machine image.
- Deploy the created image to hypervisors that support Citrix App Layering.
- Configure creation of non-persistent virtual machines from the created image.
For more information on installing antivirus software with Citrix App Layering, refer to Citrix App Layering documentation.
Page top
Compatibility with Citrix Provisioning (Citrix Provisioning Services) technology
If Citrix Provisioning Target Device software is installed on the virtual machine, you must remove it before beginning installation of the Light Agent component. After installing Light Agent, you must install Citrix Provisioning Target Device.
To ensure compatibility of the application with Citrix Provisioning (Citrix Provisioning Services) technology, you must install Light Agent in one of the following ways:
- Using the Installation Wizard. At the "Starting installation" step of the Wizard, select the Ensure compatibility with Citrix Provisioning (Citrix Provisioning Services) check box.
- From the command line, using the
INSTALLONPVS=1parameter.If Light Agent is being installed to a temporary virtual machine template that will be used to create a VDI infrastructure, it is recommended to also use the
USEPVMDETECTION=1parameter. - Remotely via Kaspersky Security Center. Select the Ensure compatibility with Citrix Provisioning (Citrix Provisioning Services) check box in the installation package settings. If you want to manually create an installation package, use a pre-edited ksvla.kud file.
In the local interface of Light Agent, you can view information about compatibility with Citrix Provisioning (Citrix Provisioning Services) technology. Information on whether or not the support of Citrix Provisioning (Citrix Provisioning Services) is enabled is displayed in the Support window that can be opened from the main application window.
Page top
Compatibility with VMware App Volumes technology
Before installing on a virtual machine template, you need to create the file %SVAgent%\Config\Custom\snapvol.cfg and add the following exceptions to it:
exclude_path=\ProgramData\Kaspersky Labexclude_path=\ProgramData\KasperskyLabexclude_path=\Program Files\Kaspersky Labexclude_path=\Program Files\Common Files\Kaspersky Labexclude_path=\Program Files\Kaspersky Labexclude_path=\Program Files (x86)\Kaspersky Labexclude_path=\Program Files (x86)\Common Files\Kaspersky Labexclude_process_path=\Program Files (x86)\Kaspersky Labexclude_process_path=\Program Files (x86)\Common Files\Kaspersky Labexclude_process_path=\Program Files\Common Files\Kaspersky Labexclude_process_path=\Program Files\Kaspersky Labexclude_process_name=avp.exeexclude_process_name=klnagent.exeexclude_registry=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\KasperskyLabexclude_registry=\REGISTRY\MACHINE\SOFTWARE\KasperskyLabexclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\klupd_klif_arkmonexclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\klupd_klif_klarkexclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\klupd_klif_klbgexclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\klupd_klif_markexclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\klupd_klif_swmon
For details, please refer to the VMware documentation.
Page top
Changing the composition of installed Light Agent for Windows components
After installing Light Agent for Windows on a virtual machine, you can change the composition of the installed components in one of the following ways:
- Using a group task for changing the composition of application components. The task is created in the Kaspersky Security Center Administration Console. While this task is being run, Kaspersky Security installs or removes Light Agent for Windows components on protected virtual machines according to the configured list of components.
- By repeating remote installation of Light Agent for Windows through Kaspersky Security Center using an installation package in which the list of Light Agent components has been modified.
To change the set of components installed by a group task for changing the set of application components:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select Change application components and proceed to the next step of the wizard.
- Specify the components to be installed on protected virtual machines with Windows guest operating systems. Components for installation are grouped into two blocks: Components for installation on server OS and Components for installation on desktop OS. Select the check boxes next to the components you want to install, and clear the check boxes next to the components you want to delete.
If the check box next to the name of a component is selected, Kaspersky Security will install this component on the virtual machine. If the component is already installed, no changes are made.
If the check box is cleared next to the name of a component, Kaspersky Security removes the component. If the component was not installed, no changes are made.
At this step, you can also enable or disable Light Agent integration with Kaspersky Endpoint Agent using the Integration with Kaspersky Endpoint Agent check box in the list of components. Integration is disabled by default (the check box is cleared).
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- Configure the task run mode and proceed to the next step of the wizard.
- Specify the name of the task you are creating and proceed to the next step of the wizard.
- Exit the New Task Wizard. The created task is displayed in the list of tasks for the selected administration group on the Tasks tab or in the Tasks folder.
- Start the task for changing the composition of components or wait for it to start according to schedule.
Installing Light Agent for Linux
Light Agent for Linux can be installed on a virtual machine in one of the following ways:
- Remotely from the administrator's workstation using Kaspersky Security Center.
If fanotify technology is not supported by the operating system of the virtual machine on which you are planning to install Light Agent for Linux, the Linux operating system kernel module must be compiled to handle operations performed on file system objects. Compilation will be performed automatically after Light Agent for Linux is installed. To ensure that compilation completed successfully, prior to installing Light Agent for Linux you need to download the source code of the operating system kernel to the virtual machine and install the compilation packages (gcc, binutils, glibc, glibc-devel, make, ld) on the virtual machine. If you are planning to install Light Agent remotely through Kaspersky Security Center or from the command line in silent mode, the source code of the operating system kernel must be placed in the default folder.
Installing Light Agent for Linux from the command line
Prior to beginning installation, you need to unpack the distribution package of Light Agent for Linux.
You can install Light Agent for Linux from the command line in one of the following ways:
The Light Agent for Linux component is installed from the command line using the installation script in the self-extracting Shar archive named lightagent-5.2.X-X-bundle.sh (where 5.2.X-X is the application version number).
The lightagent-5.2.X-X-bundle.sh archive includes the packages necessary for installing the supported version of Light Agent for Linux and Kaspersky Security Center Network Agent.
You can run the installation of Light Agent for Linux with the following parameters:
--skip-product(installs only Kaspersky Security Center Network Agent).--skip-klnagent(installs only Light Agent for Linux, with a preliminary check of whether the supported version of Network Agent is installed (the version that is included in the shar-archive)). If a supported version of Network Agent is not installed, Light Agent for Linux will not be installed, and the installation ends with an error.--skip-klnagent --skip-klnagent-version-check– installs only Light Agent for Linux after a preliminary verification that any version of Network Agent is installed on the virtual machine. If Network Agent is not installed, Light Agent for Linux will not be installed, and the installation ends with an error.The operation of Light Agent for Linux requires one of the following versions of Network Agent: 12.0.1.60 (for 32-bit operating systems) or 12.0.0.60 (for 64-bit operating systems).
--auto-install=<path to the Light Agent for Linux configuration file>--klnagent-auto-install=<path to the Network Agent configuration file>– install Light Agent for Linux and Network Agent in silent mode. Full paths to the configuration files containing the initial setup settings for configuring Light Agent for Linux and Network Agent must be specified. The paths to files can be identical, meaning it can be a single configuration file.-x– unpack the contents of the shar archive to the directory where the shar archive is located.--force-install– install Light Agent for Linux and Network Agent after first removing the previously installed Light Agent for Linux.--clean– install Light Agent for Linux and Network Agent after first removing the previously installed Light Agent for Linux and Network Agent, including their directories, user-modified configuration files, databases and trace files.
Installing Light Agent for Linux in silent mode
If fanotify technology is not supported by the operating system of the virtual machine on which you are planning to install Light Agent for Linux, prior to beginning installation, make sure that the source code of the operating system kernel is in the default folder on the virtual machine and that the compilation packages (gcc, binutils, glibc, glibc-devel, make, ld) have been installed.
To install Light Agent for Linux from the command line in the silent mode:
- In the configuration file lightagent.ini, specify the settings that must be used by the installation script during initial configuration of Light Agent for Linux. The lightagent.ini file is included in the distribution package of Light Agent for Linux. You can specify the following settings:
ACCEPT_EULA_AND_PRIVACYPOLICY– accept the terms of Kaspersky Security End User License Agreement between you and Kaspersky and the Privacy Policy that describes processing and transmission of data. Possible values:yes,no.You must accept the terms of the End User License Agreement and the Privacy Policy to install the application.
By setting this parameter to
yes, you confirm the following:- You have fully read, understood and accept the terms and conditions of Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
The text of the End User License Agreement and Privacy Policy is included in the application distribution kit.
CONNECTOR_LOCALE– ID of the language localization of Light Agent for Linux. Possible values:ru,en,fr,de,zh-Hans,zh-Hant,ja.DEFAULT_KERNEL_SOURCES– use the default path to the source code of the operating system kernel. Possible values:yes,no.If the operating system does not support fanotify technology, you must place the source code of the operating system kernel in the default folder and specify the parameter value
DEFAULT_KERNEL_SOURCES=yes. Otherwise, installation of Light Agent will end with an error.
- In the configuration file klnagent.ini, specify the settings that must be used by the installation script during initial configuration of Network Agent. The klnagent.ini file is included in the distribution package of Light Agent for Linux. You can specify the following settings:
KLNAGENT_SERVER– IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Kaspersky Security Center Administration Server is installed.KLNAGENT_PORT– port number used to connect Network Agent to the Administration Server. The Kaspersky Security Center Administration Server uses port 14000 by default.KLNAGENT_SSLPORT– port number used to connect Network Agent to the Administration Server using an SSL certificate. The Administration Server uses port 13000 by default.KLNAGENT_USESSL– use an SSL connection to connect to the Administration Server. Possible values:1(use an SSL connection) or0(do not use an SSL connection).KLNAGENT_GW_MODE– connect to the Administration Server through a connection gateway. Possible values:1or0.Parameter values have to be entered in the format <parameter name>=<value>. Blank spaces between the parameter name and its value are ignored.
- Do one of the following:
- Start the installation script by running the following command:
# sh lightagent-5.2.X-X-bundle.sh --auto-install=<path to the Light Agent for Linux configuration file>--klnagent-auto-install=<path to the Network Agent configuration file>where:
5.2.X-Xis the application version number.<path to the Light Agent for Linux configuration file>is the full path to the initial setup configuration file lightagent.ini (see step 1 of these instructions). The installation script will use the settings specified in this file during initial configuration of Light Agent for Linux.<path to the Network Agent configuration file>is the full path to the initial setup configuration file klnagent.ini (see step 2 of these instructions). The installation script will use the settings specified in this file during initial configuration of Network Agent.
- Declare the
KLAUTOANSWERSenvironment variable and start the installation script by running the following commands:# export KLAUTOANSWERS=<path to the Network Agent configuration file># export KLLIGHTAGENTAUTOANSWERS=<path to the Light Agent for Linux configuration file># sh lightagent-5.2.X-X-bundle.shwhere:
5.2.X-Xis the application version number.<path to the Light Agent for Linux configuration file>is the full path to the initial setup configuration file lightagent.ini (see step 1 of these instructions). The installation script will use the settings specified in this file during initial configuration of Light Agent for Linux.<path to the Network Agent configuration file>is the full path to the initial setup configuration file klnagent.ini (see step 2 of these instructions). The installation script will use the settings specified in this file during initial configuration of Network Agent.Paths to configuration files containing the initial settings for configuring Light Agent for Linux and Network Agent can be identical, so it can be a single configuration file.
The command-line parameter
--auto-installhas higher priority than an environment variable.As a result, the installation script will perform the following actions:
- Install and perform initial configuration of Kaspersky Security Center Network Agent.
If the required version of Network Agent is already installed, this step will be skipped.
- Install and perform initial configuration of Light Agent for Linux.
- Start the installation script by running the following command:
Installing Light Agent for Linux in interactive mode
If fanotify technology is not supported by the operating system of the virtual machine on which you are planning to install Light Agent for Linux, prior to beginning installation make sure that the source code of the operating system kernel has been loaded and the compilation packages (gcc, binutils, glibc, glibc-devel, make, ld) have been installed on the virtual machine.
To install Light Agent for Linux from the command line in interactive mode,
start the installation script by running the following command:
# sh lightagent-5.2.X-X-bundle.sh
where 5.2.X-X is the application version number.
As a result, the installation script will perform the following actions:
- Installing the Kaspersky Security Center Network Agent.
If the required version of Network Agent is already installed, this step will be skipped.
After Network Agent is installed, you must perform its initial configuration.
- Installing Light Agent for Linux
After Light Agent for Linux is installed, you must perform its initial configuration.
To perform initial configuration of the Network Agent:
- In the command line, run the postinstall.pl script located in the following directory:
- /opt/kaspersky/klnagent64/lib/bin/setup/ – for 64-bit operating systems
- /opt/kaspersky/klnagent/lib/bin/setup/ – for 32-bit operating systems
- Specify the IP address in IPv4 format or fully qualified domain name (FQDN) of the device on which the Kaspersky Security Center Administration Server is installed.
- If necessary, change the default values of the following settings:
- Port number used to connect Network Agent to the Administration Server and the port number used to connect using an SSL certificate.
- Capability to use an SSL connection to connect to the Administration Server.
- Capability to connect to the Administration Server through a connection gateway.
For more detailed information about installing and configuring Kaspersky Security Center Network Agent, see the Kaspersky Security Center help.
To perform initial configuration of Light Agent for Linux:
- Run the lightagent-setup.pl script, located in the /opt/kaspersky/lightagent/bin/ directory, from the command line.
- Read the text of the End User License Agreement for Kaspersky Security concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data. To do so, press Enter. To finish your review, use the q key.
After exiting the viewing mode, enter
yes(ory) if you accept the terms of the End User License Agreement and the Privacy Policy. By setting this parameter toyes, you confirm the following:- You have fully read, understood and accept the terms and conditions of Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
The text of the End User License Agreement and Privacy Policy is included in the application distribution kit.
You must accept the terms of the End User License Agreement and the Privacy Policy to install the application.
- Specify the ID of the language of Light Agent for Linux events that are sent to Kaspersky Security Center:
ru,en,fr,de,zh-Hans,zh-Hant,ja.By default, the initial configuration script proposes using the
enlanguage ID. Press Enter to confirm that you want to use the English language for events or specify a different language ID. - The initial configuration script checks whether there is support for fanotify technology in the operating system.
- If the operating system supports fanotify technology, the initial configuration script proceeds to configuration of Light Agent for Linux.
- If fanotify technology is not supported by the operating system, the Linux operating system kernel module must be compiled to handle operations performed on file system objects. To start compiling the kernel module, you need to confirm that the source code of the operating system kernel is in the default folder, or specify another path to the source code of the kernel.
If the initial configuration script detects source code of the operating system kernel in the default directory, the path to that directory is displayed on the screen. Press Enter to confirm the path, or specify a different path. The initial configuration script starts compilation of the module of the Linux operating system kernel on the virtual machine.
The initial configuration script performs configuration of Light Agent for Linux. If errors are encountered during configuration, information about them is displayed on the screen.
Page top
Installing Light Agent for Linux via Kaspersky Security Center
You can install Light Agent for Linux remotely from the administrator's workstation using Kaspersky Security Center.
Installation is performed by using the Remote Installation Wizard or by using the remote installation task (for details, please refer to the Kaspersky Security Center help).
If fanotify technology is not supported by the operating system of the virtual machine on which you are planning to install Light Agent for Linux, prior to beginning installation, make sure that the source code of the operating system kernel is in the default folder on the virtual machine and that the compilation packages (gcc, binutils, glibc, glibc-devel, make, ld) have been installed.
Prior to beginning remote installation of Light Agent for Linux and Network Agent, you must perform the following actions on the virtual machine:
- Verify the capability to connect a client application (for example, PuTTY) to the virtual machine over the SSH protocol.
If you cannot connect to the device, open the /etc/ssh/sshd_config file and make sure that the settings have the following values:
PasswordAuthentication noChallengeResponseAuthentication yesIf necessary, edit the values of settings, save the /etc/ssh/sshd_config file, and restart the SSH service by using the
sudo service ssh restartcommand. - Disable the sudo password prompt for the user account that is used to connect to the virtual machine. To do this, perform the following actions:
- Open the sudoers configuration file by using the
sudo visudocommand. - Specify the following in the file:
<user name> ALL = (ALL) NOPASSWD: ALLwhere
<user name>is the user account that will be used to connect to the virtual machine over the SSH protocol. - Save the sudoers file and then close it.
- Reconnect to the virtual machine over SSH and run the
sudo whoamicommand to make sure that the sudo service does not require a password.
- Open the sudoers configuration file by using the
Remote installation utilizes the installation package that contains the set of parameters required for installing Light Agent for Linux and Kaspersky Security Center Network Agent. The Kaspersky Security Components Installation Wizard automatically creates this installation package during installation of Kaspersky Security MMC plug-ins and Integration Server. This installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder with the name Kaspersky Security for Virtualization 5.2 Light Agent for Linux (5.2.X.X), where 5.2.X.X is the application version number.
You can use the installation package that was automatically created by the Kaspersky Security Components Installation Wizard, or manually create an installation package.
Joint installation of Light Agent for Linux and Network Agent that is included in Kaspersky Security Center distribution kit is not supported. If you are using the remote installation task to install Light Agent for Linux, make sure that the Install Network Agent along with this application check box is cleared in the task settings. The supported version of Network Agent is included in the installation package for Light Agent for Linux and will be installed automatically as a result of remote installation of Light Agent for Linux.
The presence of Network Agent on the virtual machine is checked prior to beginning installation. If an installed version of Network Agent that is incompatible with Light Agent for Linux component is detected, installation ends with an error. You must remove Network Agent from the virtual machine and run the remote installation of Light Agent for Linux again.
Creating a Light Agent for Linux installation package
Prior to creating an installation package, unpack the distribution package of Light Agent for Linux to a folder that can be accessed by Kaspersky Security Center Administration Server.
To manually create a Light Agent for Linux installation package:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select Advanced → Remote installation → Installation packages.
- Click the Create installation package button.
The New Package Wizard starts.
- In the wizard window that opens, click the Create installation package for a Kaspersky application button.
- Enter the name of the installation package and proceed to the next step of the wizard.
- Select the distribution kit of Kaspersky Security. To do so, open the standard window of Microsoft Windows by using the Browse button and specify the path to the lightagent.kud file.
The Wizard window will display the application name.
Proceed to the next step of the wizard.
- Read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.
To continue creating the installation package, confirm that you have fully read and accept the terms of the End User License Agreement and the Privacy Policy. To confirm, select both check boxes in the window of the Wizard.
Proceed to the next step of the wizard.
- The wizard downloads the files required for installation of the application to the Administration Server of Kaspersky Security Center. Wait for the download to finish.
- Finish the wizard.
The created installation package is stored in the Kaspersky Security Center Administration Console tree in the Additional → Remote installation → Installation packages folder. You can use one and the same installation package multiple times.
After creating a Light Agent for Linux installation package, you need to configure the installation package settings. In the installation package properties window, you can specify the settings for connecting Network Agent, which will be installed on the virtual machine together with Light Agent for Linux, to the Kaspersky Security Center Administration Server.
Page top
Configuring Network Agent settings in the Light Agent for Linux installation package properties
In the properties of the Light Agent for Linux installation package, you can configure the settings for connecting Network Agent, which will be installed on the virtual machine together with Light Agent for Linux, to the Kaspersky Security Center Administration Server.
To configure the Network Agent settings:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select Advanced → Remote installation → Installation packages.
- In the list of installation packages, select the Light Agent for Linux installation package and open the Settings: <installation package name> window by double-clicking it.
- In the window that opens, in the list on the left, select the Settings section and configure the following settings for connecting Network Agent to the Kaspersky Security Center Administration Server:
- Administration Server address
- Port number.
- SSL port number
- Use Administration Server certificate
- Use SSL connection
Except for the Settings section, all sections in the Settings: <installation package name> window are identical to the standard sections used in Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.
- Click OK in the Settings: <installation package name> window.
Preparing Light Agents for operation
To prepare Light Agents for operation, you must perform the following actions:
- If you want to remotely manage the operation of Light Agents, create Kaspersky Security Center policies:
- Policy for Light Agent for Windows, if you want to manage the operation of Light Agents installed on protected virtual machines running Windows guest operating systems.
- Policy for Light Agent for Linux, if you want to manage the operation of Light Agents installed on protected virtual machines running Linux guest operating systems.
- Configure SVM discovery settings for Light Agents:
- You can configure the SVM discovery settings for Light Agents for Windows when creating a Light Agent for Windows policy, in policy properties, or in the local interface of Light Agent.
- You can configure the SVM discovery settings for Light Agents for Linux when creating a Light Agent for Linux policy or in the Light Agent for Linux policy properties.
- Make sure that the database updates required for Light Agent are installed on the protected virtual machines.
The update task is used for updating databases on protected virtual machines. The update task is started automatically.
Information about running the update task on a virtual machine with the Light Agent for Windows component is displayed in the Reports and Storages window in the Update section after the task is run for the first time.
You can verify that the application databases are up to date on a virtual machine with the Light Agent for Linux component by using the
lightagent productinfocommand. Make sure that the command returns information about the application databases, and that the databases are up to date. If necessary, you can start the update task by using thelightagent updatecommand.
Changes in the Kaspersky Security Center Administration Console after installing Kaspersky Security
Displaying virtual machines and SVMs in the console tree
After installation of Kaspersky Security in the virtual infrastructure, the SVMs and protected virtual machines on which Network Agent is installed will forward information about themselves to Kaspersky Security Center. By default, Kaspersky Security Center adds the virtual machines on which Kaspersky Security is installed to the Unassigned devices folder.
In the Kaspersky Security Center Administration Console, an SVM is displayed under the name that you specified during deployment of this SVM. The name of the protected virtual machine matches the network name of the virtual machine (hostname). If a virtual machine with the same name is already registered on the Kaspersky Security Center Administration Server, a sequence number is added to the name of the new virtual machine, for example: <Name>~1, <Name>~2.
If you configured rules for moving virtual machines to administration groups prior to installing the application, Kaspersky Security Center moves the virtual machines on which Kaspersky Security is installed to the specified administration groups in accordance with the configured rules for moving virtual machines.
After it is deployed on the hypervisor, the SVM forwards the following tag to Kaspersky Security Center:
%VmType%=SVM indicates that the virtual machine is an SVM.
A protected virtual machine with Kaspersky Security Center Network Agent installed sends the following tag to Kaspersky Security Center:
%VmType%=<Persistent / Nonpersistent> (indicates whether the virtual machine is a temporary virtual machine).
You can use the specified tags when creating rules for moving SVMs and protected virtual machines to administration groups.
You can manually move virtual machines to the Managed devices administration group or nested administration groups (for more detailed information about moving virtual machines to administration groups, please refer to the Kaspersky Security Center help).
Default policy and tasks
After Kaspersky Security MMC plug-ins for the Managed devices administration group are installed, the default Protection Server policy and the following tasks are automatically created:
- Virus scan task for Light Agent for Windows.
- Virus scan task for Light Agent for Linux.
- Database update task on the Protection Server.
Installation packages
As a result of Kaspersky Security MMC plug-ins and Integration Server installation, installation packages are created on Kaspersky Security Center Administration Server:
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows (5.2.X.X)
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux (5.2.X.X)
where 5.2.X.X is the application version number.
The installation packages are stored in the Administration Console in the Additional → Remote installation → Installation packages folder. You can use these installation packages for remote installation of Light Agent for Windows and Light Agent for Linux.
Page top
Installing Kaspersky Security web plug-ins
If you want to use web interface to manage Kaspersky Security using Kaspersky Security Center, you need to install the following Kaspersky Security web plug-ins using the Web Console:
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux
- Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server
To install Kaspersky Security web plug-in:
- Start the Web Console.
- In the lower left corner of the screen, place the mouse pointer on the Console settings section.
A context menu opens.
- In the context menu, select Web plug-ins.
The list of installed web plug-ins opens.
- Start Kaspersky Security web plug-in installation in one of the following ways:
- Installing a web plug-in from the list of available distribution packages in the Web Console:
- Click the Add button.
The list of available distribution packages will open. The list is updated automatically when new versions of Kaspersky applications are released.
- Select the name of the web plug-in from the list.
A window with the web plug-in description opens.
- Click the Install plug-in button.
- After installation is complete, click OK in the information window.
- Click the Add button.
- Installing a web plug-in from a third party source (the archive required to install the web plug-in must be first downloaded from Kaspersky website):
- Click the Add from file button.
- In the window that opens, specify the path to the ZIP archive with the web plug-in distribution package and the path to the web plug-in description file in TXT format. This file is located in the archive that you downloaded from Kaspersky website.
- Click the Add button.
- After installation is complete, click OK in the information window.
- Installing a web plug-in from the list of available distribution packages in the Web Console:
You can view the list of installed web plug-ins in the Web Console (Console settings → Web plug-ins).
Page top
Viewing the list of SVMs connected to the Integration Server
Kaspersky Security lets you view a list of all SVMs that are connected to the Integration Server.
To get information about SVMs connected to the Integration Server:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the List of connected SVMs section.
The table on the right side of the window displays the following information about all SVMs connected to the Integration Server:
- SVM IP address.
- SVM path. Depending on the type of protected virtual infrastructure:
- IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.
- IP address in the IPv4 format or the fully qualified domain name (FQDN) of the Keystone microservice that controls the OpenStack project within which the SVM is deployed.
- To view detailed information, select an SVM in the table and open the Information about SVM window by double-clicking or by clicking the Detailed information link above the table.
The window displays the following information about the selected SVM:
- Unique identifier of the SVM.
- SVM IP address.
- SVM path. Depending on the type of protected virtual infrastructure:
- IP address in IPv4 format or the fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.
- IP address in the IPv4 format or the fully qualified domain name (FQDN) of the Keystone microservice that controls the OpenStack project within which the SVM is deployed.
- SVM port used to relay scan requests from Light Agents over a secure connection.
- SVM port used for relaying scan requests from Light Agents over a non-secure connection.
- SVM port used for relaying service requests from Light Agents over a secure connection.
- SVM port used for relaying service requests from Light Agents over a non-secure connection.
- Information about whether the data transfer channel from Light Agents is encrypted.
Viewing the list of Light Agents connected to SVMs
A list of Light Agents connected to the SVM is displayed in the application properties of Kaspersky Security installed on this SVM. You can view the list of connected Light Agents using Administration Console or Web Console (in Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server properties window, on the Application settings tab in the Connected Light Agents section).
To view the list of Light Agents connected to SVMs in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the folder with the name of the administration group that the required SVM belongs to.
- In the workspace, select the Devices tab.
- Select an SVM from the list and double-click to open the Settings: <SVM name> window.
- In the window that opens, in the list on the left, select the Applications section.
- In the right part of the window, in the list of applications installed on the SVM, select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server and double-click it to open the Kaspersky Security for Virtualization 5.2 Light Agent Settings – Protection Server window.
- In the window that opens, in the list on the left, select the Connected Light Agents section.
The right part of the window displays a table containing the list of Light Agents connected to SVMs. The field above the table shows the time of the last request to the SVM.
The table displays the following information:
- Name of the virtual machine with Light Agent installed.
- IP address and port that is used by Light Agent to connect to SVMs.
- Version of the operating system installed on the protected virtual machine.
- Type of operating system installed on the protected virtual machine: server operating system or desktop operating system.
- ID of the protected virtual machine.
- Path to the protected virtual machine within the virtual infrastructure.
- If you want to update the information about Light Agents connected to SVMs, click the Refresh button.
Upgrading from a previous version of the application
Upgrading the application to Kaspersky Security for Virtualization 5.2 Light Agent with the 5.2.1 update
You can upgrade the following application versions to Kaspersky Security for Virtualization 5.2 Light Agent with the 5.2.1 update:
- Kaspersky Security for Virtualization 5.1 Light Agent.
- Kaspersky Security for Virtualization 5.1.1 Light Agent (hereinafter also referred to as "Kaspersky Security update 5.1.1").
- Kaspersky Security for Virtualization 5.1.2 Light Agent (hereinafter also referred to as "Kaspersky Security update 5.1.2").
- Kaspersky Security for Virtualization 5.1.3 Light Agent (hereinafter also referred to as "Kaspersky Security update 5.1.3").
Upgrading of earlier Kaspersky Security versions to version 5.2 is not provided.
Before starting the application update, do the following:
- Prepare the files required for installing the application:
- From Kaspersky website, download the file necessary for running the Kaspersky Security Components Installation Wizard.
- Using the Kaspersky Security Components Installation Wizard, download SVM images and SVM image description files from Kaspersky website.
- If you are not planning to use automatically created installation packages to install Light Agent, unpack the files, required for installation of Light Agent for Windows and Light Agent for Linux using the Kaspersky Security Components Installation Wizard.
- If you want to use the web interface to interact with Kaspersky Security Center, you can download the archives required for installing web plug-ins from Kaspersky website. The files required to install web plug-ins are also available in the Web Console.
- Make sure that one of the supported Kaspersky Security Center versions is installed, or upgrade Kaspersky Security Center to one of the supported versions.
For Kaspersky Security Center update instructions, see the Kaspersky Security Center help.
- Make sure that the ports required for application operation are open in the settings of the network equipment or software used for traffic monitoring.
- Make sure that you have configured the settings of the accounts that are required for installation and operation of the application.
- Make sure that the additional preparatory steps are done, depending on your virtual infrastructure.
Upgrading the application comprises the following steps:
- Updating Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console.
After updating MMC plug-ins, Integration Server and Integration Server Console, it is recommended to run the download updates to the repository task in the Kaspersky Security Center Administration Console and make sure that the task completes successfully. For details, please refer to the Kaspersky Security Center help.
- Updating Kaspersky Security web plug-ins if you use the web interface to interact with Kaspersky Security Center.
The update is performed by installing the new web plug-ins version using the Web Console. Web plug-ins of the previous version continue to operate after the new web plug-ins version is installed. You can use them to manage SVMs and Light Agents of previous versions of Kaspersky Security.
After all the application components are updated, you can uninstall web plug-ins of the previous version. The web plug-ins can be removed in the Web Console in the list of installed plug-ins (Console settings → Web plug-ins).
- Upgrade of the Protection Server component.
- Upgrading the Light Agent for Windows component on protected virtual machines.
- Installing the new version of Light Agent for Linux component. To do so, you must perform the following actions:
- Uninstall the previous version of the Light Agent for Linux component on virtual machines.
- Uninstall the previous version of the Kaspersky Security Center Network Agent component on virtual machines by means of the Linux operating system.
- Install the new version of the Light Agent for Linux component on virtual machines.
- Converting policies and tasks that were configured in Kaspersky Security Center for a previous version of Kaspersky Security. Policies and tasks configured for Kaspersky Security 5.1 (including updates 5.1.1, 5.1.2, and 5.1.3 for Kaspersky Security) are not compatible with the updated version of the application.
Light Agent can connect only to an SVM on which the version of the Protection Server component is compatible with the version of the Light Agent component. The versions of the Light Agent and Protection Server components are compatible within a single version of Kaspersky Security.
Installing the Kaspersky Security 5.2.1 update
If you have Kaspersky Security for Virtualization 5.2 Light Agent without updates, you can install the Kaspersky Security 5.2.1 update.
In the 5.2.1 update, you can install, remove, or configure Kaspersky Security components in virtual infrastructures managed by TIONIX Cloud Platform, OpenStack Platform, ALT Virtualization Server Platform or Astra Linux Platform using the standard tools of the application.
To install the 5.2.1 update, you need to install the new version of the Integration Server and Integration Server Console. Installation can be performed by using the Kaspersky Security Components Installation Wizard or from the command line. The installation process only updates the Integration Server and Integration Server Console. Administration plug-ins do not need to be updated.
When upgrading Kaspersky Security to version 5.2.1, upgrade of the Light Agent and Protection Server components is not required.
After update 5.2.1 is installed, you can use policies and tasks that were configured for Kaspersky Security for Virtualization 5.2 Light Agent. Converting policies and tasks is not required.
About the upgrade of Kaspersky Security MMC plug-ins and Integration Server
The MMC plug-ins, Integration Server, and Integration Server Console must be upgraded using the account that belongs to the group of local administrators.
The upgrade requires at least 4 GB of free disk space where the %ProgramData% folder is saved, and additional space to save a backup copy of the Integration Server database and settings.
Close the Integration Server Console before starting the update. It is also recommended to close the Kaspersky Security Center Administration Console.
When upgrading the Integration Server, save a backup copy of the database and settings and the certificate of the previously installed Integration Server. You can choose the path to save this data or use the default path: %ProgramData%\Kaspersky Lab\VIISLA_Backup\VIISData(1). The number in the folder name is incremented by 1 each time an update is done.
The backup copy of the Integration Server database and settings contains the following data:
- Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
- Settings for connecting the Integration Server to the virtual infrastructure and the Kaspersky Security Center Administration Server.
- If the application is used in multi-tenancy mode: a list of registered tenants and protection statistics of the tenant virtual machines is displayed.
- Configuration files that define the Integration Server operation settings.
Access to the folder where the backup copy of the database and settings and the Integration Server certificate are saved is restricted using ACL. Administrator rights are required to access this folder.
If the previously installed Integration Server was used to work with Kaspersky Security for Virtualization Agentless, it continues to work after the Integration Server of Kaspersky Security for Virtualization Light Agent is updated, but will use a new port. You need to specify the port number during the update. The updated Integration Server of Kaspersky Security for Virtualization Light Agent continues to use the port that was specified during installation.
If you want to continue using the previous version of the Integration Server to work with Kaspersky Security for Virtualization Agentless, it is recommended to make sure that the new port is specified in the settings for connecting VMware NSX Manager and SVM to the Integration Server. To do this, you can use Kaspersky Security settings configuration procedure (for details, refer to Kaspersky Security for Virtualization Agentless help).
Updating MMC plug-ins, the Integration Server and the Integration Server Console is performed by installing a new version of Kaspersky Security management components in one of the following ways:
- In interactive mode, using the Kaspersky Security components installation Wizard.
The wizard offers to select a folder to save a backup copy of the database and settings and the certificate of the previously installed Integration Server, or to use the default folder.
If the previously installed Integration Server was used to work with Kaspersky Security for Virtualization Agentless, the wizard prompts you to specify the port number to be used to connect to Kaspersky Security for Virtualization Agentless Integration Server.
- In silent mode from the command line.
If you want to select a folder to save the backup copy of the database and settings and the Integration Server certificate, specify the
--backupFolder=<path to the folder>parameter in the command. If the parameter is not specified, the backup copy is saved to the default folder.If the previously installed Integration Server was used to work with Kaspersky Security for Virtualization Agentless, specify the
--newAgentlessViisPort=<port number>parameter in the command. This port is used to connect to Kaspersky Security for Virtualization Protection Agentless Integration Server after Kaspersky Security for Virtualization Light Agent Integration Server is updated. If the parameter is not specified, update procedure fails.
When Kaspersky Security MMC plug-ins and the Integration Server are updated, the link to start the new version of the Integration Server Console is displayed in the Kaspersky Security Center Administration Console, in the Deployment section of the Monitoring tab. If the previous version of the Integration Server was used to work with Kaspersky Security for Virtualization Agentless, the Deployment section also displays a link to launch the previous version of the Integration Server Console.
If errors occur in the Integration Server operation after the upgrade, you can return to using the previous version of the Integration Server. To do this, follow the steps described in the Knowledge Base article.
MMC plug-ins of the previous version continue to work after the new version of Kaspersky Security management components is installed. You can use them to manage SVMs and Light Agents of previous versions of Kaspersky Security. After all the application components are updated, you can uninstall MMC plug-ins of the previous version.
To uninstall MMC plug-ins, use the standard application removal tools of the operating system: in the list of applications, select Kaspersky Security for Virtualization 5.1 Light Agent – management components for removal.
Page top
About the upgrade of the Protection Server
Upgrade of the Protection Server is performed by deploying SVM with the new version of the Protection Server in virtual infrastructure. Deployment is performed by using the SVM Management Wizard.
You can also deploy SVMs using the virtual infrastructure tools and configure SVM settings by using the klconfig script API manually or by means of automation tools.
SVMs with the previous version of the Protection Server continue to work on hypervisors. They ensure the protection of virtual machines with the previous version of Kaspersky Security during the application upgrade.
After deploying SVMs with the new version of the Protection Server, you must prepare the Protection Server for operation.
If you are using a licensing scheme based on the number of kernels in physical processors on the hypervisors, after the application is activated on SVMs with the new version of the Protection Server, Kaspersky Security may send an event involving an exceeded license restriction to Kaspersky Security Center. You can ignore this event.
After updating the Light Agent on all protected virtual machines, you can remove SVMs with the previous version of the Protection Server from hypervisors. SVM removal is performed by using the SVM Management Wizard, or manually by using the hypervisor tools.
SVMs that have been removed continue to be displayed in the Administration Console of Kaspersky Security Center. When the period specified in Kaspersky Security Center settings elapses (see Kaspersky Security Center help for details), the SVMs are automatically removed from the Administration Console.
You can manually remove SVMs with the previous version of the Protection Server from the Administration Console of Kaspersky Security Center as soon as the upgrade process has been completed.
Page top
Upgrading the Light Agent for Windows component
The Light Agent for Windows component is upgraded by installing a new version of the Light Agent for Windows component on protected virtual machines. Installation is performed locally on the virtual machine or remotely via Kaspersky Security Center, or using Active Directory Group Policies.
If your infrastructure uses Citrix App Layering (formerly UniDesk) virtualization solution and the Full User Layer is used to save the state of temporary virtual machines, restore the user layer by following the instructions in Citrix App Layering documentation before updating Light Agent for Windows on the virtual machine template.
The upgraded Light Agent for Windows component uses the application settings that were configured for the previous version of Light Agent for Windows. Settings that were absent from the previous version of the application take the default values.
After the Light Agent for Windows component has been upgraded, all backup copies of files created during file disinfection and deletion are saved on the protected virtual machine. You can manage Backup files through the local interface of the application.
After being launched on the virtual machine, the updated Light Agent component connects to the SVM with the new version of the Protection Server component.
If errors occur in the operation of the application after Light Agent for Windows upgrade, you can return to using the previous version of the Light Agent for Windows component. To do so, you must uninstall the new version of the Light Agent for Windows component on the virtual machine and then install the previous version of the Light Agent for Windows component.
Page top
Converting Kaspersky Security policies and tasks
Policies and tasks configured for Kaspersky Security version 5.1 (including updates 5.1.1, 5.1.2, and 5.1.3 for Kaspersky Security) are not compatible with the upgraded version of the application.
If after upgrading the application, you want to use the values of the settings for policies and tasks that were configured in Kaspersky Security Center for the previous Kaspersky Security version, you can convert those policies and tasks using Kaspersky Security Center Policies and Tasks Batch Conversion Wizard.
The converted policies and tasks use the settings of policies and tasks of the previous version of Kaspersky Security.
You can also create new policies based on the existing policies using the Policy Wizard. To do so, when entering the group policy name, select the Use settings from policy for previous application version check box (for more details, please refer to the Kaspersky Security Center help).
After completing an upgrade of the application, you can delete policies and tasks that were created for the previous version of the application.
To convert policies and tasks that were configured in Kaspersky Security Center for the previous version of Kaspersky Security:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Administration Server: <Server name> node.
- Open the context menu and select the All tasks → Policies and Tasks Batch Conversion Wizard.
The Policies and Tasks Batch Conversion Wizard starts.
- At the first step of the Wizard, select one of the following options from the Application name list:
- Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server – if you want to convert tasks that are performed on SVMs, and Protection Server policies.
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows – if you want to convert tasks that were created in Kaspersky Security Center and are performed on protected virtual machines with Windows operating systems, and Light Agent for Windows policies.
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux – if you want to convert tasks that were created in Kaspersky Security Center and are performed on protected virtual machines with Linux operating systems, and Light Agent for Linux policies.
Proceed to the next step of the Policies and Tasks Conversion Wizard.
- Select the policies to convert. To select a policy, select the check box to the left of the name of that policy.
Proceed to the next step of the Policies and Tasks Conversion Wizard.
If you chose to convert a policy of Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server, the Kaspersky Security Network window opens. You can read the Kaspersky Security Network Statement in this window.
To continue the procedure for converting policies and tasks, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
- If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
- If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
If necessary, you can change your decision regarding KSN participation later.
- Select the tasks to convert. To select a task, select the check box to the left of the name of that task.
Proceed to the next step of the Policies and Tasks Conversion Wizard.
- Exit the Policies and Tasks Conversion Wizard.
The converted policies and tasks have names "<Original policy/task name> (converted)".
The converted policies and tasks use the settings of policies and tasks of the previous version of Kaspersky Security. The settings that were not configured in the policies and tasks of the previous version of the application take default values in the converted policies and tasks.
Page top
Removing the application
Virtual machines and user data will no longer be protected if Kaspersky Security is uninstalled.
The procedure to uninstall Kaspersky Security from the virtual infrastructure consists of the following stages:
- Uninstalling the Protection Server component of Kaspersky Security.
To uninstall the Protection Server component, remove the deployed SVMs. To uninstall Kaspersky Security completely, remove all SVMs. If necessary, you can remove only some of the SVMs.
If you have removed some of the SVMs, it is recommended to remove connection settings for virtual infrastructures, in which these SVMs were deployed. You should remove these settings from the following lists:
- from the list of virtual infrastructures to which the Integration Server is connected for receiving information about the protected infrastructure
- from the list of virtual infrastructure objects to which the SVM Management Wizard is connected (see, for example, the "Selecting SVMs to remove" step of the SVM removal procedure)
- Uninstalling the Light Agent for Windows or Light Agent for Linux component from virtual machines, as well as uninstalling the Light Agent for Windows component from virtual machine templates.
- Uninstalling the Network Agent component of Kaspersky Security Center from the protected virtual machines and virtual machine templates.
- Removing the Kaspersky Security management plug-ins, Integration Server, and Integration Server Console.
After the Protection Server and Light Agent components are removed, the SVMs and virtual machines on which Light Agents were installed are still displayed in the Kaspersky Security Center Administration Console. After the expiration of the period specified in the Kaspersky Security Center settings (see the Kaspersky Security Center help), information about the SVMs and virtual machines is automatically deleted. You can remove this information from Kaspersky Security Center Administration Console manually after uninstalling the application.
Removing the Protection Server component
To uninstall the Protection Server component, remove SVM from the virtual infrastructure. Removal is performed by using the SVM Management Wizard.
After removal of SVM, protected virtual machines that were connected to it, can connect to another SVM that operates in the virtual infrastructure.
To remove an SVM:
- Open Integration Server Console and connect to the Integration Server.
- In the SVM management section, click the SVM management button to start the SVM Management Wizard.
- Follow the wizard instructions.
Selecting an action
At this step, select the SVM removal option.
Proceed to the next step of the wizard.
Page top
Selecting SVMs to remove
At this step, select the SVMs that you want to remove.
The table displays information about virtual infrastructures, to which the connection is configured for SVM Management Wizard, as well as information about the deployed SVMs:
- Name/Address
- State
- Protection
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of virtual infrastructure object that the SVM Management Wizard connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure object to which the SVM Management Wizard connects.
You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.
To select the SVMs to remove:
In the table, select the checkboxes on the left of the names of SVMs that you want to remove.
If SVMs are being removed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous removal of SVMs deployed in different infrastructures is not supported. You can remove SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.
The simultaneous removal of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously remove SVMs deployed within OpenStack projects that are running on the same Keystone microservice.
If the list contains no virtual infrastructure, from which you want to remove the SVM, you must configure SVM Management Wizard connection to this infrastructure.
To configure the connection of SVM Management Wizard to the virtual infrastructure:
- Click the Add button.
- In the Virtual infrastructure connection settings window that opens, specify the following settings:
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, you need to select KVM as the type of virtual infrastructure object that the SVM Management Wizard will connect to.
For a virtual infrastructure on the VK Cloud platform, select Keystone microservice (OpenStack platform) as the type of virtual infrastructure object to which you want SVM Management Wizard to connect.
- Protocol
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- Addresses
- OpenStack domain
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
- Password
- Type
- Click the Connect button.
The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.
The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.
To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.
If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.
If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.
You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
You can use buttons in the Name/address column to:
- Remove selected virtual infrastructure from the list.
The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.
- If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.
After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
Proceed to the next step of the wizard.
Page top
Starting SVM removal
At this step, the Wizard window shows the number of SVMs selected for removal.
To start removing SVMs, proceed to the next step of the wizard.
Page top
SVM removal
At this step, SVMs are removed from hypervisors. The process takes some time. Please wait until the process is complete.
The window displays information about the removal of each SVM, including the status of its progress, one row at a time: Processing N%, Pending, Skipped, Completed, Error.
Proceed to the next step of the wizard.
Page top
Finishing SVM removal
This step displays information about the SVM removal results in the virtual infrastructure.
The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.
You can view the following information in the brief report:
- Addresses of the hypervisors from which SVMs were removed, or names of the OpenStack projects within which SVMs were removed (depending on type of the virtual infrastructure).
- Names of removed SVMs.
- Brief description of the completed stages of removal of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.
The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.
If the SVM removal process ends with an error, you can use the SVM Management Wizard log when contacting Technical Support.
The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.
Finish the wizard.
Page top
Uninstalling the Light Agent for Windows component
You can remove Light Agent for Windows from a virtual machine in one of the following ways:
- Locally in interactive mode by using the Installation Wizard.
- From the command line.
- Remotely through Kaspersky Security Center (please refer to the Kaspersky Security Center help).
- Remotely using Active Directory Group Policies.
When Light Agent for Windows is uninstalled from a virtual machine, all files that were created during operation of the application are deleted.
Uninstalling Light Agent for Windows using the Installation Wizard
To uninstall the Light Agent for Windows component using the Installation Wizard:
- On the virtual machine where the Light Agent for Windows component is installed, open the list of applications using the standard tools for application removal or modification in the operating system.
- Select Kaspersky Security for Virtualization 5.2 Light Agent in the list of applications and start the Installation Wizard.
- In the Modify, repair, or remove application window of the Installation wizard, click Delete.
- Follow the installation wizard instructions.
Confirming Light Agent for Windows uninstallation
Since uninstallation of the Light Agent for Windows component places the security of the virtual machine at risk, you need to confirm your intention to remove Light Agent for Windows. To confirm removal, click Delete.
Before uninstallation of the Light Agent for Windows component finishes, you can cancel uninstallation at any time by clicking Cancel.
Page top
Light Agent for Windows uninstallation
At this step, the Installation Wizard uninstalls the Light Agent for Windows component from the virtual machine. Please wait until the removal process is complete.
The uninstallation process may require a reboot of the operating system of the virtual machine. If you decide not to reboot immediately, completion of the uninstallation process will be postponed until the operating system reloads or the virtual machine is restarted.
Page top
Uninstalling Light Agent for Windows from the command line
To uninstall Light Agent for Windows from the command line in interactive mode,
enter one of the following commands in the command line:
msiexec.exe /x {C1C451E2-75D0-44A6-A80F-7024C0EC9A42}setup.exe /x
The Application Installation Wizard starts. Follow its instructions.
To uninstall Light Agent for Windows from the command line in silent mode (without starting the Installation wizard),
enter one of the following commands in the command line:
msiexec.exe /x {C1C451E2-75D0-44A6-A80F-7024C0EC9A42} /qnsetup.exe /s /x
The setup.exe file is included in the distribution package of Light Agent for Windows.
Page top
Uninstalling Light Agent for Windows using Active Directory Group Policies
You can use Active Directory Group Policies to remove the Light Agent for Windows component from virtual machines associated with the selected Group Policy Object, without using Kaspersky Security Center.
More detailed information about working with Active Directory Group Policies can be found in the Microsoft Windows Help files.
To uninstall Light Agent for Windows using Active Directory Group Policies:
- Open the Group Policy Management window in Microsoft Windows.
- In the tree of the Group Policy Management window, select a Group Policy Object with which virtual machines intended for Light Agent for Windows uninstallation are associated.
- Open the context menu of the group policy object and select Edit.
The Directory Management Group Policies Editor opens.
- In the console tree, select Group Policy Object → Computer Configuration → Policies → Application Configuration → Software installation.
- In the list of installation packages, select the installation package for Kaspersky Security for Virtualization 5.2 Light Agent.
- Open the context menu of the installation package and select All tasks → Delete.
The Remove Applications window opens.
- In the Remove Applications window, select Immediately remove this application from all user computers.
The group policy will be applied to each protected virtual machine associated with a Group Policy Object at the next startup of virtual machines. As a result, the Light Agent for Windows component is removed from all protected virtual machines associated with the selected Group Policy Object.
You may need to restart virtual machines after removal.
Page top
Removing Light Agent for Windows from the virtual machine template
To remove the Light Agent for Windows component from a virtual machine template:
- On the hypervisor, enable the virtual machine being used as a virtual machine template.
- Remove the Light Agent for Windows component in interactive mode using the Installation Wizard.
- Create new virtual machines from the updated template. To learn more, see the virtual infrastructure documentation.
Uninstalling the Light Agent for Linux component
You can remove Light Agent for Linux from a virtual machine in one of the following ways:
- Locally from the command line
- Remotely via Kaspersky Security Center (see the Kaspersky Security Center help)
To uninstall Light Agent for Linux from the command line,
execute one of the following commands (depending on the package manager used in the operating system):
# rpm -e lightagent, if Light Agent was installed from an RPM package# dpkg -P lightagent, if Light Agent was installed from a DEB package
The uninstallation procedure is performed automatically. All tasks running on a virtual machine during uninstallation of Light Agent for Linux are stopped.
When Light Agent for Linux is uninstalled, the application prompts you to run a script that deletes from the protected virtual machine the files that were created during operation of the application in the following folders:
- /etc/opt/kaspersky/lightagent/
- /opt/kaspersky/lightagent/
- /var/opt/kaspersky/lightagent/
- /var/log/kaspersky/lightagent/
To delete the files that were created during the application operation using the script:
- Run the script by execute the following command:
# /tmp/cleanup.pl - Confirm deletion of files by entering
yes. If you do not want to delete files and want to stop the script, enterno.
You can also manually delete files that were created during operation of the application.
To manually delete the files that were created during the application operation,
run the following command
rm -rf <path to the folder>
After uninstalling Light Agent for Linux, it is recommended to restart the virtual machine.
Page top
Removing Kaspersky Security Center Network Agent on virtual machines
You can remove Kaspersky Security Center Network Agent from virtual machines and virtual machine templates in one of the following ways:
- From virtual machines with Windows operating systems:
- Locally in interactive mode using Microsoft Windows tools. This method is recommended for removing Network Agent from virtual machine templates.
- Remotely via Kaspersky Security Center using the remote removal task (see the Kaspersky Security Center help).
- From virtual machines with Linux operating systems – using tools of the Linux operating system.
Removing Kaspersky Security management plug-ins and the Integration Server
Removing MMC plug-ins and Integration Server
You can remove the Kaspersky Security MMC plug-ins, Integration Server, and Integration Server Console in one of the following ways:
- In interactive mode using the operating system's standard tools for removing programs. In the list of applications, select Kaspersky Security for Virtualization <version number> Light Agent – management components for removal. The wizard is used to perform removal.
- In silent mode from the command line. In the command line, enter
ksvla-components_5.2.X.X_mlg.exe -q -uninstall, where 5.2.X.X is the application version number.
While removing Integration Server using the wizard, you can save the following data used in the operation of the Integration Server:
- The SSL certificate used to establish a secure connection to the Integration Server.
- Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
- Settings for connecting the Integration Server to hypervisors, virtual infrastructure administration servers, NSX Manager, Kaspersky Security Center Administration Server.
- If the application is used in multitenancy mode: the list of registered tenants and information about the time during which the virtual machines were protected by the application.
- Internal information about the SVM.
- Trace files of the Integration Server and Integration Server Console.
If you want to save the specified data, click the Save button in the window prompting you to save data. The saved data and settings are automatically used when you install the Integration Server again.
The removal finishes with an error if the Integration Server and the Integration Server Console, intended to work with Kaspersky Security 5.1, are detected on the device. To remove the management components of Kaspersky Security 5.2, first remove the management components of Kaspersky Security of the previous version using the standard uninstallation tools of the operating system.
If you upgrade the application to Kaspersky Security for Virtualization 5.2 Light Agent, after removing the Integration Server and the Integration Server Console intended to work with Kaspersky Security 5.2, the folder where the backup copy of the database and settings, and the Integration Server certificate were saved during the upgrade remains on the device. This folder is not automatically deleted when you remove the application. You can delete this folder manually. Administrator rights are required to access this folder. The folder is located by the path specified when updating the Integration Server. The default path is %ProgramData%\Kaspersky Lab\VIISLA_Backup\VIISData(1). The number in the folder name is incremented by 1 each time an update is done.
Removing web plug-ins
Kaspersky Security web plug-ins can be removed in the Web Console in the list of installed plug-ins (Console settings → Web plug-ins).
Page top
Application management concept
You can manage the application and configure its settings in the following ways:
- Through Kaspersky Security Center, the remote centralized management system for Kaspersky applications.
- In the local interface for Light Agent for Windows.
- Using the command line for Light Agent for Linux.
- Using the command line for Light Agent for Windows.
About managing the application using Kaspersky Security Center
Kaspersky Security Center allows remote administration of Kaspersky Security. You can use Kaspersky Security Center to:
- Install the application in the virtual infrastructure
- Start and stop Kaspersky Security application on protected virtual machines
- Perform centralized administration of the application:
- Manage the security of virtual machines
- Manage application tasks
- Manage license keys for the application
- Update databases and application modules
- Generate reports about runtime events
- Delete the application from the virtual infrastructure
You can use the following Kaspersky Security Center management consoles to manage Kaspersky Security using Kaspersky Security Center:
- Kaspersky Security Center Administration Console (hereinafter also referred to as "Administration Console"). It is a Microsoft Management Console (MMC) snap-in that is installed on the administrator's workstation and provides a user interface to the Administration Server and Network Agent administrative services.
- Kaspersky Security Center Web Console (hereinafter also referred to as "Web Console"). It is a web interface for managing a protection system based on Kaspersky applications. You can work with Kaspersky Security Center Web Console using a browser on any device that has access to the Administration Server.
The set of available application functionalities depends on the management console being used.
Since access to Kaspersky Security functionalities in Kaspersky Security Center is provided in full when working in the Administration Console, this document describes how to work with Kaspersky Security using Kaspersky Security Center Administration Console. The features of working with Kaspersky Security using Kaspersky Security Center Web Console are described in the Managing the application using Kaspersky Security Center Web Console section. For more information about Web Console, refer to the Kaspersky Security Center help.
Kaspersky Security is managed through Kaspersky Security Center by means of policies and tasks regardless of the management console being used:
- Policies define the virtual machine protection settings and operation settings of the Light Agents and Protection Server.
- Tasks implement functions such as activating the application, scanning virtual machines, and updating databases and application modules.
You can use policies and tasks to configure identical parameter values of Kaspersky Security for all protected virtual machines or SVMs in an administration group.
For more detailed information about policies and tasks, please refer to the Kaspersky Security Center help.
Kaspersky Security management plug-ins
The following administration plug-ins are used to manage Kaspersky Security application components using Kaspersky Security Center:
- Kaspersky Security for Virtualization 5.2 Light Agent for Windows
- Kaspersky Security for Virtualization 5.2 Light Agent for Linux
- Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server
Kaspersky Security distribution kit includes management plug-ins of the following types:
- Kaspersky Security management MMC plug-ins for MMC-based Administration Console (hereinafter also "MMC plug-ins"). These plug-ins provide interface to manage Kaspersky Security using Kaspersky Security Center Administration Console.
- Kaspersky Security management web plug-ins (hereinafter also "web plug-ins"). These plug-ins provide interface to manage Kaspersky Security using Kaspersky Security Center Web Console.
To use Kaspersky Security Center Administration Console to manage Kaspersky Security, install MMC plug-ins on the device where Kaspersky Security Center Administration Console is installed. Kaspersky Security components installation wizard is used to install MMC plug-ins. The file required to run the wizard can be downloaded from Kaspersky website.
If you also want to use the Web Console to manage Kaspersky Security, install the web plug-ins using the Web Console.
Kaspersky Security management using the web plug-ins is available to all administrators who have access to the Web Console through a browser.
Page top
Available application functionalities depending on the Management console
The set of available Kaspersky Security functionalities depends on the Management console (see the table below).
Kaspersky Security functionalities depending on the Management console
Functionality |
Administration Console |
Web Console |
|---|---|---|
General functionalities |
||
Launching the Integration Server Console and the functionalities available from it |
|
|
|
Connection only with the permissions of the automatically created Integration Server administrator account (admin) |
|
Configuring the settings for connecting Light Agents to SVMs |
|
|
Remotely installing Light Agent for Windows and Light Agent for Linux |
|
creation of installation packages only from an archive that you prepared in advance |
|
Exclusions and trusted applications can be exported and imported of only manually |
|
Configuring Network traffic control |
|
|
Configuring the Application Control rules for the Application Privilege Control component and the application or application group network rules for the Firewall component |
|
|
Configuring database and application modules updates |
|
|
Configuring Kaspersky Security Network usage |
|
|
Configuring SVM status monitoring |
|
|
Updating the list of the protected resources while configuring Application Privilege Control |
|
|
Displaying sections on the Application settings tab in the application properties window |
|
only the System Integrity Monitoring events and System integrity status on the virtual machine sections |
Differentiating access rights to functional scopes of Kaspersky Security application |
|
|
Configuring interaction with Kaspersky Managed Detection and Response |
|
|
Application components |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The rules can be exported and imported of only manually and the rules from the templates can be imported only manually |
|
|
|
|
Tasks |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
About managing the application using the Light Agent for Windows local interface
This section contains information about the main elements of the local interface of the application for Light Agent for Windows.
Application icon in the taskbar notification area
Immediately after Kaspersky Security is started on the protected virtual machine, the application icon appears in the Microsoft Windows taskbar notification area.
The icon serves the following purposes:
- It indicates application activity.
- It acts as a shortcut to the context menu and main window of the application.
The application icon reflects the status of virtual machine protection and shows the operations that the application is currently performing:
- The
icon signifies that all protection components of the application are enabled. - The
icon signifies that important events that require your attention have occurred in the operation of Kaspersky Security. For example, File Anti-Virus is disabled or the databases and application modules are out of date. - The
icon signifies that critical events have occurred in the operation of Kaspersky Security. For example, a function failure of one or more components, or corruption of the application databases or modules.
The context menu of the application icon contains the following items:
- Kaspersky Security for Virtualization 5.2 Light Agent. Opens the Protection and Control tab in the main application window. The Protection and Control tab lets you adjust the operation of application components and tasks, and view the statistics of processed files and detected threats.
- Settings. Opens the Settings tab in the main application window. The Settings tab lets you change the default application settings.
- Pause protection and control / Resume protection and control. Temporarily pauses / resumes the operation of protection and control components. This context menu item does not affect the update task and scan tasks, being only available when the Kaspersky Security Center policy is disabled.
- Disable policy / Enable policy. Disables / enables the Kaspersky Security Center policy. This item is available when Kaspersky Security operates under a Kaspersky Security Center policy, and a password for disabling the policy has been set in the policy settings.
- About. This item opens an information window with application details.
- Exit. This item quits Kaspersky Security. Clicking this context menu item causes the application to be unloaded from the virtual machine RAM.
You can open the context menu of the application icon by resting the pointer on the application icon in the taskbar notification area of Microsoft Windows and right-clicking.
Page top
Main application window
The main application window contains interface elements that provide access to the main functions of the application.
To open the main application window,
do one of the following:
- Move the mouse pointer over the application icon in the taskbar notification area of Microsoft Windows and left-click.
- In the context menu of the application icon, select Kaspersky Security for Virtualization 5.2 Light Agent.
The main application window can be divided into three parts:
- Located in the upper part of the window are interface elements that let you view the following information:
- Application details
- Reputation database statistics
- List of unprocessed objects
- Storage of backup copies of infected files that the application has deleted or modified
- Reports on events that have occurred during operation of the application in general or its separate components, or during the performance of tasks
- The Protection and Control and Settings tabs are located in the center of the window:
- The Protection and Control tab lets you manage the operation of application components and tasks. The Protection and Control tab is displayed when you open the main application window.
- The Settings tab lets you edit the default application settings.
- The following links are located in the lower part of the window:
- Help. Clicking this link takes you to the Kaspersky Security help system.
- Support. Clicking this link opens the Support window, which contains information about the operating system, the current version of the application, information about the connection of the protected virtual machine to an SVM and the Integration Server, and links to Kaspersky information resources.
- License. Clicking this link opens the Licensing window with the details of the current license.
Application settings window
The Kaspersky Security settings window lets you configure general application settings, individual components, reports and storages, scan tasks, and update tasks.
To open the application settings window,
do one of the following:
- In the main application window, select the Settings tab.
- In the context menu of the application icon, select Settings.
The application settings window consists of two parts:
- The left part of the window contains application components, tasks, and other configurable items.
- The right part of the window contains controls that you can use to configure the item that is selected in the left part of the window.
Managing the application using Kaspersky Security Center policies
Administration Console or Web Console can be used to work with policies.
This section describes how to work with policies using the Administration Console. For basic information on working with policies using the Web Console, refer to the Managing policies in Web Console section. For more information about Web Console, refer to the Kaspersky Security Center help.
The following Kaspersky Security Center policies are used to manage Kaspersky Security for Virtualization 5.2 Light Agent settings:
- Protection Server policy. The policy defines the Protection Server settings and is applied on all SVMs belonging to the administration group for which the policy is configured.
After the Kaspersky Security management MMC plug-ins are installed in Kaspersky Security Center, the default Protection Server policy is automatically created. The policy is created for the Managed devices administration group with the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server name. It is applied on all SVMs that are moved to the Managed devices folder or to any nested administration group.
You can change the default values of this policy settings.
- Light Agent for Windows policy. This policy defines the settings of Light Agents installed on protected virtual machines with Windows guest operating systems. The policy is applied on all protected virtual machines belonging to the administration group for which the policy is configured.
- Light Agent for Linux policy. This policy defines the settings of Light Agents installed on protected virtual machines with Linux guest operating systems. The policy is applied on all protected virtual machines belonging to the administration group for which the policy is configured.
You can perform the following policy management operations:
- Create a policy.
- Edit policy settings.
- Delete a policy.
- Change policy status.
The policy settings and groups of settings have the "lock" attribute, which shows whether or not the application blocks changing of a setting or group of settings in the local application settings, task settings, or in policies of the nested hierarchy level (for nested administration groups and virtual and secondary Administration Servers).
In the Light Agent policy for Windows and in the Light Agent policy for Linux, you can create policy profiles. Using policy profiles allows more flexibility in configuring the Light Agent settings on different virtual machines. A policy profile may contain settings that differ from the settings of a basic policy and that are applied to protected virtual machines when your own defined conditions (activation rules) are met.
You can create and configure policy profiles in policy properties for a Light Agent in the Policy profiles section.
For more information about managing policies and policy profiles, please refer to the Kaspersky Security Center help.
Protection Server policy
You can use a Protection Server policy to configure the following application settings:
- Settings for using Kaspersky Security Network (KSN) in application operations.
- Settings for updating application modules when updating application databases.
- Settings for SNMP monitoring of SVM status.
- Settings for connecting SVMs to the Integration Server.
- Settings for connecting Light Agents to SVMs:
- Connection tags for Light Agents.
- Settings for encrypting the connection between Light Agents and SVM.
- SVM advanced settings.
If you want to configure SVM advanced settings, you need to enable their display in the policy.
In the properties of the Protection Server policy, you can enable or disable the use of the Managed Detection and Response functionality in Kaspersky Security operation.
For information about configuring general policy settings and event settings, please refer to the Kaspersky Security Center help.
You can create and modify the Protection Server policy settings using the Administration Console and the Web Console.
Creating Protection Server policy in the Administration Console
To create a Protection Server policy in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose SVMs you want to create a policy.
On the Devices tab of the folder with the name of the administration group, you can view a list of SVMs that belong to this administration group.
- In the workspace, select the Policies tab.
- Click the New policy button to start the New Policy Wizard.
You can also start the wizard using the New → Policy option in the context menu of the policy list.
- At the first step of the wizard, select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server from the list.
Proceed to the next step of the wizard.
- Enter a name for the new policy.
- If you want to migrate the settings from a Protection Server policy of a previous version of Kaspersky Security into the policy being created, select the Use settings from policy for previous application version check box.
You can migrate the settings from a policy that was created in Kaspersky Security for Virtualization 4.0 Light Agent or a later version of the application.
Proceed to the next step of the wizard.
- Decide on whether or not to participate in Kaspersky Security Network (KSN). To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
- If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
- If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
If necessary, you can change your decision regarding KSN participation later.
If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use the Private KSN, it must be enabled and configured in Kaspersky Security Center. The KSN Proxy service and Private KSN can be configured in the properties of the Kaspersky Security Center Administration Server in the KSN proxy server section. See Kaspersky Security Center help for more information.
Proceed to the next step of the wizard.
- If you want to receive application module updates together with the application database update package, select the Update application modules check box.
Proceed to the next step of the wizard.
- If you want to receive SVM status information using a network management system that utilizes the SNMP protocol, enable SNMP monitoring of the status of SVMs.
Proceed to the next step of the wizard.
- If you have enabled the display of advanced settings for the Protection Server policy, configure the SVM advanced settings.
Proceed to the next step of the wizard.
- Verify the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Proceed to the next step of the wizard.
If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the local or domain KLAdmins group or to the group of local administrators, in the Connection to the Integration Server window that opens, specify the Integration Server administrator password (password of the admin account).
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you want to encrypt the connection between Light Agents and SVMs, configure the encryption settings for connections between Light Agents and SVMs.
Proceed to the next step of the wizard.
- If you are using the application under an enterprise license, you can configure connection tags usage settings to connect Light Agents to SVMs.
Proceed to the next step of the wizard.
- Exit the Policy Wizard.
The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.
The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on the SVM, the created policy is not applied on it.
If you selected the Inactive policy option during the previous step of the New Policy Wizard, the newly created policy is not applied on the SVM.
Page top
Editing Protection Server policy settings in the Administration Console
To edit the Protection Server policy settings in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose SVMs you want to edit policy properties.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
You can also open the policy properties window using the Settings item of the policy context menu or by clicking the Configure policy settings link located to the right of the list of policies in the policy settings section.
- Edit the policy settings.
If you want to configure advanced settings of SVM operation, you need to enable the display of advanced Protection Server policy properties in the operating system registry.
The General and Event notification sections of the Settings: <Policy name> window are the standard sections of Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.
- Click OK in the Properties: <Policy name> window.
Light Agent for Windows policy
You can use a Light Agent for Windows policy to configure the following application settings:
- Automatically starting the application on a virtual machine.
- Settings of the following control components:
- General anti-virus protection settings.
- Settings of the following protection components:
- Settings for connecting Light Agents to SVMs and the Integration Server:
- SVM discovery settings for SVMs running in the network, and settings for receiving information about them.
- Settings for connecting Light Agents to the Integration Server. You must configure a connection if you are using the Integration Server to receive information about SVMs running in the network, and if you are using tags for connecting Light Agents to SVMs.
- Using tags for connecting to SVMs.
- Settings for encrypting the connection between Light Agents and SVM.
- Algorithm used by Light Agents when selecting SVMs.
All settings for connecting Light Agents to SVMs and to the Integration Server, except SVM discovery settings, cannot be configured when creating a policy for Light Agent for Windows. You can configure these settings in the policy properties window.
- Other settings of the application:
- Network traffic monitoring settings.
- Application Self-Defense settings.
- Settings for managing local and group tasks (except for the custom scan task) through the local interface.
- Scan mode when the virtual machine is idle.
- Settings for scanning removable drives on the virtual machine.
- Settings for reports and Backup.
- Settings for interaction between the Light Agent local interface and the user.
- Settings for protecting access to application features and settings in the local interface.
- Notification settings in the local interface regarding events occurring during Light Agent operation.
For information about configuring general policy settings and event settings, please refer to the Kaspersky Security Center help.
The user of a protected virtual machine can also configure the settings of the Light Agent for Windows policy in the local interface of the application, if this is not blocked by the policy.
The capability to locally edit an application setting on a protected virtual machine is determined by the "lock" status:
- When a setting is "locked" (
), the user cannot edit the setting locally, and the policy-defined setting is applied to all protected virtual machines within the administration group. - When a setting is "unlocked" (
), the user can edit the setting locally on each protected virtual machine within the administration group.
You can create and modify the Light Agent for Windows policy settings using the Administration Console and using the Web Console.
Creating Light Agent for Windows policy in the Administration Console
To create a Light Agent for Windows policy in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose protected virtual machines you want to create a policy.
On the Devices tab of the folder with the name of the administration group, you can view a list of protected virtual machines that belong to this administration group.
- In the workspace, select the Policies tab.
- Click the New policy button to start the New Policy Wizard.
You can also start the wizard using the New → Policy option in the context menu of the policy list.
- At the first step of the Wizard, select Kaspersky Security for Virtualization 5.2 Light Agent for Windows from the list.
Proceed to the next step of the wizard.
- Enter a name for the new policy.
- If you want to migrate the settings from a Light Agent for Windows policy of a previous version of Kaspersky Security into the policy being created, select the Use settings from policy for previous application version check box.
You can migrate the settings from a policy that was created in Kaspersky Security for Virtualization 4.0 Light Agent or a later version of the application.
Proceed to the next step of the wizard.
- At this step, you can import Light Agent for Windows settings previously saved on a protected virtual machine into the policy you are creating. Settings are imported using a configuration file in CFG format that you can create in the local interface of Light Agent.
To import settings, click the Select button and, in the Please select a configuration file window that opens, select a file with the .cfg extension. The path to the configuration file is shown in the Configuration file field.
You can use a configuration file created only by Kaspersky Security for Virtualization 5.2 Light Agent application version.
You can edit these settings imported from the configuration file at subsequent steps of the Policy Wizard.
Proceed to the next step of the wizard.
- Configure the virtual machine control settings. The Wizard window shows a list of control components.
You can perform the following actions:
- Enable or disable the control component by using the check box to the left of the component name in the list. By default, the Application Startup Control and System Integrity Monitoring components are disabled.
- Configure the settings of each control component. To do so, select the control component in the list and click the Edit button located above the list of control components. In the window that opens, configure the settings of the selected component and click OK.
- Block or allow editing of the settings of each control component through the local interface of Light Agent for Windows. By default, editing of all control settings through the local interface is blocked.
If you want to allow editing of control component settings through the local interface, select this component in the list and click the Open button located above the list of components, or click the lock icon to the left of the component name.
If the editing of component settings via the local interface is blocked, Kaspersky Security uses the policy-configured component operation settings on all protected virtual machines. If editing of component settings through the local interface is allowed, Kaspersky Security uses the local component settings instead of the settings configured in the policy.
Proceed to the next step of the wizard.
- Configure the virtual machine protection settings. The Wizard window shows a list of protection components.
You can perform the following actions:
- Enable or disable automatic startup of the application on a virtual machine and configure the general anti-virus protection settings. To do so, select General protection settings in the list and click the Edit button located above the list of protection components. In the window that opens, configure the settings and click OK.
- Enable or disable the protection component by using the check box to the left of the component name in the list. All protection components are enabled by default.
- Configure the settings of each protection component. To do so, select the protection component in the list and click the Edit button located above the list of protection components. In the window that opens, configure the settings of the selected component and click OK.
- Block or allow the editing of settings of each protection component via the local interface of Light Agent for Windows. By default, editing of all protection settings through the local interface is blocked.
If you want to allow editing of protection component settings through the local interface, select this component in the list and click the Open button located above the list of components, or click the lock icon to the left of the component name.
If the editing of component settings via the local interface is blocked, Kaspersky Security uses the policy-configured component operation settings on all protected virtual machines. If editing of component settings through the local interface is allowed, Kaspersky Security uses the local component settings instead of the settings configured in the policy.
Proceed to the next step of the wizard.
- Configure SVM discovery settings for Light Agents:
- If you want to use the Integration Server, check the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
If the device hosting Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the local or domain KLAdmins group or to the group of local administrators, when proceeding to the next step of the wizard specify the Integration Server administrator password (password of the admin account) in the window that opens.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you want to use a list of SVM addresses, use the Add button to enter one or several addresses.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server, check the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
- If required, configure the trusted zone for the Light Agent for Windows component. The Exclusions list contains the names of applications or names of application vendors that you can include in the trusted zone or exclude from it. Use the check boxes in the list to specify the applications or application vendors to be included in the trusted zone.
If the check box is selected, files, folders, and processes recommended for these applications are included in the trusted zone, and the executable files of these applications are automatically added to the list of trusted applications.
Proceed to the next step of the wizard.
- If necessary, configure the settings for interaction between a user and the local interface of Light Agent, and the settings of notifications about events that occur during Light Agent operation.
To ensure that Kaspersky Security can operate on a virtual machine that uses Windows Terminal Services technology, you must clear the Start the local application interface check box.
If you use Light Agent in a virtual desktop infrastructure (VDI) with Microsoft Windows desktop operating system, you are advised to clear the Start the local application interface check box to improve virtual infrastructure performance.
Proceed to the next step of the wizard.
- If required, configure the settings for protecting access to Light Agent functions and settings. To do this, perform the following actions:
- Select the Enable password protection check box.
- Specify the name and password of the user account that is allowed to access application settings in the local interface of Light Agent.
- Click the Settings button and, in the opened window, select the Light Agent operations that will be protected with a password.
Proceed to the next step of the wizard.
- Exit the Policy Wizard.
The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If you chose the Inactive policy option during the previous step of the New Policy Wizard, the created policy is not applied on the protected virtual machines.
Editing Light Agent for Windows policy settings in the Administration Console
To edit Light Agent for Windows policy settings in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose protected virtual machines you want to edit policy properties.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
You can also open the policy properties window using the Settings item of the policy context menu or by clicking the Configure policy settings link located to the right of the list of policies in the policy settings section.
- Edit the policy settings.
The General and Event notification sections of the Settings: <Policy name> window are the standard sections of Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.
- Click OK in the Properties: <Policy name> window.
Light Agent for Linux policy
You can use a Light Agent for Linux policy to configure the following application settings:
- General anti-virus protection settings: the list of objects to detect and the trusted zone.
- File Anti-Virus component settings.
- Settings for connecting Light Agents to SVMs and the Integration Server:
- SVM discovery settings for SVMs running in the network, and settings for receiving information about them.
- Settings for connecting Light Agents to the Integration Server. You must configure a connection if you are using the Integration Server to receive information about SVMs running in the network, and if you are using tags for connecting Light Agents to SVMs.
- Using tags for connecting to SVMs.
- Settings for encrypting the connection between Light Agents and SVM.
- Algorithm used by Light Agents when selecting SVMs.
None of the settings for connecting Light Agents to SVMs and to the Integration Server can be configured when creating a policy for Light Agent for Linux, except SVM discovery settings. You can configure these settings in the policy properties window.
- Backup settings.
For information about configuring general policy settings and event settings, please refer to the Kaspersky Security Center help.
You can create and modify the Light Agent for Linux policy settings using the Administration Console and using the Web Console.
Creating Light Agent for Linux policy in the Administration Console
To create a Light Agent for Linux policy in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose protected virtual machines you want to create a policy.
On the Devices tab of the folder with the name of the administration group, you can view a list of protected virtual machines that belong to this administration group.
- In the workspace, select the Policies tab.
- Click the New policy button to start the New Policy Wizard.
You can also start the wizard using the New → Policy option in the context menu of the policy list.
- At the first step of the Wizard, select Kaspersky Security for Virtualization 5.2 Light Agent for Linux from the list.
Proceed to the next step of the Policy Wizard.
- Enter a name for the new policy.
- If you want to migrate the settings from a Light Agent for Linux policy of a previous version of Kaspersky Security into the policy being created, select the Use settings from policy for previous application version check box.
You can migrate the settings from a policy that was created in Kaspersky Security for Virtualization 4.0 Light Agent or a later version of the application.
Proceed to the next step of the wizard.
- At this step, you can import Light Agent for Linux settings previously saved on a protected virtual machine into the policy you are creating. Settings are imported using a configuration file in CFG format that you can create by using commands from the command line of Light Agent for Linux.
To import settings, click the Select button and, in the Please select a configuration file window that opens, select a file with the .cfg extension. The path to the configuration file is shown in the Configuration file field.
You can use a configuration file created only by Kaspersky Security for Virtualization 5.2 Light Agent application version.
You can edit these settings imported from the configuration file at subsequent steps of the Policy Wizard.
Proceed to the next step of the Policy Wizard.
- Configure the virtual machine protection settings. You can perform the following actions:
- Configure the general protection settings: select the types of objects that must be detected by Kaspersky Security, and configure the trusted zone.
- Enable or disable the File Anti-Virus by using the check box to the left of the component name in the list. By default, the File Anti-Virus is enabled.
- Configure the File Anti-Virus settings. To do so, select the File Anti-Virus in the list and click the Edit button located above the list. In the window that opens, configure the File Anti-Virus settings and click OK.
Proceed to the next step of the Policy Wizard.
- Configure the SVM discovery settings for Light Agents:
- If you want to use the Integration Server, check the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
If the device hosting Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the local or domain KLAdmins group or to the group of local administrators, when proceeding to the next step of the wizard specify the Integration Server administrator password (password of the admin account) in the window that opens.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you want to use a list of SVM addresses, use the Add button to enter one or several addresses.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server, check the address and port used for connecting SVMs to the Integration Server. The fields show the default port (7271) and the domain name of the device on which the Kaspersky Security Center Administration Console is installed. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
- Exit the Policy Wizard.
The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If you chose the Inactive policy option during the previous step of the New Policy Wizard, the created policy is not applied on the protected virtual machines.
Editing Light Agent for Linux policy settings in the Administration Console
To edit Light Agent for Linux policy settings in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group for whose protected virtual machines you want to edit policy properties.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
You can also open the policy properties window using the Settings item of the policy context menu or by clicking the Configure policy settings link located to the right of the list of policies in the policy settings section.
- Edit the policy settings.
The General and Event notification sections of the Settings: <Policy name> window are the standard sections of Kaspersky Security Center. For descriptions of the standard sections, please refer to the Kaspersky Security Center help.
- Click OK in the Properties: <Policy name> window.
Managing the application using tasks
You can manage the operation of Kaspersky Security for Virtualization 5.2 Light Agent by using tasks centrally through Kaspersky Security Center or locally on protected virtual machines (through the local interface of Light Agent for Windows or by using the command line for Light Agent for Linux).
If a Kaspersky Security Center policy is applied on a virtual machine, management of local tasks through the local interface of Light Agent for Windows and from the command line is disabled by default.
You can enable management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
Manage tasks via Kaspersky Security Center
Administration Console or Web Console can be used to work with tasks in Kaspersky Security Center. Using the Web Console, you can manage all tasks, except for the Change application components task, which is executed on protected virtual machines with the Light Agent for Windows component installed. Use the Administration Console to manage the Change application components task.
This section describes how to work with tasks in Kaspersky Security Center using the Administration Console. For basic information about managing tasks in Kaspersky Security Center using the Web Console, refer to the Managing tasks in Web Console section. For more information about Web Console, refer to the Kaspersky Security Center help.
You can use the following tasks to manage Kaspersky Security using Kaspersky Security Center:
- Tasks running on the SVM:
- Application activation. Kaspersky Security Center adds a license key to SVMs to activate the application or renew the license.
- Database update. The Protection Server component automatically downloads application database update packages and installs them on SVMs.
- Application module update on an SVM. The Protection Server component installs application module updates on SVMs.
- Database update rollback. The Protection Server component rolls back the last application database update on SVMs.
- Tasks running on protected virtual machines with the Light Agent for Windows component installed:
- Inventory. Kaspersky Security searches for information about all application executable files on protected virtual machines. Getting information about applications installed on protected virtual machines can be useful, for example, for creating optimal application startup control rules.
- Virus scan. Kaspersky Security performs a virus scan of the areas of the protected virtual machine that are specified in the task settings.
- Change application components. Kaspersky Security installs or removes Light Agent functional components on protected virtual machines.
The Change application components task cannot be managed in the Web Console. Use the Administration Console to manage the task.
- Baseline update. Kaspersky Security creates or updates a previously created baseline that is used when running a System Integrity Check.
- System Integrity check. Kaspersky Security compares the current state of the system on selected virtual machines with the previously created baseline system state to detect possibly modifications in the selected objects being monitored.
- System integrity status reset. Kaspersky Security cancels the Critical and Warning statuses received from the System Integrity Monitoring component for virtual machines.
- Virus scan task that runs on protected virtual machines with the Light Agent for Linux component installed. Kaspersky Security performs a virus scan of the areas of the protected virtual machine that are specified in the task settings.
You can use the tasks of the following types to manage Kaspersky Security using Kaspersky Security Center:
- Group task – a task that is performed on the client devices of the selected administration group. In relation to Kaspersky Security, group tasks are performed on SVMs or protected virtual machines that belong to administration groups.
- Task for sets of devices – a task for one or several SVMs or protected virtual machines included or not included in administration groups.
You can perform the following task management operations in Kaspersky Security Center:
Kaspersky Security sends information about all events occurring during performance of tasks to the Administration Server of Kaspersky Security Center.
For more information about managing tasks, see Kaspersky Security Center help.
Page top
Manage tasks via Light Agent for Windows local interface
In addition to the tasks that can be configured through Kaspersky Security Center for managing Kaspersky Security for Virtualization 5.2 Light Agent, you can also use tasks that can be configured through the local interface of Light Agent for Windows on a protected virtual machine, provided that the display of local tasks and their management are not prohibited by the Light Agent for Windows policy.
You can use the following tasks to manage the application via the local interface of Light Agent for Windows:
- Full Scan. Kaspersky Security thoroughly scans the operating system of the protected virtual machine, including kernel memory, running processes and startup objects, boot sectors, backup storage of the operating system, and all hard drives and removable drives.
- Custom Scan. Kaspersky Security scans user-specified objects on the protected virtual machine.
- Critical Areas Scan. Kaspersky Security scans the protected virtual machine’s kernel memory, running processes and startup objects, boot sectors and objects vulnerable to rootkit infection.
- Update. Light Agent downloads an application module and database update package from the SVM and installs the updates on a protected virtual machine.
- Baseline update. Kaspersky Security creates or updates a previously created baseline that is used when running a System Integrity Check.
- System Integrity check. Kaspersky Security compares the current state of the system on a protected virtual machine with the previously created baseline system state snapshot to detect possibly modifications in the selected objects being monitored.
You can perform the following actions with tasks in the local interface:
Information about scan results and about all events that occurred during the performance of tasks is written to Kaspersky Security reports.
Page top
Managing Light Agent for Linux tasks from the command line
Tasks of the following types are available for managing Light Agent for Linux from the command line:
- Full Scan. Kaspersky Security performs a thorough scan of the protected virtual machine’s operating system, including system memory, startup objects, boot sectors, and all hard drives, removable drives and network drives.
- Custom Scan. Kaspersky Security scans user-specified objects on the protected virtual machine.
- Update. Light Agent downloads an application module and database update package from the SVM and installs the updates on a protected virtual machine.
You can perform the following task management operations:
- Edit task settings
- Start and stop tasks
- View the results of the task execution
Creating tasks
In Kaspersky Security Center, you can create tasks that allow you to centrally manage the Kaspersky Security application. There is no need to create tasks that allow you to manage the application locally on protected virtual machines; such tasks are created automatically. You can configure the local tasks settings in the Light Agent for Windows local interface and using the command line.
To create a task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for SVMs or virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To create a task for one or more SVMs or virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the wizard, select the Kaspersky Security management MMC plug-in for which you want to create a task and the type of task.
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting SVMs or virtual machines for which you are creating the task. You can select SVMs or virtual machines from the list of devices detected by the Administration Server, manually specify the addresses of SVMs or virtual machines, import the list of SVMs or virtual machines from a file, or specify a previously configured selection of devices (for details, refer to the Kaspersky Security Center help). Depending on the specified method of selecting SVMs or virtual machines, perform one of the following operations in the window that opens:
- In the list of detected devices, specify SVMs or virtual machines for which you want to create the task. To do so, select the check boxes in the list, on the left of the device names.
- Click the Add or Add IP range button and specify the addresses of SVMs or virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs or virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing SVMs or virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- Configure the available task settings following the instructions of the New Task Wizard.
If you want the task to start as soon as the wizard finishes, at the last step of the wizard, select the Run task when the wizard is complete check box.
- Finish the wizard.
Modifying task settings
Modifying the task settings in the Kaspersky Security Center Administration Console
To modify the task settings in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To modify the settings of a task created for SVMs or virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To modify the settings of a task created for one or more SVMs or virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required task and double-click it to open the Settings: <Task name> window.
You can also open the task properties window using the Settings item of the task context menu.
- Modify the task settings.
- Click the Apply button or the OK button in the Settings: <Task name> window to save the changes.
Modifying the task settings in the Light Agent for Windows local interface
To modify the task settings in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the section with the name of the relevant task.
The right part of the window displays the settings of the selected task.
If some tasks are absent from the section, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
- Configure the task settings.
- To save changes, click the Save button.
Starting and stopping tasks
Starting and stopping tasks in the Kaspersky Security Center Administration Console
In Kaspersky Security Center, you can start or stop the task at any time irrespective of the selected task run mode.
To start or stop a task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To start or stop a task created for SVMs or virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To start or stop a task created for one or more SVMs or virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required task, open the context menu of the task, and select the action you want to perform.
For the Virus scan task, the Pause and Resume actions are available in addition to starting and stopping. On the virtual machines with Light Agent for Windows installed, automatic pause of the task execution at the specified time is also available.
Starting and stopping tasks in the Light Agent for Windows local interface
In the local interface, you can start or stop a task at any time irrespective of the selected task run mode if the display of local tasks and management of those tasks is not blocked by the Light Agent for Windows policy.
The Virus scan task can be started or stopped in Kaspersky Security Center.
To start or stop a task in the local interface:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage tasks section.
If some tasks are absent from the section, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
- Select the task you want to start or stop, open the task context menu and select the desired action.
If you have started a task, the task progress status that is displayed on the right of the name of the task changes to Running.
If you have stopped a task, the task progress status changes to Stopped.
You can configure the task to be automatically paused at a specified time.
You can also run a custom scan of any file by selecting Scan for viruses in the Windows context menu.
Page top
Configuring automatic pausing of scan tasks
Automatic pausing of the Virus scan task can be configured only on virtual machines with Light Agent for Windows installed.
Configuring automatic pausing of the Virus Scan task in Kaspersky Security Center Administration Console
You can configure the Virus scan task to be automatically paused at a specified time.
To configure automatic pausing of the Virus scan task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Additional tab, in the Pause operation section, select the By schedule check box and click the Schedule button.
- In the Pause operation window that opens, in the Pause task at and Resume task at fields, specify the time (in HH:MM format) of the beginning and end of the period during which the Virus scan task will be paused.
- Click OK in the Pause operation window.
- Click OK in the Virus scan window.
- To save changes, click the Apply button.
Configuring automatic pausing of scan tasks in the Light Agent for Windows local interface
For scan tasks, you can configure a task to be automatically paused at the specified time.
To configure automatic pausing of a scan task in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
- In the right part of the window, in the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In the opened window, on the Additional tab, in the Pause operation section, select the By schedule check box and click the Schedule button.
The window opens.
- In the Pause operation window that opens, in the Pause task at and Resume task at fields, specify the time (in HH:MM format) of the beginning and end of the period during which the scan task will be paused.
- Click OK in the Pause operation window.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Viewing information on the progress and results of task execution
Viewing information on the progress and results of task execution in the Administration Console
You can view information on the progress and results of tasks in the Administration Console of Kaspersky Security Center in one of the following ways:
- In the Task results window. The window can be opened using the Results item in the task context menu.
- In the list of events that Kaspersky Security sends to the Kaspersky Security Center Administration Server. You can view the lists of events on the Events tab in the workspace of the Administration Server <Server name> node. Information on the Events tab is displayed as a set of event selections. Each selection includes only the events of a certain type. The list displays events from the selection that is currently specified in the Event selections drop-down list. To display a list of the selection events, use the Run selection button. To refresh the list, use the Refresh link.
Viewing information on the progress and results of task execution in Light Agent for Windows local interface
The task execution progress is displayed in the field next to the name of the task, in the Manage tasks section on the Protection and Control tab of the main application window.
Information about scan results and about all events that occurred during the performance of tasks is written to Kaspersky Security reports.
Page top
Managing the application using Kaspersky Security Center Web Console
If you want to interact with Kaspersky Security Center Administration Server by means of web interface, you can use Kaspersky Security Center Web Console. Web Console is a web application for managing a protection system based on Kaspersky applications.
For detailed information about Kaspersky Security Center Web Console, refer to the Kaspersky Security Center help.
Starting and closing Kaspersky Security Center Web Console
To start Web Console, you need to know the web address of the Administration Server and the port number specified during Web Console installation (port 8080 is used by default). JavaScript must be enabled in the browser as well.
To start the Web Console:
- In the browser, go to
<Administration Server web address>:<port number>.The login page opens.
- Enter the name and password of your account.
- Click the Enter button.
If the Administration Server does not respond or if you specified incorrect credentials, an error message will be displayed.
After you logged in, a dashboard is displayed with the last used language and theme.
For more information about the Web Console interface, refer to the Kaspersky Security Center help.
To close the Web Console:
- In the lower left corner of the screen, hover the mouse over the name of the account used to launch the Web Console.
A context menu opens.
- In the context menu, select Exit.
The Web Console closes and the login page displays.
Page top
Managing policies in Web Console
The following Kaspersky Security Center policies are used to manage Kaspersky Security settings by means of the Web Console:
- Protection Server policy. The policy defines the Protection Server settings and is applied on all SVMs belonging to the administration group for which the policy is configured.
- Light Agent for Windows policy. This policy defines the settings of Light Agents installed on protected virtual machines with Windows guest operating systems.
- Light Agent for Linux policy. This policy defines the settings of Light Agents installed on protected virtual machines with Linux guest operating systems.
Creating and modifying Protection Server policy in Web Console
To create a Protection Server policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for SVMs belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server.
Proceed to the next step of the wizard.
- Decide on whether or not to participate in Kaspersky Security Network (KSN). To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
- If you accept all the terms of the Statement and want the application to use KSN, select the I have read, understand, and accept the terms of this Kaspersky Security Network Statement option.
- If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
If necessary, you can change your decision regarding KSN participation later.
If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use the Private KSN, it must be enabled and configured in Kaspersky Security Center. The KSN proxy server service and Private KSN can be configured in the properties of the Kaspersky Security Center Administration Server in the KSN proxy server settings section. See Kaspersky Security Center help for more information.
Proceed to the next step of the wizard.
- Verify the address and port specified for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, the Verify Integration Server certificate group of settings opens. By clicking the View the received certificate link, you can open a window with information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
Proceed to the next step of the wizard.
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on the SVM, the created policy is not applied on it.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the SVMs.
To modify the Protection Server policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for SVMs belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
If you want to configure additional settings of SVM operation, you need to enable the display of advanced Protection Server policy properties in the operating system registry.
- To save changes, click the Save button.
Creating and modifying Light Agent for Windows policy in Web Console
To create a Light Agent for Windows policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent for Windows.
Proceed to the next step of the wizard.
- Configure SVM discovery settings for Light Agents:
- If you want to use the Integration Server:
- Select the Use Integration Server option.
- In the window that opens verify the address and port used for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, click the View the received certificate link to view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
- If you want to use the list of SVM addresses:
- Select the Use a custom list of SVM addresses option.
- Enter one or more addresses using the Add button.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server:
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the virtual machines.
To modify the Light Agent for Windows policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for protected virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
- To save changes, click the Save button.
Creating and modifying Light Agent for Linux policy in Web Console
To create a Light Agent for Linux policy in the Web Console:
- Start the Web Console.
- If you want to create a policy for virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Click the Add button.
The New Policy Wizard starts.
- At the first step of the wizard, in the list of applications select Kaspersky Security for Virtualization 5.2 Light Agent for Linux.
Proceed to the next step of the wizard.
- Configure SVM discovery settings for Light Agents:
- If you want to use the Integration Server:
- Select the Use Integration Server option.
- In the window that opens verify the address and port used for connecting SVMs to the Integration Server. You can change the port and specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
Click the Next button.
The New Policy Wizard checks the SSL certificate received from the Integration Server. If the certificate contains errors or is not trusted, click the View the received certificate link to view information about the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, select the Ignore option.
- In the window that opens, specify the Integration Server administrator password (password for the admin account) and click the Validate button.
- If you want to use the list of SVM addresses:
- Select the Use a custom list of SVM addresses option.
- Enter one or more addresses using the Add button.
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
Proceed to the next step of the wizard.
- If you want to use the Integration Server:
- On the General tab, specify the name of the new policy, define its status and configure inheritance settings. For details, please refer to the Kaspersky Security Center help.
- If required, modify the default policy settings on the Application settings tab.
- Click Save to complete the policy creation.
The created policy will be displayed in the list of policies on the Policies and policy profiles tab.
The policy will be applied to protected virtual machines after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security. Kaspersky Security starts protecting virtual machines according to the policy settings.
If Network Agent is not running on a protected virtual machine, the created policy is not applied on this protected virtual machine.
If on the General tab you specified the Inactive policy status, the created policy is not applied to the virtual machines.
To modify the Light Agent for Linux policy in the Web Console:
- Start the Web Console.
- If you want to modify the policy settings for protected virtual machines belonging to a specific administration group, select the name of this group in the tree, in the section with the Administration Server name.
- In the Devices section, select Policies and policy profiles.
A list of policies opens.
- Open the properties of the required policy using the link in the policy name.
- Modify the policy settings on the Application settings tab.
- To save changes, click the Save button.
Managing tasks in Web Console
You can use the following tasks to manage Kaspersky Security using the Web Console:
- Tasks running on the SVM:
- Tasks running on protected virtual machines with the Light Agent for Windows component installed:
- Virus scan task that runs on protected virtual machines with the Light Agent for Linux component installed.
Creating tasks in Web Console
To create a task in the Web Console:
- Start the Web Console.
- In the Devices section select Tasks.
A list of tasks opens.
- Click the Add button.
The New Task Wizard starts.
- At the first step of the Wizard:
- In the Application drop-down list, select the Kaspersky Security web plug-in for which you want to create a task.
- In the Task type drop-down list, select the type of task you want to create.
- In the Task name field, enter the name for the new task.
- Select how to define the task scope.
A task scope is a set of SVMs or virtual machines on which a task will run.
- Select the Assign task to an administration group option to execute the task on all SVMs or virtual machines belonging to the specified administration group.
- Select the Specify device addresses manually or import from list option to execute the task on the specified SVMs or virtual machines.
- Select the Assign task to selected devices option to execute the task on the SVMs or virtual machines included in the selection of devices according to a predefined criterion. For details on creating a selection of devices, please refer to the Kaspersky Security Center help.
Proceed to the next step of the New Task Wizard.
- Depending on the selected method to define the task scope, do one of the following:
- In the administration group tree, select the check boxes next to the required administration groups.
- In the list of devices, select the check boxes next to the required SVMs or virtual machines. If the required SVMs or virtual machines are not listed, you can add them in the following ways:
- Using the Add devices button. You can add devices by names or IP addresses, add devices from the specified IP address range, or select devices from the list of devices detected by the Administration Server when polling the organization’s local network.
- Using the Import devices from file button. Addresses are imported from a TXT file with a list of addresses of SVMs, with each address in a separate row.
If you import a list of SVMs from file or specify the addresses manually and the SVMs are identified by name, the list of SVMs for which the task is being created can be supplemented only with those SVMs whose details have already been included in the Administration Server database upon connection of SVMs or following a poll of the local area network.
- In the list, select the name of the selection that contains the required SVMs or virtual machines.
Proceed to the next step of the New Task Wizard.
- Configure the available task settings following the instructions of the wizard. The available options depend on the type of task being created.
- If you want to configure the schedule and other task settings that are not available in the New Task Wizard, select the Open task properties window after creation check box at the last step of the wizard.
- Click the Finish button to exit the Wizard.
Modifying task settings in Web Console
To modify the task settings in the Web Console:
- Start the Web Console.
- If you want to modify settings of a task created for SVMs or virtual machines belonging to a specific administration group, select the name of this group in the Group tree section.
- In the Devices section select Tasks.
A list of tasks opens.
- In the list of tasks, select the required task and open the task properties window by clicking the link in the task name.
- Configure the task settings:
- On the General tab, you can edit the task name.
- On the Application settings tab, you can configure specific task settings. The set of configurable options depends on the type of task.
- On the Schedule tab, you can configure the task launch schedule and advanced settings for starting and stopping the task.
The General, Results, Settings, Schedule and Revision history tabs of the task properties window are standard for Kaspersky Security Center; for more details refer to Kaspersky Security Center help.
- To save changes, click the Save button.
Starting and stopping tasks in Web Console
To start or stop a task in the Web Console:
- Start the Web Console.
- In the Devices section select Tasks.
A list of tasks opens.
- In the list of tasks, select the check box to the left of the task that you want to start or stop.
- Do one of the following:
- If you want to start the task, click the Run button.
- If you want to stop the task, click the Stop button.
For the Virus scan task, the Pause and Resume actions are available in addition to starting and stopping. On the virtual machines with Light Agent for Windows installed, automatic pause of the task execution at the specified time is also available.
Page top
Configuring automatic pausing of the Virus scan task in Web Console
Automatic pausing of the Virus scan task can be configured only on virtual machines with Light Agent for Windows installed.
To configure automatic pausing of the Virus scan task in the Web Console:
- Start the Web Console.
- In the Devices section select Tasks.
A list of tasks opens.
- In the list of tasks, select the virus scan task for which you want to configure automatic pausing and open the task properties window by clicking the link in the task name.
- On the Application settings tab in the Security level section click the Settings button.
The Virus scan window opens.
- On the Additional tab, in the Pause operation section, select the By schedule check box and click the Schedule button.
The Pause operation window opens.
- In the Pause task at and Resume task at fields, specify the time of the beginning and the end of the period during which the Virus scan task will be paused, and click OK.
- Click OK in the Virus scan window.
- To save changes, click the Save button.
Viewing information on the progress and results of task execution
You can view information on the progress and results of task execution in the Web Console in one of the following ways:
- In the Status column in the task list (Devices → Tasks).
- In the Task status window. To open the window, select the check box next to the name of the required task in the list (Devices → Tasks) and click the Execution result button.
- On the Results tab of the task properties window. The task properties window opens by clicking the link in the task name. You can also open the Results tab by clicking the View results button in the Task status window.
About access rights to the settings of policies and tasks in Kaspersky Security Center
The rights to access the settings of policies and tasks (read, write, and execute) are defined for each user who has access to the Kaspersky Security Center Administration Server. In the Kaspersky Security Center Administration Console, you can grant user accounts the rights to perform certain actions within the functional scopes of Kaspersky Security.
When using the Web Console to manage Kaspersky Security by means of Kaspersky Security Center, it is not possible to differentiate access rights to functional scopes of Kaspersky Security. User permissions to perform actions with Kaspersky Security policies and tasks that were configured in the Administration Console are not taken into account in the Web Console.
One functional scope is allocated for the Protection Server component: Basic functionality. This functional scope includes the following settings and functions:
- Settings for connecting SVMs to the Integration Server.
- Settings for connecting Light Agents to SVMs.
- SNMP monitoring settings.
- KSN usage settings.
- SVM advanced settings.
- Application activation task.
- Application database update task and latest application database update rollback task.
- SVM application module update task.
The following functional scopes are allocated for the Light Agent for Windows component:
- Protection components. This functional scope includes the following settings and functions:
- Enabling and disabling of File Anti-Virus for Windows.
- File Anti-Virus for Windows settings:
- File security level.
- The action that is performed by the application on detection of an infected file.
- File Anti-Virus protection scope.
- Settings for scanning compound files, optimization, and the scan mode.
- Automatically pausing File Anti-Virus.
- Use of heuristic analysis and iSwift scan technology.
- Enabling and disabling AMSI Protection.
- The scan settings of the compound files when the objects are scanned in response to AMSI requests.
- Enabling and disabling Mail Anti-Virus.
- Mail Anti-Virus settings:
- Mail security level.
- Action taken by the application when it detects an infected email message.
- Mail Anti-Virus protection scope.
- Settings for scanning compound files attached to messages, and attachment filtering by type.
- Use of heuristic analysis and the Mail Anti-Virus extension for Microsoft Office Outlook.
- Enabling and disabling Web Anti-Virus.
- Web Anti-Virus settings:
- Web traffic security level.
- Action taken by the application when it detects a malicious object in web traffic.
- Enabling and disabling scanning of URLs against databases of phishing and malicious web addresses.
- Use of heuristic analysis and the duration of web traffic caching by Web Anti-Virus.
- List of trusted web addresses.
- Virus scan task for Light Agent for Windows.
- Basic functionality. This functional scope includes the following settings and functions:
- Settings for connecting Light Agents to SVMs.
- Network traffic monitoring settings.
- List of domains excluded from secure connections scan.
- Settings for reports and Backup.
- Application Self-Defense settings.
- Light Agent for Windows local interface settings.
- Password-protecting access to application settings in a local interface.
- Settings for managing tasks from the local interface.
- Settings for scanning removable drives when they are connected.
- Settings for automatic startup of the application.
- Advanced Disinfection settings.
- Change application components task.
- Settings for interaction with Kaspersky Managed Detection and Response.
- Application Control. This functional scope includes the following settings and functions:
- Enabling and disabling Application Startup Control.
- Application Startup Control settings:
- The action taken by Kaspersky Security when it detects an attempt to start an application that is not allowed by an Application Startup Control rule.
- Configuring and using application categories and application startup control rules.
- Startup control of executable modules and drivers.
- Configuring Application Startup Control message templates.
- Enabling and disabling Application Privilege Control.
- Application Privilege Control settings:
- Configuring and using Application Control rules.
- Protecting operating system resources.
- Inventory task and getting information about applications that are installed on protected virtual machines.
- Device Control. This functional scope includes the following settings and functions:
- Enabling and disabling Device Control.
- Device Control settings:
- Devices access rules.
- Connection bus access rule.
- Configuring Device Control messages templates.
- Web Control. This functional scope includes the following settings and functions:
- Enabling and disabling Web Control.
- Web Control settings:
- Configuring and using web resource access rules.
- Configuring Web Control messages templates.
- Intrusion Prevention. This functional scope includes the following settings and functions:
- Enabling or disabling Firewall.
- Configuring and using network packet rules and application network rules.
- Enabling and disabling Network Attack Blocker.
- The settings used in blocking an attacking device.
- List of IP addresses excluded from blocking in case a network attack is detected.
- Virtual machine proactive protection.
- Protecting shared folders against external encryption.
- Rollback of malware actions.
- System Integrity Monitoring. This functional scope includes the following settings and functions:
- Enabling or disabling the System Integrity Monitoring.
- The System Integrity Monitoring scope and the System Integrity Check scope.
- Baseline update task.
- System Integrity Check task.
- The System Integrity Monitoring component logs.
- Trusted zone. This functional scope includes the following settings and functions:
- List of objects and applications excluded from scans.
- Enabling and disabling the use of exclusions.
- List of trusted applications.
The following functional scopes are allocated for the Light Agent for Linux component:
- Protection components. This functional scope includes the following settings and functions:
- Enabling and disabling of File Anti-Virus for Linux.
- File Anti-Virus for Linux settings:
- File security level.
- The action that is performed by the application on detection of an infected file.
- File Anti-Virus protection scope.
- Settings for scanning compound files and the scan mode.
- Use of heuristic analysis and iChecker scan technology.
- Virus scan task for Light Agent for Linux.
- Basic functionality. This functional scope includes the following settings and functions:
- Settings for connecting Light Agents to SVMs.
- Backup settings.
- Trusted zone. This functional scope includes the following settings and functions:
- List of objects and applications excluded from scans.
- Enabling and disabling the use of exclusions.
The following actions are available to the user regardless of the rights of the user account within the functional scopes of Kaspersky Security:
- Viewing the settings of policies.
- Creating a policy.
When creating a policy, the user can configure only settings related to the functional scopes for which the user account has modification rights.
To perform the following actions with policies and tasks, the user account must have permissions within the functional scopes of Kaspersky Security:
- Reconfiguration of a previously saved policy requires read and modification rights within the functional scopes of those settings.
- Modifying the status of a policy (active/inactive) and removing the policy requires read and modification rights within the functional scopes of the policy settings closed with a "lock". If a policy has settings that are closed with a "lock" (in other words, for these settings it is prohibited to change a parameter in the child policies and in the local interface of the application), and the user does not have read and modification rights within the functional scopes of these settings, it is impossible to delete or modify the status of the policy. If a policy does not have settings for which it is prohibited to modify a parameter in child policies or in the local interface of the application, the user can delete or modify the status of the policy regardless of the account's rights within the functional scopes of the application.
- Creation, removal, and configuration of the settings of tasks require read and modification rights within the functional scope of the task.
- Viewing task settings requires read permissions within the functional scope of the task.
- Execution rights within the functional scope of a task are required to run the task.
Access rights to functional scopes of Kaspersky Security are configured in the properties window of the Kaspersky Security Center Administration Server in the Security section.
By default, the Security section is not displayed in the Administration Server properties window. To enable display of the Security section, select the Display security settings sections check box in the Configure interface window (View → Configure interface menu) and restart Kaspersky Security Center Administration Console.
For more details on access rights to Kaspersky Security Center objects, please refer to the Kaspersky Security Center help.
Page top
About Integration Server Console
The Integration Server Console contains the following sections:
Integration Server settings section.
In this section, you can view information about the Integration Server.
Integration Server accounts section.
In this section, you can change the passwords of accounts that are used to connect to the Integration Server.
List of connected SVMs section.
In this section, you can view information about SVMs that are connected to the Integration Server.
SVM Management section.
This section opens by default after the Integration Server Console is started. In this section, you can run the SVM Management Wizard that lets you perform the following actions:
- Deploy SVMs with the Protection Server component in the virtual infrastructure.
- Reconfigure SVMs.
- Remove SVMs.
Infrastructure connection settings section.
In this section you can perform the following actions:
- View the Integration Server connection status to the virtual infrastructure.
- Change the Integration Server connection settings to the virtual infrastructure.
- If Kaspersky Security is installed in VMware infrastructure, configure VMware NSX Manager usage in the application operation.
- Remove the virtual infrastructure from the list of infrastructures to which the Integration Server connects.
List of tenants section
If you use the application in multitenancy mode, in this section you can view a list of all tenants registered in the Integration Server database.
Kaspersky Security Center connection settings section
If you use the application in multitenancy mode and the tenant protection infrastructure is deployed using the Integration Server REST API, in this section you can configure connection settings required for the Integration Server REST API to interact with the Kaspersky Security Center Administration Server.
Page top
Licensing of the application
This section contains information about basic concepts related to Kaspersky Security licensing.
About the End-User License Agreement
The End User License Agreement is a binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.
Kaspersky Security for Virtualization 5.2 Light Agent and Kaspersky Security Center Network Agent for Linux that is used in the application operation, have their own End User License Agreements.
You can read the terms of the End User License Agreement for Kaspersky Security and the Privacy Policy, that describes processing and transmission of data, in the following ways:
- During installation of Kaspersky Security.
- By reading the license.txt document included in the application distribution kit.
- After the application installation.
Read through the terms of Kaspersky Security End User License Agreement carefully before you start using the application.
You accept the terms of the End User License Agreement when you confirm your consent to the End User License Agreement during installation of the application. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application.
After Kaspersky Security is installed, the files with the text of Kaspersky Security End User License Agreement and the Privacy Policy are located at the following paths:
- On the device where Kaspersky Security management MMC plug-ins, Integration Server, and Integration Server Console are installed:
%ProgramFiles(x86)%\Kaspersky Lab\KSV\Kaspersky Security for Virtualization <version number> Light Agent\EULA\license_<language ID>.txt
where:
- <version number> refers to the number of the installed version of Kaspersky Security.
- <language ID> – ID of the localization language of installed Kaspersky Security components.
- On the device where Web Console is installed, in the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server web plug-in installation folder:
- <Kaspersky Security Center Web Console installation folder>\server\plugins\SVM_<version>\assets\eula\<language identifier>\license.txt – for the devices with Windows operating systems.
- <Kaspersky Security Center Web Console installation folder>/server/plugins/SVM_<version>/assets/eula/<language identifier>\license.txt – for the devices with Linux operating systems.
where:
- <version> refers to the number of the installed Kaspersky Security version in X_X_X_X format.
- <language ID> – ID of the localization language of installed Kaspersky Security components.
- On a virtual machine where Light Agent for Windows is installed:
<Light Agent installation folder>\resources\<language ID>\eula\license.txt
where:
- <Light Agent installation folder> is one of the following folders, depending on the operating system:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization <version> Light Agent\ – for 64-bit operating systems.
- %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization <version> Light Agent\ – for 32-bit operating systems.
- <language ID> – ID of the localization language of installed Kaspersky Security components.
- <Light Agent installation folder> is one of the following folders, depending on the operating system:
- On a virtual machine where Light Agent for Linux is installed:
/opt/kaspersky/ksvla-agent/share/doc/license.<language ID>
where <language ID> is the identifier of the End User License Agreement localization language.
- On a deployed SVM:
/opt/kaspersky/ksvla/share/doc/license.<language ID>
where <language ID> is the identifier of the End User License Agreement localization language.
You can read the terms of the End User License Agreement for Network Agent for Linux after installing the application. The files with the text of the End User License Agreement for Network Agent for Linux are located at the following paths:
- On a virtual machine where Light Agent for Linux is installed:
- /opt/kaspersky/klnagent64/share/license/license_<language ID>.txt – for 64-bit operating systems.
- /opt/kaspersky/klnagent/share/license/license_<language ID>.txt – for 32-bit operating systems.
where <language ID> is the identifier of the End-User License Agreement localization language.
- On a deployed SVM:
/opt/kaspersky/klnagent64/share/license/license_<language ID>.txt
where <language ID> is the identifier of the End-User License Agreement localization language.
About data provision
By accepting the terms of the End User License Agreement for Kaspersky Security, you agree to automatically send to Kaspersky the following information:
- When updating Kaspersky Security databases and modules:
- ID of Kaspersky Security
- ID of the active license
- Unique ID of the Kaspersky Security installation
- Unique ID of the update task start
- Full version of Kaspersky Security
- When following links from the Kaspersky Security interface:
- Kaspersky Security application type
- Kaspersky Security version
- Kaspersky Security interface language
- ID of the web page being accessed
- Hash of the detected threat, and the name of this threat according to the Kaspersky classification
- If an activation code is being applied to activate Kaspersky Security:
- ID, version and localization of Kaspersky Security, and IDs of compatible applications
- SVM ID and unique ID of the Kaspersky Security installation
- Activation code and time when the application was activated
- Type, version, and bit rate of the operating system, and the name of the virtual environment in which Kaspersky Security is installed
- Information about packaging of regularly transmitted confirmations of the license key status
Information is transmitted periodically for the purpose of verifying that the application is being used appropriately.
You also agree to transmit the following information:
- Type, version, and localization of Kaspersky Security
- Depending on type of the virtual infrastructure: type and version of hypervisor, on which the SVM is deployed, or type and version of Keystone microservice API that manages the OpenStack project, within which the SVM is deployed, as well as type, version, and rate of the operating system on the protected virtual machine, and approximate number of virtual machines, on which this operating system is installed
- Universal unique identifier of the SVM
- License edition, license order number, and licensing scheme type
- Number of licensing units for which the key can be used and the number of licensing units for which the key is already in use
Kaspersky may use this information to generate statistical information about the distribution and use of Kaspersky software.
By using an activation code, you agree to automatically send to Kaspersky the data listed above. If you do not agree to send this information, you must use a key file to activate Kaspersky Security.
The received information is protected by Kaspersky in accordance with the requirements established by the law and the current Kaspersky rules. Data is transmitted via encrypted communication channels.
For more detailed information about processing, storage, and destruction of information obtained during the use of the application and transmitted to Kaspersky, please refer to the Privacy Policy on Kaspersky website.
Page top
About the license
A license is a time-limited right to use the application as granted under the terms of the concluded End User License Agreement.
The available functionality and application usage period depend on the type of license under which the application is being used.
The following types of licenses are available:
- Trial – a free license for users to get to know the application.
Trial licenses have a short validity period. On expiry of a trial license, all the functions of Kaspersky Security become unavailable. To continue using the application, you need to purchase a commercial license.
You can use the application under a trial license only for one trial usage period.
- Commercial — a paid license.
When the commercial license expires, the application continues to work in limited functionality mode. Kaspersky Security stops updating application databases, using Kaspersky Security Network, and scanning objects upon requests from the third-party applications (AMSI Protection). You can still protect and scan virtual machines, but only using application databases that were installed before the license expiration date. To continue using Kaspersky Security in fully functional mode, you must renew your commercial license.
It is recommended to extend the validity period of the license before its expiration date to ensure maximum protection.
Application functionality that is available under a license depends on the license type. The following types of licenses are available for Kaspersky Security application:
- Standard license (Kaspersky Hybrid Cloud Security Standard).
- Enterprise license (Kaspersky Hybrid Cloud Security Enterprise).
Same type of the license should be used to activate the application on all SVMs connected to one Integration Server.
The following application functionalities are available only if you are using the application under an enterprise license:
- System Integrity Monitoring component.
- Application Startup Control component installed on a virtual machine with a server operating system.
- Extended SVM selection capabilities: use of tags for connecting Light Agents to SVMs, and configuration of the algorithm for selecting which SVM to connect to.
Please note that the application functionalities provided under an enterprise license are available for the Light Agent only if the Light Agent is connected to an SVM on which the key for the enterprise license is added.
Kaspersky Security application offers the following licensing schemes:
- Licensing by number of virtual machines protected using the application. This licensing scheme employs server or desktop keys (depending on the operating system type of the protected virtual machines). Under the licensing restrictions, the application is used to protect a certain number of virtual machines, on which the Light Agent component is installed.
For Kaspersky Security for Virtualization 5.2 Light Agent, you can also use the universal key intended for Kaspersky Endpoint Security for Business. This key lets you protect a certain number of virtual machines regardless of the operating system installed on them.
The Universal key for the Kaspersky Endpoint Security for Business application is available not in all regions. Contact Kaspersky partner that sold you a license for information about the capability to use this key.
- Licensing by number of cores used in the physical processors on the hypervisors on which protected virtual machines are running. The licensing scheme employs keys with restrictions on the number of processor cores. Under the licensing restrictions, the application is used to protect all virtual machines with the Light Agent component that can run on the hypervisors, which use a certain number of cores in their physical processors.
- Licensing by the number of processors used on the hypervisors on which protected virtual machines are running. This licensing scheme uses keys with a restriction on the number of processors. Under the licensing restriction, the application is used to protect all virtual machines with the Light Agent component that run on hypervisors using a certain number of processors.
About the License Certificate
The License Certificate is a document provided together with the key file or activation code.
If you use the application under subscription, no license certificate is issued.
The License Certificate contains the following license information:
- Information about the license user
- Information about the application that can be activated by the license
- Restrictions on the number of license units (for example, devices on which the application can be used under the license)
- License start date
- License expiration date or validity period
- License type
About license key
A license key (hereinafter also referred to as simply "key") is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement. A key is generated by Kaspersky.
You can add a license key to the application in one of the following ways: apply a key file or enter an activation code. After you add a key to the application, the license key is displayed in the application interface as a unique alphanumeric sequence.
After adding keys, you can replace them with other keys.
Kaspersky can black-list a key over violations of the End-User License Agreement. If the license key has been blocked, you need to add another one if you want to use the application.
Kaspersky Security uses the following types of license keys:
- Server key – Application key that is used to protect virtual machines running server operating systems.
- Desktop key – Application key that is used to protect virtual machines running desktop operating systems.
- Key with a limitation on the number of processor cores – an application key for protecting virtual machines regardless of the operating system installed on them. Under the licensing restrictions, the application is used to protect all virtual machines that run on the hypervisors, which use a certain number of kernels in their physical processors.
- Key with a limitation on the number of processors – an application key for protecting virtual machines regardless of the operating system installed on them. Under the licensing restriction, the application is used to protect all virtual machines running on hypervisors that use a certain number of processors.
For Kaspersky Security, you can also use the universal license key intended for Kaspersky Endpoint Security for Business. This key lets you protect a certain number of virtual machines regardless of the operating system installed on them.
The Universal key for the Kaspersky Endpoint Security for Business application is available not in all regions. Contact Kaspersky partner that sold you a license for information about the capability to use this key.
A license key may be active or kept as a backup.
An active key is a key currently in use to run the application. A trial license key, commercial license key (commercial key), or subscription key can be added as the active key. No more than one active key of each type can be added on one SVM. If an SVM is used in a virtual infrastructure for the protection of virtual machines running server operating systems and desktop operating systems, you need to add two keys to the SVM: a server key and a desktop key.
A reserve key is a key that confirms the right to use the application, but is not currently in use. The reserve key automatically becomes active when the license associated with the current active key expires.
A reserve key can be added only if the active key of the same type is available. The active key and the reserve key must match the same license type and license edition.
A trial license key or a subscription key can be added only as the active key. A trial license key or a subscription key cannot be added as a reserve key. A trial license key cannot replace the active commercial key.
Page top
About the activation code
An activation code is a unique sequence of twenty Latin letters and numerals. You have to enter an activation code in order to add a license key that activates Kaspersky Security. You receive the activation code at the email address that you provided when you bought Kaspersky Security or ordered the trial version of Kaspersky Security.
To activate the application with an activation code, Internet access must be available to connect to Kaspersky activation servers.
If you have lost your activation code after activating the application, please contact the Kaspersky partner from whom you purchased the license.
Page top
About the key file
A key file is a file with the .key extension that you receive from Kaspersky. Key files are designed to activate the application by adding a key.
You receive a key file at the email address that you provided when you bought Kaspersky Security or ordered the trial version of Kaspersky Security.
You do not need to connect to Kaspersky activation servers in order to activate the application with a key file.
You can restore a key file if it has been accidentally deleted. To restore the key file, contact Kaspersky partner that sold you a license.
Page top
About subscription
A subscription for Kaspersky Security is a purchase order for the application with specific parameters (subscription expiration date, number of devices protected). You can order a subscription for Kaspersky Security from your service provider (such as your ISP). You can renew your subscription or opt out of it.
Subscription can be limited (for one year, for example) or unlimited (without an expiration date). To continue using Kaspersky Security after a limited subscription expires, you must renew it. Unlimited subscription is renewed automatically if the vendor's services have been prepaid on time.
If your subscription is paused, you may be offered a subscription renewal grace period during which the application retains its functionality. The vendor decides whether or not to grant a grace period and, if so, determines the duration of the grace period.
If your subscription has not been renewed by the end of the grace period, Kaspersky Security retains its functionality but stops updating the application databases and stops using the Kaspersky Security Network.
To use Kaspersky Security under subscription, you have to apply the activation code received from the vendor. After the activation code is applied, a subscription key is added to the application – the active key corresponding to the subscription license for the application. Information about this key is displayed in the Kaspersky Security Center interface.
SVMs on which the application is used under subscription send events to Kaspersky Security Center when subscription status changes or the subscription parameters are modified by the vendor. If the subscription has expired, the SVM status in Kaspersky Security Center changes to Critical.
If you want to cancel your subscription but continue to use the application under a commercial license, you can add a commercial key as a reserve key in advance. This key is applied automatically as the active key when your limited subscription ends or when you cancel your unlimited subscription. To cancel your subscription, contact the vendor that sold you Kaspersky Security.
A subscription key can be added only as the active key. A subscription key cannot be added as a reserve key.
Activation codes purchased under subscription may not be used to activate previous versions of Kaspersky Security.
Page top
About application activation
Application Activation is the procedure to activate the license and receive the right to use the fully-functional version of the application during the course of the license term.
The application must be activated on an SVM with the current system date and time. If the system date and time are changed after activation of the application, the key becomes void. The application switches to a mode of operation without database updates, and Kaspersky Security Network is unavailable. In this case, you need to redeploy the SVM and activate the application on the SVM.
To activate the application, a key must be added to all SVMs.
The application activation task is used to add a key to SVM. The activation task allows you to add a key that is stored in Kaspersky Security Center key storage of to the SVM. You can add a key to Kaspersky Security Center key storage while creating an activation task, or in advance.
You can add a key to the Kaspersky Security Center key storage in one of the following ways:
- Using the key file
- Using the activation code
After the application has been activated on SVMs, the Protection Server component relays license info to the Light Agent component that is installed on the protected virtual machines. If the key status changes, the SVM sends the relevant information to Light Agent.
Information about the license under which the application has been activated can be viewed on the protected virtual machine:
- For Light Agent for Windows – in the local interface of Light Agent for Windows in the Licensing window.
- For Light Agent for Linux – using the license command.
Information about keys added to the SVM can be viewed in the Kaspersky Security Center Administration Console or in the Web Console.
If license info is not relayed to the protected virtual machine hosting the Light Agent for Windows component, Light Agent for Windows runs in limited functionality mode:
- Only the File Anti-Virus and Firewall components of Light Agent are available.
- Only the Full Scan, Custom Scan, and Critical Areas Scan tasks are performed.
- Databases and application modules required for the operation of Light Agent are updated only once.
If license info is not relayed to the protected virtual machine hosting the Light Agent for Linux component, Light Agent for Linux runs in limited functionality mode: application databases required for the operation of Light Agent are updated only once.
If your infrastructure includes several instances of Kaspersky Security administered by several Kaspersky Security Center Administration Servers that are not combined into one hierarchy, you can activate different instances of Kaspersky Security by adding the same key. A key previously added to an SVM administered by a single Kaspersky Security Center Administration Server can be added to an SVM administered by a different Kaspersky Security Center Administration Server if the validity period of the license linked to the key has not expired.
When license restrictions are checked, the total number of licensing units on which the key is used on all Kaspersky Security Center Administration Servers is taken into account.
To use a previously added key without violating licensing restrictions:
- Remove SVMs on which the application has been activated using this key on the same Kaspersky Security Center Administration Server.
- Create and run an application activation task on a different Kaspersky Security Center Administration Server. A key added to the Kaspersky Security Center key storage can be exported in advance from one Kaspersky Security Center Administration Server to another Administration Server (see the Kaspersky Security Center help for details).
Conditions for activating the application using the activation code
To be able to add a key to the Kaspersky Security Center key storage and activate the application using an activation code, you need a connection to Kaspersky activation servers. The Key Storage Wizard sends data to Kaspersky activation servers to validate the activation code that was entered. The activation proxy service establishes a connection to the activation servers. If the activation proxy service is disabled, the key cannot be added to the storage by using an activation code. If Internet access is provided via a proxy server, the proxy server settings must be configured in the properties of the Kaspersky Security Center Administration Server.
For more detailed information about the activation proxy service and proxy server settings, please refer to the Kaspersky Security Center help.
Page top
Important considerations when adding keys
When adding keys, you should take the following into consideration:
- Simultaneous use of multiple license keys of the same type on an SVM is not supported. If you add a key to the SVM that already has a key of the same type, the new key will replace the previously added key.
- If you are using a licensing model based on the number of protected virtual machines, the type of the key that you use to activate the application must match the guest operating system type of the virtual machines:
- For the protection of virtual machines running server operating systems, you need to add a server key to SVMs.
- For the protection of virtual machines running desktop operating systems, you need to add a desktop key to SVMs.
- For the protection of virtual machines running server operating systems and desktop operating systems, you need to add two keys to SVMs: a server key and a desktop key.
If you are using a licensing scheme based on the number of processor cores or based on the number of processors, you need one key (with a limitation on the number of processor cores or with a limitation on the number of processors), irrespective of the operating system installed on the virtual machines.
To protect virtual machines with Linux guest operating systems, you may use only server keys, keys with a limitation on the number of processor cores, and keys with a limitation on the number of processors.
- Simultaneous use of keys corresponding to different licensing schemes on SVMs is not supported. After activation of the application, if you add a key that corresponds to a different licensing scheme, the previously added key is removed from the SVM. For example, if you add a key with a limitation on the number of processor cores, and a desktop key and/or server key was previously added to the SVM, the active and (if available) the reserve desktop and/or server keys are deleted when the task is completed. They are replaced by the key with a limitation on the number of processor cores, which is added as an active key.
On an SVM, only keys corresponding to the same licensing scheme can be simultaneously used, for example, a desktop and a server key (a licensing scheme based on the number of virtual machines).
A key that was removed from one SVM can be added to another SVM if the term of the license bound to the key has not expired.
- Simultaneous use of commercial keys and subscription keys on an SVM is not supported.
For example, if you add a commercial key on an SVM with a previously added subscription key, the subscription key is removed from the SVM. The commercial key is added in its place.
- Simultaneous usage of keys corresponding to different types of licenses (standard license/enterprise license) on the same SVM is not supported.
For example, if you add a key that corresponds to an enterprise license but the application was previously used with a standard license, all active and (if available) reserve keys that correspond to the standard license are removed from the SVM. A key that corresponds to an enterprise license is added instead of them.
Application activation procedure
To activate the application:
- Create an application activation task for the SVMs on which you want to activate the application in the Administration Console or in the Web Console.
When the application activation task is created, a key from the Kaspersky Security Center key storage is used. You can add a key to the Kaspersky Security Center key storage in advance or while creating an application activation task.
- Start the application activation task in the Administration Console or in the Web Console and make sure that the task has completed successfully.
If you add an active key, the task activates the application on those SVMs on which an active key was missing. On SVMs on which the application has already been activated, the task replaces the old key with the new one.
If both a server key and a desktop key have been added on an SVM, the application usage period is the longer of the following two periods: the period of application use with the server key or the period of application use with the desktop key.
If the number of licensing units for which the key is being used exceeds the number specified in the License Certificate, Kaspersky Security sends an event to the Kaspersky Security Center Administration Server with information about the violation of the license restrictions (please refer to the Kaspersky Security Center help).
Adding a key to the key storage of Kaspersky Security Center
To add a key to Kaspersky Security Center key storage in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Kaspersky licenses folder.
- In the workspace, click the Add activation code or key file button.
The Key Storage Wizard starts.
- In the Select application activation method window of the Wizard, select the method used to add the key to storage:
- If you want to add the key using an activation code, click the Activate application with activation code button.
- To add the key using a key file, click the Activate application with key file button.
- At the next step in the wizard, depending on your selected add key method:
- Enter the activation code.
- Specify the path to the key file. To do so, click the Browse button and select the file (with the KEY extension) in the opened window.
Proceed to the next step of the wizard.
- Finish the Key Storage Wizard.
The newly added key will be displayed in the key storage in the Kaspersky licenses folder.
To add a key to Kaspersky Security Center key storage in the Web Console:
- Start the Web Console.
- In the Operations section, select Licensing → Kaspersky licenses.
The Kaspersky Security Center key storage opens.
- Click the Add button.
- In the window that opens, select the method for adding the key to the storage:
- Enter activation code to add the key using an activation code.
- Add key file to add the key using a key file.
- At the next step in the wizard, depending on your selected add key method:
- Enter the activation code and click the Submit button.
- Click the Select key file button and in the window that opens, select the file with the key extension.
- Click Close.
The added key will appear in the key storage.
You can use keys added to Kaspersky Security Center key storage when creating application activation tasks on SVM using the Administration Console or using the Web Console.
Page top
Creating an application activation task in Administration Console
To create an application activation task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- To create an application activation task for all SVMs of the selected administration group, start the New Task Wizard in the following way:
- In the Managed devices folder in the console tree, select the folder with the name of the required administration group.
- In the workspace, select the Tasks tab and click the New task button.
- To create an application activation task for one or several SVMs, start the New Task Wizard in one of the following ways:
- In the console tree, select the Tasks folder and click the New task button in the workspace.
- In the console tree, select the Kaspersky licenses folder and click the Distribute the license key to managed devices button in the workspace.
- Follow the New Task Wizard instructions.
Selecting an application and task type
If you started the New Task Wizard from the Managed devices folder or from the Tasks folder, at this step specify the application for which the task is being created and select the task type. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server list, select Application activation.
If you started the New Task Wizard from the Kaspersky licenses folder, at this step specify the application for which the task is being created: Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server.
Proceed to the next step of the New Task Wizard.
Page top
Adding a license key
At this step, choose a key from the Kaspersky Security Center key storage. To do so, click the Add button. The Kaspersky Security Center key storage window opens.
If you added a key to Kaspersky Security Center key storage in advance, select the key and click OK.
If the relevant key is not in the key storage, add it.
To add a key to Kaspersky Security Center key storage:
- Click the Add button located in the lower part of the Kaspersky Security Center key storage window. This starts the Key Storage Wizard that adds a key to the key storage of Kaspersky Security Center.
- Follow the instructions of the Wizard to add a key to key storage.
- Finish the Key Storage Wizard.
After the wizard finishes, select the added key in the Kaspersky Security Center key storage window and click OK.
To use the selected key as a reserve key, select the Use the license key as a reserve key check box.
The check box is not available when adding a key for a trial license or a subscription key. A trial license key or a subscription key cannot be added as a reserve key.
After you select a key, the following information is displayed in the lower part of the window:
- License key – a unique alphanumeric sequence.
- License type – trial, commercial, or commercial (subscription).
- License term – the number of days remaining for using the application activated by adding this key. For example, 365 days. This field is not displayed if you are using the application under a subscription.
- Grace period – the number of days after subscription suspension during which the application retains its functionality. The field is displayed if you are using the application under subscription and the service provider with which you registered your subscription offers a grace period for renewing your subscription. If you are using the application under unlimited subscription, the field value is Unavailable.
- Expires on – the date and time when your right to use the application activated with the current key expires. If you are using the application under unlimited subscription, the field value is Unlimited.
- Restriction – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- Functionality – the list of application components and features whose availability depends on the type of the license associated with the selected key.
The application components and features that are available when using the application under the license corresponding to the selected key are marked with the
icon in the list. The application components and features that are not available when using the application under the license corresponding to the selected key are marked with the
icon in the list.
Proceed to the next step of the New Task Wizard.
Page top
Selecting the SVM
This step is available if you started the New Task Wizard from the Tasks folder or from the Kaspersky licenses folder.
Specify the method of selection of the SVMs for which you are creating the task:
- To select SVMs from the list of virtual machines detected by the Administration Server when polling the organization local network, click the Select network devices detected by Administration Server button.
- To specify SVM addresses manually or import a list of SVMs from a file, click the Specify device addresses manually or import from list button. Addresses are imported from a TXT file with a list of addresses of SVMs, with each address in a separate row.
If you import a list of SVMs from file or specify the addresses manually and the SVMs are identified by name, the list of SVMs for which the task is being created can be supplemented only with those SVMs whose details have already been included in the Administration Server database upon connection of SVMs or following a poll of the local area network.
- To create a task for an SVM selection according to predefined criteria, click the Assign task to selected devices button. For details on creating a selection of devices, please refer to the Kaspersky Security Center help.
- To create a task for all SVMs included in an administration group, click the Assign task to an administration group button.
Depending on the specified method of SVM selection, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the SVMs on which you want to activate the application. To do so, select the check boxes in the list on the left of the names of relevant SVMs.
- Click the Add or Add IP range button and enter the addresses of SVMs manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs.
- Click the Browse button and in the opened window specify the name of the selection containing SVMs on which you want to activate the application.
- Click the Browse button and select an administration group or manually enter the name of an administration group.
Proceed to the next step of the New Task Wizard.
Page top
Scheduling the task
At this step, configure the application activation task run mode:
- Scheduled start. Choose the task run mode in the drop-down list. The settings displayed in the window depend on the task run mode chosen.
- Run skipped tasks. If you want the application to start missed tasks immediately after the SVM appears on the network, select this check box.
If this check box is cleared, in Manually mode, the task is started only on SVMs that are visible on the network.
- Use automatically randomized delay for task starts. By default, the time of task start on SVMs is randomized with the scope of a certain time period. This period is calculated automatically depending on the number of SVMs covered by the task:
- 0–200 SVMs – task start is not randomized
- 200–500 SVMs – task start is randomized within the scope of 5 minutes
- 500–1000 SVMs – task start is randomized within the scope of 10 minutes
- 1000–2000 SVMs – task start is randomized within the scope of 15 minutes
- 2000–5000 SVMs – task start is randomized within the scope of 20 minutes
- 5000–10000 SVMs – task start is randomized within the scope of 30 minutes
- 10000–20000 SVMs – task start is randomized within the scope of 1 hour
- 20000–50000 SVMs – task start is randomized within the scope of 2 hours
- over 50000 SVMs – task start is randomized within the scope of 3 hours
If you do not need to randomize the time of task start within the scope of an automatically calculated time period, clear the Use automatically randomized delay for task starts check box. This check box is set by default.
- Randomize the task run with interval (min). If you want to start the task at a given time within a specified period after manual launch, select this check box. In the corresponding text box, specify the maximum task run delay time. In this case, after manual start, the task is started at a random time within the specified period. This check box can be changed if the Use automatically randomized delay for task starts check box is cleared.
Proceed to the next step of the New Task Wizard.
Page top
Specifying the task name
At this step, enter the task name in the Name field.
Proceed to the next step of the New Task Wizard.
Page top
Finishing task creation
If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete check box.
Finish the wizard. The created application activation task is displayed in the list of tasks for the selected administration group on the Tasks tab or in the Tasks folder.
If you have configured a schedule for starting the task in the Task start schedule settings window, the task is started according to this schedule. You can also manually start the application activation task at any time.
Page top
Creating an application activation task in Web Console
To create an application activation task in the Web Console:
- Start the Web Console.
- In the Devices section select Tasks.
A list of tasks opens.
- Click the Add button.
The New Task Wizard starts.
- Follow the New Task Wizard instructions.
Defining the type, name and scope of the task
At this step of the Wizard:
- In the Application drop-down list, select the web plug-in name – Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server.
- In the Task type drop-down list, select Application activation.
- In the Task name field, enter the name for the new task.
- Select the task scope:
- Select the Assign task to an administration group option to execute the task on all SVMs belonging to the specified administration group.
- Select the Specify device addresses manually or import from list option to execute the task on the specified SVMs.
- Select the Assign task to selected devices option to execute the task on the SVMs included in the selection of devices according to a predefined criterion. For details on creating a selection of devices, please refer to the Kaspersky Security Center help.
Proceed to the next step of the New Task Wizard.
- Depending on the selected task scope, do one of the following:
- In the administration group tree, select the checkboxes next to the required administration groups.
- In the list of devices, select the check boxes next to the required SVMs. If the required SVMs are not listed, you can add them in the following ways:
- Using the Add devices button. You can add devices by names or IP addresses, add devices from the specified IP address range, or select devices from the list of devices detected by the Administration Server when polling the organization’s local network.
- Using the Import devices from file button. Addresses are imported from a TXT file with a list of addresses of SVMs, with each address in a separate row.
If you import a list of SVMs from file or specify the addresses manually and the SVMs are identified by name, the list of SVMs for which the task is being created can be supplemented only with those SVMs whose details have already been included in the Administration Server database upon connection of SVMs or following a poll of the local area network.
- Select the name of the selection containing the required SVMs from the list.
Proceed to the next step of the New Task Wizard.
Page top
Adding a license key
At this step, choose a key from the Kaspersky Security Center key storage. To do so, click the Select key button. The Kaspersky Security Center key storage window opens.
If you added a key to Kaspersky Security Center key storage in advance, select the key and click OK.
If the relevant key is not in the key storage, add it.
To add a key to Kaspersky Security Center key storage:
- Click the Add a new key to the storage button located under the list of keys.
- In the window that opens, select the method for adding the key to the storage:
- Using key file to add the key using a key file.
- Using activation code to add the key using an activation code.
- Depending on the selected method for adding a key, do one of the following:
- Click the Select key file button and in the window that opens, select the file with the key extension.
- Enter the activation code and click the Add button.
- Click OK.
The added key will appear in the key storage. Select it in the list and click OK.
To use the selected key as a reserve key, select the Use the license key as a reserve key check box.
The check box is not available when adding a key for a trial license or a subscription key. A trial license key or a subscription key cannot be added as a reserve key.
After you select the key, the following information is displayed in the wizard window:
- License key – a unique alphanumeric sequence.
- License type – trial, commercial, or commercial (subscription).
- License term – the number of days remaining for using the application activated by adding this key. For example, 365 days. This field is not displayed if you are using the application under a subscription.
- Grace period – the number of days after subscription suspension during which the application retains its functionality. The field is displayed if you are using the application under subscription and the service provider with which you registered your subscription offers a grace period for renewing your subscription. If you are using the application under unlimited subscription, the field value is
Unavailable. - Expires on – the date and time when your right to use the application activated with the current key expires. If you are using the application under unlimited subscription, the field value is
Unlimited. - Restriction – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- Functionality – the list of application components and features whose availability depends on the type of the license associated with the selected key.
The application components and features that are available when using the application under the license corresponding to the selected key are marked with the
icon in the list. The application components and features that are not available when using the application under the license corresponding to the selected key are marked with the
icon in the list.
Proceed to the next step of the New Task Wizard.
Page top
Finishing task creation
If you want to configure the launch schedule for the activation task, select the Open task properties window after creation check box.
Click the Finish button to exit the Wizard. The created application activation task appears in the list of tasks.
Page top
Renewing a license
When your license is about to expire, you can renew it by adding a reserve key. This prevents the impairment of application functionality after the current license expires and before you activate the application under a new license.
The type of reserve key must match the type of the previously added active key.
If you use a licensing scheme that is based on the number of protected virtual machines, the type of the reserve key must match the type of the guest operating system of the virtual machines: the reserve server key is intended for the virtual machines with server operating systems; the reserve desktop key is intended for virtual machines with desktop operating systems.
If an SVM is used in a virtual infrastructure to protect virtual machines with both server and desktop operating systems, it is recommended to add a corresponding reserve key for each type of operating system.
If you use a licensing scheme based on the number of processors or processor cores, you need one reserve key with a limitation on the number of processors or processor cores, regardless of the operating system type installed on the virtual machines.
The reserve key must match the same type of the license as the active key (standard license/enterprise license).
The application activation task is used to add a reserve key on an SVM.
You can create an application activation task to add a reserve key in the Administration Console or in the Web Console. At the Add a license key step of the New Task Wizard, select the Use the license key as a reserve key check box.
The task adds the reserve key on those SVMs on which the active key has already been added. The reserve key is automatically used as the active key after the Kaspersky Security license expires.
If you use an activation code for application activations, at the expiry of the license the application automatically connects to Kaspersky activation servers in order to replace the active key that has expired. If the automatic connection of the application to Kaspersky activation servers ends with an error, you have to manually start the application activation task in order to renew the license to use Kaspersky Security.
The application activation task finishes with an error and the reserve key is not added when one of the following conditions is met:
- There is no active key on the SVM.
- The type of the reserve key being added does not match the type of the previously added active key.
If an SVM has an active key and a reserve key and you choose to replace the active key, Kaspersky Security checks the expiration date of the reserve key. If the reserve key expires before the previously renewed license term, Kaspersky Security automatically removes the reserve key. In this case, you can add a different reserve key after adding the active key.
Page top
Renewing subscription
When you use the application under subscription, Kaspersky Security contacts Kaspersky activation servers at specific intervals until your subscription expires.
If you use the application under unlimited subscription, Kaspersky Security checks Kaspersky activation servers for a renewed key in background mode and, if it is available, adds it by replacing the previous key. In this way, unlimited subscription for Kaspersky Security is renewed without user involvement.
When your subscription expires, Kaspersky Security sends the relevant information to the Administration Server of Kaspersky Security Center and stops attempting to renew the subscription automatically. Kaspersky Security stops updating the application databases and stops using the Kaspersky Security Network.
You can renew your subscription by contacting the vendor that sold you Kaspersky Security.
After renewing subscription, you have to restart the application activation task that you created to activate the application under subscription.
Page top
Viewing information about the license keys used in Kaspersky Security Center
In Kaspersky Security Center, you can view information about used keys:
- In the key storage that is displayed in the Kaspersky licenses folder in the Administration Console and in the Operations → Licensing → Kaspersky licenses section in the Web Console.
- In the properties of the application installed on the SVM.
- In the application activation task properties.
- In the key usage report.
Viewing information about a license key in Kaspersky Security Center key storage
Key storage in the Administration Console
To view information about a license key in Kaspersky Security Center key storage using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the console tree, select the Kaspersky licenses folder.
The workspace shows a list of license keys added to the Kaspersky Security Center key storage. The list is displayed as a table, in the columns of which you can view information about the keys.
- If you want to view more detailed information about a key, select it from the list.
On the right of the license key list, the following details on the selected key appear:
- Unique alphanumeric sequence.
- Application – name of the application covered by the license associated with the key, and information about this license.
- Type – trial, commercial, or subscription.
- License term (days) – the number of days remaining for using the application activated by adding this key. For example, 365 days.
- License key expiration date – key expiration date. You can activate the application by adding this key and use this application only before this expiration date. If you are using the application under unlimited subscription, the field value is <Unlimited>.
- License expiration date – the date when your right to use the application activated with the current key expires. If the key was added on several SVMs at different times, this field shows the date for the SVM on which the application expires sooner than on other SVMs. If you are using the application under unlimited subscription, the field value is <Unlimited>.
- Maximum number of devices – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- Devices with active key – depends on the key type:
- For a server or desktop key – the number of protected virtual machines on which the key is used as the active key.
- For a key with a limitation on the number of processor cores and for a key with a limitation on the number of processors, this is the number of SVMs on which the key has been added as an active key.
- Devices with reserve key – the number of SVMs on which the key has been added as a reserve key. If you are using the application under a subscription, the field value is Unavailable or 0.
If you have selected a subscription key in the list, the following information may also be displayed to the right of the list:
- Type of validity period restriction – if the application is being used under an unlimited subscription, Unlimited is displayed in the field. If the subscription is limited, the field is not displayed.
- Grace period – if the subscription has a "Grace period activated" status, the field shows the number of remaining days during which the application will continue to perform all of its functions. If the subscription has any other status, the field shows 0.
- Subscription provider's web address – web address of the service provider with whom the subscription is registered.
- Subscription status – current status of your subscription (active, paused, expired, canceled, grace period activated).
If both a server key and a desktop key have been added on an SVM, details of these keys and the following information about the combination of the server key and desktop key are displayed in the Kaspersky licenses folder:
- Unique alphanumeric sequence – a combination of a server key and a desktop key. You can use the combination of a server key and desktop key to search for information about the SVM on which these keys have been added (for more details, please refer to the Kaspersky Security Center help).
- License term (days) – the longer of the following two application usage periods: the period of application usage under the server key, or the period of application usage under the desktop key.
- License key expiration date – the later of the following two key expiration dates: server key expiration date or desktop key expiration date.
- License expiration date – the later of the following two dates: the end date of application usage under the server key, or the end date of application usage under the desktop key.
- Maximum number of devices – the sum of the following values: the maximum number of simultaneously running virtual machines with desktop operating systems and the maximum number of simultaneously running virtual machines with server operating systems that you can protect with the application.
- Devices with active key – the number of SVMs on which the key has been added as an active key.
- Grace period – the longer of the following two grace periods: the grace period corresponding to the server key or the grace period corresponding to the desktop key.
- Subscription status – the field shows the active status if the subscription corresponding to at least one of the keys (server or desktop) has the active status. If both subscriptions are inactive, the field shows the better status (for example, if one subscription has the paused status and the other one has the canceled status, the field shows the paused status).
You can also view information about the license key added to the key storage in the key properties window. The properties window of the selected key opens by double-clicking it or by clicking the View license key properties link located to the right of the list of license keys.
The following information about the license key is displayed in the right part of the key properties window:
- Unique alphanumeric sequence.
- Information about the application – name of the application covered by the license associated with the key, and information about this license.
- License type – trial, commercial, or subscription.
- License term (days) – the number of days remaining for using the application activated by adding this key. For example, 365 days.
- License key expiration date – key expiration date. You can activate the application by adding this key and use this application only before this expiration date. If you are using the application under unlimited subscription, the field value is <Unlimited>.
- License expiration date – the date when your right to use the application activated with the current key expires. If the key was added on several SVMs at different times, this field shows the date for the SVM on which the application expires sooner than on other SVMs. If you are using the application under unlimited subscription, the field value is <Unlimited>.
- Maximum number of devices – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- Devices with active key – depends on the key type:
- For a server or desktop key, this is the number of protected virtual machines on which the key is used as the active key.
- For a key with a limitation on the number of processor cores and for a key with a limitation on the number of processors, this is the number of SVMs on which the key has been added as an active key.
- Devices with reserve key – the number of SVMs on which the key has been added as a reserve key. If you are using the application under a subscription, the field value is Unavailable.
- Service information – this field shows service information pertaining to the key or license.
If you selected a subscription key, information about the subscription may also be displayed in the key properties window in the About subscription section:
- Type of validity period restriction – if the application is being used under an unlimited subscription, Unlimited is displayed in the field. If the subscription is limited, the field is not displayed.
- Grace period – if the subscription has a "Grace period activated" status, the field shows the number of remaining days during which the application will continue to perform all of its functions. If the subscription has any other status, the field shows 0.
- Provider's web address – web address of the service provider with whom your subscription is registered.
- Subscription status – current status of your subscription (active, paused, expired, canceled, grace period activated).
- Subscription status reason – the reason for the current subscription status.
Key storage in the Web Console
To view information about a license key in Kaspersky Security Center key storage using the Web Console:
- Start the Web Console.
- In the Operations section, select Licensing → Kaspersky licenses.
The list of keys added to the storage is displayed as a table, in the columns of which you can view information about the keys.
- To view detailed information about the key, open the key properties window using the link in the application name for which the activation key is intended.
Viewing license key details in the properties of the application activation task
Activation task properties in the Administration Console
To view the license key details in the application activation tasks properties in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To view the properties of the activation task created for the SVMs within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To view the properties of the activation task created for one or several SVMs select the Tasks folder in the console tree.
- In the list of tasks, select the task whose properties you want to view, and double-click to open the Settings: <Task name> window.
- In the list on the left, select the Add a license key section.
In the right part of the window, the Adding a license key section displays the following information about the license and the key being added to the SVM using this task:
- License key – a unique alphanumeric sequence.
- License type – trial, commercial, or commercial (subscription).
- License term – the number of days remaining for using the application activated by adding this key. For example, 365 days. This field is not displayed if you are using the application under a subscription.
- Grace period – the number of days after subscription suspension during which the application retains its functionality. The field is displayed if you are using the application under subscription and the service provider with which you registered your subscription offers a grace period for renewing your subscription. If you are using the application under unlimited subscription, the field value is Unavailable.
- Expires on – the date when your right to use the application activated with the current key expires. If the key was added on several SVMs at different times, this field shows the date for the SVM on which the application expires sooner than on other SVMs. If you are using the application under unlimited subscription, the field value is Unlimited.
- Restriction – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- Functionality – the list of application components and features whose availability depends on the type of the license associated with the selected key.
The application components and features that are available when using the application under the license corresponding to the selected key are marked with the
icon in the list. The application components and features that are not available when using the application under the license corresponding to the selected key are marked with the
icon in the list.
Activation task properties in the Web Console
To view the license key details in the application activation tasks properties in the Web Console:
- Start the Web Console.
- In the Devices section select Tasks.
- In the list of tasks, select the required application activation task and open the task properties window by clicking the link in the task name.
- Open the Application settings tab.
The window displays information about the license and the key added to the SVM using this task.
Page top
Viewing information about a license key added on the SVM
You can view information about the license key added to the SVM in the properties of Kaspersky Security application installed on the SVM.
Application properties in the Administration Console
To view the license key details in the application properties in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the folder with the name of the administration group that the required SVM belongs to.
- In the workspace, select the Devices tab.
- Select an SVM from the list and double-click to open the Settings: <SVM name> window.
- In the window that opens, in the list on the left, select the Applications section.
- In the right part of the window, in the list of applications installed on the SVM, select Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server and double-click it to open the Kaspersky Security for Virtualization 5.2 Light Agent Settings – Protection Server window.
- In the window that opens, in the list on the left, select the License keys section.
The details of the license key added to the SVM appear in the right part of the window.
The Active license key section displays the following information about the active license key added to the SVM:
- Unique alphanumeric sequence.
- License type – trial, commercial, or subscription.
- Activation date – the date when the application was activated with this key.
- License expiration date – the date when your right to use the application activated with the current key expires. If you are using the application under unlimited subscription, the field value is <Unlimited>.
- License term – the number of days remaining for using the application activated by adding this key. For example, 365 days. If you are using the application under a subscription, the field value is Unavailable.
- Maximum number of devices – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
If a reserve license key is added to the SVM, the Reserve license key section displays the following information:
- Unique alphanumeric sequence. If no reserve key is added, Not added is displayed in the field.
- License type – license type: commercial.
- License term – the number of days remaining for using the application activated by adding this key. For example, 365 days.
- Maximum number of devices – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
If no reserve key is added, the Reserve license key section shows Not added.
If both a server key and a desktop key have been added on an SVM, the Kaspersky Security Center properties window displays the following information about the combination of the server key and desktop key:
- Unique alphanumeric sequence – a combination of a server key and a desktop key. You can use the combination of a server key and desktop key to search for information about the SVM on which these keys have been added (for more details, please refer to the Kaspersky Security Center help).
- Activation date – the later of two application activation dates.
- License expiration date – the later of the following two dates: the end date of application usage under the server key, or the end date of application usage under the desktop key.
- Validity period – the longer of the following two application usage periods: the period of application usage under the server key, or the period of application usage under the desktop key.
- Maximum number of devices – the sum of the following values: the maximum number of simultaneously running virtual machines with desktop operating systems and the maximum number of simultaneously running virtual machines with server operating systems that you can protect with the application.
Application properties in the Web Console
To view the license key details in the application properties in the Web Console:
- Start the Web Console.
- In the Devices section select Managed devices.
- In the list of devices, select the SVM for which you want to view information about the license key, and open the SVM properties window by clicking the SVM name.
- On the Applications tab open the window with the settings of Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server by clicking the link in the application name.
- On the General tab select the License section in the list on the left.
Information about the license key added to the SVM is displayed in the right part of the window.
Page top
Viewing the license key usage report
Key usage report in the Administration Console
To view the license key usage report in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the workspace of the Administration Server <Server name> node, open the Reports tab and select the License key usage report template.
A report generated from the "Key usage report" template appears in the workspace.
The chart in the upper part of the window, shows the following key usage details for each license key:
- Number of licensing units on which the key is already in use
- Number of licensing units on which the key can be used according to the licensing restrictions
- Number of licensing units by which the licensing limit for the key is exceeded
The key usage report consists of two tables:
- The summary table contains information about the keys in use
- The detailed information table contains information about SVMs on which keys have been added, or about protected virtual machines with which the key is used
You can customize display of the columns for each table. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
The summary table contains the following information about the keys in use:
- License key – a unique alphanumeric sequence.
- Used as active – depends on the type of active key:
- For a server or desktop key – the number of protected virtual machines on which the key is used as the active key.
- For a key with a limitation on the number of processor cores – the maximum number of physical processor cores used on all hypervisors on which SVMs are deployed.
- For a key with a limitation on the number of processors – the number of physical processors used on all hypervisors on which SVMs are deployed.
- Used as reserve – the number of SVMs on which the key is added as a reserve key.
- Restriction – depends on the key type:
- the maximum number of virtual machines that you can protect
- the maximum number of physical processor cores used across all hypervisors whose virtual machines you can protect
- the maximum number of physical processors used across all hypervisors whose virtual machines you can protect
- The earliest license expiration date is the date of expiration of your right to use the application activated by adding this key.
- License key valid until – the key expiration date. You can activate the application by adding this key and use this application only before this expiration date.
- Additional properties – additional key properties.
- Service info – service information relating to the key and license. By default, this field is not displayed in the table; if necessary, you can add it. See the Kaspersky Security Center help on how to add or remove fields in the report tables.
The row below contains the following consolidated information:
- License keys – total number of keys in use.
- License keys used up by more than 90% – total number of keys that have been used up by more than 90% of their license restrictions. For example, the restriction is 100 virtual machines. A key is used on two SVMs: the first one protects 42 virtual machines and the second one protects 53 virtual machines. The key is therefore 95% used and is included in the number of keys specified in this field.
- License keys with exceeded restriction – total number of keys that have exceeded a license limit, such as a limit imposed on the number of simultaneously running virtual machines with server operating systems or a limit on the number of physical processors used on all hypervisors (depending on the key type).
If both a server key and a desktop key have been added on an SVM, the summary table displays the details of these keys and the following information about the combination of the server key and desktop key:
- License key – unique combination of a server key and a desktop key. You can use the combination of a server key and desktop key to search for information about the SVM on which these keys have been added (for more details, please refer to the Kaspersky Security Center help).
- License expiration date – the later of the following two dates: the end date of application usage under the server key, or the end date of application usage under the desktop key.
- License key valid until – the later of the following two key expiration dates: server key expiration date or desktop key expiration date.
- Restriction – the sum of the following values: the maximum number of simultaneously running virtual machines with desktop operating systems plus the maximum number of simultaneously running virtual machines with server operating systems that you can protect with the application.
Depending on the key type, the detailed information table shows information about the SVM on which the key has been added (for a key with a limitation on the number of processors or processor cores), or information about the protected virtual machine with which the key is used (for a server or desktop key):
- Virtual Administration Server – the name of the virtual Administration Server that manages the SVM or the protected virtual machine.
- Group – the administration group to which the SVM or protected virtual machine belongs.
- Device – the name of the SVM or protected virtual machine.
- Application – the name of the Kaspersky Security application component installed on the SVM or the protected virtual machine.
- Version number – version number of the application.
- Active license key – the key that has been added as an active key.
- Reserve license key – the key that has been added as a reserve key.
- License valid until – the expiration date for using the application with this key.
- IP address – the IP address of an SVM or protected virtual machine on which the key has been added.
- Last visible on the network – the date and time when the SVM or protected virtual machine was last visible on the corporate LAN.
- Last connection date – date and time of the last connection of the SVM or protected virtual machine to Kaspersky Security Center Administration Server.
- NetBIOS name – the name of the SVM or protected virtual machine.
- Windows domain – the domain to which the SVM or the protected virtual machine belongs.
- DNS name – the DNS name of the SVM or protected virtual machine.
- DNS domain – the DNS domain to which the SVM or protected virtual machine belongs (specified only if the name of the SVM or virtual machine contains the name of the DNS domain).
- Subscription pending – information about whether an application subscription is pending.
Key usage report in the Web Console
To view the license key usage report in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
A list of report templates opens.
- Select the check box next to the name of the report template of the License key usage report type.
- Click the View report button.
A window with a report generated based on the "License key usage report" template opens.
The key usage report contains two tabs:
- The Summary tab contains information about the license keys being used, including a diagram showing the following usage information for each key:
- Number of licensing units by which the licensing limit for the key is exceeded
- Number of licensing units on which the key can be used according to the licensing restrictions
- Number of licensing units on which the key is already in use
- The Details tab contains information about SVMs on which the keys have been added, or about protected virtual machines with which the key is used.
You can customize the displayed columns in tables on the report tabs. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
Page top
Viewing information about the license key in a local interface
In the local interface of Light Agent for Windows, you can view information about the license key and about the license used to activate the application.
To view information about the license key in the local interface:
- On the protected virtual machine, open the main application window.
- In the lower part of the main application window, click the License link to open the Licensing window.
The window displays the following information about the license key for the application:
- License Key – a unique alphanumeric sequence.
- License type – the type of license (commercial, trial, or subscription); for a commercial license, the type (enterprise or standard) and the maximum number of licensing units (depending on the type of key, for example, devices on which the application can be used under the license) are also displayed.
- Activation date – the date when the application was activated with this key.
- Expiration date – the date when your right to use the application activated with the current key expires.
- Summary information about the license or a message about any licensing issues.
Starting and stopping the application
Starting Kaspersky Security components
The Protection Server component starts automatically when the operating system is started on an SVM. The Protection Server controls the operating processes used in virtual machine protection, scan tasks, the database and module update task, and the update rollback task.
An SVM deployed on a VMware ESXi hypervisor is started automatically after the hypervisor is turned on. The SVM may fail to start automatically if this function is not activated at the level of the hypervisor or if this hypervisor belongs to a VMware HA cluster. For details, please refer to the VMware documentation.
By default, Light Agent starts automatically when the operating system is started on a protected virtual machine.
For Light Agent for Windows, you can enable and disable automatic startup of the application in the Light Agent for Windows policy or in the local interface.
The Integration Server component starts automatically at the startup of the operating system on the device hosting the Integration Server component.
Enabling protection and starting tasks
Virtual machine protection is started automatically when the Light Agent and Protection Server components are started.
If license info is not relayed to the protected virtual machine, Light Agent operates in limited functionality mode.
The application tasks start in accordance with their schedule.
Stopping application components
The Protection Server and Light Agent components are stopped automatically when the operating system stops on the SVM and the protected virtual machine.
You can use Kaspersky Security Center tools to manually stop the Protection Server and Light Agent components, start the application, and pause or resume protection and control of protected virtual machines (please refer to the Kaspersky Security Center help).
You can also use the Light Agent local interface to manually stop and start Light Agent for Windows, and to pause and resume protection and control of protected virtual machines.
You can use the standard tools of the Linux operating system to start and stop Light Agent for Linux. If you stop Light Agent for Linux, all running tasks are interrupted. After Light Agent for Linux is restarted, interrupted tasks are not resumed automatically. You can manually start the tasks.
The Integration Server stops automatically at the shutdown of the operating system on the device hosting the Integration Server component.
Enabling and disabling automatic startup of the Light Agent for Windows component
Automatic startup of the Light Agent for Windows component means that the application starts on the virtual machine after operating system startup without your involvement. This application startup option is enabled by default.
After being installed, Light Agent is started automatically for the first time. Subsequently, Light Agent is started automatically after operating system startup.
You can enable or disable automatic launch of Light Agent in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → General Protection settings).
To enable or disable automatic startup of Light Agent in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, configure the automatic startup of Light Agent using the Launch Kaspersky Security for Virtualization 5.2 Light Agent when the virtual machine is turned on check box.
- Click the Apply button.
To enable or disable automatic startup of Light Agent in the local interface:
- Open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
In the right part of the window, configure the automatic startup of Light Agent using the Launch Kaspersky Security for Virtualization 5.2 Light Agent when the virtual machine is turned on check box.
- To save changes, click the Save button.
Manually starting and stopping the application in a local interface
You can manually stop and start Light Agent for Windows in the local interface.
Kaspersky experts do not recommend stopping the application manually, because doing so exposes the virtual machine and your personal data to threats. If necessary, you can pause virtual machine protection for as long as you need to, without stopping the application.
To stop the application manually:
- Open the context menu of the application icon located in the taskbar notification area.
- In the context menu, select Exit.
The application needs to be started manually if you have previously disabled automatic startup of the application.
To start the application manually,
In the Start menu, select Applications → Kaspersky Security for Virtualization 5.2 Light Agent.
Page top
Pausing and resuming virtual machine protection and control in a local interface
You can pause and resume protection and control of a protected virtual machine in the local interface of Light Agent for Windows.
Pausing virtual machine protection and control means disabling all protection and control components of the application for a certain amount of time.
The application icon in the taskbar notification area indicates that the application is running:
- The icon signifies that virtual machine protection and control are paused.
- The icon signifies that virtual machine protection and control have been resumed.
Pausing or resuming virtual machine protection and control does not affect the performance of tasks.
If any network connections are already established when you pause or resume virtual machine protection and control, a notification about the termination of these network connections is displayed.
To pause virtual machine protection and control:
- Open the context menu of the application icon located in the taskbar notification area.
- In the context menu, select Pause protection and control.
- In the window that opens, select one of the following options:
- Pause for the specified time – Virtual machine protection and control resume after the amount of time that is specified in the drop-down list below has elapsed. You can select the necessary amount of time in the drop-down list.
- Pause until restart – Virtual machine protection and control resume after you quit and reopen the application or restart the operating system. Automatic startup of the application must be enabled to use this option.
- Pause – Virtual machine protection and control resume when you decide to re-enable them.
You can resume virtual machine protection and control at any time, regardless of the option you previously selected to pause virtual machine protection and control.
To resume virtual machine protection and control:
- Open the context menu of the application icon located in the taskbar notification area.
- In the context menu, select Resume protection and control.
Virtual machine protection status
You can view information about the protection status of the virtual machines as follows:
- In Kaspersky Security Center using the statuses of client devices.
- In Kaspersky Security Center, using the statuses of Light Agent functional components on the virtual machines.
- In Light Agent for Windows local interface (for the virtual machines with Light Agent for Windows installed).
- Using the commands of Light Agent for Linux command line (for the virtual machines with Light Agent for Linux installed).
- Using Security Tags that Kaspersky Security can assign to a protected virtual machine in the infrastructure on VMware ESXi or KVM platform.
On virtual machines running the Windows 10 or Windows 11 operating system, information about Kaspersky Security and about the protection status of a virtual machine is also displayed in the Windows Defender Security Center and in the Security and Maintenance Center. However, information about application operation and about the protection status of a virtual machine is more up to date in Kaspersky Security Center and in the local interface of Light Agent for Windows.
Statuses of client devices in Kaspersky Security Center
A protected virtual machine (virtual machine on which the Light Agent component is installed) and SVM in Kaspersky Security Center are client devices. Information about the state of a client device in Kaspersky Security Center is displayed by the client device status (OK, Critical, or Warning).
The client device status changes to Critical or Warning for the following reasons:
- The status changes according to the rules defined in Kaspersky Security Center. For example, the status changes if a security application is not installed on the device, a virus scan has not been performed in a long time, anti-virus databases are out of date, or the license has expired. For more details about the reasons for status changes and configuring status assignment conditions, please refer to the Kaspersky Security Center help.
- Kaspersky Security Center receives the device status from the managed application, i.e. Kaspersky Security.
Receiving the device status from a managed application must be enabled in Kaspersky Security Center in the lists of conditions for assigning the Critical and Warning statuses. Conditions for assigning device statuses are configured in the properties window of an administration group.
The SVM status changes if there is no connection to the Integration Server.
The status of a protected virtual machine changes in the following cases:
- There is no connection to the Integration Server.
- There is no connection to the SVM.
- A device connection or disconnection was detected.
- A modification of files or modification of the registry was detected on the virtual machine.
For details on client device statuses, please refer to the Kaspersky Security Center help.
Page top
Statuses of Light Agent functional components on virtual machines
In the Kaspersky Security Center Administration Console you can obtain the following information about Light Agent functional components:
- The properties of Kaspersky Security installed on a virtual machine display a list of functional components for Light Agent for Windows or Light Agent for Linux, depending on the selected virtual machine. The status is displayed for each component; for the installed components, the version number is displayed for the Light Agent in which the component is installed.
- The Kaspersky Security Center report on the status of application components displays information about Light Agent functional components installed or not installed on the virtual machines. For each of the installed components, the report displays the number of virtual machines on which this component is installed and the number of administration groups to which these virtual machines belong.
The report on the status of the application components is available in the list of report templates in Kaspersky Security Center Administration Console (on the Reports tab in the workspace of the Administration Server <Server name> node), and in the Web Console (in the Monitoring and reports → Reports section).
- In the Kaspersky Security Center Administration Console and in the Web Console, you can create selections of virtual machines by specifying as a selection condition the component status and/or the version number of Light Agent as a part of which the component is installed. For more information about configuring device selections, refer to the Kaspersky Security Center help.
To view information about Light Agent components in Kaspersky Security application properties on a virtual machine using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the folder with the name of the administration group that includes the required virtual machine.
- In the workspace, select the Devices tab.
- Select a virtual machine from the list and double-click it to open the Settings: <Virtual machine name> window.
- In the window that opens, in the list on the left, select the Applications section.
- In the right part of the window, in the list of applications installed on the virtual machine, select Kaspersky Security for Virtualization 5.2 Light Agent and double-click it to open the Kaspersky Security for Virtualization 5.2 Light Agent Settings window.
- In the window that opens, in the list on the left, select the Components section.
The right part of the window displays a list of all Light Agent for Windows functional components or the File Anti-Virus component of Light Agent for Linux, depending on the selected virtual machine.
You can also view information about Light Agent functional components on a virtual machine using the Web Console (in the properties window of Kaspersky Security for Virtualization 5.2 Light Agent installed on a virtual machine, on the General tab in the Components section).
Page top
Protection status of a virtual machine in the local interface of Light Agent for Windows
Information about the protection status of each virtual machine with the Light Agent for Windows component installed can be viewed in the local interface of Light Agent for Windows.
Kaspersky Security uses the following methods for indicating the virtual machine protection status in the main application window:
- Indication by means of the application component operation status icons and component states. The following indication options are provided:
- A green icon
of component operation status is displayed in the line of an enabled component. Statistics on the number of objects scanned and threats detected by this component, and the actions taken by this component in response to threats are displayed on the right. - A yellow icon
of component operation status is displayed in the line of a disabled component. In this case, component operation statistics are not displayed. - If all control components or protection components are disabled, the header of the Endpoint control or Manage protection section shows the status as disabled.
- If one or several control components or protection components are enabled, the header of the Endpoint control or Manage protection section displays the status as partly enabled (operating components: <number of enabled components in the section> out of <the total number of components in the section>).
- A green icon
- Indication of threats detected by application components (for example, application startups allowed, application startups blocked, objects scanned, threats detected):
- If the Endpoint control or Manage protection section is minimized, threats are indicated in the line with general operation statistics of components under the section header.
- If the Endpoint control or Manage protection section is maximized, threats are indicated in the line with operation statistics of each component.
Depending on the threat type, information about the threat and its importance level is recorded as an event and displayed on one of the tabs in the Reports and Storages window:
- Indication using notifications about runtime events of the application protection components relating to the status of a protected virtual machine (such as Virtual machine needs rebooting, No connection to SVM, or Database update is expected). The messages are displayed as follows:
- When the Manage protection section is minimized, the message is displayed instead of the line with statistics under the section header.
- When the Manage protection section is maximized, the message is displayed instead of the line with statistics of the File Anti-Virus component.
If the Copy updates from storage to installation package check box is cleared in the New Package Wizard, the Database update is expected message is displayed after local installation of the application or after installation via Kaspersky Security Center. Databases will be updated after connecting Light Agent for Windows to an SVM. To connect Light Agent to an SVM, you must specify the SVM discovery method.
- Indication using messages about events related to tasks or non-optimal operation of the application (for example, Databases are obsolete or Database update is expected). The messages are displayed as follows:
- If the Manage tasks section is minimized, messages are displayed in the information space under the section header.
- If the Manage tasks section is maximized, messages are displayed instead of the line containing statistics and the task schedule.
- Indication by means of messages about licensing problems.
Information about licensing issues (such as an expired license) is displayed as messages highlighted in red in the Licensing window, which is opened by clicking the License link located at the bottom of the main application window.
In addition, the application can use notifications to inform about events in application operation. Information about the operation of each application component, the performance of tasks, and the overall operation of the application is also recorded in reports.
On virtual machines running Windows 10 or Windows 11, the Windows Defender Security Center and the Security and Maintenance Center may display outdated information about the operation of Kaspersky Security and about the protection status of a virtual machine. You can receive up-to-date information about application operation and about the protection status of a virtual machine in Kaspersky Security Center or in the local interface of Light Agent for Windows.
Page top
About security tags
If Kaspersky Security operates in a virtual infrastructure on the VMware vSphere or KVM platform and uses VMware NSX Manager, Kaspersky Security can assign the following Security Tags to the protected virtual machine:
- ANTI_VIRUS.VirusFound.threat=high. This tag is assigned to a virtual machine on which viruses or other malicious programs were detected.
- IDS_IPS.threat=high. This tag is assigned to a virtual machine whose inbound traffic displayed activity that is typical for network attacks.
Kaspersky Security can assign security tags only if you enabled the use of VMware NSX Manager and configured the settings for connecting the Integration Server to VMware NSX Manager.
You can view the security tags assigned to the virtual machine in the properties of the virtual machine:
- In the VMware vSphere Client console, in the Hosts and Clusters section of the Summary tab.
- In VMware NSX Manager web console, in the Inventory → Virtual Machines section.
The ANTI_VIRUS.VirusFound.threat=high security tag assigned to the virtual machine by Kaspersky Security is removed automatically if no viruses or other malicious programs are detected on the virtual machine as a result of the Full Scan task. If the ANTI_VIRUS.VirusFound.threat=high security tag is manually assigned to a virtual machine using virtual infrastructure, it can be removed only manually.
The IDS_IPS.threat=high security tag assigned to a virtual machine by Kaspersky Security or manually using the virtual infrastructure can be removed only manually.
After manually removing the tag, restart the Light Agent.
For more information on how to manually remove and assign security tags, refer to the Knowledge Base.
Page top
Configuring the Integration Server connection settings
For SVM operation, SVMs must be connected to the Integration Server.
If you want Light Agents to receive information about SVMs through the Integration Server, or if you want to encrypt the connection between SVMs and Light Agents, you must also configure the connection of Light Agents to the Integration Server.
You can configure connecting SVMs to the Integration Server in one of the following ways:
- In Kaspersky Security Center Administration Console when creating Protection Server policy (including the default policy for the Protection Server).
- In Kaspersky Security Center Administration Console, in the Protection Server policy properties.
- In the Web Console when creating or editing the Integration Server policy settings.
This section describes how to configure the settings for connecting SVM to the Integration Server in the policy properties using the Administration Console.
You can configure settings for connecting Light Agents to the Integration Server in one of the following ways:
- In Kaspersky Security Center Administration Console, when creating Light Agent for Windows policy and Light Agent for Linux policy.
- In Kaspersky Security Center Administration Console, in Light Agent policy properties.
- In the local interface of Light Agent for Windows.
- In the Web Console when creating or editing Light Agent for Windows policy and Light Agent for Linux policy settings (Application settings → Connection to SVM → Integration Server connection settings).
This section describes how to configure the settings for connecting Light Agents to the Integration Server in the policy properties using the Administration Console, and in the Light Agent for Windows local interface.
Configuring the settings for connecting SVMs to the Integration Server
To configure the settings for connecting SVMs to the Integration Server in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Settings for connecting SVMs to the Integration Server section in the list on the left.
- In the right part of the window, specify the address and port for the connection:
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- If the port for connecting to the Integration Server differs from the default port (7271), specify the port number in the Port field.
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
- Click Apply in the policy properties window.
- If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins local or domain group or to the group of local administrators, the Connection to the Integration Server window opens. Specify the password of the Integration Server administrator (password of the admin account). After a connection has been established to the Integration Server under the administrator account, the account password is automatically relayed to the policy in order to connect SVM to the Integration Server.
Click OK in the Connection to the Integration Server window.
Kaspersky Security MMC plug-in verifies the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
The capability to connect to the Integration Server is tested. If the connection test failed or a connection to the Integration Server could not be established, an error is displayed in the policy properties window. Check the connection settings you have specified. Information about Integration Server connection errors may be saved in the Integration Server trace file (if you enabled the logging of information).
Configuring the settings for connecting Light Agents to the Integration Server
To configure connection of Light Agents to the Integration Server in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the Integration Server connection settings section in the list on the left.
- In the right part of the window, specify the address and port for the connection:
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- If the port for connecting to the Integration Server differs from the default port (7271), specify the port number in the Port field.
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
- Click Apply in the policy properties window.
- If the device hosting the Kaspersky Security Center Administration Console does not belong to a domain or your account does not belong to the KLAdmins local or domain group or to the group of local administrators, the Connection to the Integration Server window opens. Specify the password of the Integration Server administrator (password of the admin account). After a connection has been established to the Integration Server under the administrator account, the account password is automatically relayed to the policy in order to connect Light Agents to the Integration Server.
Click OK in the Connection to the Integration Server window.
Kaspersky Security MMC plug-in verifies the SSL certificate received from the Integration Server. If the certificate contains an error or is not trusted, the Verify Integration Server certificate window opens. You can view the details of the certificate received. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
The capability to connect to the Integration Server is tested. If the connection test failed or a connection to the Integration Server could not be established, an error is displayed in the policy properties window. Check the connection settings you have specified. Information about Integration Server connection errors may be saved in the Integration Server trace file (if you enabled the logging of information).
To configure connection of Light Agent for Windows to the Integration Server in the local interface:
- Open the application settings window.
- In the left part of the window, in the Connection to SVM section, select the Settings for connecting to the Integration Server section.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Specify the address and port for the connection:
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
If the address is specified as a NetBIOS name, localhost or 127.0.0.1, connection to the Integration Server completes with an error.
- If the port for connecting to the Integration Server differs from the default port (7271), specify the port number in the Port field.
- By default, the Address field shows the domain name of the device hosting the Administration Console of Kaspersky Security Center. If this device does not belong to a domain or if the Integration Server is installed on a different device and the field shows the wrong address, specify the IP address in IPv4 format or the fully qualified domain name (FQDN) of the device on which the Integration Server is installed.
- Click the Save button.
- If the protected virtual machine does not belong to a domain or if your account does not belong to the KLAdmins local or domain group or to the group of local administrators on the device where the Integration Server is installed, the Connection to the Integration Server window opens. Specify the password of the Integration Server administrator (password of the admin account).
Click OK in the Connection to the Integration Server window.
The SSL certificate received from the Integration Server is checked. If the certificate contains an error or is not trusted, the Integration Server certificate verification window opens. You can click the button in the window to view the details of the received certificate. If there are problems with the SSL certificate, it is recommended to make sure that the utilized data transfer channel is secure. To continue connecting to the Integration Server, click the Ignore button. The received certificate will be installed as a trusted certificate on the protected virtual machine.
The capability to connect to the Integration Server is tested. If the connection test failed or a connection to the Integration Server could not be established, an error message window opens. Check the connection settings you have specified. Information about Integration Server connection errors may be saved in the Integration Server trace file (if you enabled the logging of information).
Configuring the settings for connecting Light Agents to SVMs
To configure the connection of a Light Agent to an SVM, the following application settings are provided:
- SVM discovery method. You can select the method used by Light Agents to detect SVMs that are available for connection.
- Connection tags. If you are using connection tags, Light Agent can connect to only those SVMs for which connection of Light Agents with the specified tag is allowed.
- Settings for encrypting the connection between a Light Agent and SVM. You can encrypt the connection between Light Agents and SVMs.
- SVM selection algorithm for connection. You can specify the algorithm to be used by the Light Agents to select SVMs to connect to.
The use of connection tags or an advanced SVM selection algorithm is available only if you are using the application under an enterprise license.
Configuring SVM discovery settings
You can configure SVM discovery settings by Light Agents in one of the following ways:
- In Kaspersky Security Center Administration Console, in Light Agent for Windows policy properties and Light Agent for Linux policy properties.
- In the local interface of Light Agent for Windows.
- Using the Web Console during creating or editing Light Agent for Windows policy and Light Agent for Linux policy settings (Application settings → Connection to SVM → SVM discovery settings).
This section describes how to configure the settings using the Administration Console and in Light Agent for Windows local interface.
To configure SVM discovery settings for Light Agents in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the SVM discovery settings section in the list on the left.
- In the right part of the window, select the method that Light Agents use to detect SVMs:
- Use Integration Server
If you want to use the Integration Server, configure the settings for connecting Light Agents to the Integration Server.
- Use a custom list of SVM addresses
If you selected the Use a custom list of SVM addresses option and the extended SVM selection algorithm is used, the value of the SVM path parameter in the SVM selection algorithm section must be set to Ignore SVM path. If any other value is set, the Light Agents will not be available to connect to SVM.
- Use Integration Server
- If the Use a custom list of SVM addresses option is selected, create a list of SVMs. To do this, perform the following actions:
- Click the Add button located above the list of SVM addresses.
The SVM addresses window opens.
- Enter the IP address in IPv4 format or the fully qualified domain name (FQDN) of the SVM to which Light Agents managed by the policy can connect. You can enter several IP addresses or full domain names of the SVMs by typing them from a new line.
In the list of SVM addresses, specify only full domain names (FQDN) that are matched by a single IP address. Using a full domain name matched by several IP addresses can cause application errors.
- In the SVM addresses window, click OK.
The specified addresses and fully qualified domain names of SVMs are checked. If some addresses or names are not recognized, a relevant message with the number of addresses or names that have not been recognized appears in a separate window. Recognized addresses and fully qualified domain names appear in the list of addresses of SVMs.
- To remove an IP address or fully qualified domain name of an SVM from the list, select it in the list and click the Delete button above the list.
- Click the Add button located above the list of SVM addresses.
- Click the Apply button.
- In a large-sized virtual infrastructure running the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, if you selected the Use Integration Server option, you can configure the size of the available SVMs list that the Integration Server relays to Light Agents. To do this, perform the following actions:
- Open the Integration Server configuration file %ProgramFiles(x86)%\Kaspersky VIISLA\viislaservice.exe.config for editing.
- Configure value of the
OpenStackMaxSvmCountToReturnparameter:- If you want to limit the size of available SVM list, which the Integration Server transmits to Light Agents, then specify number of SVMs, whose information must be included into this list.
- If you want the Integration Server to transfer full list of available SVMs to Light Agents, specify a value of
0.
- Save the viislaservice.exe.config file.
- Restart the Integration Server.
To configure the SVM discovery settings for Light Agent in the local interface:
- Open the application settings window.
- In the left part of the window, in the Connection to SVM section, select SVM discovery settings.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–8 of the previous instructions.
- To save changes, click the Save button.
- In a large-sized virtual infrastructure running the TIONIX Cloud Platform or OpenStack platform: if necessary, configure the size of the available SVMs list that the Integration Server relays to Light Agents (see step 9 of the previous instructions).
Configuring the use of connection tags
This functionality is available only if you use the application under an enterprise license.
You can use connection tags to regulate the connection between Light Agents and SVMs. To do so, you must perform the following actions:
- Assign connection tags to Light Agents.
- Configure the use of connection tags for an SVM and specify the connection tags that are allowed to be used to connect to this SVM. If a tag that is not specified in SVM settings has been assigned to a Light Agent, the Light Agent will not be able to connect to the SVM.
Assigning connection tags to Light Agents
This functionality is available only if you use the application under an enterprise license.
You can assign Connection tags for Light Agents in one of the following ways:
- In Kaspersky Security Center Administration Console, in Light Agent for Windows policy properties and Light Agent for Linux policy properties.
- In the local interface of Light Agent for Windows.
- In the Web Console when creating or editing Light Agent for Windows policy and Light Agent for Linux policy (Application settings → Connection to SVM → Connection tag).
This section describes how to configure the settings using the Administration Console and in Light Agent for Windows local interface.
To assign a connection tag to Light Agents in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the Connection tag section in the list on the left.
- In the right part of the window, select the Use tags for connecting Light Agents check box and enter a connection tag in the Tag field.
For a connection tag, you can enter a text string up to 255 characters long. You can use any character except the
;character.Light Agents to which the tag is assigned can connect only to SVMs for which a connection to Light Agents with this tag is allowed.
- Click the Apply button.
To assign a connection tag to Light Agent for Windows in the local interface:
- Open the application settings window.
- In the left part of the window, in the Connection to SVM section, select the Connection tag section.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete step 7 of the previous instructions.
- To save changes, click the Save button.
Configuring the use of connection tags for an SVM
This functionality is available only if you use the application under an enterprise license.
You can configure the use of tags for connection to SVM in one of the following ways:
- In Kaspersky Security Center Administration Console, in the Protection Server policy properties.
- In the Web Console when creating or editing the Protection Server policy settings (Application settings → Connection tags).
This section describes how to configure settings using the Administration Console.
To configure connection tags usage on SVMs in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Connection tags section in the list on the left.
- In the right part of the window, select the Allow connection of Light Agents with specified tags check box and, in the field below, specify one or multiple tags assigned to Light Agents, separated by a semicolon.
Only Light Agents that have the specified tags assigned will connect to SVMs managed by this policy.
- Click the Apply button.
Encrypting the connection between a Light Agent and SVM
You can encrypt the connection between Light Agents and SVMs. To do so, you must perform the following actions:
- Enable and configure connection encryption on SVMs.
- Enable connection encryption on the Light Agent.
A Light Agent for which connection encryption is enabled can connect only to those SVMs on which the connection is encrypted. By default, connection encryption is disabled on Light Agents and SVMs.
Using encryption to protect the connection may slow down the performance of Kaspersky Security.
Enabling and disabling connection protection on an SVM
You can enable and disable connection protection on an SVM in one of the following ways:
- In Kaspersky Security Center Administration Console, in the Protection Server policy properties.
- In the Web Console when creating or editing Protection Server policy settings (Application settings → Connection protection).
This section describes how to configure settings using the Administration Console.
To enable or disable connection protection on SVMs in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Connection protection section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable encryption of the connection between Light Agents and SVMs, select the Encrypt data channel between Light Agent and SVMs check box.
Only Light Agents for which connection encryption is configured will connect to SVMs managed by this policy.
- If you want to disable encryption of the connection between Light Agents and SVMs, clear the Encrypt data channel between Light Agent and SVMs check box.
- If you want to enable encryption of the connection between Light Agents and SVMs, select the Encrypt data channel between Light Agent and SVMs check box.
- If you have enabled connection encryption, you can allow connections to Light Agents for which a secure connection could not be established, or for which connection encryption is not enabled. To do so, select the Allow nonsecure connection if secure connection cannot be established check box.
- Click the Apply button.
Enabling and disabling connection protection on a Light Agent
To encrypt the connection, you should configure the connection of Light Agents to the Integration Server.
You can enable or disable connection protection on Light Agents in one of the following ways:
- In Kaspersky Security Center Administration Console, in Light Agent for Windows policy properties and Light Agent for Linux policy properties.
- In the local interface of Light Agent for Windows.
- Using the Web Console when creating or modifying Light Agent for Windows policy settings or Light Agent for Linux policy settings (Application settings → Connection to SVM → Connection Protection).
This section describes how to configure the settings using the Administration Console and in Light Agent for Windows local interface.
To enable or disable connection protection on Light Agents in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the Connection protection section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable encryption of the connection between Light Agents and SVMs, select the Encrypt data channel between Light Agent and SVMs check box. A Light Agent for which connection encryption is enabled can connect only to those SVMs on which the connection is encrypted. By default, connection encryption is disabled on Light Agents and SVMs.
- If you want to disable encryption of the connection between Light Agents and SVMs, clear the Encrypt data channel between Light Agent and SVMs checkbox. A Light Agent whose connection encryption is disabled can connect to SVMs on which the connection is not encrypted or a non-secure connection is allowed.
- Click the Apply button.
To enable or disable connection protection on Light Agent for Windows in the local interface:
- Open the application settings window.
- In the left part of the window, in the Connection to SVM section, select the Connection protection section.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete step 7 of the previous instructions.
- To save changes, click the Save button.
Configuring the SVM selection algorithm
Light Agents may use an extended SVM selection algorithm, if you use the application under an enterprise license.
You can specify, which SVM selection algorithm Light Agents must use, in one of the following ways:
- In Kaspersky Security Center Administration Console, in Light Agent for Windows policy properties and Light Agent for Linux policy properties.
- In the local interface of Light Agent for Windows.
- Using the Web Console during creating or editing Light Agent for Windows policy and Light Agent for Linux policy (Application settings → Connection to SVM → SVM selection algorithm).
This section describes how to configure the settings using the Administration Console and in Light Agent for Windows local interface.
To specify the SVM selection algorithm to be used by Light Agents in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the SVM selection algorithm section in the list on the left.
- In the right part of the window, select one of the following options:
- If you selected Use the extended SVM selection algorithm option, and Light Agents use the Integration Server as SVM discovery method, you can specify how SVM path in the virtual infrastructure must be taken into the account when selecting SVM for connection using the SVM path slider.
If you selected a custom list of SVM addresses as the method used by Light Agents to discover SVMs, you must set the Ignore SVM path value for the SVM path parameter. If any other value is set, the Light Agents will not be available to connect to SVM.
- Click the Apply button.
- In a virtual infrastructure running on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, if you selected Use the standard SVM selection algorithm option, you can specify how to determine SVM locality relative to Light Agent. To do this, perform the following actions:
- Open the Integration Server configuration file %ProgramFiles(x86)%\Kaspersky VIISLA\viislaservice.exe.config for editing.
- Configure value of the
OpenStackStandardAlgorithmSvmLocalityparameter. This parameter can take the following values:Server Group– if this value is selected, SVM is considered local for Light Agent if it is located within the same server group as the virtual machine where Light Agent is installed. This value is used by default.Project– if this value is selected, SVM is considered as local for Light Agent if it is deployed within the same OpenStack project, as the virtual machine with the installed Light Agent.Availability Zone– if this value is selected, SVM is considered as local for Light Agent, if it is located within the same availability zone, as the virtual machine with the installed Light Agent.
- Save the viislaservice.exe.config file.
- Restart the Integration Server.
To specify the SVM selection algorithm to be used by the Light Agent in the local interface:
- Open the application settings window.
- In the left part of the window, in the Connection to SVM section, select SVM selection algorithm.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–7 of the previous instructions.
- To save changes, click the Save button.
- In a virtual infrastructure running on OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform: if necessary, specify how you want SVM locality determination relative to Light Agent to be determined (see step 9 of the previous instructions).
Configuring the general anti-virus protection settings
You can configure the following general protection settings for operation of various Kaspersky Security components:
- List of objects that you want Kaspersky Security to detect.
- List of exclusions from Kaspersky Security protection.
- Use of Advanced Disinfection technology for virtual machines with Windows server operating systems.
This section describes how to configure general protection settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the general protection settings using the Web Console when creating or modifying Light Agent for Windows policy settings or Light Agent for Linux policy settings (Application settings → Anti-Virus protection → General Protection settings).
Selecting types of detectable objects
Kaspersky Security lets you fine-tune the protection of the virtual machine and select the types of objects that the application detects during operation. The application always scans the operating system for viruses, worms, and Trojans. You cannot disable scanning of these types of objects because such objects can cause significant harm to the protected virtual machine. For greater security of your virtual machine, you can expand the range of detectable object types by enabling monitoring of legal software that can be used by criminals to damage protected virtual machine or personal data.
To select the types of detectable objects in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Objects to detect section, click the Settings button.
The Objects to detect window opens.
- Select check boxes opposite the types of objects that you want Kaspersky Security to detect.
Note that any detected objects can be deleted by the application.
- In the Objects to detect window, click OK.
The Objects to detect window closes. In the Objects to detect section, the selected types of objects are listed under Detection of objects of the following types is enabled.
- Click the Apply button.
To select the types of detectable objects in the local interface:
- Open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–9 of the previous instructions.
- To save changes, click the Save button.
Configuring the trusted zone
A trusted zone is a custom list of objects and applications that Kaspersky Security does not monitor when active.
You form a trusted zone based on the specifics of the objects that you need to manage and the applications that are installed in the guest operating system of the protected virtual machine. It may be necessary to include objects and applications in the trusted zone when Kaspersky Security blocks access to a certain object or application, if you are sure that the object or application is harmless.
Exclusions from protection and scanning
Exclusion is a combination of conditions that describe an object or application. If the object satisfies these conditions, Kaspersky Security does not scan this object for viruses or other malware.
Some legitimate applications can be used by criminals to compromise your virtual machine or personal data. Although they do not have any malicious functions, such applications can be used as an auxiliary component in malware. Examples of such applications include remote administration tools, IRC clients, FTP servers, various utilities for suspending or concealing processes, keyloggers, password crackers, and auto-dialers. Such applications are not categorized as viruses. For details on legitimate software that could be used by intruders to harm the device or personal data of a user, please visit the Kaspersky Virus Encyclopedia website.
Such applications may be blocked by Kaspersky Security. To prevent them from being blocked, you can configure scan and protection exclusions. To do so, add the name or name mask that is listed in the Kaspersky Virus Encyclopedia to the trusted zone. For example, you may frequently use the Remote Administrator program. This is a remote access application that gives you control over a remote device. To prevent this application from being blocked, create an exclusion with the name or name mask that is listed in the Kaspersky Virus Encyclopedia.
You can exclude objects of the following types from scanning:
- Files of certain formats
- Files and folders that are selected by a mask
- Files based on their hashes calculated by the SHA-256 algorithm
- Individual files and folders
- Applications
- Application processes
- Objects according to the classification of Kaspersky Virus Encyclopedia
By default, the /sys, /proc and /.snapshots file system objects are excluded from protection and scans by Light Agent for Linux. You can remove these exceptions or suspend using them.
Protection exclusions can be used by the following application components and tasks:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus.
- AMSI Protection.
- System Watcher.
- Application Privilege Control.
- Scan tasks.
Moreover, you can create an exclusion category containing exclusions for Light Agent for Windows whereby Kaspersky Security will not scan files or folders in the category and/or objects with the specified name.
List of trusted applications
The list of trusted applications is a list of applications whose file and network activity (including suspicious activity) and access to the system registry are not monitored by Kaspersky Security. By default, Kaspersky Security scans objects that are opened, executed, or saved by any application process and controls the activity of all applications and network traffic that is generated by them. Applications that are added to the list of trusted applications are excluded from scanning.
For example, if you consider objects that are used by the standard Microsoft Windows Notepad application to be safe without scanning, meaning that you trust this application, you can add Microsoft Windows Notepad to the list of trusted applications. Scanning then skips objects that are used by this application.
In addition, certain actions that are classified by Kaspersky Security as dangerous may be safe within the context of the functionality of a number of applications. For example, the interception of text that is typed from the keyboard is a routine process for automatic keyboard layout switchers (such as Punto Switcher). To take account of the specifics of such applications and exclude their activity from monitoring, we recommend that you add such applications to the trusted applications list.
Excluding trusted applications from scanning lets you avoid compatibility conflicts between Kaspersky Security applications and other programs (for example, the problem of double-scanning of the network traffic of a third-party device by Kaspersky Security and by another anti-virus application), and also increases the virtual machine's performance, which is critical when using server applications.
At the same time, the executable file and process of the trusted application are still scanned for viruses and other malware. To fully exclude an application from scanning and protection, create the exclusion for this application.
If an application that collects information and sends it to be processed is installed on your virtual machine, Kaspersky Security may classify this application as malware. To avoid this, you can exclude the application from scanning by adding it to the list of exclusions.
Configuring a trusted zone of Light Agent for Windows
You can do the following to configure the Trusted Zone of Light Agent for Windows:
- Create an exclusion or exclusion category containing exclusions for Light Agent for Windows whereby Kaspersky Security will not scan files or folders in the category and/or objects with the specified name.
- Use the Edit button to change the exclusion settings.
- Pause the use of an exclusion or exclusion category.
- Delete an exclusion or exclusion category.
- Add an application to the list of trusted applications.
- Pause the exclusion of a trusted application or application category from Kaspersky Security scans.
- Delete a trusted application or category of trusted applications.
Creating an exclusion
You can create a new exclusion or exclusion category containing exclusions for Light Agent for Windows whereby Kaspersky Security will not scan the specified files or folders and/or objects with the specified name.
Kaspersky Security does not scan an excluded object when a hard drive or folder that contains this object is specified at the start of a scan task. However, if you start a custom scan task for an object, Kaspersky Security scans the object even if you have created an exclusion for this object.
To create an exclusion in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab. The tab displays a list of added exclusions grouped by category.
- If you want to add a new exclusion that does not belong to any of the predefined exclusion categories:
- Click the Add button and select the Category option in the context menu.
- In the Category window that opens, in the Category name field, enter the name of the new exclusion category and click OK.
- If you want to add a new exclusion to the added category or to one of the predefined exclusion categories, select the category to which you want to add the exclusion.
- Click the Add button and select the Exclusion option in the context menu.
- In the Exclusion window that opens, perform the following operations:
- To exclude a file or folder from the protection and scan scope:
- In the Settings section, select the File or folder check box.
- Click the select file or folder link in the Exclusion description section to open the Name of file or folder window. Enter the path to a file or folder or a mask of the path to a file or folder, or select a file or folder in the folder tree.
- After selecting the object, click OK in the Name of file or folder window.
The path to the added object appears in the Exclusion description section of the Exclusions window.
- To exclude objects with certain names according to the Kaspersky Virus Encyclopedia classification of malicious programs and other threats from the protection and scan scope:
- In the Settings section, select the Object name check box.
- Click the enter object name link in the Exclusion description section to open the Object name window. Enter the object name or name mask according to the classification of the Kaspersky Virus Encyclopedia.
- Click OK in the Object name window.
The name of the added object appears in the Exclusion description section of the Exclusions window.
- To exclude a file from the protection and scan scope by its hash:
- In the Settings section, select the File hash check box.
- Click the enter file hash link in the Exclusion description section to open the File hash window. Enter the file hash calculated by the SHA-256 algorithm, or click the Browse button and select the file in the opened window.
- Click OK in the File hash window.
The hash of the added file appears in the Exclusion description section of the Exclusions window.
- To exclude a file or folder from the protection and scan scope:
- Specify the Kaspersky Security components that should use the exclusion:
- Click the any link in the Exclusion description section to open the select components link.
- Click the select components link to open the Application components window.
- Select the needed components.
- In the Application components window, click OK.
If the components are specified in the settings of the exclusion, the object is not scanned only by these components of Kaspersky Security.
If the components are not specified in the settings of the exclusion, the object is not scanned by all components of Kaspersky Security.
- Click OK in the Exclusion window.
The added exclusion appears in the list of exclusions on the Exclusions tab of the Trusted zone window. The configured settings of this exclusion appear in the Exclusion description section.
- In the Trusted zone window, click OK.
- Click the Apply button.
To create an exclusion in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–13 of the previous instructions.
- To save changes, click the Save button.
Enabling and disabling the use of an exclusion or exclusion category
You can temporarily pause the use of an exclusion or exclusion category without removing it from the list of exclusions.
To enable or disable the use of an exclusion or exclusion category in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab.
- Use the check boxes in the list of exclusions to specify which exclusions or exclusion categories you want to use. If the check box next to the name of an exception or exception category is cleared, the use of that exception or exception category is temporarily suspended.
- In the Trusted zone window, click OK.
- Click the Apply button.
To enable or disable the use of an exclusion or exclusion category in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Deleting an exclusion or exclusion category
You can delete an exclusion or exclusion category if you do not want Kaspersky Security to use the exclusion or exclusion category while protecting and scanning the virtual machine. You can also temporarily pause the use of an exclusion or exclusion category without removing it from the list of exclusions.
To delete an exclusion or exclusion category in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab.
- In the list of exclusions, select the relevant exclusion or exclusion category and click the Delete button.
The selected exclusion or exclusion category will disappear from the list of exclusions on the Exclusions tab of the Trusted Zone window.
- In the Trusted zone window, click OK.
- Click the Apply button.
To delete an exclusion or exclusion category in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Adding an application to the list of trusted applications
You can create a list of trusted applications for which Kaspersky Security does not monitor file and network activity (including malicious activity) and access to the system registry.
To create a list of trusted applications in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
- Select the Trusted applications tab.
The tab displays a list of added trusted applications grouped by category.
- If you want to add a new application that does not belong to any of the predefined categories to the list of trusted applications:
- Click the Add button and select the Category option in the context menu.
- In the Category window that opens, in the Category name field, enter the name of the new category of trusted applications and click OK.
- If you want to add a trusted application to the added category or to one of the predefined categories of trusted applications, in the list of trusted applications select the category to which you want to add the trusted application.
- On the Trusted applications tab, click the Add button and select Trusted application –> Browse in the context menu.
The standard Open file window in Microsoft Windows opens.
- In the Open file window, select the executable file of the application that you want to add to the list of trusted applications, and click the Open button.
The Exclusions for application window opens.
- In the Exclusions for application window that opens, perform the following operations:
- In the Path field, enter the path to the executable file of the application that you want to add to the list of trusted applications.
- Use the check boxes to configure the Application Privilege Control settings.
If you selected the Do not scan network traffic check box, you can use the links in the lower part of the window to configure the following settings for scanning traffic transmitted for this application:
- Exclude all traffic or only encrypted traffic from scans.
- Exclude from scans the traffic transmitted for this application from any IP address or only from specified IP addresses.
- Exclude from scans the traffic transmitted for this application from any or only from specified ports.
You can modify these settings by clicking the link.
If no kinds of activity are selected in the Exclusions for application window, the trusted application is included in scanning. In this case the trusted application is not removed from the list of trusted applications, but its check box is cleared.
- In the Exclusions for application window, click OK.
The added trusted application appears in the list of trusted applications.
- In the Trusted zone window, click OK.
- Click the Apply button.
To create a list of trusted applications in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
- Select the Trusted applications tab.
The tab displays a list of added trusted applications grouped by category.
- If you want to add a new application that does not belong to any of the predefined categories to the list of trusted applications:
- Click the Add button and select the Category option in the context menu.
- In the Category window that opens, in the Category name field, enter the name of the new category of trusted applications and click OK.
- If you want to add a trusted application to the added category or to one of the predefined categories of trusted applications, select the category to which you want to add the trusted application.
- On the Trusted applications tab, click the Add button and perform one of the following actions in the context menu:
- To find the application in the list of applications that are installed on the virtual machine, select the Applications item in the menu.
The Select application window opens.
- To specify the path to the executable file of the relevant application, select Browse.
The Select file window opens.
- To find the application in the list of applications that are installed on the virtual machine, select the Applications item in the menu.
- Select the application that you want to add to the list of trusted applications.
The Exclusions for application window opens.
- Use the check boxes to configure the Application Privilege Control settings.
If you selected the Do not scan network traffic check box, you can use the links in the lower part of the window to configure the following settings for scanning traffic transmitted for this application:
- Exclude all traffic or only encrypted traffic from scans.
- Exclude from scans the traffic transmitted for this application from any IP address or only from specified IP addresses.
- Exclude from scans the traffic transmitted for this application from any or only from specified ports.
You can modify these settings by clicking the link.
If no kinds of activity are selected in the Exclusions for application window, the trusted application is included in scanning. In this case the trusted application is not removed from the list of trusted applications, but its check box is cleared.
- In the Exclusions for application window, click OK.
The added trusted application appears in the list of trusted applications.
- In the Trusted zone window, click OK.
- To save changes, click the Save button.
Including or excluding a trusted application or category of trusted applications from scans
You can temporarily pause the exclusion of a trusted application or category of trusted applications from Kaspersky Security scans without removing the trusted application or application category from the list of trusted applications.
To include a trusted application or application category in the scan scope or exclude a trusted application or application category from the scan scope in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
- Select the Trusted applications tab.
- Use the check boxes in the list of trusted applications to specify the applications or application categories to be excluded from scan. If the check box is selected, Kaspersky Security excludes the application or application category from scan. If the check box is cleared, Kaspersky Security scans the application or application category.
- In the Trusted zone window, click OK.
- Click the Apply button.
To include a trusted application or application category in the scan scope or exclude a trusted application or application category from the scan scope in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Deleting a trusted application or category of trusted applications
You can delete a trusted application or category of trusted applications if you want Kaspersky Security to scan this trusted application or category of trusted applications while protecting and scanning the virtual machine. You can temporarily enable scanning of a trusted application or category of trusted applications without deleting it from the list of trusted applications.
To delete a trusted application or application category in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
- Select the Trusted applications tab.
- In the list of trusted applications, select the relevant application or application category and click the Delete button.
The selected application or application category disappears from the list of trusted applications on the Trusted applications tab of the Trusted Zone window.
- In the Trusted zone window, click OK.
- Click the Apply button.
To delete a trusted application or application category in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Creating the Light Agent for Linux exclusions
You can perform the following actions to configure exclusions for Light Agent for Linux:
- Create an exclusion or exclusion category containing exclusions for Light Agent for Linux whereby Kaspersky Security will not scan files or folders in the category and/or objects with the specified name.
- Use the Edit button to change the exclusion settings.
- Pause the use of an exclusion or exclusion category.
- Delete an exclusion or exclusion category.
Creating an exclusion
You can create a new exclusion or exclusion category containing exclusions for Light Agent for Linux whereby Kaspersky Security will not scan the specified files or folders and/or objects with the specified name.
To create an exclusion:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab. The tab displays a list of added exclusions grouped by category.
- If you want to add a new exclusion that is not in a predefined exclusion category:
- Click the Add button and select the Category option in the context menu.
- In the Category window that opens, in the Category name field, enter the name of the new exclusion category and click OK.
- If you want to add a new exclusion to the added category or to one of the predefined exclusion categories, select the category to which you want to add the exclusion.
- Click the Add button and select the Exclusion option in the context menu.
The Exclusion window opens.
- In the Exclusion window that opens, perform the following operations:
- To exclude a file or folder from the protection and scan scope:
- In the Settings section, select the File or folder check box.
- Click the select file or folder link in the Exclusion description section to open the Name of file or folder window. In this window, you can enter the path to a file or folder or the mask of a path to a file or folder.
- After selecting the object, click OK in the Name of file or folder window.
The path to the added object appears in the Exclusion description section of the Exclusions window.
- To exclude objects with certain names according to the Kaspersky Virus Encyclopedia classification of malicious programs and other threats from the protection and scan scope:
- In the Settings section, select the Object name check box.
- Click the enter object name link in the Exclusion description section to open the Object name window. In this window, you can enter the object name or name mask according to the classification of the Kaspersky Virus Encyclopedia.
- Click OK in the Object name window.
The name of the added object appears in the Exclusion description section of the Exclusions window.
- To exclude a file or folder from the protection and scan scope:
- Click OK in the Exclusion window.
The added exclusion appears in the list of exclusions on the Exclusions tab of the Trusted zone window. The configured settings of this exclusion appear in the Exclusion description section.
- In the Trusted zone window, click OK.
- Click the Apply button.
Enabling and disabling the use of an exclusion or exclusion category
You can temporarily pause the use of an exclusion or exclusion category without removing it from the list of exclusions.
To enable or disable the use of an exclusions or exclusion categories:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab.
- Use the check boxes in the list of exclusions to specify which exclusions or exclusion categories you want to use. If the check box next to the name of an exception or exception category is cleared, the use of that exception or exception category is temporarily suspended.
- In the Trusted zone window, click OK.
- Click the Apply button.
Deleting an exclusion or exclusion category
You can delete an exclusion or exclusion category if you do not want Kaspersky Security to use the exclusion or exclusion category while protecting and scanning the virtual machine. You can also temporarily pause the use of an exclusion or exclusion category without removing it from the list of exclusions.
To delete an exclusion or exclusion category:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, in the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens on the Exclusions tab.
- In the list of exclusions, select the relevant exclusion or exclusion category and click the Delete button.
The selected exclusion or exclusion category will disappear from the list of exclusions on the Exclusions tab of the Trusted Zone window.
- In the Trusted zone window, click OK.
- Click the Apply button.
Advanced Disinfection technology
Advanced disinfection technology is aimed at purging the Windows operating system of malicious programs that have already started their processes in RAM and that prevent Kaspersky Security from removing them by using other methods. Advanced Disinfection technology neutralizes the threat by performing an advanced disinfection procedure.
While Advanced Disinfection is in progress, you are advised to refrain from starting new processes or editing the Windows operating system registry.
After the Advanced Disinfection procedure is completed, the application restarts the protected virtual machine. After reboot, the application deletes malware files and starts a "lite" full scan of the protected virtual machine.
Advanced Disinfection technology can be used on protected virtual machines running Windows operating systems for workstations.
The advanced disinfection technology uses considerable Windows operating system resources, which may slow down other applications.
You can enable or disable the use of Advanced Disinfection technology in Light Agent for Windows policy properties and in the Light Agent for Windows local interface.
An unplanned reboot of a server operating system can lead to problems involving temporary denial of access to operating system data or loss of unsaved data. For this reason, Advanced Disinfection technology is not used on protected virtual machines running Windows server operating systems.
If Light Agent is running on a temporary virtual machine, Advanced Disinfection technology is not used as well. When an active infection is detected on the temporary virtual machine, scan the virtual machine template from which it has been created for viruses and other malware and create the temporary virtual machine anew.
Configuring Advanced Disinfection via Kaspersky Security Center
In a Light Agent for Windows policy, Advanced Disinfection technology is disabled by default. If necessary, you can configure the Advanced Disinfection procedure to run immediately after an infection is detected, followed by a restart of the protected virtual machine without asking the user for confirmation.
To configure Advanced Disinfection to run without user confirmation:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the General Protection Settings section in the list on the left.
- In the right part of the window, select the Enable Advanced Disinfection technology check box.
- Click OK in the Properties: <Policy name> window.
- In the workspace, select the Tasks tab.
- In the list of tasks, select the virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking.
- In the window of Light Agent for Windows virus scan task properties, select the Settings section in the list on the left.
- In the right part of the window, in the Action on threat detection settings group, select the Run Advanced Disinfection immediately check box.
- Click Apply in the Settings: <Task name> window.
Configuring the use of Advanced Disinfection technology in the local interface
In the Light Agent for Windows local interface, Advanced Disinfection technology is enabled by default. If necessary, you can disable Advanced Disinfection technology.
To configure the use of Advanced Disinfection technology on a protected virtual machine:
- Open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
- In the right part of the window, configure the use of Advanced Disinfection technology using the Enable Advanced Disinfection technology check box.
The Enable Advanced Disinfection technology check box is selected by default.
If the check box is unavailable, you cannot enable or disable Advanced Disinfection technology as it is prohibited by the policy applied to all protected virtual machines within the administration group.
- To save changes, click the Save button.
Protecting the file system of a virtual machine. File Anti-Virus
File Anti-Virus prevents infection of the protected virtual machine’s file system. By default, File Anti-Virus starts together with the application, continuously remains active in virtual machine memory, and scans all files that are opened, saved, or executed on the protected virtual machine for viruses and other malware.
File Anti-Virus uses signature and heuristic analysis methods, as well as iSwift technology (for Light Agent for Windows) and iChecker technology (for Light Agent for Linux).
If the scan does not detect viruses or other malware in the file, Kaspersky Security grants access to the file. If File Anti-Virus detects a threat in the file during scanning, Kaspersky Security application assigns one of the following status labels to this file to designate the type of object detected (for example: virus, Trojan program).
The application then performs the action that is specified in the settings of File Anti-Virus on the file.
This section describes how to configure File Anti-Virus settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the File Anti-Virus settings using the Web Console when creating or modifying Light Agent for Windows policy settings or Light Agent for Linux policy settings (Application settings → Anti-Virus protection → File Anti-Virus).
Configuring File Anti-Virus of Light Agent for Windows
You can do the following to configure File Anti-Virus of Light Agent for Windows:
- Configure File Anti-Virus to be paused automatically according to schedule or at application startup.
- Change the file security level.
- Change the action that is performed by File Anti-Virus on detection of an infected file.
- Create the protection scope of File Anti-Virus.
- Configure scanning of compound files.
- Optimize file scanning.
- Change the file scan mode.
- Configure Heuristic Analyzer.
- Configure the use of iSwift scanning technology.
Enabling and disabling of File Anti-Virus for Windows
By default, File Anti-Virus for Windows is enabled, running in the mode that is recommended by Kaspersky experts. You can disable File Anti-Virus for Windows if necessary.
To enable or disable File Anti-Virus for Windows in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable File Anti-Virus component, select the File Anti-Virus check box.
- If you want to disable File Anti-Virus component, clear the File Anti-Virus check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable File Anti-Virus on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab and expand the Manage protection section.
- Open the context menu of the File Anti-Virus item and perform one of the following actions:
- To enable File Anti-Virus, select Enable in the menu.
The component status
icon, which is displayed on the left in the File Anti-Virus line, changes to the icon. - To disable File Anti-Virus, select Disable in the menu.
The component status
icon, which is displayed on the left in the File Anti-Virus line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable File Anti-Virus, select Enable in the menu.
To enable or disable File Anti-Virus from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable File Anti-Virus component, select the Enable File Anti-Virus check box.
- If you want to disable File Anti-Virus component, clear the Enable File Anti-Virus check box.
- To save changes, click the Save button.
Automatically pausing File Anti-Virus
You can configure the File Anti-Virus component to pause automatically at a specified time or when handling specified programs.
Pausing File Anti-Virus when it conflicts with some programs is an emergency measure. In case of any conflicts during the operation of a component, contact Kaspersky Technical Support. The support specialists will help you set up File Anti-Virus to run simultaneously with other applications on your virtual machine.
To configure automatic pausing of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Pause operation section, do the following:
- To configure automatic pausing of File Anti-Virus at a specified time:
- Select the By schedule check box and click the Schedule button.
- In the Pause operation window that opens, in the Pause task at and Resume task at fields, specify the time (in the HH:MM format) during which the File Anti-Virus will be paused.
- Click OK.
- To configure automatic pausing of File Anti-Virus when specified applications are launched:
- Select At application startup and click the Select button.
- In the Applications window that opens, use the Add, Edit, and Delete buttons to create a list of applications. File Anti-Virus is not suspended when these applications are running.
- Click OK.
- To configure automatic pausing of File Anti-Virus at a specified time:
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure automatic pausing of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Changing the file security level
To protect the virtual machine's file system, File Anti-Virus applies various groups of settings. These groups of settings are called file security levels. You can select one of the preset file security levels or configure security level settings on your own. There are three file security levels: High, Recommended, and Low. The Recommended file security level is considered the optimal group of settings, and is recommended by Kaspersky.
To change the file security level in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.
After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.
- If you want to change the file security level to Recommended, click the Default button.
- Click the Apply button.
To change the file security level in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
- In the Security level section, do one of the following:
- If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.
After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.
- If you want to change the file security level to Recommended, click the Default button.
- To save changes, click the Save button.
Changing the File Anti-Virus action to take on infected files
To change the File Anti-Virus action on infected files using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- Click the Apply button.
To change the File Anti-Virus action on infected files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
- In the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- To save changes, click the Save button.
Editing the protection scope of File Anti-Virus
The protection scope refers to the objects that the component scans during its operation. The protection scopes of different components have different properties. The location and type of files to be scanned are properties of the protection scope of File Anti-Virus. By default, File Anti-Virus scans only
that are stored on hard drives, removable drives, and network drives of a virtual machine. You can expand or restrict the protection scope by adding or removing scan objects, or by changing the type of files to be scanned.To create the File Anti-Virus protection scope in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the General tab, in the File types section, specify the types of files you want to scan using File Anti-Virus:
- If you want to scan all files, select All files.
- Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
- Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.
When selecting the type of files to scan, remember the following information:
- There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high.
- An intruder can send a virus or other malware to your virtual machine in an executable file that has had its extension changed to .txt. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, File Anti-Virus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
- The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.
- In the Protection scope section, create the File Anti-Virus protection scope.
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- In the Select object window that opens, select an object and click Add.
- Click OK.
All objects that are selected in the Select object window are displayed in the File Anti-Virus window, in the Protection scope list.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the protection scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window, click Yes.
- To exclude an object from the protection scope without removing it, clear the check box next to the object in the Protection scope list. The object remains on the list of objects to be scanned, though it is excluded from scanning by File Anti-Virus.
- To add a new object to the list of objects to be scanned:
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To create the File Anti-Virus protection scope in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Scanning of compound files by File Anti-Virus
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan: archives, self-extracting archives, or embedded OLE objects by selecting the corresponding check boxes.
- If you want File Anti-Virus to scan only new and changed compound files of all types, in the Scan optimization section, select the Scan only new and modified files check box.
If the Scan only new and modified files check box is not selected, in the Scan compound files section you can specify for each type of compound file whether to scan all files of this type or only new ones. To make your choice, click the all / new link next to the name of a type of compound file. This link changes its value after you click it.
- Click the Additional button.
- In the Compound files window that opens, in the Background scan section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files in background mode, select the Unpack compound files in background mode check box and specify the required value in the Minimum file size field.
- If you do not want File Anti-Virus to unpack compound files in background mode, clear the Unpack compound files in background mode check box.
- In the Size limit section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
- If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure scanning of compound files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–13 of the previous instructions.
- To save changes, click the Save button.
Optimizing file scanning by File Anti-Virus
You can optimize the file scanning that is performed by File Anti-Virus, thereby reducing the scan time and improving the performance of the application. This can be achieved by scanning only new files and those files that have been modified since the previous scan. This mode applies both to simple and to compound files.
To optimize file scanning using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan optimization section, select the Scan only new and modified files check box.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To optimize file scanning in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Changing the scan mode
Scan mode means the condition under which File Anti-Virus starts to scan files. By default, File Anti-Virus scans files in smart mode. In this file scan mode, File Anti-Virus decides whether or not to scan files after analyzing operations that are performed with the file by you, by an application on behalf of you or a different user (under the account credentials that were used to log in to the operating system), or by the operating system. For example, when a Microsoft Office Word document is used, File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned.
To change the file scan mode using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan mode section, select the required mode:
- Smart mode.
- On access and modification.
- On access.
- On execution.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To change the file scan mode in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Using of Heuristic Analyzer with File Anti-Virus
File Anti-Virus uses a technique called signature analysis. During signature analysis, File Anti-Virus matches the detected object with records in application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of protection you can use heuristic analysis. During heuristic analysis, File Anti-Virus analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure the use of Heuristic Analyzer in the operation of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan methods section, do one of the following:
- If you want File Anti-Virus to use heuristic analysis, select the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want File Anti-Virus to use heuristic analysis, clear the Heuristic Analysis check box.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure the use of Heuristic Analyzer in the operation of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Using of iSwift technology in the operation of File Anti-Virus
You can enable the use of the iSwift technology, which optimizes the speed of file scanning by excluding files that have not been modified since the most recent scan.
To configure the use of iSwift technology in the operation of File Anti-Virus using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan technology section, do one of the following:
- Select the iSwift technology check box to use File Anti-Virus with this technology enabled.
- Clear the iSwift technology check box to use File Anti-Virus with this technology disabled.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
To configure the use of iSwift technology in the operation of File Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select File Anti-Virus.
In the right part of the window, the File Anti-Virus component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Configuring File Anti-Virus of Light Agent for Linux via Kaspersky Security Center
You can do the following to configure File Anti-Virus of Light Agent for Linux via Kaspersky Security Center:
- Change the file security level.
- Change the action that is performed by File Anti-Virus on detection of an infected file.
- Create the protection scope of File Anti-Virus.
- Configure scanning of compound files.
- Change the file scan mode.
- Configure Heuristic Analyzer.
- Configure the usage of iChecker scanning technology.
Enabling and disabling of File Anti-Virus for Linux
By default, File Anti-Virus for Linux is enabled, running in the mode that is recommended by Kaspersky experts. You can disable File Anti-Virus for Linux if necessary.
To enable or disable File Anti-Virus for Linux:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable File Anti-Virus component, select the File Anti-Virus check box.
- If you want to disable File Anti-Virus component, clear the File Anti-Virus check box.
- Click the Apply button.
Changing the file security level
To protect the protected virtual machine’s file system, File Anti-Virus applies various groups of settings. These groups of settings are called file security levels. You can select one of the preset file security levels or configure security level settings on your own. There are three file security levels: High, Recommended, and Low. The Recommended file security level is considered the optimal group of settings, and is recommended by Kaspersky.
To change the file security level:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed file security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom file security level, click the Settings button and, in the File Anti-Virus window that opens, enter your settings.
After you configure a custom file security level, the name of the file security level in the Security level section changes to Custom.
- If you want to change the file security level to Recommended, click the Default button.
- Click the Apply button.
Changing the File Anti-Virus action to take on infected files
To change the File Anti-Virus action on infected files:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the required option:
- Disinfect. Delete if disinfection fails.
- Disinfect.
- Delete.
- Block.
The Disinfect. Delete if disinfection fails option is selected by default.
When files are deleted or disinfected, their copies are saved in Backup.
- Click the Apply button.
Editing the protection scope of File Anti-Virus
The protection scope refers to the objects that the File Anti-Virus component scans during its operation. By default, File Anti-Virus scans only infectable files that are stored on hard drives, removable drives, and network drives of a protected virtual machine. You can expand or narrow the scanning scope by adding or removing objects to be scanned by File Anti-Virus.
To create the File Anti-Virus protection scope:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, select the General tab.
- In the File types section, specify the type of files that you want File Anti-Virus to scan:
- If you want to scan all files, select All files.
- Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
- Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.
The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.
- In the Protection scope section, create the File Anti-Virus protection scope.
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- In the Select object window that opens, select an object and click Add.
- Click OK.
All objects that are selected in the Select object window are displayed in the File Anti-Virus window, in the Protection scope list.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the protection scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window, click Yes.
- To exclude an object from the protection scope without removing it, clear the check box next to the object in the Protection scope list. The object remains on the list of objects to be scanned, though it is excluded from scanning by File Anti-Virus.
- To add a new object to the list of objects to be scanned:
- Click OK in the File Anti-Virus window.
- Click the Apply button.
Scanning of compound files by File Anti-Virus
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan by selecting the corresponding check boxes: packed files, archives, self-extracting archives, mail databases, or mail files.
- Click the Additional button.
- In the Compound files window that opens, in the Time limit section, do one of the following:
- If you want File Anti-Virus to skip files when the specified time runs out, select the Skip files if scanning takes more than and specify the value you need in the Maximum scan time field.
- If you do not want File Anti-Virus to skip files when the specified time runs out, clear the Skip files that are scanned for longer than check box.
- In the Size limit section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
- If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
Changing the scan mode
Scan mode means the condition under which File Anti-Virus starts to scan files. By default, File Anti-Virus scans files in smart mode. In this file scan mode, File Anti-Virus decides whether or not to scan files after analyzing operations that are performed with the file by you, by an application on behalf of you or a different user (under the account credentials that were used to log in to the operating system), or by the operating system. For example, when a Microsoft Office Word document is used, File Anti-Virus scans the file when it is first opened and last closed. Intermediate operations that overwrite the file do not cause it to be scanned.
To change the file scan mode:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan mode section, select the required mode:
- Smart mode.
- On access and modification.
- On access.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
Using of Heuristic Analyzer with File Anti-Virus
File Anti-Virus uses a technique called signature analysis. During signature analysis, File Anti-Virus matches the detected object with records in application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of protection you can use heuristic analysis. During heuristic analysis, File Anti-Virus analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure use of Heuristic Analyzer in the operation of File Anti-Virus:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan methods section, do one of the following:
- If you want File Anti-Virus to use heuristic analysis, select the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want File Anti-Virus to use heuristic analysis, clear the Heuristic Analysis check box.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
Using of iChecker technology in the operation of File Anti-Virus
You can enable usage of iChecker technology that increases the scanning speed by excluding certain files from scanning according to a special algorithm that accounts for the release date of the application databases, the date when the file was scanned previously, and changes in the scan settings.
To configure use of iChecker technology in the operation of File Anti-Virus:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Additional tab, in the Scan technology section, do one of the following:
- Select the iChecker technology check box to use File Anti-Virus with this technology enabled.
- Clear the iChecker technology check box to use File Anti-Virus with this technology disabled.
- Click OK in the File Anti-Virus window.
- Click the Apply button.
AMSI Protection
The AMSI Protection component allows Microsoft Office applications and other third-party programs to send requests to scan objects for viruses and other threats using Microsoft Windows Antimalware Scan Interface (AMSI). For more information on AMSI, refer to Microsoft documentation.
If AMSI Protection is enabled, Kaspersky Security can scan an object upon an AMSI request and send the scan result to the application that sent the request. After receiving a threat notification, a third-party application can prevent malicious actions (for example, by shutting down).
For the AMSI Protection component to operate on a protected virtual machine, the Light Agent installed on that virtual machine must be connected to the SVM. If the connection is broken, operation of the AMSI Protection component is suspended, requests for scanning objects are not executed, information about unscanned objects is saved to a report available in the local interface of Light Agent for Windows.
You can configure object scan settings by AMSI requests. While scanning, Kaspersky Security can apply the configured protection and scan exclusions.
Kaspersky Security can block third-party application interaction with the AMSI Protection component and reject AMSI requests from a third-party application, for example, if the maximum number of requests per time interval from this application has been exceeded. In this case, Kaspersky Security sends information about the AMSI request rejection to the Kaspersky Security Center Administration Server. If you want Kaspersky Security not to reject requests from an application, even if the maximum number of requests has been exceeded, add this application to the list of trusted applications and configure the Do not block interaction with AMSI protection exclusion for this application.
Installation and operation of the AMSI Protection component is not supported on virtual machines with guest OS version lower than Windows 10 and Windows Server 2016.
Enabling and disabling AMSI Protection
By default, AMSI Protection is enabled and runs in the mode that Kaspersky experts recommend. You can disable AMSI Protection, if necessary.
To enable or disable AMSI Protection in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the AMSI Protection section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable the AMSI Protection component, select the AMSI Protection check box.
- If you want to disable the AMSI Protection component, clear the AMSI Protection check box.
- Click the Apply button.
To enable or disable AMSI Protection in the Light Agent for Windows local interface:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab and expand the Manage protection section.
- Open the context menu of the AMSI Protection item and perform one of the following actions:
- To enable the AMSI Protection component, select Enable.
The component status
icon, which is displayed on the left in the AMSI Protection line, changes to the icon. - To disable the AMSI Protection component, select Disable.
The component status
icon, which is displayed on the left in the AMSI Protection line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable the AMSI Protection component, select Enable.
Configuring object scan settings by AMSI requests
To configure the settings for scanning objects by AMSI requests from third-party applications:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the AMSI Protection section in the list on the left.
- In the right part of the window, in the Scan compound files section, specify the compound files to be scanned by Kaspersky Security upon request from third-party applications: archives, self-extracting archives, embedded OLE objects.
- In the Size limit section, do one of the following:
- To allow Kaspersky Security to unpack large compound files when scanning objects on request from third-party applications, clear the Do not unpack large compound files check box.
- To prevent Kaspersky Security from unpacking large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field. Kaspersky Security will not unpack compound files larger than the specified size.
Kaspersky Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.
- Click the Apply button.
Mail protection. Mail Anti-Virus
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
Mail Anti-Virus scans incoming and outgoing email messages (hereinafter also "messages" or "mail") for viruses and other malware. The Mail Anti-Virus runs when the application starts; it persists in the VM RAM to check messages received via POP3, IMAP and NNTP, and messages sent via SMTP.
Mail Anti-Virus can scan the messages, that are sent or received via the protocols, that ensure encrypted data transfer.
Mail Anti-Virus intercepts and scans each e-mail message that you receive or send. If no threats are detected in the message, it becomes available to the user.
If Mail Anti-Virus detects a threat in the message during scanning, Kaspersky Security assigns one of the following status labels to this message to designate the type of object detected (for example: virus, Trojan program).
The application then blocks the infected message and performs the action defined in the Mail Anti-Virus settings.
If a message sent via SMTP is found to contain a threat, the message is blocked regardless of the action chosen.
Mail Anti-Virus interacts with mail clients installed on the protected virtual machine. An embeddable extension is available for the Microsoft Office Outlook mail client that lets you fine-tune the message scan settings. The Mail Anti-Virus extension is embedded in the Microsoft Office Outlook mail client during installation of Kaspersky Security.
You can do the following to configure Mail Anti-Virus:
- Change the mail security level.
- Change the action that the application performs on an infected email message.
- Create the Mail Anti-Virus protection scope.
- Configure scanning of compound files attached to messages.
- Configure filtering by the type of attachment to email messages.
- Configure Heuristic Analyzer.
- Configure email scanning in Microsoft Office Outlook.
This section describes how to configure Mail Anti-Virus settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Mail Anti-Virus settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Mail Anti-Virus).
Enabling and disabling Mail Anti-Virus
By default, Mail Anti-Virus is enabled, running in a mode that is recommended by Kaspersky experts. You can disable Mail Anti-Virus, if necessary.
To enable or disable Mail Anti-Virus in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable Mail Anti-Virus component, select the Mail Anti-Virus check box.
- If you want to disable Mail Anti-Virus component, clear the Mail Anti-Virus check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Mail Anti-Virus, on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab and expand the Manage protection section.
- Open the context menu of the Mail Anti-Virus item and perform one of the following actions:
- To enable Mail Anti-Virus, select Enable in the menu.
The component status
icon, which is displayed on the left in the Mail Anti-Virus line, changes to the icon. - To disable Mail Anti-Virus, select Disable in the menu.
The component status
icon, which is displayed on the left in the Mail Anti-Virus line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Mail Anti-Virus, select Enable in the menu.
To enable or disable Mail Anti-Virus from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable Mail Anti-Virus component, select the Enable Mail Anti-Virus check box.
- If you want to disable Mail Anti-Virus component, clear the Enable Mail Anti-Virus check box.
- To save changes, click the Save button.
Changing the mail security level
Mail Anti-Virus applies various groups of settings to protect mail. The settings groups are called mail security levels. You can select one of the pre-installed mail security levels or configure a custom mail security level. There are three mail security levels: High, Recommended, and Low. The Recommended mail security level is considered the optimal group of settings, and is recommended by Kaspersky.
To change the mail security level in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed mail security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom mail security level, click the Settings button and specify settings in the Mail Anti-Virus window.
After you configure a custom mail security level, the name of the security level in the Security level section changes to Custom.
- If you want to change the custom mail security level to Recommended, click the Default button.
- Click the Apply button.
To change the mail security level in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
- In the Security level section, do one of the following:
- If you want to install one of the pre-installed mail security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom mail security level, click the Settings button and specify settings in the Mail Anti-Virus window.
After you configure a custom mail security level, the name of the security level in the Security level section changes to Custom.
- If you want to change the custom mail security level to Recommended, click the Default button.
- To save changes, click the Save button.
Changing the action to take on infected email messages
If a message sent via SMTP is found to contain a threat, the message is blocked regardless of the action chosen.
To use Kaspersky Security Center to change the action on infected email messages:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the Action on threat detection section, select the action the application performs upon detecting an infected email message:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
When the messages are deleted or disinfected, copies of messages are saved in Backup.
- Click the Apply button.
To change the action on infected email messages in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
- In the Action on threat detection section, select the action that is performed by the application on detecting an infected email message:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
When the messages are deleted or disinfected, copies of messages are saved in Backup.
- To save changes, click the Save button.
Editing the protection scope of Mail Anti-Virus
The protection scope refers to the objects that the component scans during its operation. The protection scopes of different components have different properties. The properties of the protection scope of Mail Anti-Virus include the settings of Mail Anti-Virus integration into mail clients, and the type of email messages and the email protocols whose traffic is scanned by Mail Anti-Virus. By default, Mail Anti-Virus scans both incoming and outgoing messages and traffic via the POP3, SMTP, IMAP, and NNTP protocols, and is integrated into the Microsoft Office Outlook application. The Mail Anti-Virus extension is embedded in the Microsoft Office Outlook mail client during installation of Kaspersky Security.
To create the protection scope of Mail Anti-Virus in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Mail Anti-Virus window that opens, on the General tab, in the Protection scope section, do one of the following:
- If you want Mail Anti-Virus to scan all incoming and outgoing messages on the protected virtual machine, select the Incoming and outgoing messages option.
- If you want Mail Anti-Virus to scan only incoming messages on the protected virtual machine, select the Incoming messages only option.
If you choose to scan incoming messages only, you are advised to perform a one-time scan of all outgoing messages because there is a chance that the protected virtual machine has email worms that use email to spread. This helps to avoid unmonitored mass emailing of infected messages from the protected virtual machine.
- In the Connectivity section, do the following:
- If you want Mail Anti-Virus to scan messages that are transmitted via the POP3, SMTP, NNTP and IMAP protocols before they arrive on the protected virtual machine, select the POP3 / SMTP / NNTP / IMAP traffic check box.
- If you do not want Mail Anti-Virus to scan messages that are transmitted via the POP3, SMTP, NNTP and IMAP protocols before they arrive on the protected virtual machine, clear the POP3 / SMTP / NNTP / IMAP traffic check box. In this case, messages are scanned by the Mail Anti-Virus extension that is embedded into the Microsoft Office Outlook mail client after they arrive on the protected virtual machine.
- If you want to open access to Mail Anti-Virus settings from Microsoft Office Outlook and enable scanning of messages that are transmitted via the POP3, SMTP, NNTP, and IMAP protocols after they arrive on the protected virtual machine by using an extension that is embedded into Microsoft Office Outlook, select the Additional: Microsoft Office Outlook extension check box.
- If you want to close access to Mail Anti-Virus settings from Microsoft Office Outlook and disable scanning of messages that are transmitted via the POP3, SMTP, NNTP, and IMAP protocols after they arrive on the protected virtual machine by using an extension that is embedded into Microsoft Office Outlook, clear the Additional: Microsoft Office Outlook extension check box.
If you use a mail client other than Microsoft Office Outlook, messages that are transmitted via the POP3, SMTP, NNTP and IMAP protocols are not scanned by Mail Anti-Virus when the POP3 / SMTP / NNTP / IMAP traffic check box is cleared.
- Click OK in the Mail Anti-Virus window.
- Click the Apply button.
To create the protection scope of Mail Anti-Virus in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Scan compound files that are attached to messages
You can enable or disable scanning of compound files attached to messages, limit the maximum size of message attachments to be scanned, and limit the maximum message attachment scan duration.
To use Kaspersky Security Center to configure scan of compound files attached to messages:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Mail Anti-Virus window that opens, on the General tab, in the Scan compound files section, perform the following:
- If you want Mail Anti-Virus to skip archives that are attached to messages, clear the Scan attached archives check box.
- If you want Mail Anti-Virus to skip attached archives that are larger than a specified number of megabytes, select the Do not scan archives larger than N MB check box. If you select this check box, specify the maximum archive size in the field next to the name of the check box.
- If you want Mail Anti-Virus to skip attached archives that take more than a specified number of seconds to scan, select the Do not scan archives for more than N sec check box. If you set this check box, specify the maximum archive scan time in the field that is opposite the name of the check box.
- Click OK in the Mail Anti-Virus window.
- Click the Apply button.
To use the local interface to configure scan of compound files attached to messages:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Filtering attachments in messages
Malicious programs can be distributed in the form of message attachments. You can configure filtering of email message attachments by type, so that files of such types are automatically renamed or deleted. By renaming an attachment of a certain type, Kaspersky Security can protect your virtual machine against automatic execution of malware.
To configure filtering of attachments using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Mail Anti-Virus window that opens, on the Attachment filter tab, perform one of the following actions:
- If you do not want Mail Anti-Virus to filter message attachments, select the Do not apply filter option.
- If you want Mail Anti-Virus to rename message attachments of the specified types, select the Rename specified attachment types option.
- If you want Mail Anti-Virus to delete message attachments of the specified types, select the Delete specified attachment types option.
- If in step 7 of these instructions you have selected the Rename specified attachment types option or the Delete specified attachment types option, the list of file types becomes active. Set the check boxes next to the required file types. You can change the list of file types by using the Add, Edit, and Delete buttons.
- Click OK in the Mail Anti-Virus window.
- Click the Apply button.
To configure filtering of attachments in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Using Heuristic Analyzer with Mail Anti-Virus
To improve the effectiveness of protection, you can use heuristic analysis in the operation of Mail Anti-Virus. During heuristic analysis, Kaspersky Security analyzes the activity of applications in the operating system. Heuristic analysis can detect new malicious objects in messages even if there are currently no records of such objects in the application database.
To use Kaspersky Security Center to configure use of Heuristic Analyzer in the operation of Mail Anti-Virus:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Mail Anti-Virus window that opens, on the Additional tab, in the Scan method section, do the following:
- If you want Mail Anti-Virus to use heuristic analysis, select the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want Mail Anti-Virus to use heuristic analysis, clear the Heuristic Analysis check box.
- Click OK in the Mail Anti-Virus window.
- Click the Apply button.
To use the local interface to configure the use of Heuristic Analyzer in the operation of Mail Anti-Virus:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Mail Anti-Virus.
In the right part of the window, the Mail Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Scanning emails in Microsoft Office Outlook
During installation of Kaspersky Security, the Mail Anti-Virus extension is embedded into Microsoft Office Outlook. It allows you to open the Mail Anti-Virus settings from inside Microsoft Office Outlook, and to specify at what moment email messages are to be scanned for viruses and other malware. The Mail Anti-Virus extension for Microsoft Office Outlook can scan incoming and outgoing messages that are transmitted via the POP3, SMTP, NNTP, and IMAP protocols.
You can configure the settings for the Mail Anti-Virus extension in the Light Agent for Windows policy using Kaspersky Security Center or in Microsoft Office Outlook.
Mail Anti-Virus settings can be configured directly in Microsoft Office Outlook if the Additional: Microsoft Office Outlook extension check box is selected in the Light Agent for Windows policy properties or in the local interface of Light Agent for Windows.
In Microsoft Office Outlook, incoming messages are first scanned by Mail Anti-Virus (if the POP3 / SMTP / NNTP / IMAP traffic check box is selected in the Light Agent policy properties or in the local interface of Light Agent) and then scanned by the Mail Anti-Virus extension for Microsoft Office Outlook. Outgoing messages are first scanned by the Mail Anti-Virus extension for Microsoft Office Outlook, and then scanned by Mail Anti-Virus.
Configuring the mail scan mode using Kaspersky Security Center
To configure the operating mode of the Mail Anti-Virus component’s extension for Microsoft Office Outlook using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Mail Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Mail Anti-Virus window that opens, on the General tab, in the Connectivity section, click the Settings button.
- In the Mail protection window that opens, perform the following actions:
- Select the Scan when receiving check box if you want the Mail Anti-Virus component extension for Microsoft Office Outlook to scan incoming messages as they arrive to the mailbox.
- Select the Scan when reading check box if you want the Mail Anti-Virus component extension for Microsoft Office Outlook to scan incoming messages when the user opens them.
- Select the Scan when sending check box if you want the Mail Anti-Virus component extension for Microsoft Office Outlook to scan outgoing messages as they are sent.
- In the Mail protection window, click OK.
- Click OK in the Mail Anti-Virus window.
- Click the Apply button.
Configuring email scanning in Microsoft Office Outlook
Mail Anti-Virus settings can be configured directly in Microsoft Office Outlook if the Additional: Microsoft Office Outlook extension check box is selected in the Light Agent for Windows policy properties or in the local interface of Light Agent for Windows.
To adjust the email scan settings in Microsoft Office Outlook:
- Open the main Microsoft Outlook application window.
In the upper-left corner, select the File tab.
- Click the Settings button.
The Outlook settings window opens.
- Select the Add-Ins section.
Settings of plug-ins embedded into Microsoft Office Outlook are displayed in the right part of the window.
- Click the Add-In Options button.
The Add-In Options window opens.
Protecting virtual machine web traffic. Web Anti-Virus
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
Every time you go online, you expose information that is stored on your virtual machine to viruses and other malware. They can infiltrate your virtual machine while you are downloading free software or browsing websites that are compromised by hacker attacks. Network worms can find a way onto virtual machine as soon as you establish an Internet connection, even before you open a web page or download a file.
Web Anti-Virus checks web addresses against the databases of malicious and phishing web addresses and secures web traffic received and sent by a virtual machine.
Web Anti-Virus can scan the web traffic, transmitted through secure connections.
If secure connections scan is enabled, Web Anti-Virus intercepts each web page or file requested by you or an application over the HTTP, FTP, HTTPS, FTPS, WS or WSS protocols, and analyzes those web pages or files for the presence of viruses or other malware. The following happens next:
- If the page or file is found not to contain malicious code, the user gains immediate access to them.
- If a web page or file contains malicious code, the application performs the action that is specified in the Web Anti-Virus settings.
You can do the following to configure Web Anti-Virus:
- Change web traffic security level.
- Change the action that the application performs on malicious web traffic objects.
- Configure Web Anti-Virus scanning to check web addresses against databases of phishing and malicious web addresses.
- Configure the use of heuristic analysis when scanning web traffic for viruses and other malware, and for the detection of phishing web addresses.
- Create a list of trusted web addresses.
A web address may be the address of a specific web page or the address of a website.
This section describes how to configure Web Anti-Virus settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Web Anti-Virus settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Web Anti-Virus).
Enabling and disabling Web Anti-Virus
By default, Web Anti-Virus is enabled, running in a mode that is recommended by Kaspersky experts. You can disable Web Anti-Virus, if necessary.
To enable or disable Web Anti-Virus in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable Web Anti-Virus component, select the Web Anti-Virus check box.
- If you want to disable Web Anti-Virus component, clear the Web Anti-Virus check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Web Anti-Virus on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage protection section.
- Open the context menu of the Web Anti-Virus item and perform one of the following actions:
- To enable Web Anti-Virus, select Enable in the menu.
The component status
icon, which is displayed on the left in the Web Anti-Virus line, changes to the icon. - To disable Web Anti-Virus, select Disable in the menu.
The component status
icon, which is displayed on the left in the Web Anti-Virus line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Web Anti-Virus, select Enable in the menu.
To enable or disable Web Anti-Virus from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable Web Anti-Virus component, select the Enable Web Anti-Virus check box.
- If you want to disable Web Anti-Virus component, clear the Enable Web Anti-Virus check box.
- To save changes, click the Save button.
Changing the web traffic security level
Web Anti-Virus applies various groups of settings to secure web traffic. Such settings groups are called web traffic security levels. There are three web traffic security levels: High, Recommended, and Low. The Recommended web traffic security level is considered the optimal setting, and is recommended by Kaspersky.
To change the web traffic security level in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed web traffic security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom web traffic security level, click the Settings button and specify settings in the Web Anti-Virus window.
When you have configured a custom web traffic security level, the name of the security level in the Security level section changes to Custom.
- If you want to change the web traffic security level to Recommended, click the Default button.
- Click the Apply button.
To change the web traffic security level in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
- In the Security level section, do one of the following:
- If you want to install one of the pre-installed web traffic security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom web traffic security level, click the Settings button and specify settings in the Web Anti-Virus window.
When you have configured a custom web traffic security level, the name of the security level in the Security level section changes to Custom.
- If you want to change the web traffic security level to Recommended, click the Default button.
- To save changes, click the Save button.
Changing the action to take on malicious web traffic objects
To use Kaspersky Security Center to change the action on malicious objects in web traffic:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the action that the application performs on malicious web traffic objects:
- Select action automatically.
- Block download.
- Allow download.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Block download.
- Click the Apply button.
To use the local interface to change the action on malicious web traffic objects:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
- In the Action on threat detection section, select the action that Kaspersky Security performs on malicious web traffic objects:
- Select action automatically.
- Block download.
- Allow download.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Block download.
- To save changes, click the Save button.
Checking web addresses against the database of phishing and malicious web addresses
The database of malicious web addresses contains a list of web resources whose content may be considered to be dangerous.
Checking web addresses against the database of phishing web addresses helps avoid phishing attacks. A phishing attack can be disguised, for example, as an email message from your bank with a link to the website of the bank. The link takes you to an exact copy of the bank’s website and you can even see the address similar to the bank’s original website in the browser. However, you are actually on a counterfeit website. From this point forward, all of your actions are tracked and can be used to steal your money.
Web Anti-Virus tracks attempts to access a phishing website during a web traffic scan and blocks access to such websites.
Lists of phishing and malicious web addresses are included in the Kaspersky Security distribution kit and are updated as application databases are updated.
To use Kaspersky Security Center to configure checking of web addresses against the databases of phishing and malicious web addresses:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Web Anti-Virus window, on the General tab:
- If you want Web Anti-Virus to check web addresses against the databases of malicious web addresses, in the Scan methods section, select the Check if web addresses are listed in the database of malicious web addresses check box.
- If you want Web Anti-Virus to check web addresses against the databases of phishing web addresses, in the Anti-Phishing Settings section, select the Check if web addresses are listed in the database of phishing web addresses check box.
You can also use the reputation databases of Kaspersky Security Network to check web addresses against the databases of phishing and malicious web addresses.
- Click OK in the Web Anti-Virus window.
- Click the Apply button.
To use the local interface to configure checking of web addresses against databases of phishing and malicious web addresses:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Using Heuristic Analyzer with Web Anti-Virus
To improve the effectiveness of protection, you can use heuristic analysis in the operation of Web Anti-Virus. During heuristic analysis, Kaspersky Security analyzes the activity of programs in the operating system of the protected virtual machine. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To use Kaspersky Security Center to configure use of Heuristic Analyzer in the operation of Web Anti-Virus:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Web Anti-Virus window that opens, on the General tab:
- If you want Web Anti-Virus to use heuristic analysis to scan web traffic for viruses and other malware, in the Scan methods section, select the Heuristic analysis for detecting viruses check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you want Web Anti-Virus to use heuristic analysis when checking web addresses, in the Anti-Phishing settings section select the Heuristic analysis for detecting phishing web addresses check box.
- Click OK in the Web Anti-Virus window.
- Click the Apply button.
To use the local interface to configure the use of Heuristic Analyzer in the operation of Web Anti-Virus:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Editing the list of trusted web addresses
You can create a list of web addresses whose content you trust. Web Anti-Virus does not analyze information from trusted web addresses for viruses or other malicious applications. This option may be useful, for example, when Web Anti-Virus interferes with downloading a file from a known website.
To create a list of trusted web addresses using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Web Anti-Virus window that opens, on the Trusted web addresses tab, select the Do not scan web traffic from trusted web addresses check box.
- Create a list of addresses of websites/web pages whose content you trust. To do this, perform the following actions:
- Click the Add button.
- In the displayed Address / Address mask window, enter the website or web page address or address mask.
- Click OK.
A new record appears in the list of trusted web addresses.
- If necessary, repeat steps a–c of these instructions.
- Click OK in the Web Anti-Virus window.
- Click the Apply button.
To create a list of trusted web addresses in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Web Anti-Virus.
In the right part of the window, the Web Anti-Virus component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Monitoring network traffic
When Kaspersky Security is running, the Mail Anti-Virus, Web Anti-Virus, and Web Control components monitor the network traffic of the protected virtual machines.
You can configure the following general network traffic monitoring settings:
- settings for monitoring of TCP and UDP ports, open on the protected virtual machine
- settings for scanning the traffic, transmitted through secure connections
This section describes how to configure Network traffic monitoring settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Network traffic monitoring settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Other settings → Network traffic monitoring).
Network ports monitoring
When Kaspersky Security is running, the Mail Anti-Virus, Web Anti-Virus, and Web Control components can monitor data streams that are transmitted over specific protocols and that pass through specific open TCP and UDP ports on the protected virtual machine. For example, Mail Anti-Virus scans data that is transmitted via SMTP, while Web Anti-Virus scans data that is transmitted via HTTP and FTP.
Kaspersky Security divides TCP and UDP ports of the operating system into several groups, depending on the likelihood of their being compromised. Some network ports are reserved for vulnerable services. You are advised to monitor these ports more thoroughly, because the likelihood that they are attacked is greater. If you use non-standard services that rely on non-standard network ports, these network ports may also be targeted by an attacking device. You can specify a list of network ports and a list of applications that request network access. These ports and applications then receive special attention from the Mail Anti-Virus and Web Anti-Virus components as they monitor network traffic.
You can perform the following actions to configure the settings of network ports control:
- Select the network ports monitoring mode.
- Create a list of monitored network ports.
- Create a list of applications for which all network ports are monitored.
Selecting the network ports monitoring mode
To select the network port monitoring mode in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Monitored ports section, select the network ports monitoring mode:
- If you want Kaspersky Security components to monitor data streams, that are transmitted over any open TCP- and UDP ports on the virtual machine, select the Monitor all network ports variant.
- If you want Kaspersky Security components to monitor data streams, that are transmitted over default and selected by you ports on the virtual machine, select the Monitor selected ports only variant. You can configure the list of monitored ports and / or list of applications for which ports are monitored, in the Network ports window. The Network ports window can be opened by clicking the Settings button.
This network ports monitoring mode is used by default.
- Click the Apply button.
To select the network port monitoring mode in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete step 6 of the previous instructions.
- To save changes, click the Save button.
Creating a list of monitored network ports
If the "Monitor selected ports only" network port monitoring mode is used, you can configure the list of monitored ports. The default list is configured according to the recommendations of the Kaspersky experts.
To create the list of monitored network ports in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Monitored ports section, select Monitor selected ports only.
- Click the Settings button.
The Network ports window opens. The Network ports window displays a list of network ports that are normally used for transmission of email and network traffic.
- In the list of network ports, perform the following:
- Set the check boxes opposite those network ports that you want to include in the list of monitored network ports.
By default, the check boxes are set opposite all network ports that are listed in the Network ports window.
- Clear the check boxes opposite those network ports that you want to exclude from the list of monitored network ports.
- Set the check boxes opposite those network ports that you want to include in the list of monitored network ports.
- If the required network port is not shown in the list of network ports, you can add it. To do this, perform the following actions:
- Under the list of network ports, click the Add link to open the Network port window.
- Enter the network port number in the Port field.
- Enter the name of the network port in the Description field.
- In the Network port window, click OK.
The newly added network port is shown at the end of the list of network ports.
- In the Network ports window, click OK.
- Click the Apply button.
To create the list of monitored network ports in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–10 of the previous instructions.
- To save changes, click the Save button.
When the FTP protocol runs in passive mode, the connection can be established via a random network port that is not added to the list of monitored network ports. To protect such connections, enable the monitoring of all network ports or configure the monitoring of all network ports for applications that establish the FTP connection.
Page top
Creating a list of applications for which all network ports are monitored
If the "Monitor selected ports only" network port monitoring mode is used, you can create a list of applications for which Kaspersky Security monitors all network ports.
We recommend including applications that receive or transmit data via the FTP protocol in the list of applications for which Kaspersky Security monitors all network ports.
To use Kaspersky Security Center to create a list of applications for which all network ports are monitored:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Monitored ports section, select Monitor selected ports only.
- Click the Settings button.
- In the Network ports window that opens, select the Monitor all ports for specified applications check box.
- In the list of applications under the Monitor all ports for specified applications check box, do the following:
- Set the check boxes next to the names of applications for which you want to monitor all network ports.
By default, the check boxes are set next to all applications that are listed in the Network ports window.
- Clear the check boxes next to the names of applications for which you do not want to monitor network ports.
- Set the check boxes next to the names of applications for which you want to monitor all network ports.
- If the required application is not shown in the list of applications, you can add it. To do this, perform the following actions:
- Click the Add link under the list of applications and open the Application window.
- In the Path field, enter the path to the executable file of the application.
- In the Name field, enter an application name.
- In the Application window, click OK.
The application that you have added appears at the end of the list of applications in the Network ports window.
- In the Network ports window, click OK.
- Click the Apply button.
To use the local interface to create a list of applications for which all network ports are monitored:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the Monitored ports section, select Monitor selected ports only.
- Complete steps 6–9 of the previous instructions.
- If the required application is not shown in the list of applications, you can add it. To do this, perform the following actions:
- Click the Add link under the list of applications and open the context menu.
- Select the way in which to add the application to the list of applications:
- To select an application from the list of applications that are installed on the protected virtual machine, select the Applications command.
A window opens, letting you specify the name of the application.
- To specify the location of the application's executable file, select the Browse command.
A window opens, letting you specify the path to the executable file of the application.
- To select an application from the list of applications that are installed on the protected virtual machine, select the Applications command.
- The Application window opens after you select the application.
- In the Name field, enter a name for the selected application.
- Click OK.
The application that you have added appears at the end of the list of applications in the Network ports window.
- In the Network ports window, click OK.
- To save changes, click the Save button.
Scanning secure connections
Kaspersky Security can scan the traffic transmitted over secure connections that were established using the following protocols: TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0.
The application does not monitor traffic that is transmitted over encrypted connections using the TLS 1.3 protocol, if the Encrypted Server Name Indication technology is used in TLS 1.3.
The application does not monitor traffic that is transmitted over encrypted connections using the SSL 2.0 protocol.
By default, Kaspersky Security intercepts the traffic, transmitted through the secure connections, decrypts it and sends it for scanning to the Mail Anti-Virus, the Web Anti-Virus, and the Web Control components. Kaspersky Security components process the traffic according to the configured settings.
If secure connections scan is disabled, application components have the following limitations:
- Mail Anti-Virus does not scan messages that are sent or received via the protocols that ensure encrypted data transfer.
- Web Anti-Virus does not scan web pages and files that are accessed over encrypted connections.
- While monitoring access to web resources over encrypted connections, Web Control does not apply access rules that use content filtering.
If an error occurs while scanning an encrypted connection, the connection with the web resource is terminated. By default, Kaspersky Security also adds the domain name of the web resource to the list of domains whose secure connections result in a scan error. All web resources of domains in this list are excluded from secure connections scans. When there is another attempt to access web resources of this domain, Kaspersky Security allows the connection to be established but does not decrypt and scan the traffic. You can configure the action that is taken by Kaspersky Security when a secure connection scan error occurs.
When decrypting the traffic, Kaspersky Security validates the certificate of the web resource, secure connection to which is being established. By default, Kaspersky Security allows a connection to be established when a certificate error is detected. However, if the connection is being established through a browser, a certificate error warning is displayed on the screen. You can configure the action that is taken by Kaspersky Security when a web resource certificate error is detected.
Kaspersky Security does not scan secure connections that are included in the list of predefined exclusions from secure connections scan. The list of predefined exclusions is generated by Kaspersky experts, is included into the Kaspersky Security application distribution kit, and is updated automatically when application databases are updated. You can view the list of predefined exclusions in the local interface of Light Agent for Windows.
You can also configure the following exclusions from secure connections scan:
- Exclusion of web resources of trusted domains. Kaspersky Security does not decrypt traffic and does not scan certificates of web resources if an encrypted connection is established with a web resource of a domain that has been added to the list of trusted domains.
- Exclusion of trusted applications. Kaspersky Security does not decrypt traffic and does not scan certificates of web resources if an encrypted connection is initiated by an application for which an encrypted traffic scan exclusion is configured.
When scanning secure connections, Kaspersky certificate is used. This certificate is automatically installed to the trusted certificates storage on the protected virtual machine when Kaspersky Security is installed, and is deleted when the application is removed.
Kaspersky Security changes the Mozilla Firefox browser settings on the protected virtual machine, for browser to use the system trusted certificates storage.
Enabling or disabling secure connections scan
By default, secure connections scan is enabled and runs in the mode that Kaspersky experts recommend. You can disable secure connections scan, if necessary.
To enable or disable secure connections scanning using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Secure connections scan section, do one of the following:
- Select the Scan secure connections check box, if you want Kaspersky Security components to scan the traffic, transmitted through secure connections.
- Clear the Scan secure connections check box, if the traffic transmitted through secure connections is not to be decrypted and scanned.
- Click the Apply button.
To enable or disable secure connections scanning in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete step 6 of the previous instructions.
- To save changes, click the Save button.
Viewing the list of predefined exclusions
The list of predefined exclusions contains the connections that can be established between applications and web resources of domains. There is no capability to decrypt traffic for these connections, therefore Kaspersky Security does not scan these connections during a secure connections scan.
You can view the list of predefined exclusions from secure connections scan in the local interface of Light Agent for Windows. The list is generated by Kaspersky experts and is updated automatically when the application databases are updated.
To view the list of predefined exclusions from secure connections scan:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
- In the Secure connections scan section, click the link to open the Pre-determined exclusions for secure connections scan window.
The connections in the list are defined using the following conditions:
- Domain with which the connection is established. A domain may be defined using a mask. The
*character in a mask replaces any sequence that contains zero or more characters. If a domain is not specified or the Domain column contains the*mask, connections with any domain are excluded from scans. - Name of the executable file of a program that establishes a connection. If a program is not specified, connections initiated by programs with any executable file name are excluded from scans.
- Publisher of a program that establishes a connection. If no publisher is specified, connections initiated by programs from any publisher are excluded from scans.
- Owner of the digital signature of a program that establishes a connection. If no digital signature owner is specified, connections initiated by programs are excluded from scans regardless of their digital signature.
Configuring secure connections scan settings
You can configure secure connections scan settings through Kaspersky Security Center or in the local interface of Light Agent for Windows.
To configure secure connections scan settings in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Secure connections scan section, click the Scan settings button.
- In the Secure connections scan settings window that opens, select the action that Kaspersky Security performs when a web resource certificate error is detected:
- Allow. Kaspersky Security allows a connection to be established with the web resource.
If the connection is established through a browser and you attempt to access a website with a certificate error, you will see an HTML page containing a warning that visiting the website is not recommended, and a description of the detected certificate error. You can click the link on the HTML page to proceed to the requested website. For a period of an hour after clicking the link, Kaspersky Security will not display warnings for the certificate error of this website or when requesting other web resources in the same domain.
This action is selected by default.
- Block. Kaspersky Security blocks the connection with the web resource.
If the connection is established through a browser and you attempt to access a website with a certificate error, you will see an HTML page containing a warning that the website is blocked, and a description of the detected certificate error.
- Allow. Kaspersky Security allows a connection to be established with the web resource.
- Select the action that Kaspersky Security performs when secure connections scan errors occur:
- Exclude domain from scanning. If scan of a secure connection with a web resource ends with an error, Kaspersky Security adds the web resource domain to the list of domains with secure connection errors. All web resources of domains in this list are excluded from secure connections scans. When there is another attempt to access web resources of this domain, Kaspersky Security allows the connection to be established but does not decrypt and scan the traffic.
This action is selected by default.
The list of domains with secure connections scan errors can be viewed in the Secure connections scan settings window in the local interface of Light Agent for Windows.
- Terminate connection. If a scan of a secure connection with a web resource ends with an error, Kaspersky Security blocks all subsequent attempts to connect to this web resource.
If you selected the Terminate connection action, all domains previously added to the list of domains with secure connections scan errors are automatically deleted from this list.
- Exclude domain from scanning. If scan of a secure connection with a web resource ends with an error, Kaspersky Security adds the web resource domain to the list of domains with secure connection errors. All web resources of domains in this list are excluded from secure connections scans. When there is another attempt to access web resources of this domain, Kaspersky Security allows the connection to be established but does not decrypt and scan the traffic.
- If you want Kaspersky Security to block connections that are established using the TLS 1.0, SSL 2.0, and SSL 3.0 protocols, select the Block TLS 1.0, SSL 2.0 and SSL 3.0 connections (recommended) check box.
By default, Kaspersky Security does not block network connections that are established using the TLS 1.0, SSL 2.0 and SSL 3.0 protocols. In this case, Kaspersky Security monitors network traffic transmitted over connections that are established using the TLS 1.0 and SSL 3.0 protocols. Network traffic transmitted using the SSL 2.0 protocol is not monitored.
The TLS 1.0, SSL 2.0, and SSL 3.0 protocols have some flaws affecting the security of data transfer.
- In the Secure connections scan settings window, click OK.
- Click the Apply button.
To configure the secure connections scan settings in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–10 of the previous instructions.
Click the Domains with scan errors link in the Secure connections scan settings window to view the list of domains whose secure connections result in a scan error.
- To save changes, click the Save button.
Excluding web resources from secure connections scan
Kaspersky Security does not decrypt traffic or check security certificates for web resources of trusted domains. You can generate a list of trusted domains through Kaspersky Security Center or in the local interface of Light Agent for Windows.
To create the list of trusted domains using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Secure connections scan section, click the Trusted domains button.
- In the Trusted domains window that opens, configure the list of trusted domains:
- To add a domain to the list of trusted domains:
- Click the Add button.
- In the Domain window that opens, enter the name, IP address, IP range (for example 198.51.100.0/24), or the web address of the domain.
The scan exclusion is not applied to web resources of subdomains of the specified domain. If you want to exclude web resources of subdomains from secure connections scan, enter the domain mask in the format
*.example.com. - In the Domain window, click OK.
- To change the name or address of a trusted domain:
- Select the domain in the list and click Edit.
- In the Domain window that opens, enter the new domain name, IP address, IP range (for example 198.51.100.0/24), web address or domain mask in the
*.example.comformat and click OK.
- To remove a domain from the list of trusted domains, select it in the list and click Delete.
- If you want to temporarily cancel scan exclusion for web resources of a domain without removing the domain from the list of trusted domains, clear the check box next to the domain in the list. By default, all web resources of domains added to the list are excluded from secure connections scan.
- To add a domain to the list of trusted domains:
- In the Trusted domains window, click OK.
- Click the Apply button.
To create the list of trusted domains in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Exclusion of applications from secure connections scan
You can configure an exclusion from secure connections scan for applications through Kaspersky Security Center or in the local interface of Light Agent for Windows.
To use Kaspersky Security Center to configure application exclusions from secure connections scanning:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network traffic monitoring section in the list on the left.
- In the right part of the window, in the Secure connections scan section, click the Trusted applications button.
- In the Trusted zone window that opens, in the Trusted applications tab, select the application for which you want to configure an exclusion from secure connections scanning in one of the following ways:
- If the application is absent from the list of trusted applications, click Add. In the Exclusions for application window, specify the path to the executable file of the application.
- If the application is on the list of trusted applications, select it and click Edit.
- In the Exclusions for application window, configure the settings for scanning network traffic transmitted for this application by using the Do not scan network traffic check box and the links located in the lower part of the window.
You can configure the following settings for scanning traffic transmitted for this application:
- Exclude all traffic or only encrypted traffic from scans.
- Exclude from scans the traffic transmitted for this application from any IP address or only from specified IP addresses.
- Exclude from scans the traffic transmitted for this application from any or only from specified ports.
You can modify these settings by clicking the link.
- In the Exclusions for application window, click OK.
- In the Trusted zone window, click OK.
- Click the Apply button.
To configure application exclusions from secure connections scanning in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Network traffic monitoring.
In the right part of the window the settings for Network Ports Monitoring and for Scanning Secure Connections are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Select the application for which you want to configure an exclusion from secure connections scan in one of the following ways:
- If the application is absent from the list of trusted applications, click Add and select the application using one of the items in the context menu.
- If the application is on the list of trusted applications, select it and click Edit.
- In the Exclusions for application window, configure the settings for scanning network traffic transmitted for this application by using the Do not scan network traffic check box and the links located in the lower part of the window.
You can configure the following settings for scanning traffic transmitted for this application:
- Exclude all traffic or only encrypted traffic from scans.
- Exclude from scans the traffic transmitted for this application from any IP address or only from specified IP addresses.
- Exclude from scans the traffic transmitted for this application from any or only from specified ports.
You can modify these settings by clicking the link.
- In the Exclusions for application window, click OK.
- In the Trusted zone window, click OK.
- To save changes, click the Save button.
Firewall
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
During your work on local networks and the Internet your virtual machine is exposed to viruses, other malicious applications, and a variety of attacks that exploit vulnerabilities in operating systems and software.
Firewall protects personal data that is stored on the protected virtual machine by blocking network threats while the protected virtual machine is connected to the Internet or a local area network.
When a remote connection to a protected virtual machine is established after installation of the application, Firewall is enabled by default, blocking the RDP session. To prevent the session from being blocked, you need to change the Firewall action for the "Remote desktop network activity" network packet rule to Allow.
During operation of the Firewall component, the Windows Firewall is disabled to prevent conflicts. If a domain policy is being used for the Windows Firewall, you must disable the Windows Firewall in the domain policy during operation of the Firewall component.
Network connection statuses
Firewall component controls all network connections on protected virtual machine and automatically assigns a status to each detected network connection.
The network connection can have one of the following status types:
- Public network. This status is for networks that are not protected by any anti-virus applications, firewalls, or filters (for example, for Internet cafe networks). When the user operates a protected virtual machine that is connected to such a network, Firewall blocks access to files and printers of this virtual machine. External users are also unable to access data through shared folders and remote access to the desktop of this virtual machine. Firewall filters the network activity of each application according to the network rules that are set for it.
Firewall assigns Public network status to the Internet by default. You cannot change the status of the Internet.
- Local network. This status is assigned to networks whose users are trusted to access files and printers on the secured virtual machine (for example, a LAN or home network).
- Trusted network. This status is intended for a safe network in which the virtual machine is not exposed to attacks or unauthorized data access attempts. Firewall permits any network activity within networks with this status.
You can change the statuses that the Firewall component assigns to detected network connections.
In addition, when working via Kaspersky Security Center, you can redefine the settings of networks whose activity is monitored by the Firewall: add a network, change network settings, or delete a network from the table.
Network rules
Network rule is an allowed or blocked action that is performed by Firewall on detecting a network connection attempt. Configuring network rules lets you specify the desired level of virtual machine protection, from blocking Internet access for all applications to allowing unlimited access.
Firewall protects a virtual machine on two levels: network level and application level.
- Protection at the network level is provided by applying rules for network packets (network packet rules). Network packet rules are used to restrict network packets, regardless of the application. Such rules restrict inbound and outbound network traffic through specific ports of the selected data protocol. Firewall specifies certain network packet rules by default.
- Protection at the program level is provided by applying rules by which applications installed on the protected virtual machine can access network resources. Application network rules are used to restrict network activity of a specific application. They factor in not only the characteristics of the network packet, but also the specific application to which this network packet is addressed or which issued this network packet. Such rules make it possible to fine-tune network activity filtering: for example, when a certain type of network connection is blocked for some applications but is allowed for others.
Applications' access to operating system resources, processes, and personal data is controlled by the Application Privilege Control component using application control rules.
The network rules for applications do not take into account the following filter settings specified at the network level:
- Network adapter ID
- List of MAC addresses of the local adapter
- List of local MAC addresses
- Remote MAC addresses list
- Type of Ethernet frame (IP, IPv6, ARP)
- Time to live (TTL) of the IP packet
As a result of the joint use of rules by the network level and application level, network traffic may be blocked at the application level even if it is allowed at the network level.
Network rules for an application and for a group of applications
By default, Kaspersky Security groups all applications that are installed in the operating system of the protected virtual machine by the name of the vendor of the software whose file or network activity it monitors. Application groups are in turn categorized into trust groups. All applications and application groups inherit properties from their parent group: application control rules, application network rules, and their execution priority.
The Firewall component creates a set of network rules for each group of applications detected on the protected virtual machine, and applies network rules for a group of applications to filter the network activity of all applications that belong to the group. The application group network rules define the rights of applications within the group to access different network connections.
Default network rules for a group of applications, as well as inherited application network rules, cannot be modified, deleted, or disabled, and their priority cannot be changed.
You can change the Firewall action that is applied to the network rules created by default for an application group as well as to the inherited network rules of an application.
You can create network rules for a group of applications or for an individual application. A network rule for an application has a higher priority than the network rule of the group to which the application belongs.
Network rule priorities
Each rule has a priority. The higher the rule in the list, the higher priority it has. If network activity is added to several rules, Firewall controls network activity according to the rule with the highest priority.
Network packet rules have a higher priority than network rules for applications. If both network packet rules and network rules for applications are specified for the same type of network activity, the network activity is handled according to the network packet rules.
You can set the execution priority for network packet rules and manually created network rules for an application or group of applications.
Special considerations when working with Firewall
When working with the Firewall, please keep in mind the following special considerations:
- Network activity at the application level via the TCP and UDP protocols is not blocked if the IP address of the sender matches the IP address of the recipient, under the condition that the packet was sent via RAW socket.
- The Firewall does not check the application rules and allows network activity if the remote device has the following IP address:
- for IPv4: 127.0.0.1
- for IPv6: ::1
under the condition that the packet was sent via RAW socket.
- The local address from which or to which data is sent may be undefined in the following cases:
- The application that initiated the network activity via the TCP or UDP protocols did not specify a local IP address.
- The application initiated the network activity via the ICMP protocol.
- The application receives an incoming packet via the UDP protocol.
- The Firewall does not filter loopback traffic at the network level. Decisions on loopback packets are made at the application level.
- When filtering network activity at the application level via the ICMP protocol, the Firewall supports only an outgoing ICMP Echo-Request.
- There is no filtering of incoming ICMP packets at the application level.
- For outgoing network activity via RAW socket, there is no filtering based on packet rules at the application level.
- Packets that are filtered out by the Network Attack Blocker component are not scanned by the Firewall.
- If an SVM has tunneling network interfaces, filtering of tunneling traffic based on packet rules is repeated for the same packet as the packet propagates between interfaces.
This section describes how to configure Firewall settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Firewall settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Firewall). Configuring network rules for an application or application group using the Web Console is not supported.
Enabling or disabling Firewall
By default, Firewall is enabled and functions in the optimal mode. You can disable Firewall, if necessary.
To enable or disable Firewall in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, do one of the following:
- To enable Firewall, select the Firewall check box.
- To disable Firewall, clear the Firewall check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Firewall on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab and expand the Manage protection section.
- Open the context menu of the Firewall item and perform one of the following actions:
- To enable Firewall, in the menu, select Enable.
The component status
icon, which is displayed on the left in the Firewall line, changes to the icon. - To disable Firewall, select Disable in the menu.
The component status
icon, which is displayed on the left in the Firewall line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Firewall, in the menu, select Enable.
To enable or disable Firewall in the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- To enable Firewall component, select the Enable Firewall check box.
- To disable Firewall component, clear the Enable Firewall check box.
- To save changes, click the Save button.
Changing the network connection status
To change the network connection status using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Available networks section, click the Settings button.
- In the Firewall window that opens, on the Networks tab, select the network connection whose status you want to change and click the Edit button.
- In the Network connection window that opens, in the Status list, select the network connection status:
- Public network.
- Local network.
- Trusted network.
- In the Network connection window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
To change the network connection status in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Available networks button.
The Firewall window opens on the Networks tab.
- Select the Networks tab.
- Select a network connection whose status you want to change.
- Open the context menu of the network connection and select the status:
- Public network.
- Local network.
- Trusted network.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Managing network packet rules
You can perform the following actions with network packet rules:
- Create a new network packet rule.
- Change the settings of a network packet rule.
- Change the Firewall action for a network packet rule.
- Change the priority of a network packet rule.
- Enable or disable a network packet rule.
- Delete a network packet rule.
Creating and editing a network packet rule
Network packet rules have a higher priority than network rules for applications.
To create or edit a network packet rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
- In the Firewall window that opens, on the Network packet rules tab, perform one of the following actions:
- To create a new network packet rule, click the Add button.
- To edit an existing network packet rule, select it in the list of network packet rules and click the Edit button.
- In the Network rule window that opens, in the Action drop-down list, select the action to be performed by the Firewall when this type of network activity is detected:
- Allow.
- Block.
- By application rules.
- In the Name field, specify the name of the network service in one of the following ways:
- Click the
icon located to the right of the Name field and select the network service name in the drop-down list.The application includes network services that match the most frequently used network connections.
- Type the name of the network service in the Name field manually.
- Click the
- Specify the data transfer protocol:
- Select the Protocol check box.
- In the drop-down list, select the type of protocol over which the Firewall must monitor activity: TCP, UDP, ICMP, ICMPv6, IGMP or GRE.
If you select a network service from the Name drop-down list, the Protocol check box is selected and the drop-down list next to the check box indicates the protocol type that corresponds to the selected network service.
- In the Direction drop-down list, select the direction of the monitored network activity.
Firewall monitors network connections with the following directions:
- Inbound (packet).
- Inbound.
- Inbound / Outbound.
- Outbound (packet).
- Outbound.
- If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
- Select the ICMP type check box and select the ICMP packet type in the drop-down list.
- Select the ICMP code check box and select the ICMP packet code in the drop-down list.
- If TCP or UDP is selected as the protocol, you can specify the ports of the SVM and remote devices between which the connection is to be monitored:
- Type the ports of the remote device in the Remote ports field.
- Type the ports of the protected virtual machine in the Local ports field.
- In the Network adapters table, specify the settings of network adapters from which network packets can be sent or which can receive network packets. To do so, use the Add, Edit, and Delete buttons.
- In the Maximum value of packet time to live field, specify the range of values of the time to live for inbound and/or outbound network packets. A network rule controls the transmission of network packets whose time to live is within the range from 1 to the specified value. The default value is 0 (value not defined).
- Specify the network addresses of remote devices that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
- Any address. The network rule controls network packets sent and/or received by remote devices with any IP address.
- Subnet addresses. The network rule controls network packets sent and/or received by remote devices with IP addresses associated with the selected network type: Trusted networks, Local networks, Public networks.
- Addresses from a list. The network rule controls network packets sent and/or received by remote devices with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
- Specify the network addresses of the SVMs that can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
- Any address. The network rule controls network packets sent and/or received by SVMs with any IP address.
- Addresses from a list. The network rule controls network packets sent and/or received by the SVMs with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
- If you want the actions of the network packet rule to be reflected in the report, select the Log event check box.
- In the Network rule window, click OK.
If you create a new network packet rule, the rule is displayed on the Network packet rules tab of the Firewall window. By default, the new network rule is placed at the end of the list of network packet rules.
- In the Firewall window, click OK.
- Click the Apply button.
To create or edit a network packet rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab. This tab shows a list of default network packet rules that are set by Firewall.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–20 of the previous instructions.
- To save changes, click the Save button.
Changing the Firewall action for a network packet rule
To change the Firewall action for a network packet rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
- In the Firewall window that opens, on the Network packet rules tab, in the list of network packet rules, select the network packet rule whose action you want to change.
- In the Permission column, open the context menu and select the action that you want to assign:
- Allow.
- Block.
- According to application rule.
- Log events.
- In the Firewall window, click OK.
- Click the Apply button.
To change the Firewall action for a network packet rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab.
- Complete steps 7–9 of the previous instructions.
- To save changes, click the Save button.
Changing the priority of a network packet rule
To change the priority of a network packet rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
- In the Firewall window that opens, on the Network packet rules tab, in the list of network packet rules, select the network packet rule whose priority you want to change and use the Move up and Move down buttons to move the network packet rule to the necessary position in the list.
- In the Firewall window, click OK.
- Click the Apply button.
To change the priority of a network packet rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab.
- In the list of network packet rules, select the network packet rule whose priority you want to change and use the Move up and Move down buttons to move the network packet rule to the necessary position in the list.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Enabling or disabling a network packet rule
All network packet rules created by Firewall by default have the Enabled status (the rule is applied). New network packet rules also have the Enabled status by default.
You can disable any network packet rule that is selected in the list of network packet rules. Disabled network packet rules are temporarily not applied.
To enable or disable a network packet rule using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
- In the Firewall window that opens, on the Network packet rules tab, in the list of network packet rules, select the required network packet rule and perform one of the following actions:
- To enable the rule, set the check box next to the name of the network packet rule.
- To disable the rule, clear the check box next to the name of the network packet rule.
- In the Firewall window, click OK.
- Click the Apply button.
To enable or disable a network packet rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab.
- Complete steps 7–8 of the previous instructions.
- To save changes, click the Save button.
Deleting a network packet rule
To delete a network packet rule using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
- In the Firewall window that opens, on the Network packet rules tab, in the list of network packet rules, select the network packet rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of network packet rules.
- Click the Apply button.
To delete a network packet rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab.
- In the list of network packet rules, select the network packet rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of network packet rules.
- To save changes, click the Save button.
Managing network rules for applications and application groups
You can perform the following actions while managing application network rules:
- Create a new network rule.
- Edit the settings of a network rule.
- Change the Firewall action for a network rule:
- In Kaspersky Security Center, you can change the Firewall action for the network rules of an application group.
- In Light Agent for Windows local interface, you can change the Firewall action for network rules of an individual application or a group of applications.
- Change the priority of a network rule.
- Enable or disable a network rule.
- Delete a network rule.
Default network rules for a group of applications, as well as inherited application network rules, cannot be modified, deleted, or disabled, and their priority cannot be changed.
Creating and editing a network rule for an application or an application group
In Kaspersky Security Center, you can create and edit the settings of a network rule for a group of applications.
In the Light Agent for Windows local interface, you can create and edit the settings of a network rule for an application or application group.
Network packet rules have a higher priority than network rules for applications.
To create or edit a network rule for an application group in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
- In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group for which you want to create or modify a network rule.
- Click the Edit button or open the context menu and select the Group rules item.
- In the Application group control rules window that opens, select the Network rules tab and perform one of the following actions:
- To create a new network rule for an application group, click the Add button.
- To edit an existing network rule for an application group, select it in the list of network rules and click the Edit button.
- In the Network rule window that opens, in the Action drop-down list, select the action to be performed by the Firewall when this type of network activity is detected:
- Allow.
- Block.
- In the Name field, specify the name of the network service in one of the following ways:
- Click the icon located to the right of the Name field and select the network service name in the drop-down list.
The application includes network services that match the most frequently used network connections.
- Type the name of the network service in the Name field manually.
- Click the
- Specify the data transfer protocol:
- Select the Protocol check box.
- In the drop-down list, select the type of protocol for which Firewall should monitor activity.
Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols.
If you select a network service from the Name drop-down list, the Protocol check box is set automatically and the drop-down list next to the check box is filled with a protocol type that corresponds to the selected network service.
- In the Direction drop-down list, select the direction of the monitored network activity.
Firewall monitors network connections with the following directions:
- Inbound.
- Inbound / Outbound.
- Outbound.
- If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
- Select the ICMP type check box and select the ICMP packet type in the drop-down list.
- Select the ICMP code check box and select the ICMP packet code in the drop-down list.
- If TCP or UDP is selected as the protocol, you can specify the ports of the virtual machine and remote devices between which the connection is to be monitored:
- Type the ports of the remote device in the Remote ports field.
- Type the ports of the virtual machine in the Local ports field.
- Specify the network addresses of remote devices that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
- Any address. The network rule controls network packets sent and/or received by remote devices with any IP address.
- Subnet addresses. The network rule controls network packets sent and/or received by remote devices with IP addresses associated with the selected network type: Trusted networks, Local networks, Public networks.
- Addresses from a list. The network rule controls network packets sent and/or received by remote devices with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
- Specify the network addresses of the SVMs that can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
- Any address. The network rule controls network packets sent and/or received by SVMs with any IP address.
- Addresses from a list. The network rule controls network packets sent and/or received by the SVMs with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
- If you want the actions of the network rule for an application to be reflected in the report, select the Log event check box.
- In the Network rule window, click OK.
If you create a new network rule for an application group, the rule is displayed on the Network rules tab of the Application group control rules window.
- In the Application group control rules window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
To create or edit a network rule for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or the group of applications for which you want to create or edit a network rule.
- Click the Edit button or open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
- In the opened window, select the Network rules tab and perform one of the following actions:
- To create a new network rule, click the Add button.
- To edit a network rule, select it in the list of network rules and click the Edit button.
The Network rule window opens.
- Complete steps 10–18 of the previous instructions.
- In the Network rule window, click OK.
If you create a new network rule for an application group, the rule is displayed on the Network rules tab of the Application control rules or Application group control rules window.
- Click OK in the Application control rules or Application group control rules window.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Changing the Firewall action for network rules of an application group via Kaspersky Security Center
In Kaspersky Security Center, you can change the Firewall action for the network rules of an application group:
- For all network rules created by default for an application group.
- For an individual network rule manually created for an application group.
To change the Firewall action for all network rules created by default for an application group using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
- In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group for which network rules you want to change the Firewall action. As a result of the procedure, the Firewall action will be changed only for network rules created by default. The custom network rules for this application group remain unchanged.
- In the Network column, open the context menu and select the action that you want to assign:
- Inherit.
- Allow.
- Block.
- In the Firewall window, click OK.
- Click the Apply button.
To change the Firewall action for an individual network rule manually created for an application group using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- Complete steps 2–6 of the previous instructions.
- In the list of applications, select the application group for whose network rule you want to change the Firewall action.
- Click the Edit button or open the context menu and select the Group rules item.
The Application group control rules window opens.
- In the window that opens, select the Network rules tab.
- In the list of network rules select the network rule for which you want to change the Firewall action.
- In the Permission column, open the context menu and select the action that you want to assign:
- Allow.
- Block.
- Log events.
- In the Application group control rules window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
Changing the Firewall action for network rules in a local interface
In the Light Agent for Windows local interface, you can change the Firewall action for a network rule of an application or an application group:
- For all network rules created by default for an application or an application group.
- For an individual network rule manually created for an application or an application group.
To change the Firewall action for all network rules created by default for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or application group for whose default network rules you want to change the Firewall action. The manually created network rules for this application or application group remain unchanged.
- In the Network column, open the context menu and select the action that you want to assign:
- Inherit.
- Allow.
- Block.
- In the Firewall window, click OK.
- To save changes, click the Save button.
To change the Firewall action for an individual network rule manually created for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or application group for whose network rule you want to change the Firewall action.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Edit button or open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
- In the window that opens, select the Network rules tab.
- In the list of network rules select the network rule for which you want to change the Firewall action.
- In the Permission column, open the context menu and select the action that you want to assign:
- Allow.
- Block.
- Log events.
- Click OK in the Application control rules or Application group control rules window.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Changing the priority of a network rule for an application or an application group
To change the priority of a network rule for an application or application group in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
- In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group with the network rule whose priority you want to change.
- Click the Edit button or open the context menu and select the Group rules item.
- In the Application group control rules window that opens, select the Network rules tab.
- In the list of network rules of an application, select the network rule whose priority you want to change and use the Move up and Move down buttons to move the network rule to the necessary position in the list.
- In the Application group control rules window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
To change the priority of a network rule for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or application group whose network rule priority you want to change.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Edit button or open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
- In the window that opens, select the Network rules tab.
- In the list of network rules of an application, select the network rule whose priority you want to change and use the Move up and Move down buttons to move the network rule to the necessary position in the list.
- Click OK in the Application control rules or Application group control rules window.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Enabling or disabling a network rule for an application or an application group
All new network rules for an application or application group are added to the list of network rules with the Enabled status (the rule is applied).
In Kaspersky Security Center, you can disable a manually created network rule for an application group.
In the Light Agent for Windows local interface, you can disable a manually created rule for an application or application group.
Disabled rules are temporarily not applied.
To enable or disable a network rule for an application group in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
- In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group whose network rule you want to enable or disable.
- Click the Edit button or open the context menu and select the Group rules item.
- In the Application group control rules window that opens, select the Network rules tab.
- In the list of network rules, select the relevant network rule and perform one of the following actions:
- To enable the network rule, set the check box next to the name of the network rule.
- To disable the network rule, clear the check box next to the name of the network rule.
You cannot disable an application group network rule that is created by Firewall by default.
- In the Application group control rules window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
To enable or disable a network rule for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or the application group for which you want to enable or disable a network rule.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Edit button or open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
- In the window that opens, select the Network rules tab.
- In the list of network rules, select the relevant network rule and perform one of the following actions:
- To enable the network rule, set the check box next to the name of the network rule for the application or the application group.
- To disable the network rule, clear the check box next to the name of the network rule for the application or the application group.
You cannot disable a network rule for an application or an application group that is created by Firewall by default.
- Click OK in the Application control rules or Application group control rules window.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Removing a network rule for an application or an application group
In Kaspersky Security Center, you can remove a manually created network rule for an application group.
In the Light Agent for Windows local interface, you can remove a manually created network rule for an application or application group.
To remove a network rule for an application group using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Firewall section in the list on the left.
- In right part of the window, the Firewall rules section, click the Settings button located in the upper part of the section.
- In the Firewall window that opens, on the Application control rules tab, in the list of applications, select the application group for which you want to remove a network rule.
- Click the Edit button or open the context menu and select the Group rules item.
- In the Application group control rules window that opens, select the Network rules tab.
- In the list of network rules, select the network rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of network rules for the application group.
- In the Application group control rules window, click OK.
- In the Firewall window, click OK.
- Click the Apply button.
To remove a network rule for an application or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
- Click the Application network rules button.
The Firewall window opens to the Application control rules tab.
- In the list of applications, select the application or application group for which you want to delete a network rule.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Edit button or open the context menu and select Application rules or Group rules.
This opens the Application control rules or Application group control rules window.
- In the window that opens, select the Network rules tab.
- In the list of network rules, select the network rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of network packet rules.
- Click OK in the Application control rules or Application group control rules window.
- In the Firewall window, click OK.
- To save changes, click the Save button.
Network Attack Blocker
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
The Network Attack Blocker component scans inbound network traffic for activity that is typical of network attacks. On detecting an attempted network attack that targets the protected virtual machine, Kaspersky Security blocks network activity originating from the attacking device. A warning is then displayed, stating that an attempted network attack has been detected, and showing information about the attacking device.
The Network Attack Blocker component does not block the IP address of the attacking device in the following cases:
- The attack is conducted over the UDP protocol.
- Blocking the IP address would lead to failure of a critically important network service (for example, the domain controller service).
Descriptions of currently known types of network attacks and ways to fight them are provided in the application databases. The list of network attacks that the Network Attack Blocker component detects is updated during application database updates.
You can do the following to configure Network Attack Blocker:
- Configure the settings used in blocking an attacking device.
- Create a list of IP addresses excluded from blocking.
This section describes how to configure Network Attack Blocker settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Network Attack Blocker settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → Network Attack Blocker).
Enabling and disabling Network Attack Blocker
By default, the Network Attack Blocker component is enabled and operating in optimal mode. You can disable Network Attack Blocker, if necessary.
To enable or disable Network Attack Blocker in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network Attack Blocker section in the list on the left.
- In the right part of the window, do one of the following:
- To enable Network Attack Blocker component, select the Network Attack Blocker check box.
- To disable Network Attack Blocker component, clear the Network Attack Blocker check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Network Attack Blocker on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage protection section.
- Open the context menu of the Network Attack Blocker item and perform one of the following actions:
- To enable Network Attack Blocker, select Enable in the menu.
The component status
icon that is displayed on the left in the Network Attack Blocker line changes to the icon. - To disable Network Attack Blocker, select Disable in the menu.
The component status
icon that is displayed on the left in the Network Attack Blocker line changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Network Attack Blocker, select Enable in the menu.
To enable or disable Network Attack Blocker in the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, under Anti-Virus protection, select Network Attack Blocker.
The Network Attack Blocker settings are displayed in the right part of the window.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- To enable Network Attack Blocker component, select the Enable Network Attack Blocker check box.
- To disable Network Attack Blocker component, clear the Enable Network Attack Blocker check box.
- To save changes, click the Save button.
Editing the settings used in blocking an attacking device
Network traffic from the attacking device is blocked for one hour. You can edit the settings for blocking an attacking device.
To edit the settings for blocking an attacking device in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network Attack Blocker section in the list on the left.
- In the right part of the window, in the Network Attack Blocker settings section:
- Select the Add the attacking device to the list of blocked devices for N min check box if you want the Network Attack Blocker component to block the network activity of an attacking device for a specified amount of time, thereby automatically protecting the virtual machine against possible future attacks from this address. In the field on the right, specify the amount of time to block an attacking device.
By default, network traffic from the attacking device is blocked for one hour.
- Clear the Add the attacking computer to the list of blocked computers for N min check box if you do not want the Network Attack Blocker component to enable automatic protection against possible future network attacks from this address.
- Select the Add the attacking device to the list of blocked devices for N min check box if you want the Network Attack Blocker component to block the network activity of an attacking device for a specified amount of time, thereby automatically protecting the virtual machine against possible future attacks from this address. In the field on the right, specify the amount of time to block an attacking device.
- Click the Apply button.
To edit the settings for blocking an attacking device in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, under Anti-Virus protection, select Network Attack Blocker.
The Network Attack Blocker settings are displayed in the right part of the window.
- Do the following:
- Select the Add the attacking device to the list of blocked devices for N min check box if you want the Network Attack Blocker component to block the network activity of an attacking device for a specified amount of time, thereby automatically protecting the virtual machine against possible future attacks from this address. In the field on the right, specify the amount of time to block an attacking device.
By default, network traffic from the attacking device is blocked for one hour.
- Clear the Add the attacking computer to the list of blocked computers for N min checkbox if you do not want the Network Attack Blocker component to enable automatic protection against possible future network attacks from this address.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Select the Add the attacking device to the list of blocked devices for N min check box if you want the Network Attack Blocker component to block the network activity of an attacking device for a specified amount of time, thereby automatically protecting the virtual machine against possible future attacks from this address. In the field on the right, specify the amount of time to block an attacking device.
- To save changes, click the Save button.
Configuring a list of IP addresses excluded from blocking
You can configure a list of IP addresses from which network attacks will not be blocked. Information about network attacks will be recorded in a report.
To configure a list of IP addresses excluded from blocking using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Network Attack Blocker section in the list on the left.
- In the right part of the window, click the Exclusions button.
- In the Exclusions window that opens, do one of the following:
- If you want to add a new IP address, click the Add button.
- If you want to edit a previously added IP address, select it in the list of IP addresses and click the Edit button.
- In the IP address window that opens, enter the IP address of the device from which network attacks will not be blocked.
- In the IP address window, click OK.
- Click OK in the Exclusions window.
- Click the Apply button.
To configure a list of IP addresses excluded from blocking in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, under Anti-Virus protection, select Network Attack Blocker.
The Network Attack Blocker settings are displayed in the right part of the window.
- Complete steps 6–10 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
System Watcher
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
The System Watcher component analyzes the behavior of applications on a protected virtual machine and provides this information to other application components to improve their performance.
The System Watcher component utilizes Behavior Stream Signatures (BSS). Behavior stream signatures contain sequences of actions taken by applications that Kaspersky Security classifies as dangerous. If application activity corresponds to a behavior stream signature, Kaspersky Security performs the specified action. Use of behavior stream signatures lets you detect brand new and unknown malicious programs based on their behavior and stop their activity, thereby providing proactive protection of the virtual machine.
Based on information received by the System Watcher component, Kaspersky Security can roll back actions that have been performed by malware in the operating system. A rollback of malware actions can be initiated by File Anti-Virus or during a virus scan.
Rolling back malware activity has no adverse effects on the operating system or the integrity of protected virtual machine data.
The System Watcher component can also protect shared folders against external encryption by monitoring operations performed from a remote device.
The System Watcher component monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with EFS file system.
This section describes how to configure System Watcher settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the System Watcher settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Anti-Virus protection → System Watcher).
Enabling and disabling System Watcher
By default, System Watcher component is enabled and runs in the mode that Kaspersky experts recommend. You can disable System Watcher, if necessary.
It is not recommended to disable System Watcher unnecessarily, because doing so reduces the performance of protection components that may require data from System Watcher to classify threats that they detect.
To enable or disable System Watcher in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, do one of the following:
- To enable System Watcher component, select the System Watcher check box.
- To disable System Watcher component, clear the System Watcher check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable System Watcher, on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage protection section.
- Open the context menu of the System Watcher item and perform one of the following actions:
- To enable System Watcher, select Enable.
The component status
icon, which is displayed on the left in the System Watcher line, changes to the icon. - To disable System Watcher, select Disable.
The component status
icon, which is displayed on the left in the System Watcher line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable System Watcher, select Enable.
To enable or disable System Watcher from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- To enable System Watcher component, select the Enable System Watcher check box.
- To disable System Watcher component, clear the Enable System Watcher check box.
- To save changes, click the Save button.
Enabling and disabling exploit prevention
An exploit is a software code that exploits vulnerabilities in a system or software to perform a malicious act on a device. Exploits are often used to install malware on the device without the user’s knowledge. Most often the exploits attack browsers, as well as Adobe Flash, Java and Microsoft Office applications.
Exploit prevention includes the following methods:
- Control of executable files launches from vulnerable applications and browsers.
- Control of suspicious actions of vulnerable applications.
- Application actions monitoring.
- Tracking the source of the malicious code.
- Prevention of software vulnerabilities exploitation.
The lists of applications with detected vulnerabilities are updated together with Kaspersky Security application databases.
Exploit Prevention is enabled by default. You can disable Exploit Prevention, if necessary.
To enable or disable Exploit Prevention in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the General settings section, do one of the following:
- Select the Enable Exploit Prevention check box if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.
If Kaspersky Security detects that an executable file from a vulnerable application was run by something other than the user, it blocks this file from running.
- Clear the Enable Exploit Prevention check box if you do not want Kaspersky Security to monitor executable files that are run by vulnerable applications.
- Select the Enable Exploit Prevention check box if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.
- Click the Apply button.
To enable or disable Exploit Prevention in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- Select the Enable Exploit Prevention checkbox if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.
If Kaspersky Security detects that an executable file from a vulnerable application was run by something other than the user, it blocks this file from running.
- Clear the Enable Exploit Prevention check box if you do not want Kaspersky Security to monitor executable files that are run by vulnerable applications.
- Select the Enable Exploit Prevention checkbox if you want Kaspersky Security to monitor executable files that are run by vulnerable applications.
- To save changes, click the Save button.
Changing the action taken when malware activity is detected
When Kaspersky Security detects the malicious activity of an application, it takes the action defined in the settings of the System Watcher component. By default, when Kaspersky Security detects malware activity, it terminates the malicious program and removes the executable file of the program.
To change the action of System Watcher in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the Proactive Defense section, in the On detecting malware activity drop-down list, select the required action:
- Select action automatically. If this item is selected and Kaspersky Security detects the malicious activity of a program, it performs the default actions set by Kaspersky experts: terminates the malicious program and deletes the executable file of this program.
This action is set by default.
- Terminate the malicious program and delete the executable file. If this item is selected and Kaspersky Security detects the malicious activity of a program, it terminates this program and deletes its executable file.
- Terminate the malicious program. If this item is selected and Kaspersky Security detects the malicious activity of a program, it terminates this program.
- Skip. If this item is selected and Kaspersky Security detects the malicious activity of a program, it does not take any action on the executable file of this program.
- Select action automatically. If this item is selected and Kaspersky Security detects the malicious activity of a program, it performs the default actions set by Kaspersky experts: terminates the malicious program and deletes the executable file of this program.
- Click the Apply button.
To change the action of System Watcher in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the Proactive Defense section, in the On detecting malware activity drop-down list, select the relevant action:
- Select action automatically. If this item is selected, on detecting malicious activity Kaspersky Security performs the default actions specified by Kaspersky specialists: Kaspersky Security terminates the malicious program and deletes the executable file of this program.
This action is set by default.
- Terminate the malicious program and delete the executable file. If this item is selected and Kaspersky Security detects the malicious activity of a program, it terminates this program and deletes its executable file.
- Terminate the malicious program. If this item is selected, on detecting malicious activity Kaspersky Security terminates this application.
- Skip. If this item is selected, on detecting malicious activity Kaspersky Security does not take any action on the executable file of this application.
- Select action automatically. If this item is selected, on detecting malicious activity Kaspersky Security performs the default actions specified by Kaspersky specialists: Kaspersky Security terminates the malicious program and deletes the executable file of this program.
- To save changes, click the Save button.
Rolling back malware actions during disinfection
To enable or disable the rollback of malware actions in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the Rollback of malware actions section, do one of the following:
- If you want Kaspersky Security to roll back actions that were performed by malware in the operating system, select the Roll back malware actions during disinfection check box.
- If you want Kaspersky Security to ignore actions that were performed by malware in the operating system, clear the Roll back malware actions during disinfection check box.
- Click the Apply button.
To enable or disable the rollback of malware actions in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the Rollback of malware actions section, do one of the following:
- If you want Kaspersky Security to roll back actions that were performed by malware in the operating system, select the Roll back malware actions during disinfection check box.
- If you want Kaspersky Security to ignore actions that were performed by malware in the operating system, clear the Roll back malware actions during disinfection check box.
- To save changes, click the Save button.
Configuring protection of shared folders against external encryption
Protection of shared folders against external encryption provides for analysis of activity in shared folders. Kaspersky Security monitors the following operations performed from a remote device:
- Deletion of a file
- Modification of file contents
- Modification of file size
- Movement of a file
Kaspersky Security monitors operations performed only with those files that are stored on mass storage devices with the NTFS file system and that are not encrypted with the EFS file system.
When Kaspersky Security detects an attempt to modify files in shared folders, it creates backup copies of the files being modified and analyzes the detected activity. If the activity in shared folders matches a behavior stream signature that is typical for external encryption, Kaspersky Security performs the selected action. By default, when Kaspersky Security detects external encryption of shared folders, it blocks the network activity of the device attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center.
If rollback of malware actions is enabled in the System Watcher settings, when Kaspersky Security detects external encryption of files in shared folders it can also restore the modified files from backup copies. Information about this is also written to a local interface report and is sent to Kaspersky Security Center.
You can configure the protection of shared folders against external encryption as follows:
- Change the action taken by Kaspersky Security when it detects external encryption of shared folders.
- Configure exclusions from protection of shared folders against external encryption.
Enabling and disabling protection of shared folders against external encryption
By default, protection of shared folders against external encryption is enabled.
After Kaspersky Security is installed, the protection of shared folders against external encryption will be limited until the virtual machine is restarted.
To enable or disable protection of shared folders against external encryption in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the General settings section, do one of the following:
- Select the Enable protection of shared folders against external encryption check box if you want Kaspersky Security to monitor operations performed from a remote device on files in shared folders.
- Clear the Enable protection of shared folders against external encryption check box if you do not want Kaspersky Security to monitor operations performed from a remote device on files in shared folders.
- Click the Apply button.
To enable or disable protection of shared folders against external encryption in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- Select the Enable protection of shared folders against external encryption check box if you want Kaspersky Security to monitor operations performed from a remote device on files in shared folders.
- Clear the Enable protection of shared folders against external encryption check box if you do not want Kaspersky Security to monitor operations performed from a remote device on files in shared folders.
- To save changes, click the Save button.
Changing the action to take upon detection of external encryption of shared folders
By default, when Kaspersky Security detects encryption of files in shared folders, it blocks the network activity of the device attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center. If rollback of malware actions is enabled in the System Watcher settings, Kaspersky Security can also restore modified files from their backup copies.
You can change the action taken by Kaspersky Security when it detects external encryption of shared folders.
To select the System Watcher action in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the General settings section, click the Settings button.
- In the Settings window that opens, select the required action:
- Inform. If this option is selected and Kaspersky Security detects encryption of files in shared folders, it writes information about the detected malicious activity to a local interface report and sends this information to Kaspersky Security Center, and adds information about this to the list of unprocessed objects.
Kaspersky Security does not restore modified files from their backup copies even if rollback of malware actions is enabled in the System Watcher settings.
- Block connection. If this option is selected and Kaspersky Security detects encryption of files in shared folders, it blocks the network activity of the device attempting encryption, writes information about the detected malicious activity to a local interface report, and sends this information to Kaspersky Security Center. In the Block connection for N minutes field you can specify the amount of time (in minutes) that the network connection will be blocked. The default value is 60 minutes.
If rollback of malware actions is enabled in the System Watcher settings, Kaspersky Security also restores modified files from their backup copies.
This action is set by default.
If network activity of the device has been previously blocked (the Block connection action is selected), when the action is changed to Inform it remains blocked for the specified amount of time.
- Inform. If this option is selected and Kaspersky Security detects encryption of files in shared folders, it writes information about the detected malicious activity to a local interface report and sends this information to Kaspersky Security Center, and adds information about this to the list of unprocessed objects.
- In the Settings window, click OK.
- Click the Apply button.
To select the System Watcher action in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
- Click the Settings button.
The Settings window opens.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–8 of the previous instructions.
- To save changes, click the Save button.
Configuring exclusions from protection against external encryption
To enable exclusions from protection of shared folders against external encryption, you must enable auditing of successful attempts to log in to the system (select the Success check box for the "Audit Logon" setting) in the Windows security policy. For details, please visit the Microsoft website.
You can exclude remote device from protection of shared folders against external encryption by adding the name or IP address of the remote device to the exclusion list. The application will not monitor network activity from this device in relation to shared folders.
If you added the address of a remote device that accessed shared folders before Kaspersky Security was started to the list of exclusions from shared folder protection, the exclusion will not be applied for this device. You need to restart this device after starting Kaspersky Security to disregard the network activity from this device during protection of shared folders against external encryption.
You can also exclude an individual folder from protection of shared folders against external encryption. To do so, you need to configure a folder exclusion to be used by the System Watcher component. Exclusions are configured in the General protection settings section.
To use Kaspersky Security Center to exclude a remote device from protection of shared folders against external encryption:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Watcher section in the list on the left.
- In the right part of the window, in the General settings section, click the Settings button.
- In the Settings window that opens, click the Exclusions button.
- In the Exclusions window that opens, do one of the following:
- If you want to add an IP address or device name to the list of exclusions, click the Add button.
- If you want to edit an IP address or device name, select it in the list of exclusions and click the Edit button.
- In the Computer window that opens, enter the IP address or the name of the device whose attempts to modify files in shared folders will not be monitored.
- In the Computer window, click OK.
- Click OK in the Exclusions window.
- Click the Apply button.
To use the local interface to exclude a remote device from protection of shared folders against external encryption:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Anti-Virus protection section, select System Watcher.
In the right part of the window, the System Watcher component’s settings are displayed.
- Click the Settings button.
The Settings window opens.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 7–11 of the previous instructions.
- To save changes, click the Save button.
Application Startup Control
The Kaspersky Security functionality described in this section is available on virtual machines running Windows desktop operating systems. If the application is installed on a virtual machine running a Windows server operating system, this functionality is available only if you are using the application under an enterprise license.
The Application Startup Control monitors attempts to start applications on the virtual machine and regulates the startup of applications by means of Application Startup Control rules.
Application Startup Control can operate in two modes:
- Denylist of applications. In this mode, Application Startup Control allows all users to start all applications except those that are specified in the Application Startup Control rules.
- Allowlist of applications. In this mode, Application Startup Control blocks all users from starting any applications except those that are specified in the Application Startup Control rules. When the Application Startup Control rules are fully configured, Application Startup Control blocks all new applications not verified by the LAN administrator from starting, while allowing the operation of the operating system and of trusted applications that users rely on in their work.
This mode of Application Startup Control is enabled by default.
For each Application Startup Control mode, you can create separate rules and select the action that Application Startup Control must take when there is an attempt to start an application that is not allowed by the rule: inform about the startup of the application or block the startup of the application.
If a virtual machine user believes that the startup of an application was blocked by mistake, the user can send a complaint to the corporate LAN administrator by clicking the link in the block notification text. Special templates are available for the message that is displayed when an application is blocked from starting, and for the complaint to the administrator regarding an application that was blocked by mistake. You can modify the message templates.
All attempts to start applications that are not allowed by Application Startup Control rules on a protected virtual machine are recorded in reports.
Application Startup Control component is disabled by default, you can enable Application Startup Control if necessary.
If you use Kaspersky Security to protect the virtual infrastructure based on Citrix Virtual Apps and Desktops (Citrix XenApp and XenDesktop) and plan to use Citrix App Layers to store user data, Application Startup Control may block interaction between Citrix Virtual Apps and Desktops and Citrix App Layer. If you want to use Application Startup Control in the Allowlist of applications mode, create an allow rule for the LayerInfo.exe file. To do this, create a manually updatable application category, add the c:\program files\unidesk\layering services\LayerInfo.exe path to it and create an allow rule based on this category.
Application Startup Control is configured in Kaspersky Security Center. You can perform the following actions for configuring Application Startup Control in Kaspersky Security Center:
- Obtain information about applications that are installed on protected virtual machines of the corporate LAN.
- Create and edit an Application Startup Control rule.
- Change the status of an Application Startup Control rule.
- Delete an Application Startup Control rule.
- Configure startup control of executable modules and drivers.
- Edit the Application Startup Control messages templates.
This section describes how to configure Application Startup Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Application Startup Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Application Startup Control).
About Application Startup Control rules
An Application Startup Control rule is a group of settings required for operation of the Application Startup Control component:
- Assignment of the application to an application category. An application category is a group of applications that have common attributes. For example, this could be a category that includes executable files from selected protected virtual machines, or a category named "Applications for work" that includes the standard set of applications that are used within an organization. You can create categories based on various conditions, including based on KL categories. A KL category is a list of applications generated by Kaspersky experts. For example, the KL category "Office applications" includes applications from the Microsoft Office suite, Adobe Acrobat, and others. For more information about managing categories, please refer to the Kaspersky Security Center help.
If files do not have a digital signature, the Application Startup Control component cannot determine the KL category for these files and blocks them from starting. Therefore, if the "Block" action is selected in the settings of the Application Startup Control component, files without a digital signature will be blocked from starting. If you want to allow the startup of certain files that don't have a digital signature, you are advised to select the "Inform" action in the Application Startup Control component settings, and to add the relevant files to a predefined application category when an event is received in Kaspersky Security Center.
- Allowing or blocking selected users and/or user groups from starting applications. You can specify a user and/or user group that is allowed or blocked from starting applications from a specified category.
For each Application Startup Control mode, you need to create separate rules and select the action that Application Startup Control must take when it detects an attempt to start an application that is not allowed by the rule: inform about the startup of the application or block the startup of the application.
Status of Application Startup Control rules
Application Startup Control rules can have one of three status values:
- On. This rule status means that the rule is enabled.
- Off. This rule status means that the rule is disabled.
- Test. This rule status signifies that Kaspersky Security does bot block the startup of applications to which the rule applies but logs information about the startup of these applications in reports. The Test status of a rule is convenient for testing the operation of a configured Application Startup Control rule. The user is not blocked from starting applications that match a rule with the Test status. Application startup allow and block settings are configured separately for test rules and non-test rules.
When created, an Application Startup Control rule is enabled by default (the rule has On status). You can disable the Application Startup Control rule. If an Application Startup Control rule is disabled, the application temporarily stops applying the rule.
Predefined Application Startup Control rules
After Kaspersky Security is installed, the following Application Startup Control rules are created for the "Allowlist of applications" operation mode by default:
- Trusted updaters. The rule allows all users startup of applications that have been installed or updated by applications in the KL category "Trusted Updaters". The "Trusted updaters" KL category includes updaters for the most reputable software vendors. The rule is disabled by default.
- Operating system and its components. This rule allows all users to start applications in the "Golden Image" KL category. The "Golden Image" KL category includes applications that are required for the operating system to start and function. The rule is enabled by default.
- Virtualization applications. This rule allows all users to start applications in the "Applications for virtualization" KL category. The "Virtualization applications" KL category includes applications intended for virtualization of platforms and resources. The rule is enabled by default.
Managing Application Startup Control rules
You can manage an Application Startup Control rule as follows:
You cannot edit or delete predefined Application Startup Control rules.
Page top
Enabling and disabling Application Startup Control
Although Application Startup Control is disabled by default, you can enable Application Startup Control if necessary.
To enable or disable Application Startup Control in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, do one of the following:
- To enable Application Startup Control component, select the Application Startup Control check box.
- To disable Application Startup Control component, clear the Application Startup Control check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Application Startup Control on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the Application Startup Control item and perform one of the following actions:
- To enable Application Startup Control, select Enable in the menu.
The component status
icon, which is displayed on the left in the Application Startup Control line, changes to the icon. - To disable the Application Startup Control component, select Disable in the menu.
The component status
icon, which is displayed on the left in the Application Startup Control line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Application Startup Control, select Enable in the menu.
To enable or disable Application Startup Control from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Endpoint control section.
- In the right part of the window, do one of the following:
- To enable Application Startup Control component, select the Enable Application Startup Control check box.
- To disable Application Startup Control component, clear the Enable Application Startup Control check box.
If this check box is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To save changes, click the Save button.
Getting information about applications that are installed on protected virtual machines
To create an Application Startup Control rule, it is recommended to first obtain information about the applications that are used on the protected virtual machines within the corporate LAN. You can obtain the following information:
- Vendors, versions, and localizations of applications that are used on the corporate LAN.
- Frequency of application updates.
- Application usage policies adopted within the company (this may be security policies or administrative policies).
- The location of storage with application installation packages.
Information about applications that are used on the protected virtual machines on the corporate LAN is available in the Applications registry list and in the Executable files list.
These lists can be viewed in the following ways:
- In the Administration Console: Additional → Application management.
- In the Web Console: Operations → Third-party applications.
The Applications registry list contains applications that were detected by the Network Agent which is installed on protected virtual machines.
The Executable files list contains executable files that have ever been started on protected virtual machines or were detected during Kaspersky Security inventory task.
To view general information about the application and its executable files, as well as the list of protected virtual machines on which an application is installed, open the properties window of an application that is selected in one if these lists.
Lists of applications and executable files are created by Network Agent if the About started applications check box is selected in the Light Agent for Windows policy properties in the Reports and Storages section in the Inform Administration Server subsection.
Page top
Creating the Inventory task
To create an Inventory task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select Inventory.
Proceed to the next step of the New Task Wizard.
- In the Inventory scope window, create a list of objects that will be included in the inventory scope:
- To add a new object to the inventory scope:
- Click the Add button.
- In the Select object window that opens, in the Object field, select the object in the tree or specify the path to the object and click Add.
- Click OK.
The new object appears in the list of objects in the Inventory scope window.
- To modify the object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, select another object or specify the path to the object and click OK.
- To remove an object from the inventory scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window, click Yes.
Objects that are included in the default inventory scope cannot be removed or edited.
- To exclude an object from the inventory scope without removing it, clear the check box next to the object in the list of objects in the Inventory scope window. The object remains in the list, but it is not taken into account when the Inventory task is executed.
- To add a new object to the inventory scope:
- If necessary, in the Inventory scope window, configure additional inventory settings:
- If you want the application to suspend the Inventory task when virtual machine resources are limited, select the Suspend scheduled scanning when the protected virtual machine is unlocked check box.
- Select the DLL modules inventory check box if you want the application to check for DLL modules on the virtual machines and to send information about DLL modules to Kaspersky Security Center Administration Server.
- Select the Script files inventory check box if you want the application to check for files containing scripts on the virtual machines and to send information about such files to Kaspersky Security Center Administration Server.
- Click the Advanced button to configure scan optimization settings and compound files scan settings during the Inventory task execution.
- In the Inventory scope window, click OK.
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- Then follow the New Task Wizard instructions.
You can also create, start, or stop an inventory task in the Web Console.
The inventory task fails if the Application Startup Control component is not installed on the virtual machine where the task is running.
Page top
Creating and editing the Application Startup Control rule
You can create Application Startup Control rules that allow or block corporate LAN users from starting applications on protected virtual machines.
To create or edit the Application Startup Control rule:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, in the Application Startup Control settings section, in the drop-down list, select the Application Startup Control mode:
- Allowlist of applications. If this mode is selected, Application Startup Control blocks all users from starting any applications except those that are specified in the created Application Startup Control rule.
This operating mode is selected by default.
- Denylist of applications. If this mode is selected, Application Startup Control allows all users to start any applications except those that are specified in the created Application Startup Control rule.
- Allowlist of applications. If this mode is selected, Application Startup Control blocks all users from starting any applications except those that are specified in the created Application Startup Control rule.
- In the Action drop-down list, select the action that Kaspersky Security must perform when a user attempts to start an application that is not allowed by an Application Startup Control rule:
- Block. If this item is selected, when a user attempts to start an application that is not allowed by a rule, Kaspersky Security blocks this application from starting.
- Inform. If this item is selected, when a user attempts to start an application that is not allowed by a rule, Kaspersky Security allows this application to start but logs information about this in the local interface report and sends this information to Kaspersky Security Center.
This action is set by default.
- In the Application Startup Control settings section, perform one of the following actions:
- To create a new rule, click the Add button.
- If you want to edit the rule, select it in the list of rules and click the Edit button.
You cannot edit or delete predefined Application Startup Control rules.
- In the Application Startup Control rule window that opens, perform one of the following actions:
- If you want to create a rule based on previously created application categories, select the created application category from the Category drop-down list.
- If you want to create a new application category and use it to create a rule, click the Create category button and follow the instructions of the New Category Wizard (for more details about working with categories, please refer to the Kaspersky Security Center help).
- In the Description field, enter a description of the application category.
- In the Users and/or groups table, specify the names of users and/or groups of users that are allowed or blocked from starting applications in the category specified above. To do this, perform the following actions:
- Click the Add button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Enter the names of users and/or a group of users.
- Click OK.
The selected users and groups are displayed in the Application Startup Control rule window in the table in the User and/or group column.
- Click the Add button.
- In the Application Startup Control rule window, perform one of the following actions:
- If you select the Allowlist of applications operation mode, select the Allow check box next to the user or group that you want to allow to start the applications of the specified category.
- If you select the Denylist of applications operation mode, select the Block check box next to the user or group that you want to prevent from starting the applications of the specified category.
- Select the Block for other users check box if you want to block the startup of applications in the category specified above for all other users not specified in the Users and/or groups table.
- If you want Kaspersky Security to consider applications from the category that is specified in the rule as trusted updaters, and to allow them to start other applications for which no Application Startup Control rules are defined, select the Trusted Updaters check box.
- In the Application startup control rule window, click OK.
- Click the Apply button.
Changing the operating status of an Application Startup Control rule
All predefined Application Startup Control rules have the Enabled status. If an Application Startup Control rule is enabled, Application Startup Control applies the rule. A new Application Startup Control rule also has the Enabled status after it is created.
You can disable any Application Startup Control rule. If an Application Startup Control rule is disabled, Application Startup Control temporarily stops applying the rule.
You can also test the operation of any Application Startup Control rule.
To change the status of an Application Startup Control rule:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, in the Application Startup Control settings section, in the drop-down list, select the Application Startup Control mode whose rule status you want to change: Allowlist of applications or Denylist of applications.
- In the table of rules, select the Application Startup Control rule whose operating status you want to change.
- In the Status column, do one of the following:
- If you want to enable the rule, select the On value.
- If you want to disable the rule, select the Off value.
- If you want to test the operation of a rule, select the Test value. This rule operating status signifies that Kaspersky Security does bot block the startup of applications to which the rule applies but logs information about the startup of these applications in reports.
- Click the Apply button.
Removing the Application Startup Control rule
You can remove an Application Startup Control rule if you do not want Kaspersky Security to apply this rule for the detection of attempts by users to start applications. You can also temporarily disable an Application Startup Control rule without deleting it from the list of rules.
To delete an Application Startup Control rule:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, in the Application Startup Control settings section, in the drop-down list, select the Application Startup Control mode whose rule you want to delete: Allowlist of applications or Denylist of applications.
- In the table of Application Startup Control rules, select the rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of rules for the selected Application Startup Control operating mode.
You cannot delete predefined Application Startup Control rules.
- Click the Apply button.
Configuring startup control of executable modules and drivers
To configure startup control of executable modules and drivers:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, do one of the following:
- Select the Monitor DLL and drivers check box if you want Kaspersky Security to monitor the loading of executable modules and drivers when applications are started by users.
Monitoring the loading of executable modules and drivers requires substantial resources of the Windows operating system.
- Clear the Monitor DLL and drivers check box if you do not want Kaspersky Security to monitor the loading of executable modules and drivers when applications are started by users.
This check box is cleared by default.
- Select the Monitor DLL and drivers check box if you want Kaspersky Security to monitor the loading of executable modules and drivers when applications are started by users.
- Click the Apply button.
Editing Application Startup Control message templates
Special templates are available for the message that is displayed when an application is blocked from starting, and for the complaint to the administrator regarding an application that was blocked by mistake. You can edit these templates.
To edit the message template:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Startup Control section in the list on the left.
- In the right part of the window, click the Templates button.
- In the Message templates window that opens, do one of the following:
- To edit the template of the message that is displayed when an application is blocked from starting, select the Blocking tab.
- To modify the complaint template that is sent to the LAN administrator, select the Complaint tab.
- Modify the template of the blocking message or the complaint template. To do this, use the Default and Variables buttons.
- Click OK in the Message templates window.
- Click the Apply button.
Application Privilege Control
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
Application Privilege Control prevents applications from performing actions that may be dangerous for the operating system, and ensures control over access to operating system resources and to personal data.
This component controls the activity of applications on the protected virtual machine, including their access to protected resources (such as files and folders, registry keys) by using application control rules. Application control rules are a set of restrictions that apply to various actions of applications in the operating system and to rights to access resources of the protected virtual machine.
The network activity of applications is monitored by the Firewall component.
Application startup may be initiated either by the user or by another running application. When application startup is initiated by another application, a startup sequence is created, which consists of parent and child processes.
When an application attempts to obtain access to a protected resource, Application Privilege Control analyzes all parent processes of the application to determine whether these processes have rights to access the protected resource. The minimum priority rule is then observed: when comparing the access rights of the application to those of the parent process, the access rights with a minimum priority are applied to the application's activity.
The priority of access rights is as follows:
- Allow. This access right has the highest priority.
- Block. This access right has the lowest priority.
This mechanism prevents a non-trusted application or an application with restricted rights from using a trusted application to perform actions that require certain privileges.
If the activity of an application is blocked due to the lack of rights that are granted to a parent process, you can edit these rights or disable the inheritance of restrictions from the parent process in local interface.
When an application is started on the protected virtual machine for the first time, Application Privilege Control scans the application and places it in one of the trust groups. A trust group defines the application control rules that Kaspersky Security application applies when controlling application activity.
For more efficient operation of Application Privilege Control, it is recommended to enable the use of Kaspersky Security Network in Kaspersky Security operation. Data that is obtained through Kaspersky Security Network allows you to sort applications into groups with more accuracy and to apply optimum application control rules.
The next time the application starts, Application Privilege Control verifies the integrity of the application. If the application is unchanged, the component applies the current application control rules to it. If the application has been modified, Application Privilege Control re-scans it as if it were being started for the first time.
This section describes how to configure Application Privilege Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Application Privilege Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Application Privilege Control). Configuring application control rules using the Web Console is not supported.
Enabling and disabling Application Privilege Control
By default, Application Privilege Control is enabled, running in a mode that is recommended by Kaspersky experts. You can disable Application Privilege Control, if necessary.
To enable or disable Application Privilege Control in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In the right part of the window, do one of the following:
- To enable Application Privilege Control component, select the Application Privilege Control check box.
- To disable Application Privilege Control component, clear the Application Privilege Control check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Application Privilege Control on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the Application Privilege Control item and perform one of the following actions:
- To enable Application Privilege Control, select Enable.
The component status
icon, which is displayed on the left in the Application Privilege Control line, changes to the icon. - To disable the Application Privilege Control component, select Disable.
The component status
icon, which is displayed on the left in the Application Privilege Control line, changes to the icon.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- To enable Application Privilege Control, select Enable.
To enable or disable Application Privilege Control from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- To enable Application Privilege Control component, select the Enable Application Privilege Control check box.
- To disable Application Privilege Control component, clear the Enable Application Privilege Control check box.
- To save changes, click the Save button.
Managing trust groups
When an application is started on the protected virtual machine for the first time, Application Privilege Control scans the application and places it in one of the trust groups.
At the first stage of the application scan, Application Privilege Control searches the internal database of known applications for a matching entry and then sends a request to the Kaspersky Security Network database (if an Internet connection is available). If the application matches an entry in the Kaspersky Security Network database, the application is assigned to the trust group that is specified in the Kaspersky Security Network database. Each time the application is started, Application Privilege Control sends a new query to the KSN database and places the application into a different trust group if the reputation of the application in the KSN database has changed.
By default, Kaspersky Security uses the heuristic analysis to assign unknown applications (those not included in the KSN database and lacking the signature of a trusted vendor) to trust groups. During heuristic analysis, Kaspersky Security determines the threat level of an application and puts the application into a specific trust group based on that threat level. Instead of using heuristic analysis, you can specify a trust group to which Kaspersky Security automatically assigns all unknown applications.
By default, Application Privilege Control scans an application for 30 seconds. If the threat level of the application has not been determined after this time, Application Privilege Control assigns the application to the Low Restriction group and continues its attempt to determine the threat level of the application in background mode. Application Privilege Control then assigns the application to the appropriate trust group. You can change the amount of time that is allocated for determining the threat level of applications that are started. If you are certain that all applications that are launched on the protected virtual machine do not pose a threat to security, you can reduce the amount of time that is allocated for determining the threat level of applications. If you install applications whose safety is questionable on the protected virtual machine, you are advised to increase the amount of time that is allocated for determining the threat level of applications.
If an application has a high threat level, Kaspersky Security notifies the user, prompting you to choose a trust group to which this application is to be assigned. This notification contains statistics about use of the application by Kaspersky Security Network participants. Based on these statistics and knowing how the application appeared on the virtual machine, you can make an objective choice on which trust group to place the application in.
Placing applications into groups
To configure distribution of applications by trust groups in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- To automatically place digitally signed applications in the Trusted group, select the Trust applications with a digital signature check box.
- Choose the way in which unknown applications are to be assigned to trust groups:
- To use heuristic analysis for assigning unknown applications to trust groups, select Use heuristic analysis to assign group and specify the amount of time allocated for scanning the application that is launched in the Maximum time to assign group field.
- If you want to assign all unknown applications to a specified trust group, select the option Automatically move to group and select the appropriate trust group in the drop-down list.
- Click the Apply button.
To configure distribution of applications by trust groups in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–7 of the previous instructions.
- To save changes, click the Save button.
Moving an application to a trust group in a local interface
When the application is first started, Application Privilege Control automatically places the application in a trust group. If necessary, you can manually move the application to another trust group in the local interface.
Kaspersky experts do not recommend moving applications from the automatically assigned trust group to a different trust group. Instead, you can edit a control rule for an individual application if necessary.
To move an application to a trust group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Applications button.
- The Applications window opens on the Application Privilege Control rules tab.
- In the list of applications, select the relevant application and perform one of the following actions:
- Open the context menu of the application and select Move to group / <Group name>.
- Click the Trusted / Low Restriction / High Restriction / Untrusted link in the bottom-left corner of the Application control rules tab to open the context menu and select the necessary trust group.
- In the Applications window, click OK.
- To save changes, click the Save button.
Working with application control rules
By default, application activity is controlled by application control rules that are defined for the trust group to which Application Privilege Control component assigned the application on first launch. If necessary, you can edit the application control rules for an entire trust group, for an individual application, or a group of applications that are within a trust group.
Application control rules that are defined for individual applications or groups of applications within a trust group have a higher priority than application control rules that are defined for a trust group. In other words, if the settings of the application control rules for an individual application or a group of applications within a trust group differ from the settings of application control rules for the trust group, the Application Privilege Control component controls the activity of the application or the group of applications within the trust group according to the application control rules that are for the application or the group of applications.
Changing application control rules for trust groups and groups of applications
The optimal application control rules for different trust groups are created by default. The settings of rules for application group control inherit values from the settings of trust group application control rules. You can change predefined application control rules for trust groups and groups of applications.
To change the application control rules for a trust group or an application group in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In the right part of the window, in the Application rules section, click the Settings button located in the upper part of the section.
- In the Applications window that opens, on the Application Privilege Control rules tab, in the list of applications, select the trust group or application group for which you want to change an application control rule.
- Click the Edit button or open the context menu and select the Group rules item.
- In the Application group control rule window that opens, perform one of the following actions:
- To edit trust group control rules or rules for application group control that govern the rights of the trust group or application group to access the operating system registry, user files, and application settings, select the Files and system registry tab.
- To edit trust group control rules or rules for application group control that govern the rights of the trust group or application group to access operating system processes and objects, select the Rights tab.
- For the relevant resource, in the column of the corresponding action, open the context menu and select the necessary item:
- Inherit.
- Allow.
- Block.
- Log events.
If you are editing trust group control rules, the Inherit item is not available.
- In the Application group control rules window, click OK.
- In the Applications window, click OK.
- Click the Apply button.
To change application control rules for a trust group or an application group in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Applications button.
The Applications window opens on the Application Privilege Control rules tab.
- Complete steps 7–12 of the previous instructions.
- To save changes, click the Save button.
Editing an application control rule in a local interface
By default, the settings of application control rules of applications that belong to an application group or trust group inherit the values of settings of trust group control rules. If necessary, you can change the settings of an application control rule in the local interface.
To change an application control rule:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Applications button.
- In the Applications window that opens, on the Application control rules tab in the list of applications, select the required application.
- Do one of the following:
- Click the Edit button located above the application list.
- Open the application context menu and select Application rules.
- Click the Additional button in the lower-right corner of the Application control rules tab.
- In the Application control rules window that opens, perform one of the following actions:
- To edit application control rules that govern the rights of the application to access the operating system registry, user files, and application settings, select the Files and system registry tab.
- To edit application control rules that govern the rights of the application to access operating system processes and objects, select the Rights tab.
- For the relevant resource, in the column of the corresponding action, open the context menu and select the necessary item:
- Inherit.
- Allow.
- Block.
- Log events.
- In the Application control rules window, click OK.
- In the Applications window, click OK.
- To save changes, click the Save button.
Disabling downloads and updates of application control rules from the Kaspersky Security Network database
By default, applications that are in the Kaspersky Security Network database are processed according to the application control rules that are loaded from this database. If an application was not in the Kaspersky Security Network database when started for the first time, but information about it was added to the database later, by default Kaspersky Security automatically updates the control rules for this application. You can disable downloads of application control rules from the Kaspersky Security Network database and automatic updates of control rules for previously unknown applications.
To disable downloads and updates of application control rules from the Kaspersky Security Network database using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In the right part of the window, clear the Update control rules for previously unknown applications from KSN databases check box.
- Click the Apply button.
To disable downloads and updates of the application control rules from the Kaspersky Security Network database in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Clear the Update control rules for previously unknown applications from KSN databases check box.
- To save changes, click the Save button.
Disabling inheritance of restrictions from the parent process in a local interface
If the activity of an application is blocked due to the lack of rights that are granted to a parent process, you can edit these rights or disable the inheritance of restrictions from the parent process in the local interface.
To disable the inheritance of restrictions from the parent process:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Applications button.
The Applications window opens on the Application Privilege Control rules tab.
- In the list of applications, select the desired application.
- Open the application context menu and select Application rules.
The Application control rules window opens.
- Select the Exclusions tab.
- Select the Do not inherit restrictions of the parent process (application) check box.
- In the Application control rules window, click OK.
- In the Applications window, click OK.
- To save changes, click the Save button.
Excluding specific application actions from application control rules in a local interface
To exclude specific application actions from application control rules:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Click the Applications button.
The Applications window opens on the Application Privilege Control rules tab.
- In the list of applications, select the desired application.
- Open the application context menu and select Application rules.
The Application control rules window opens.
- Select the Exclusions tab.
- Select the check boxes next to application actions that do not need to be monitored or that need to be allowed:
- Do not scan opened files.
- Do not monitor application activity.
- Do not inherit restrictions of the parent process (application).
- Do not monitor child application activity.
- Allow interaction with application interface.
- Do not scan network traffic.
If you selected the Do not scan network traffic check box, you can use the links in the lower part of the window to configure the following settings for scanning traffic transmitted for this application:
- Exclude all traffic or only encrypted traffic from scans.
- Exclude from scans the traffic transmitted for this application from any IP address or only from specified IP addresses.
- Exclude from scans the traffic transmitted for this application from any or only from specified ports.
You can modify these settings by clicking the link.
- In the Application control rules window, click OK.
- In the Applications window, click OK.
- To save changes, click the Save button.
Configuring storage settings for control rules that govern unused applications
By default, control rules for applications that have not been started in 60 days are deleted automatically. You can change the storage duration for control rules for unused applications or disable the automatic deletion of rules.
To configure storage settings for unused application control rules in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In the right part of the window, do one of the following:
- If you want Kaspersky Security to delete control rules of unused applications after a specified amount of time, select the Delete rules for applications that are not started for more than check box and, in the field to the right, specify the amount of time (in days) to store control rules of unused applications.
- If you want to disable automatic deletion of control rules for unused applications, clear the Delete rules for applications that are not started for more than check box.
- Click the Apply button.
To configure storage settings for unused application control rules in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- If you want Kaspersky Security to delete control rules of unused applications after a specified amount of time, select the Delete rules for applications that are not started for more than check box and, in the field to the right, specify the amount of time (in days) to store control rules of unused applications.
- If you want to disable automatic deletion of control rules for unused applications, clear the Delete rules for applications that are not started for more than check box.
- To save changes, click the Save button.
Protecting operating system resources and personal data
Application Privilege Control manages application rights to take actions on various categories of operating system resources and of personal data.
Kaspersky experts have established preset categories of protected resources. You cannot edit or delete the preset categories of protected resources or the protected resources that are within these categories.
You can perform the following actions:
- Create a new category of protected resources.
- Create a new protected resource.
- Exclude a resource from protection.
Creating a category of protected resources
To create a category of protected resources using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In right part of the window, the Application rules section, click the Settings button located in the lower part of the section.
- In the Applications window that opens, in the left part of the Protected resources tab, select the section or category of protected resources to which you want to add a new category of protected resources.
- In the upper-left part of the Protected resources tab, open the context menu of the Add button and select Category from the menu.
- In the Category of protected resources window that opens, enter the name for the new category of protected resources.
- In the Category of protected resources window, click OK.
A new item appears in the list of categories of protected resources.
- In the Applications window, click OK.
- Click the Apply button.
To create a category of protected resources in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
- Click the Resources button.
The Applications window opens on the Protected resources tab.
- Complete steps 7–11 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
After you create a category of protected resources, you can edit or remove it by clicking the Edit or Delete buttons in the upper-left part of the Protected resources tab.
Page top
Creating a protected resource
To create a protected resource in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In right part of the window, the Application rules section, click the Settings button located in the lower part of the section.
- In the Applications window that opens, in the left part of the Protected resources tab, select a section or category of protected resources to which you want to add a new protected resource.
- In the upper-left part of the Protected resources tab, open the context menu of the Add button and select the type of resource that you want to add: File or folder or Registry key.
- In the Protected resource window that opens, in the Name field, enter a name for the protected resource.
- Click the Browse button.
- In the window that opens, specify the necessary settings depending on the type of protected resource that you want to add and click OK.
- In the Protected resource window, click OK.
A new item appears in the list of protected resources of the selected category on the Protected resources tab.
- In the Applications window, click OK.
- Click the Apply button.
To create a protected resource in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
- Click the Resources button.
The Applications window opens on the Protected resources tab.
- Complete steps 7–13 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
After you add a protected resource, you can edit or remove it by clicking the Edit or Delete buttons in the upper-left part of the Protected resources tab.
Page top
Excluding a resource from protection
To exclude a resource from the protection scope in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Application Privilege Control section in the list on the left.
- In right part of the window, the Application rules section, click the Settings button located in the lower part of the section.
- In the Applications window that opens, on the Protected resources tab, exclude the resource from the protection scope in one of the following ways:
- Disable protection of a resource. To do so, in the left part of the tab, in the list of protected resources, select the resource for which you want to disable protection and clear the check box next to its name.
- Add the resource to the list of exclusions from protection by the Application Privilege Control component. To do this, perform the following actions:
- Click the Exclusions button in the upper-right part of the Protected resources tab.
- In the Exclusions window that opens, open the context menu of the Add button and select the type of resource that you want to add to the list of exclusions from the protection provided by the Application Privilege Control component: File or folder or Registry key.
- In the Protected resource window that opens, in the Name field, enter a name for the protected resource.
- Click the Browse button.
- In the window that opens, specify the necessary settings depending on the type of protected resource added to the list of exclusions from the protection provided by the Application Privilege Control component, and click OK.
- In the Protected resource window, click OK.
A new element appears in the list of resources that are excluded from protection by the Application Privilege Control component.
- Click OK in the Exclusions window.
- In the Applications window, click OK.
- Click the Apply button.
To exclude a resource from the protection scope in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Application Privilege Control.
In the right part of the window, the Application Privilege Control component's settings are displayed.
- Click the Resources button.
The Applications window opens on the Protected resources tab.
- Complete steps 7–8 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
Device Control
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
Device Control ensures the security of confidential data by restricting user access to devices that are installed on the protected virtual machine or connected to it:
- Storage devices (hard drives, removable drives, CD/DVDs)
- Network devices (modems, external network cards)
- Printing devices (printers)
- Connection buses (also referred to as "buses"), i.e. interfaces for connecting devices to the protected virtual machine (such as USB or FireWire)
Device Control manages user access to devices by applying device access rules (also referred to as "access rules") and connection bus access rules (also referred to as "bus access rules").
Trusted devices are devices to which users that are specified in the trusted device settings have full access at all times.
If you have added a device to the list of trusted devices and created an access rule for this type of device which blocks or restricts access, Kaspersky Security decides whether or not to grant access to the device based on its presence in the list of trusted devices. Presence in the list of trusted devices has a higher priority than an access rule.
When the virtual machine user attempts to access a blocked device, Kaspersky Security displays a message stating that access to the device is blocked or that the operation with the device contents is forbidden. If the user believes that access to the device was mistakenly blocked or that an operation with device contents was forbidden by mistake, the user can send a complaint to the corporate LAN administrator by clicking the link in the displayed message about the blocked action. Special templates are available for messages about blocked access to devices or forbidden operations with device contents, and for complaints sent to the administrator. You can modify the message templates. On the protected virtual machine, the user can request and obtain temporary access to a blocked device.
This section describes how to configure Device Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Device Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Device Control).
About rules of access to devices and connection buses
A device access rule is a combination of parameters that define the following functions of the Device Control component:
- Allowing selected users and / or user group to access specific types of devices during specific periods of time.
You can select a user and / or user group and create a device access schedule for them.
- Setting the right to read the content of memory devices.
- Setting the right to edit the content of memory devices.
By default, access rules are created for all types of devices in the classification of the Device Control component. Such rules grant all users full access to the devices at all times, if access to the connection buses of the respective types of devices is allowed.
The user that belongs to the group of local administrators is allowed to access local disks even when the Hard drives devices access rule was configured, which has the Restrict access status.
The connection bus access rule allows or blocks access to the connection bus.
Rules that allow access to buses are created by default for all connection buses that are present in the classification of the Device Control component.
You cannot create or delete device access rules or connection bus access rules; you can edit them.
Page top
Standard decisions on access to devices
Kaspersky Security makes a decision on whether to allow access to a device after you connect the device to the protected virtual machine.
Standard decisions on access to devices
Initial conditions |
Interim steps to take until a decision on access to the device is made |
Decision on access to the device |
||
Checking whether the device is included in the list of trusted devices |
Testing access to the device based on the access rule |
Testing access to the bus based on bus access rule |
||
The device is not present in the device classification of the Device Control component. |
Not on the list. |
No access rule. |
Not subject to scanning. |
Access allowed. |
The device is trusted. |
On the list. |
Not subject to scanning. |
Not subject to scanning. |
Access allowed. |
Access to the device is allowed. |
Not on the list. |
Access allowed. |
Not subject to scanning. |
Access allowed. |
Access to the device depends on the bus. |
Not on the list. |
Access depends on the bus. |
Access allowed. |
Access allowed. |
Access to the device depends on the bus. |
Not on the list. |
Access depends on the bus. |
Access blocked. |
Access blocked. |
Access to the device is allowed. No bus access rule is found. |
Not on the list. |
Access allowed. |
No bus access rule. |
Access allowed. |
Access to the device is blocked. |
Not on the list. |
Access blocked. |
Not subject to scanning. |
Access blocked. |
No device access rule or bus access rule is found. |
Not on the list. |
No access rule. |
No bus access rule. |
Access allowed. |
There is no device access rule. |
Not on the list. |
No access rule. |
Access allowed. |
Access allowed. |
There is no device access rule. |
Not on the list. |
No access rule. |
Access blocked. |
Access blocked. |
You can edit the device access rule after you connect the device.
If the device is connected and the access rule allows access to it, but you later edited the access rule and blocked access to the device, Kaspersky Security blocks access the next time that any file operation is requested from the device (viewing the folder tree, reading, writing). A device without a file system is blocked only the next time that the device is connected.
Page top
Enabling and disabling Device Control
By default, Device Control is enabled. You can disable Device Control, if necessary.
To enable or disable Device Control in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable Device Control component, select the Device Control check box.
- If you want to disable Device Control component, clear the Device Control check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Device Control on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the Device Control item and perform one of the following actions:
- To enable Device Control, select Enable in the menu.
- To disable Device Control, select Disable in the menu.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
To enable or disable Device Control from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable Device Control component, select the Enable Device Control check box.
- If you want to disable Device Control component, clear the Enable Device Control check box.
- To save changes, click the Save button.
Editing a device access rule
To edit a device access rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Device types tab.
The Device types tab contains access rules for all devices that are included in the classification of the Device Control component.
- Select the access rule that you want to edit.
- Click the Edit button. This button is only available for device types which have a file system.
The Configuring device access rules window opens.
By default, a device access rule grants all users full access to the specified type of devices at any time. In the Users and/or groups of users list, this access rule contains the All group. In the Rights of the selected group of users by access schedules table, this access rule contains the overall time interval of access to devices, with the rights to perform all kinds of operations with devices.
- Edit the settings of the device access rule:
- Select a user and/or group of users from the Users and/or groups of users list. To edit the Users and/or groups of users list, use the Add, Edit, and Delete buttons.
- In the Rights of the selected group of users by access schedules table, configure the schedule for access to devices for the selected user and / or group of users. To do this, set the check boxes next to the names of the access schedules for devices that you want to use in the device access rule that is to be edited. To edit the list of access schedules to devices, use the Create, Edit, Copy, and Delete buttons in the Rights of the selected group of users by access schedules table.
- For each device access schedule used in the rule being edited, specify the operations that are allowed when working with devices. To do so, in the Rights of the selected group of users by access schedules table, set the check boxes in the columns with the names of the relevant operations.
- In the Configuring device access rules window, click OK.
After you have edited the default settings of a device access rule, the setting for access to the type of device in the Access column in the table on the Device types tab is changed to the Restrict by rules value.
- Click the Apply button.
To edit a device access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Editing a connection bus access rule
To edit a connection bus access rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Connection buses tab.
The Connection buses tab displays the access rules for all connection buses that are classified in the Device Control component.
- Select the bus connection rule that you want to edit.
- Change the value of the access parameter:
- To allow access to a connection bus, open the context menu in the Access column and select Allow.
- To block access to a connection bus, open the context menu in the Access column and select Block.
- Click the Apply button.
To edit a connection bus access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Actions with trusted devices
You can perform the following actions while working with trusted devices:
- Add devices to the Trusted list based on the device model or ID.
- Add devices to the Trusted list based on the mask of the device ID.
- Add a device to the Trusted list in the local interface.
- Configure access of a user and/or user group to a trusted device.
- Remove a device from the list of trusted devices.
If you have added a device to the list of trusted devices and created an access rule for this type of device which blocks or restricts access, Kaspersky Security decides whether or not to grant access to the device based on its presence in the list of trusted devices. Presence in the list of trusted devices has a higher priority than an access rule.
Adding devices to the Trusted list based on the device model or ID
In Kaspersky Security Center, you can add devices to the trusted list based on their model or ID.
By default, when a device is added to the list of trusted devices, access to the device is granted to all users (the Everyone group of users).
To add devices to the Trusted list based on their model or ID:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Trusted devices tab.
- Open the context menu of the Add button and do one of the following:
- Select the Adding a rule by ID item to add to the list those trusted devices whose unique IDs are known.
- Select the Adding a rule by model item to add to the list those trusted devices whose VID (vendor ID) and PID (product ID) are known.
- In the window that opens, in the Device type drop-down list select the type of devices to be displayed in the table below.
- Click the Refresh button.
The table displays a list of devices for which device IDs and/or models are known and which belong to the type selected in the Device type drop-down list.
- Select check boxes next to the names of devices that you want to add to the list of trusted devices.
- If necessary, enter a brief comment in the Comment field.
- Click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Specify users and/or groups for whom Kaspersky Security should recognize the selected devices as trusted.
The names of users and/or groups of users that are specified in the Select users and/or groups of users window are displayed in the Allow to users and/or groups of users field.
- Click OK.
Lines with the parameters of the added trusted devices appear in the table of devices on the Trusted devices tab.
- Click the Apply button.
Adding devices to the Trusted list based on the mask of the device ID
In Kaspersky Security Center, you can add devices to the trusted list based on a mask of their IDs.
By default, when a device is added to the list of trusted devices, access to the device is granted to all users (the Everyone group of users).
To add devices to the Trusted list based on an ID mask:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Trusted devices tab.
- Open the context menu of the Add button, and select the Devices by ID mask item.
- In the Adding trusted devices by ID mask window that opens, in the Mask field, enter a device ID mask.
- If necessary, enter a brief comment in the Comment field.
- Click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Specify the users and/or groups of users for whom Kaspersky Security should recognize devices whose models or IDs meet the specified mask as trusted devices.
The names of users and/or groups of users that are specified in the Select users and/or groups of users window are displayed in the Allow to users and/or groups of users field.
- In the Adding trusted devices by ID mask window, click OK.
In the table of devices on the Trusted devices tab a line appears with the settings of the rule for adding devices to the list of trusted devices by the mask of their IDs.
- Click the Apply button.
Adding devices to the list of trusted devices in a local interface
In the local interface, you can add devices that are connected to the protected virtual machine to the list of trusted devices.
By default, when a device is added to the list of trusted devices, access to the device is granted to all users (the Everyone group of users).
To add a device to the list of trusted devices in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
- Select the Trusted devices tab.
- Click the Select button.
The Select trusted devices window opens.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Select the check box next to the name of a device that you want to add to the list of trusted devices.
The list in the Devices column depends on the value that is selected in the Display connected devices drop-down list.
- If necessary, enter a brief comment in the Comment field.
- Click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Specify users and/or groups for whom Kaspersky Security should recognize the selected devices as trusted.
The names of users and/or groups of users that are specified in the Select users and/or groups of users window are displayed in the Allow to users and/or groups of users field.
- In the Select trusted devices window, click OK.
A line containing the settings of the added trusted device will appear in the table of devices on the Trusted devices tab.
- To save changes, click the Save button.
Configuring user access to a trusted device
By default, when a device is added to the list of trusted devices, access to the device is granted to all users (the Everyone group of users). You can configure the access of users (or user groups) to a trusted device.
To configure user access to a trusted device in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Trusted devices tab.
- In the list of trusted devices, select a device whose settings you want to edit.
- Click the Edit button.
- In the Configuring device access rules window that opens, click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Edit the list of users and/or groups of users for whom the device must be a trusted device.
- Click OK in the Select Users or Groups window.
The names of users and/or groups of users that are specified in the Select Users or Groups window are displayed in the Configuring device access rules window.
- In the Configuring device access rules window, click OK.
In the table of devices on the Trusted devices tab, the names of selected users and/or groups of users are displayed in the line containing the trusted device settings in the Users column.
- Click the Apply button.
To configure user access to a trusted device in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–12 of the previous instructions.
- To save changes, click the Save button.
Removing a device from the list of trusted devices
To remove a device from the list of trusted devices using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, select the Trusted devices tab.
- In the list of devices, select the device that you want to remove from the list of trusted devices.
- Click the Delete button.
- Click the Apply button.
To remove a device from the list of trusted devices in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–8 of the previous instructions.
- To save changes, click the Save button.
Kaspersky Security makes a decision regarding access to a device that was removed from the list of trusted devices based on device access rules and connection bus access rules.
Page top
Editing templates of Device Control messages
Special templates are available for messages about blocked access to devices or forbidden operations with device contents, and for complaints sent to the administrator regarding unnecessary blocking. You can edit these templates.
To modify a Device Control message template in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Device Control section in the list on the left.
- In the right part of the window, click the Templates button.
- In the Message templates window that opens, do one of the following:
- To modify the template of the message about blocked access to a device or a forbidden operation with device content, select the Blocking tab.
- To modify the complaint template that is sent to the LAN administrator, select the Complaint tab.
- Modify the template of the blocking message or the complaint template. To do this, use the Default and Variables buttons.
- Click OK in the Message templates window.
- Click the Apply button.
To modify a Device Control message template in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Providing access to a blocked device
Providing access to a blocked device consists of the following steps:
- The user of the protected virtual machine requests access to the device. For this purpose the user creates a file with an access key to the device and transfers this file to the administrator.
- The administrator creates a file with an access code to the device and transfers this file to the user.
- The user of the protected virtual machine activates the access code.
The user of a protected virtual machine can request and obtain temporary access to a blocked device from the local interface of Light Agent for Windows by using one of the following two methods:
- On the Protection and Control tab of the main application window.
- From the application settings window.
Temporary access to a device from the local interface can be obtained only if the virtual machine is managed by a policy and the Allow request for temporary access check box is selected in the policy properties within Device Control settings.
To request access to a blocked device:
- On the protected virtual machine, open the Request access to device window in one of the following ways:
- On the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window and select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the Device Control line and select Access to device.
- From the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Device Control.
- In the right part of the window, click the Request access button.
- On the Protection and Control tab of the main application window:
- From the list of connected devices, select a device to which you want to gain access.
- Click the Get access key button.
- In the Receive device access key window that opens, in the Access duration field, specify the time interval for which you want to have access to the device.
- Click the Save button.
The standard Save access key window of Microsoft Windows opens.
- Select the folder in which you want to save a file with a device access key, and click the Save button.
- Pass the device access key file to the LAN administrator.
After receiving the request, the organization LAN administrator creates a file with the access code to the device.
To create an access code for a blocked device:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, select the folder with the name of the administration group that contains the virtual machine whose user needs to be granted access to the device.
- In the workspace, select the Devices tab.
- In the list, select the virtual machine, open the context menu, and select Access to devices and data in offline mode.
- In the Granting access to devices and data in offline mode window that opens, use the Browse button to select the file with the device access key received from the user of the protected virtual machine.
Information about the blocked device to which the user has requested access will be displayed.
- If necessary, modify the device access settings and save the access code for the device.
- Pass the file with the access code to the blocked device to the user of the protected virtual machine.
After receiving the file with the access code from the organization LAN administrator, the user of the protected virtual machine activates the access code.
To activate access to a blocked device:
- On the protected virtual machine, open the Request access to device window on the Protection and Control tab of the main application window or in the application settings window.
- In the Request access to device window, select the device to which you want to gain access in the list of connected devices and click the Activate access code button.
The standard Open access key window in Microsoft Windows opens.
- Select the file with the device access code that was received from the administrator, and click the Open button.
The Activating the access code for the device window opens and displays information about the provided access.
- In the Activating the access code for the device window, click OK.
The time period for which access to the device is granted may differ from the amount of time that you requested. Access to the device is granted for the time period that the LAN administrator specifies when generating the device access code.
Page top
Web Control
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
Web Control allows controlling actions by LAN users, by restricting or blocking access to web resources. A web resource is an individual web page or several web pages, or a website or several websites that have a common feature.
Web Control can monitor the web resources, which are accessed through secure connections.
Web Control provides the following features:
- Saving traffic.
Traffic is controlled by restricting or blocking downloads of multimedia files, or by restricting or blocking access to web resources that are unrelated to users' job responsibilities.
- Differentiation of access by content categories of web resources.
To save traffic and reduce potential losses from the misuse of employee time, you can restrict or block access to specified categories of web resources (for example, block access to sites that belong to the "News media" category).
- Centralized control of access to web resources.
When using Kaspersky Security Center, personal and group settings of access to web resources are available.
All restrictions and blocks that are applied to access to web resources are implemented as web resource access rules.
This section describes how to configure Web Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure the Web Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Web Control).
About web resource access rules
A web resource access rule is a set of filters and actions that Kaspersky Security performs when the user visits web resources that are described in the rule during the time span that is indicated in the rule schedule. Filters allow you to precisely specify a pool of web resources to which access is controlled by the Web Control component.
The application provides the following filters:
- Filter by content. Web Control categorizes web resources by content and data type. You can control user access to web resources with content and data types of certain categories. When the users visit web resources that belong to the selected content category and / or data type category, Kaspersky Security performs the action that is specified in the rule.
- Filter by web resource addresses. You can control user access to all web resource addresses or to individual web resource addresses and / or groups of web resource addresses.
If filtering by content and filtering by web resource addresses are specified, and the specified web resource addresses and / or groups of web resource addresses belong to the selected content categories or data type categories, Kaspersky Security does not control access to all web resources in the selected content categories and / or data type categories. Instead, the application controls access only to the specified web resource addresses and / or groups of web resource addresses.
- Filter by names of users and user groups. You can specify the names of users and / or groups of users for which access to web resources is controlled according to the rule.
- Rule schedule. You can specify the rule schedule. The rule schedule determines the time span during which Kaspersky Security monitors access to web resources covered by the rule.
After Kaspersky Security is installed, the following web resource access rules are created by default:
- Scripts and stylesheets. The rule grants all users access at all times to web resources whose addresses contain the names of files with the css, js, or vbs extensions. For example: http://www.example.com/style.css, http://www.example.com/style.css?mode=normal.
- Default rule. The rule grants all users access to any web resources at any time.
Web resource content categories
To restrict access of virtual machine users to web resources, the web resource content categories listed below can be used.
The order of the listed categories does not reflect their relative significance or occurrence on the Internet. The names of the categories are conventional and used only for in Kaspersky applications and websites. The names do not necessarily correspond to the meanings assigned to them under applicable law. One web resource may belong to several categories at a time.
Weapons, explosives, pyrotechnics
Gambling, lotteries, sweepstakes
Online stores, banks, payment systems
Religions, religious associations
Page top
Enabling and disabling Web Control
By default, Web Control is enabled. You can disable Web Control, if necessary.
To enable or disable Web Control in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, do one of the following:
- If you want to enable Web Control component, select the Web Control check box.
- If you want to disable Web Control component, clear the Web Control check box.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable a component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
To enable or disable Web Control on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the Web Control item and perform one of the following actions:
- To enable Web Control, select Enable in the menu.
- To disable Web Control, select Disable in the menu.
If this menu item is unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
To enable or disable Web Control from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If component settings are unavailable, this means that you cannot enable or disable this component because the policy-defined setting is applied to protected virtual machines within the administration group.
- Do one of the following:
- If you want to enable Web Control component, select the Enable Web Control check box.
- If you want to disable Web Control component, clear the Enable Web Control check box.
- To save changes, click the Save button.
Actions with web resource access rules
You can perform the following actions to configure web resource access rules:
- Create a new rule.
- Edit a rule.
- Edit rule priority.
- Test a rule.
- Enable and disable a rule.
- Delete a rule.
Creating and editing a web resource access rule
To add or edit the web resource access rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, do one of the following:
- To create a new rule, click the Add button.
- If you want to edit the rule, select it in the list of rules and click the Edit button.
- In the Web resource access rule window that opens, in the Name field, enter or edit the name of the rule.
- From the Filter content drop-down list, select the required option:
- Any content.
- By content categories.
- By types of data.
- By content categories and types of data.
If an option other than Any content is selected, a section for selecting content categories and / or data type categories opens. Select the check boxes next to the names of the necessary content categories and/or data type categories.
Selecting the check box next to the name of a content category and/or data type category means that the application applies the rule to control access to web resources that belong to the selected content categories and/or data type categories.
- From the Apply to addresses drop-down list, select the required option:
- To all addresses.
- To individual addresses.
If the To individual addresses option is selected, a section opens where you create a list of web resources. You can create and edit the list of web resources by using the Add, Edit, and Delete buttons. To create a list of web resource addresses, you can also use web resource address masks.
After creating a list of web resource addresses, you can export it to file so you can later import this list from file.
- Select the Specify users and/or groups check box and click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- Define or edit the list of users and/or groups of users for whom access to the web resources described by the rule is allowed or restricted, and click OK.
- In the Action drop-down list, select the necessary item:
- Allow. If this value is selected, the application allows access to web resources that match the settings of the rule.
- Block. If this value is selected, the application blocks access to web resources that match the settings of the rule.
- Warn. If this value is selected, the application displays a message to warn that a web resource is unwanted when the user attempts to access web resources that match the settings of the rule. By using links from the warning message, the user can obtain access to the requested web resource.
- In the Rule schedule drop-down list that opens, select the name of the necessary schedule or create a new schedule that is based on the selected rule schedule. To do this, perform the following actions:
- Click the Settings button next to the Rule schedule drop-down list.
- To supplement the rule schedule with a time interval, during which the rule does not apply, in the Rule schedule window that opens, in the table that shows the rule schedule, click the table cells that correspond to the time and day of the week that you want to select.
The color of the cells turns gray.
- To substitute a time span during which the rule applies with a time span during which the rule does not apply, click the gray cells in the table which correspond to the time and day of the week that you want to select.
The color of the cells turns green.
- If you are creating a rule schedule that is based on the schedule of the Always rule that is created by default, click OK or Save as. If you are creating a rule schedule based on the schedule of a rule that was not created by default, click Save as.
- In the Rule schedule name window that opens, enter the name of the rule schedule or leave the default name.
- Click OK in the Rule schedule name window.
- In the Web resource access rule window, click OK.
- Click the Apply button.
To add or edit the web resource access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–14 of the previous instructions.
- To save changes, click the Save button.
Changing the priority web resource access rules
The priority of a rule is defined by its position in the Access rules sorted by priority table in the Web Control settings window. The first rule in the table has the highest priority.
If the web resource that the virtual machine user attempts to access matches the parameters of several rules, the application performs an action according to the rule with the highest priority.
You can raise or lower the priority of any web resource access rule except for the "Default rule", which always has the lowest priority and is located at the end of the list of rules.
To change the priority of a web resource access rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, in the Access rules sorted by priority table, select the rule whose priority you want to change, and use the Move up and Move down buttons to move the rule to the necessary position.
- Click the Apply button.
To change the priority of a web resource access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the Access rules sorted by priority table, select the rule whose priority you want to change, and use the Move up and Move down buttons to move the rule to the necessary position.
- To save changes, click the Save button.
Testing web resource access rules
In the local interface, you can check the consistency of rules by using the Rules diagnostics function.
To test the web resource access rules:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
- In the lower part of the window, click the Diagnostics button.
The Rules diagnostics window opens.
- Fill in the fields in the Conditions section:
- If you want to test the rules that the application uses to control access to a specific web resource, select the Specify address check box. Enter the address of the web resource in the field below.
- If you want to test the rules that the application uses to control access to web resources for specific users or groups of users, specify the user name or user group name. To do this, perform the following actions:
- Select the Specify users and/or groups check box and click the Select button.
The standard Select Users or Groups window in Microsoft Windows opens.
- In the Select Users or Groups window in Microsoft Windows, specify the relevant user or user group and click OK.
- Select the Specify users and/or groups check box and click the Select button.
- If you want to test the rules that the application uses to control access to web resources of specified content categories and/or data type categories, from the Filter content drop-down list, select the required option (By content categories, By types of data, or By content categories and types of data), and select check boxes next to the names of the relevant content categories and/or categories of data types.
- If you want to test the rules with account of the time and day of the week when an attempt is made to access the web resource(s) that are specified in the rule diagnostics conditions, select the Include time of access attempt check box. Specify the day of the week and time on the right.
- Click the Validate button.
A completed rule test is followed by a message with information about the action that is taken by the application, according to the first rule that is triggered on the attempt to access the specified web resource(s) (allow, block, or warn). All triggered rules are tested next.
Test completion is followed by a message on the right of the Validate button with information about the action that is taken by the application, according to the first rule that is triggered on the attempt to access the specified web resource(s). The first rule to be triggered is the one with a rank on the list of Web Control rules which is higher than that of other rules meeting the diagnostics conditions. The table in the lower part of the Rules diagnostics window lists the remaining triggered rules, specifying the action taken by the application. The rules are listed in the order of declining priority.
Page top
Enabling and disabling a web resource access rule
All predefined web resource access rules have the Enabled status. If a web resource access rule is enabled, Web Control applies this rule.
A new web resource access rule also has the Enabled status after it is created.
You can disable any web resource access rule except the "Default rule". If a web resource access rule is disabled, Web Control temporarily stops applying this rule.
To enable or disable a web resource access rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In list of rules in the right part of the window, select the rule that you want to enable or disable.
- In the Status column, open the context menu and select one of the following values:
- On if you want to enable use of the rule.
- Off if you want to disable use of the rule.
- Click the Apply button.
To enable or disable a web resource access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–7 of the previous instructions.
- To save changes, click the Save button.
Removing web resource access rules
To delete a web resource access rule using Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, in the list of web resource access rules, select the rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of rules.
You cannot delete a predefined Default rule.
- Click the Apply button.
To delete a web resource access rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the list of web resource access rules, select the rule that you want to delete, and click the Delete button.
The selected rule will be deleted from the list of rules.
You cannot delete a predefined Default rule.
- To save changes, click the Save button.
Rules for creating masks for web resource addresses
Using a web resource address mask (hereinafter also referred to as simply "address mask") may be useful if you need to enter numerous similar web resource addresses when creating a web resource access rule. If crafted well, one address mask can replace a large number of web resource addresses.
When creating an address mask, adhere to the following rules:
- The
*character replaces any sequence that contains zero or more characters.For example, if you enter the *abc* address mask, the access rule is applied to all web resource addresses that contain the sequence abc. Example: http://www.example.com/page_0-9abcdef.html.
The
?character is treated as a question mark.To include the
*character in the address mask, you need to enter the*character twice. - The
www.character sequence at the start of the address mask is interpreted as a*.sequence.Example: the address mask www.example.com is treated as *.example.com.
- If an address mask does not start with the
*character, the content of the address mask is equivalent to the same content with the*.prefix. - A sequence of
*.characters at the beginning of an address mask is interpreted as*.or an empty string.Example: the address mask http://www.*.example.com covers the address of the web resource http://www2.example.com.
- If an address mask ends with a character other than
/or*, the content of the address mask is equivalent to the same content with the/*postfix.Example: the address mask http://www.example.com covers such addresses as http://www.example.com/abc, where a, b, and c are any characters.
- If an address mask ends with the
/character, the content of the address mask is equivalent to the same content with the /*.postfix. - The character sequence
/*at the end of an address mask is interpreted as/*or an empty string. - Web resource addresses are verified against an address mask, taking into account the protocol (http or https):
- If the address mask contains no network protocol, this address mask covers addresses of web resources with any network protocol.
Example: the address mask example.com covers the web resource addresses http://example.com and https://example.com.
- If the address mask contains a network protocol, this address mask only covers web resource addresses with the same network protocol as that of the address mask.
Example: the address mask http://*.example.com covers the web resource address http://www.example.com but does not cover https://www.example.com.
- If the address mask contains no network protocol, this address mask covers addresses of web resources with any network protocol.
- An address mask that is in double quotes is treated without considering any additional replacements, except the
*character if it has been initially included in the address mask. In other words, rules 5 and 7 do not apply to such address masks (see examples 14–18 in the table below). - The user name and password, connection port, and character case are not taken into account during comparison with the address mask of a web resource.
Examples of how to use rules for creating address masks
No.
Address mask
Address of web resource to verify
Does the address match the address mask?
Comment
1
*.example.com
http://www.123example.com
No
See rule 1.
2
*.example.com
http://www.123.example.com
Yes
See rule 1.
3
*example.com
http://www.123example.com
Yes
See rule 1.
4
*example.com
http://www.123.example.com
Yes
See rule 1.
5
http://www.*.example.com
http://www.123example.com
No
See rule 1.
6
www.example.com
http://www.example.com
Yes
See rules 2, 1.
7
www.example.com
https://www.example.com
Yes
See rules 2, 1.
8
http://www.*.example.com
http://123.example.com
Yes
See rules 2, 4, 1.
9
www.example.com
http://www.example.com/abc
Yes
See rules 2, 5, 1.
10
example.com
http://www.example.com
Yes
See rules 3, 1.
11
http://example.com/
http://example.com/abc
Yes
See rule 6.
12
http://example.com/*
http://example.com
Yes
See rule 7.
13
http://example.com
https://example.com
No
See rule 8.
14
"example.com"
http://www.example.com
No
See rule 9.
15
"http://www.example.com"
http://www.example.com/abc
No
See rule 9.
16
"*.example.com"
http://www.example.com
Yes
See rules 1, 9.
17
"http://www.example.com/*"
http://www.example.com/abc
Yes
See rules 1, 9.
18
"www.example.com"
http://www.example.com; https://www.example.com
Yes
See rules 9, 8.
19
www.example.com/abc/123
http://www.example.com/abc
No
An address mask contains more data than the address of a web resource.
Exporting and importing the list of web resource addresses
If you created a list of web resource addresses when creating a web resource access rule, you can export it to a TXT file. You can subsequently import the list from this file to avoid creating a new list of web resource addresses manually when configuring an access rule. The option of exporting and importing the list of web resource addresses may be useful if, for example, you create access rules with similar parameters.
To export a list of web resource addresses to a file in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, in the list of rules, select the rule whose list of web resource addresses you want to export to a file.
- Click the Edit button.
The Web resource access rule window opens.
A list of web resource addresses to which the rule applies appears under the Apply to addresses drop-down list.
- If you do not want to export the entire list of web resource addresses, but rather just a part of it, select the required web resource addresses.
- To the right of the field with the list of web resource addresses, click the
button.The action confirmation window opens.
- Do one of the following:
- If you want to export only the selected items of the web resource address list, in the action confirmation window, click the Yes button.
- If you want to export all items of the list of web resource addresses, in the action confirmation window, click the No button.
The standard Save as window of Microsoft Office opens.
- Select the file to which you want to export the list of web resource addresses, and click the Save button.
To export a list of web resource addresses to a file in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
- Complete steps 6–11 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
To import the list of web resource addresses from a file to a rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
In the right part of the window,
- Do one of the following:
- To create a new rule, click the Add button.
- If you want to edit a rule, select it in the list of rules and click the Edit button.
The Web resource access rule window opens.
- If you are creating a new web resource access rule, select To individual addresses from the Apply to addresses drop-down list.
- To the right of the field with the list of web resource addresses, click the
button.If you are creating a new rule, the standard Microsoft Windows Open file window opens.
If you are editing a rule, a window requesting your confirmation opens.
- If you are editing a web resource access rule, do one of the following actions in the action confirmation window:
- If you want to add imported items of the list of web resource addresses to the existing ones, click the Yes button.
- If you want to delete the existing items of the list of web resource addresses and to add the imported ones, click the No button.
The standard Open file window in Microsoft Windows opens.
- In the Open file window in Microsoft Windows, select a file with a list of web resource addresses to import and click the Open button.
The imported list of web resource addresses appears in the Web resource access rule window under the Apply to addresses drop-down list.
- In the Web resource access rule window, click OK.
- Click the Apply button.
To import the list of web resource addresses from a file to a rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–11 of the previous instructions.
- To save changes, click the Save button.
Editing templates of Web Control messages
Depending on the action defined in the properties of web resource access rules, the application displays a message of one of the following types when a virtual machine user attempts to access web resources (the HTTP server response is replaced by an HTML page with the appropriate message):
- Warning message. This message warns the user that a website is potentially harmful and/or does not comply with the corporate policy. The application displays a warning message if the Warn option is selected from the Action drop-down list in the properties of the rule that describes this website.
If the user believes that the warning is mistaken, the user may click the link from the warning message to open a pre-generated complaint message and send it to the corporate LAN administrator.
- Message informing of blocking of a web resource. The application displays a message that informs that a web resource is blocked, if the Block option is selected from the Action drop-down list in the properties of the rule that describes this web resource.
If the user believes that the web resource was blocked by mistake, the user may click the link from the web resource blocking notification to open a pre-generated complaint message and send it to the corporate LAN administrator.
Special templates are provided for the warning message, web resource blocking notification, and complaint message sent to the corporate LAN administrator. You can modify their content.
To modify a Web Control message template in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Web Control section in the list on the left.
- In the right part of the window, click the Templates button.
- In the Message templates window that opens, do one of the following:
- If you want to edit the template for the message that warns about a possibly dangerous website, select the Warning tab.
- If you want to edit the template of the message that informs the user that access to a website is blocked, select the Blocking tab.
- To modify the complaint template that is sent to the LAN administrator, select the Complaint tab.
- Edit the message template. To do this, use the Default and Variables buttons.
- Click OK in the Message templates window.
- Click the Apply button.
To modify a Web Control message template in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select Web Control.
In the right part of the window, the Web Control component’s settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
System Integrity Monitoring
The Kaspersky Security functionality described in this section is available only if you are using the application under an enterprise license and the application is installed on a virtual machine with a Windows server operating system and an NTFS or FAT32 file system.
The System Integrity Monitoring component can track changes in a Windows operating system installed on the protected virtual machine. You can monitor the following objects:
- Files and registry. The System Integrity Monitoring component tracks changes made to the registry and files included in the monitoring scope.
- External drives. The System Integrity Monitoring component tracks the connection of the following types of external devices:
- Disk drives for hard drives.
- Disk drives for optical drives (CD/DVD/Blu-ray).
- USB devices.
- Cameras and scanners.
- External network adapters.
The System Integrity Monitoring component can operate in real time, and can run a System Integrity Check by schedule or on demand.
When operating in real time, System Integrity Monitoring lets you track changes to monitored objects that you have included in the System Integrity Monitoring scope.
A system integrity check by schedule or on demand is performed by using the system integrity check task. A system integrity check is performed by comparing the current state of objects included in the system integrity check scope with the state of objects that were previously registered in the form of a system baseline.
You can run a System Integrity Check in one of the following modes:
- Full Scan. All attributes of files and their contents are analyzed when checking for modifications in files.
- Quick Scan. Only the attributes of files are analyzed when checking for modifications in files; file contents are not checked.
Registry modifications and connection of external devices are monitored in any mode according to the defined System Integrity Check scope.
A system state snapshot (baseline) is taken on a virtual machine as a result of running the baseline update task. When a baseline is created or updated, the state of objects included in the System Integrity Check scope is recorded.
You can update the baseline in one of the following modes:
- Full update – for all objects in the scan scope.
- Incremental update – only for modified or new objects from the scan scope.
The System Integrity Monitoring component settings are defined in the Light Agent for Windows policy or in the local interface of Light Agent for Windows. You can enable or disable the Real-Time System Integrity Monitoring component, and configure the following settings:
- Real-Time System Integrity Monitoring scope:
- List of objects that must be monitored by the Real-Time System Integrity Monitoring component.
- List of System Integrity Monitoring rules that govern how the component tracks changes in files and the registry. You can create rules and use predefined rules from templates that are part of the application distribution kit.
- System Integrity Check scope. By default, the System Integrity Check scope matches the system integrity monitoring scope. You can define a separate scope for a scheduled System Integrity Check and an on-demand System Integrity Check. This scope is also used for the baseline update task:
- List of objects whose state needs to be checked. The state of these objects is recorded in the baseline.
- List of System Integrity Monitoring rules that govern how the component checks for changes in files and the registry. The baseline records the state of files and folders, as well as registry keys defined in the rules. You can create rules and use predefined rules from templates that are part of the application distribution kit.
If the System Integrity Check scope is not defined, the System Integrity Monitoring scope is used for the System Integrity Check task and the baseline update task.
- The importance level for events that are generated by the System Integrity Monitoring component when it detects system changes in real time, and as a result of the System Integrity Check task.
You can view information about the operating results of the System Integrity Monitoring component in Kaspersky Security Center and in the local interface of Light Agent for Windows.
Enabling and disabling Real-Time System Integrity Monitoring
You can enable or disable Real-Time System Integrity Monitoring. By default, the Real-Time System Integrity Monitoring component is disabled.
Enabling and disabling Real-Time System Integrity Monitoring does not affect the performance of a System Integrity Check task or baseline update task.
You can enable or disable Real-Time System Integrity Monitoring in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Endpoint control → System Integrity Monitoring).
To enable or disable Real-Time System Integrity Monitoring in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Integrity Monitoring section in the list on the left.
- In the right part of the window, do one of the following:
- Select the Real-Time System Integrity Monitoring check box if you want to enable the Real-Time System Integrity Monitoring component.
- Clear the Real-Time System Integrity Monitoring check box if you want to disable the Real-Time System Integrity Monitoring component.
- Click the Apply button.
In the local interface of Light Agent for Windows, you can enable or disable the real-time component in two ways:
- On the Protection and Control tab of the main application window.
- From the application settings window.
If the component settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
To enable or disable Real-Time System Integrity Monitoring, on the Protection and Control tab of the main application window:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Endpoint control section.
- Open the context menu of the System Integrity Monitoring item and perform one of the following actions:
- Select Enable if you want to enable the Real-Time System Integrity Monitoring component.
- Select Disable if you want to disable the Real-Time System Integrity Monitoring component.
To enable or disable Real-Time System Integrity Monitoring from the application settings window:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.
- Do one of the following:
- Select the Real-Time System Integrity Monitoring check box if you want to enable the Real-Time System Integrity Monitoring component.
- Clear the Real-Time System Integrity Monitoring check box if you want to disable the Real-Time System Integrity Monitoring component.
- To save changes, click the Save button.
Configuring the system integrity monitoring scope and the System Integrity Check scope
For correct operation of the System Integrity Monitoring component, you must configure the scope of the component, i.e. select the objects whose status must be tracked by the System Integrity Monitoring component. The scope is configured in the Light Agent for Windows policy or in the local interface of Light Agent for Windows.
You can configure the System Integrity Monitoring scope for real-time operation of the component and configure a separate System Integrity Check scope by schedule or on demand. This scope is also used for the baseline update task. If the scope of the System Integrity Check is not defined, the system integrity monitoring scope is applied for the System Integrity Check task and the baseline update task.
This section describes how to configure the Integrity Control component scope using the Administration Console and the Light Agent for Windows local interface. You can also configure the Integrity Control scope settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → System Integrity Monitoring).
To configure the scope of the System Integrity Monitoring component in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Integrity Monitoring section in the list on the left.
- In the right part of the window, in the System Integrity Monitoring scope section, configure the System Integrity Monitoring real-time scope:
- Select the Monitor devices check box if you want System Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
- In the drop-down list, select the importance level for events generated by the System Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
- Select the Monitor files and the registry check box if you want the System Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
- Click the Settings button.
- In the System Integrity Monitoring rules window that appears, create a list of rules that are applied when the Real-Time System Integrity Monitoring component is running.
You can perform the following actions when configuring System Integrity Monitoring rules:
- Add or edit rules.
- Import and export rules.
- Enable or disable rules.
- Delete rules.
- In the System Integrity Monitoring rules window, click OK.
- If you want to configure a separate scope for an integrity check by schedule or on demand, perform the following actions in the System Integrity Check scope section:
- Select the Define System Integrity Check scope check box.
The System Integrity Check scope settings group will appear under the check box.
- Configure the settings in the System Integrity Check scope section as described in step 6 of these instructions. These settings will be applied when the System Integrity Check task and baseline update task are performed.
- Select the Define System Integrity Check scope check box.
- Click the Apply button.
To configure the scope of the System Integrity Monitoring component in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.
In the right part of the window, the System Integrity Monitoring component settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To configure the System Integrity Monitoring scope in real time, perform the following actions in the System Integrity Monitoring settings section:
- Select the Monitor devices check box located under the name of the System Integrity Monitoring settings section if you want System Integrity Monitoring to track when external devices are connected on the protected virtual machine in real time.
- In the drop-down list, select the importance level for events generated by the System Integrity Monitoring component when it detects the connection of an external device. By default, an Informational event is generated.
- Select the Monitor files and the registry check box located in the upper part of the System Integrity Monitoring settings section if you want the System Integrity Monitoring component to track changes made to files and the registry on the protected virtual machine in real time.
- Complete steps 6d-6f of the previous instructions.
- If you want to configure a separate scope for a system integrity check by schedule or on demand, perform the following actions in the System Integrity Monitoring settings section:
- Select the Define System Integrity Check scope check box.
A settings section appears under the check box.
- Configure the settings in the section as described in step 6 of the previous instructions. These settings will be applied when the System Integrity Check task and baseline update task are performed.
- Select the Define System Integrity Check scope check box.
- To save changes, click the Save button.
Creating and editing a System Integrity Monitoring rule
You can create a system integrity monitoring rule by creating a monitoring scope and/or a list of exclusions from the monitoring scope for files and folders, registry keys and values. After creating or importing a system integrity monitoring rule, you can change the rule settings if necessary.
To create or edit a System Integrity Monitoring rule through Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Integrity Monitoring section in the list on the left.
- In the right part of the window, click the Settings button located on the right of the Monitor files and the registry check box in one of the following sections:
- In the System Integrity Monitoring scope section if you want to configure a Real-Time System Integrity Monitoring rule.
- In the System Integrity Check scope section if you want to configure a rule for the System Integrity Check task and baseline update task.
- In the System Integrity Monitoring rules window that opens, perform one of the following actions:
- If you want to create a system integrity monitoring rule, click the Add button located above the list of rules.
- If you want to edit a system integrity monitoring rule, select it in the list and click the Edit button.
- In the System Integrity Monitoring rule window that opens, enter the rule name and select the importance level for the events generated by System Integrity Monitoring when it applies this rule. By default, an Informational event is generated.
- Configure the monitoring scope of files and folders on the Files tab.
To add a file or folder so that Kaspersky Security monitors changes in it:
- Click the Add button located above the Monitoring scope field on the Files tab.
- In the File or folder window that opens, enter the absolute path to the folder or mask of the path to the folder to be monitored.
When entering a path mask, you can use the following characters in any part of the path:
- The
*character can represent any characters except\ / :. In addition:- If the
*character is used to designate the name of an entire component of a path (for example, to designate a folder name:/*/), it can represent one or more characters. - If the
*character is used to designate part of the name of a path component (for example, to designate part of a folder name:/abc*/), it can represent zero or more characters.
- If the
- The
?character can replace any single character.
You can use environment variables when entering a folder path. You must type the
%character before and after the name of the environment variable. - The
- If you need to monitor changes to files in a specified folder, enter a file name or file mask in the File name or file mask field.
When entering a mask, you can use the following characters:
*represents zero or more characters. It can represent any characters except\ / :?represents any single character
If you want to monitor changes made to the specified files in nested folders as well, select the Include files in subfolders check box.
- Click OK in the File or folder window.
The path to the file or folder is displayed in the list of paths in the Monitoring scope field.
Kaspersky Security monitors changes made to files and folders only on those drives that are connected when Real-Time System Integrity Monitoring starts running, which means when a policy is applied or when Real-Time System Integrity Monitoring is enabled. If a drive is powered off when Real-Time System Integrity Monitoring starts running, modifications made to files and folders on that drive are not monitored even if those files and folders have been added to the monitoring scope.
You can perform keyword searches in the list, and remove files and folders from the list by using the Delete button.
- If necessary, you can similarly configure the list of paths to files and/or folders that are excluded from the monitoring scope. Kaspersky Security does not monitor changes to files and folders that are added to the list of paths in the Exclusions field.
To configure the list of exclusions, use the Add and Delete buttons located above the Exclusions field on the Files tab.
- Configure the monitoring scope of registry keys and values on the Registry tab.
To add a registry key or key parameter so that Kaspersky Security monitors changes in it:
- Click the Add button located above the Monitoring scope field on the Registry tab.
The Registry key window opens.
- Enter the name of the registry key whose modifications must be monitored.
HKEY_CURRENT_USER key is not supported. You can specify a path to a registry key through HKEY_USER as follows: HKEY_USERS\<user profile ID>\<key>.
- If you want Kaspersky Security to also monitor nested keys, select the Including nested keys check box.
- If you need to monitor changes to a parameter of the specified key, enter the name or mask of the parameter in the Name or mask of the key parameter field.
When entering a mask, you can use the wildcards
*(any sequence of characters) and?(any single character). - In the Registry key window, click OK.
The name of the key and key parameter (if it was specified) is displayed in the list of keys and registry values in the Monitoring scope field.
You can perform a keyword search in the list, and remove keys from the list using the Delete button.
- Click the Add button located above the Monitoring scope field on the Registry tab.
- If necessary, you can similarly configure the list of keys and registry values that are excluded from the monitoring scope. Kaspersky Security does not monitor changes to keys and registry values that are added to the list in the Exclusions field.
To configure the list of exclusions, use the Add and Delete buttons located above the Exclusions field on the Registry tab.
- In the System Integrity Monitoring rule window, click OK.
The rule is displayed in the list of rules in the System Integrity Monitoring rules window.
- In the System Integrity Monitoring rules window, click OK.
- Click the Apply button.
To create or edit a System Integrity Monitoring rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.
In the right part of the window, the System Integrity Monitoring component settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- Click the Settings button located on the right of the Monitor files and the registry check box in the upper part of the System Integrity Monitoring settings section if you want to configure a Real-Time System Integrity Monitoring rule.
- Click the Settings button located on the right of the Monitor files and the registry check box in the lower part of the System Integrity Monitoring settings section if you want to configure a rule for the System Integrity Check task and baseline update task.
The System Integrity Monitoring rules window opens.
- Complete steps 7–14 of the previous instructions.
- To save changes, click the Save button.
Importing and exporting System Integrity Monitoring rules
You can save the configured list of System Integrity Monitoring rules to a file and import a previously saved list of rules from a file. To import or export a list of rules, you can use a file in XML format.
When configuring the System Integrity Monitoring component settings through Kaspersky Security Center, you can import a list of System Integrity Monitoring rules from templates that are included in the Kaspersky Security application distribution kit. A template contains paths to files and folders, as well as registry keys and values that are used for the operation of a specific application. Rules imported from a template let you track changes associated with the operation of this application.
To import or export a list of System Integrity Monitoring rules in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Integrity Monitoring section in the list on the left.
- In the right part of the window, click the Settings button located on the right of the Monitor files and the registry check box in one of the following sections:
- In the System Integrity Monitoring scope section if you want to configure a Real-Time System Integrity Monitoring rule.
- In the System Integrity Check scope section if you want to configure a rule for the System Integrity Check task and baseline update task.
- If you want to import a list of System Integrity Monitoring rules, in the System Integrity Monitoring rules window that opens, click the Import button and do one of the following:
- To import a rule from a template, select From template in the drop-down list. Then in the window that opens, select the template name and click OK.
The rule from the selected template will be added to the list of rules in the System Integrity Monitoring rules window.
- To import rules from a file, in the drop-down list select From file and specify the path to the XML file in the opened window.
Rules from the selected file will be added to the list of rules in the System Integrity Monitoring rules window.
- To import a rule from a template, select From template in the drop-down list. Then in the window that opens, select the template name and click OK.
- If you want to export the list of System Integrity Monitoring rules, click the Export button and specify the path to the file in which you want to save the list of rules.
- In the System Integrity Monitoring rules window, click OK.
- Click the Apply button.
To import or export a list of System Integrity Monitoring rules in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.
In the right part of the window, the System Integrity Monitoring component settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- Click the Settings button located on the right of the Monitor files and the registry check box in the upper part of the System Integrity Monitoring settings section if you want to configure a Real-Time System Integrity Monitoring rule.
- Click the Settings button located on the right of the Monitor files and the registry check box in the lower part of the System Integrity Monitoring settings section if you want to configure a rule for the System Integrity Check task and baseline update task.
The System Integrity Monitoring rules window opens.
- Complete steps 7–9 of the previous instructions.
- To save changes, click the Save button.
Enabling and disabling a System Integrity Monitoring rule
All System Integrity Monitoring rules are added to the list of rules with the Enabled status. If a rule is enabled, System Integrity Monitoring applies the rule.
You can disable any system integrity monitoring rule. If a rule is disabled, System Integrity Monitoring temporarily stops applying the rule.
To enable or disable a system integrity monitoring rule in Kaspersky Security Center:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the System Integrity Monitoring section in the list on the left.
- In the right part of the window, click the Settings button located on the right of the Monitor files and the registry check box in one of the following sections:
- In the System Integrity Monitoring scope section if you want to configure a Real-Time System Integrity Monitoring rule.
- In the System Integrity Check scope section if you want to configure a rule for the System Integrity Check task and baseline update task.
- In the System Integrity Monitoring rules window that opens, in the list of system integrity monitoring rules select the required rule and perform one of the following actions in the Status column:
- Select the value On if you want to enable the rule.
- Select the value Off if you want to disable the rule.
- In the System Integrity Monitoring rules window, click OK.
- Click the Apply button.
To enable or disable a system integrity monitoring rule in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Endpoint control section, select the System Integrity Monitoring section.
In the right part of the window, the System Integrity Monitoring component settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- Click the Settings button located on the right of the Monitor files and the registry check box in the upper part of the System Integrity Monitoring settings section if you want to configure a Real-Time System Integrity Monitoring rule.
- Click the Settings button located on the right of the Monitor files and the registry check box in the lower part of the System Integrity Monitoring settings section if you want to configure a rule for the System Integrity Check task and baseline update task.
The System Integrity Monitoring rules window opens.
- Complete steps 7–8 of the previous instructions.
- To save changes, click the Save button.
Creating and updating the baseline
You can create and then update the baseline of protected virtual machines by using the baseline update task.
You can create and configure the baseline update task for protected virtual machines that are included in the administration group, using Kaspersky Security Center Administration Console or using the Web Console. You can configure the baseline update task for one virtual machine in the local interface of Light Agent for Windows.
The task is run on the virtual machine and uses a special format to save information about the status of monitored objects that you included in the System Integrity Check scope. If you have not defined the System Integrity Check scope, the scope of objects is determined by the System Integrity Monitoring scope. The System Integrity Check scope and System Integrity Monitoring scope are configured in the policy that is applied on the virtual machine, or in the local interface of Light Agent for Windows.
To create or update the baseline on virtual machines using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select Baseline update.
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Name field, enter the name of the baseline update task.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox.
When the task is run with the default settings, the application updates the baseline only for new or modified objects within the monitoring scope (incremental update).
Finish the wizard.
The created custom scan task appears in the list of tasks.
- If you want to perform a full baseline update, change the task settings as follows:
- Double-click to open the properties window of the created task.
- Go to the Settings section and select the Full update option.
- Click OK.
- Start the baseline update task.
When the task is run, a baseline will be created or a previously created baseline will be updated on each virtual machine that you specified in task settings.
To create or update the baseline on virtual machines using the Web Console:
- Create a task of the Baseline update type following the instructions of the wizard. The task is created with the default settings.
As a result of the task execution, the application updates the baseline only for the new or modified objects in the monitoring scope (incremental update).
- To perform a full baseline update, at the last step of the wizard, select the Open task properties window after creation check box and close the wizard.
- In the task properties window, on the Application settings tab, select the Full update option and click the Save button to save the changes.
- Start the baseline update task.
To create or update the baseline on a virtual machine using the Light Agent for Windows local interface:
- If necessary, configure the settings of the baseline update task. To do this, perform the following actions:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select Baseline update.
The right part of the window displays the settings of the baseline update task.
If the Baseline update section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
- Select the baseline update mode:
- Full update – for all objects in the monitoring scope.
- Incremental update – only for modified or new objects from the monitoring scope.
- To save changes, click the Save button.
- Start the baseline update task.
Checking system integrity by schedule or on demand
You can use the System Integrity Check task to check system integrity on protected virtual machines.
You can create and configure the System Integrity Check task for protected virtual machines that are included in the administration group, using Kaspersky Security Center Administration Console or using the Web Console. You can configure the System Integrity Check task for one virtual machine in the local interface of Light Agent for Windows.
For successful completion of the task, the baseline must fully match the System Integrity Check scope when the System Integrity Check task is started. If the composition of objects whose state was recorded in the baseline differs from the composition of objects that are within the System Integrity Check scope, the System Integrity Check task ends with an error.
To check the system integrity on the virtual machines using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select System Integrity Check.
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Scheduled start drop-down list, select Manually.
Proceed to the next step of the New Task Wizard.
- In the Name field, enter the name of the System Integrity Check task.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox.
When the task is run with the default settings, the application performs a System Integrity Check in Full scan mode (all attributes of files and file contents are analyzed when checking for modifications in files).
Finish the wizard.
The created custom scan task appears in the list of tasks.
- If you want the application to analyze only the attributes of files and not file contents when checking for modifications in files, change the task settings as follows:
- Double-click to open the properties window of the created task.
- Go to the Settings section and select the Quick Scan option.
- Click OK.
- Start the System Integrity Check task.
System Integrity Check runs on each virtual machine that you specified in task settings. You can view its execution results in the Administration Console.
To check the system integrity on the virtual machines using the Web Console:
- Create a task of the System Integrity Check type following the instructions of the wizard. The task is created with the default settings.
As a result of the task execution, the application performs a System Integrity Check in Full scan mode (all file attributes and file contents are analyzed when checking for modifications of files).
- If you want the application to analyze only the file attributes and to skip the contents of files when checking for modifications of files, at the last step of the wizard, select the Open task properties window after creation check box and close the wizard.
- In the task properties window, on the Application settings tab, select the Quick Scan option and click the Save button to save the changes.
- Start the System Integrity Check task.
System Integrity Check runs on each virtual machine that you specified in task settings. You can view its execution results in the Web Console.
To check the system integrity on a virtual machine in the Light Agent for Windows local interface:
- If necessary, configure the settings of the System Integrity Check task. To do this, perform the following actions:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the System Integrity Check section.
The right part of the window displays the System Integrity Check task settings.
If the System Integrity Check section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
- Select the scan mode:
- Full scan – all attributes of files and file contents are analyzed when checking for modifications in files. This option is selected by default.
- Quick Scan – only the attributes of files are analyzed when checking for modifications in files; file contents are not checked.
- If necessary, change the task run mode. You are advised to use the Manually run mode. This mode is selected by default.
- To save changes, click the Save button.
- Start the System Integrity Check task.
Viewing information about system integrity on a virtual machine
Information about the results of the System Integrity Monitoring component is displayed as follows:
- As Kaspersky Security Center events. The System Integrity Monitoring component sends an event to Kaspersky Security Center if it detects that an external device has been connected or if files or the registry have been modified on a protected virtual machine.
All events of the System Integrity Monitoring component are displayed in the list of Kaspersky Security Center events both in the Administration Console and in the Web Console. You can configure event selections for viewing events from the System Integrity Monitoring component. For more information about configuring event selections, please refer to the Kaspersky Security Center help.
Events that occurred when the last system integrity check task was run on the virtual machine are displayed in the properties of the application installed on the virtual machine.
- By changing the status of a virtual machine in Kaspersky Security Center. When events with an importance level of Critical or Important are received from the System Integrity Monitoring component, Kaspersky Security Center changes the client device status for the protected virtual machine to Critical or Warning.
Receiving the device status from a managed application must be enabled in Kaspersky Security Center in the lists of conditions for assigning the Critical and Warning statuses. Conditions for assigning device statuses are configured in the properties window of an administration group.
The client device status and all the reasons for changing the status are displayed in the list of devices included in the administration group. For details on client device statuses, please refer to the Kaspersky Security Center help.
You can reset the status received from the System Integrity Monitoring component.
- In the results of a system integrity check task in Kaspersky Security Center.
- In the form of reports in Kaspersky Security Center. Kaspersky Security Center provides two types of reports:
- In the form of reports in the local interface of Light Agent. In the Reports and Storages window on the Reports tab, you can view the following reports:
- Real-Time System Integrity Monitoring report.
- System Integrity Check task report.
- Baseline update task report.
Viewing events that occurred during the last run of the System Integrity Check
You can view the events that occurred during the last System Integrity Check via the Kaspersky Security properties installed on the protected virtual machine. You can view the list of events using Administration Console or Web Console (in the properties window of Kaspersky Security for Virtualization 5.2 Light Agent installed on the virtual machine, on the Application settings tab in the System Integrity Monitoring events section).
To use the Administration Console to view the list of events that occurred on the virtual machine during the last run of the System Integrity Check task:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the folder with the name of the administration group that includes the required virtual machine.
- In the workspace, select the Devices tab.
- Select a virtual machine from the list and double-click it to open the Settings: <Virtual machine name> window.
- In the window that opens, in the list on the left, select the Applications section.
- In the right part of the window, in the list of applications installed on the virtual machine, select Kaspersky Security for Virtualization 5.2 Light Agent and double-click it to open the Kaspersky Security for Virtualization 5.2 Light Agent Settings window.
- In the window that opens, in the list on the left, select the System Integrity Monitoring events section.
The table in the right part of the window shows the following information about each event:
- Event generation date.
- Event name.
- Rule applied by the System Integrity Monitoring component.
- Control object in which the modification is made. Depending on the type of control object, the following information is displayed in the column:
- Path to the file, if the System Integrity Monitoring component detected a change to a file.
- Registry key, if the System Integrity Monitoring component detected a change in the registry.
- Device name, if the System Integrity Monitoring component detected the connection of an external device.
- Type of modification to the monitored object detected by the System Integrity Monitoring component. Possible values:
- Create.
- Modify.
- Delete.
- Connect.
In the list of events, you can perform the following actions:
- Update the list of events.
- Filter the list of events by column values or custom conditions.
- Use the search function to find a specific event.
- Change the order and arrangement of columns that are shown in the report.
- Sort the list of events by each column.
- Save a report to a TXT or CSV file.
Viewing a report on the virtual machines on which System Integrity Monitoring rules were triggered the maximum number of times
Report on the virtual machines on which System Integrity Monitoring rules were triggered maximum number of times in the Administration Console
To view the report on the virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the workspace of the Administration Server <Server name> node, go to the Reports tab.
- Click the New report template button to start the New Report Template Wizard.
- Follow the wizard instructions.
- In the Selecting the report template type window, in the Other section, select the Top 10 devices with the most frequently triggered File Operations Monitoring/System Integrity Monitoring rules type.
- After creating a report template, select it in the list of templates on the Reports tab.
The report will be displayed in the workspace.
The Period field shows the reporting period covered by the report. By default, the report is generated for the last 30 days, which includes the report generation date.
The report consists of two tables:
- The summary table contains information on the protected virtual machines on which System Integrity Monitoring rules were triggered the maximum number of times.
- The detailed table contains information on each instance of a triggered rule.
You can customize display of the columns for each table. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
The summary table contains the following information:
- Device name – name of the protected virtual machine on which System Integrity Monitoring rules were triggered.
- Number of events – number of times System Integrity Monitoring rules were triggered on the protected virtual machine.
- Number of rules – number of System Integrity Monitoring rules that were triggered on the protected virtual machine.
The row below displays the following summary information:
- Number of devices – total number of protected virtual machines on which System Integrity Monitoring rules were triggered.
- Number of events – total number of times System Integrity Monitoring rules were triggered on protected virtual machines.
- Event receipt limit reached – information about whether the maximum number of events that Kaspersky Security Center can receive from System Integrity Monitoring components on client devices has been reached. The limit on the number of received events is configured in the Kaspersky Security Center registry and is 15,000 events per day by default. If the number of received events has exceeded the limit, Yes is displayed in the field.
The detailed table contains the following information:
- Virtual Server – the name of the virtual Administration Server (if available) that manages the protected virtual machine.
- Group name – the name of the group that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- IP address – IP address of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Last visible – date and time when the protected virtual machine on which the System Integrity monitoring rule was triggered was last observed on the network by the Administration Server.
- Last connected to Network Agent – date and time when Network Agent was last synchronized with the Administration Server.
- Device name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- NetBIOS name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain name – name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- DNS name – DNS name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain DNS name – DNS name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Importance – importance level of the System Integrity Monitoring event. Possible values: Informational message, Important message, Critical message.
- Event time - date and time when the event occurred.
- Name of the triggered rule – name of the System Integrity Monitoring rule that was triggered.
- Object path – path to the monitored object whose modification was detected by the System Integrity Monitoring component. Depending on the type of control object, the following information is displayed in the column:
- Path to the file or folder, if the System Integrity Monitoring component detected a change to a file or folder.
- Registry key, if the System Integrity Monitoring component detected a change in the registry.
- External device, if the System Integrity Monitoring component detected the connection of an external device.
- Action – action taken on the monitored object. Possible values:
- Object type – type of the monitored object whose modification was detected by the System Integrity Monitoring component. Possible values: File or folder, Registry key, External device.
- System Integrity Monitoring component was disabled – information about whether the System Integrity Monitoring component was disabled when the event occurred. For Kaspersky Security, this field always shows No.
- User – user account of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
Report on the virtual machines on which System Integrity Monitoring rules were triggered maximum number of times in the Web Console
To create a template of a report on virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
- Click the Add button above the list of report templates.
- In the window that opens, in the Report name field, specify the name of the created report template and in the Report type section in the Other subsection select the Top 10 devices with most frequently triggered File Operations Monitoring / System Integrity Monitoring rules type.
- In the Scope window, specify the devices information on which is to be displayed in the report.
- In the Report period window, specify the time interval data for which is to be displayed in the report.
- In the Report created window, do one of the following:
- Click the Save and run button to start generating the report.
- Click the Save button to save the report template.
The created report template will be displayed in the workspace.
To view the report on the virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
A list of report templates opens.
- Select the check box next to the name of the report template of the Top 10 devices with most frequently triggered File Operations Monitoring / System Integrity Monitoring rules type.
- Click the View report button.
The report window opens.
The report has two tabs:
- The Summary tab contains information on the protected virtual machines on which System Integrity Monitoring rules were triggered maximum number of times:
- Name of the protected virtual machine on which System Integrity Monitoring rules were triggered.
- Number of times System Integrity Monitoring rules were triggered on the protected virtual machine.
- Number of System Integrity Monitoring rules that were triggered on the protected virtual machine.
- The Details tab contains information about each rule triggering event.
You can customize the displayed columns in tables on the report tabs. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
Page top
Viewing a report on the most frequently triggered System Integrity Monitoring rules
Report on the most frequently triggered System Integrity Monitoring rules in the Administration Console
To view the report on the most frequently triggered System Integrity Monitoring rules in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the workspace of the Administration Server <Server name> node, go to the Reports tab.
- Click the New report template button to start the New Report Template Wizard.
- Follow the wizard instructions.
- In the Selecting the report template type window, in the Other section, select the Top 10 File Operations Monitoring/System Integrity Monitoring rules triggered on the devices type.
- After creating a report template, select it in the list of templates on the Reports tab.
The report will be displayed in the workspace.
The Period field shows the reporting period covered by the report. By default, the report is generated for the last 30 days, which includes the report generation date.
The report consists of two tables:
- The summary table contains information about the System Integrity Monitoring rules that were most frequently triggered on devices during the reporting period.
- The detailed table contains information on each instance of a triggered rule.
You can customize display of the columns for each table. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
The summary table contains the following information:
- Name of the triggered rule – name of the System Integrity Monitoring rule that was triggered.
- Number of events – number of times the System Integrity Monitoring rule was triggered on protected virtual machines.
- Number of devices – number of protected virtual machines on which the System Integrity Monitoring rule was triggered.
The row below displays the following summary information:
- Number of devices – total number of protected virtual machines on which System Integrity Monitoring rules were triggered.
- Number of events – total number of times System Integrity Monitoring rules were triggered on protected virtual machines.
- Event receipt limit reached – information about whether the maximum number of events that Kaspersky Security Center can receive from System Integrity Monitoring components on client devices has been reached. The limit on the number of received events is configured in the Kaspersky Security Center registry and is 15,000 events per day by default. If the number of received events has exceeded the limit, Yes is displayed in the field.
The detailed table contains the following information:
- Virtual Server – the name of the virtual Administration Server (if available) that manages the protected virtual machine.
- Group name – the name of the group that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- IP address – IP address of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Last visible – date and time when the protected virtual machine on which the System Integrity monitoring rule was triggered was last observed on the network by the Administration Server.
- Last connected to Network Agent – date and time when Network Agent was last synchronized with the Administration Server.
- Device name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- NetBIOS name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain name – name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- DNS name – DNS name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain DNS name – DNS name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Importance – importance level of the System Integrity Monitoring event. Possible values: Informational message, Important message, Critical message.
- Event time - date and time when the event occurred.
- Name of the triggered rule – name of the System Integrity Monitoring rule that was triggered.
- Object path – path to the monitored object whose modification was detected by the System Integrity Monitoring component. Depending on the type of control object, the following information is displayed in the column:
- Path to the file or folder, if the System Integrity Monitoring component detected a change to a file or folder.
- Registry key, if the System Integrity Monitoring component detected a change in the registry.
- External device, if the System Integrity Monitoring component detected the connection of an external device.
- Action – action taken on the monitored object. Possible values:
- Object type – type of the monitored object whose modification was detected by the System Integrity Monitoring component. Possible values: File or folder, Registry key, External device.
- System Integrity Monitoring component was disabled – information about whether the System Integrity Monitoring component was disabled when the event occurred. For Kaspersky Security, this field always shows No.
- User – user account of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
Report on the most frequently triggered System Integrity Monitoring rules in the Web Console
To create a template of a report on the most frequently triggered System Integrity Monitoring rules in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
- Click the Add button above the list of report templates.
- In the window that opens, in the Report name field, specify the name of the created report template and in the Report type section in the Other subsection select the Top 10 File Operations Monitoring / System Integrity Monitoring rules most frequently triggered on devices type.
- In the Scope window, specify the devices information on which is to be displayed in the report.
- In the Report period window, specify the time interval data for which is to be displayed in the report.
- In the Report created window, do one of the following:
- Click the Save and run button to start generating the report.
- Click the Save button to save the report template.
The created report template will be displayed in the workspace.
To view the report on the most frequently triggered System Integrity Monitoring rules in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
A list of report templates opens.
- Select the check box next to the name of the report template of the Top 10 File Operations Monitoring / System Integrity Monitoring rules most frequently triggered on devices type.
- Click the View report button.
The report window opens.
The report has two tabs:
- The Summary tab contains information about the System Integrity Monitoring rules that most frequently triggered on the devices during the reporting period:
- Name of the System Integrity Monitoring triggered rule.
- Number of times System Integrity Monitoring rules were triggered on the protected virtual machines.
- Number of protected virtual machines on which the System Integrity Monitoring rule was triggered.
- The Details tab contains information about each rule triggering event.
You can customize the displayed columns in tables on the report tabs. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
Page top
System integrity status reset
If System Integrity Monitoring events were the reason for changing the virtual machine status to Critical or Warning, the status is referred to as the system integrity status.
You can reset the system integrity status in Kaspersky Security Center, i.e. cancel the Critical and Warning statuses for virtual machines.
You can reset the system integrity status for one virtual machine or create a group task to reset the system integrity status for several protected virtual machines in the administration group.
System integrity status reset for one virtual machine
You can reset the system integrity status for a virtual machine in the properties of the Kaspersky Security application installed on the virtual machine. You can reset the system integrity status using the Administration Console or Web Console (in the properties window of Kaspersky Security for Virtualization 5.2 Light Agent installed on the virtual machine, on the Application settings tab in the Virtual machine integrity status section).
To reset the system integrity status for one virtual machine using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the folder with the name of the administration group that includes the required virtual machine.
- In the workspace, select the Devices tab.
- Select a virtual machine from the list and double-click it to open the Settings: <Virtual machine name> window.
- In the window that opens, in the list on the left, select the Applications section.
- In the right part of the window, in the list of applications installed on the virtual machine, select Kaspersky Security for Virtualization 5.2 Light Agent and double-click it to open the Kaspersky Security for Virtualization 5.2 Light Agent Settings window.
- In the window that opens, in the list on the left, select the Virtual machine system integrity status section.
- In the right part of the window, click the Reset status button.
If System Integrity Monitoring events were the reason for changing the virtual machine status to Critical or Warning, the OK status is assigned to the virtual machine.
If the status was also changed due to other events or based on Kaspersky Security Center status assignment rules, the status for the virtual machine is not changed.
Page top
Creating a system integrity status reset task
You can create a task to reset the system integrity status using the Administration Console. The task is started manually. A system integrity status reset is performed on each virtual machine that you specified in task settings.
You can also create and run a system integrity status reset task on virtual machines using the Web Console.
To create a system integrity status reset task on virtual machines using the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select System integrity status reset.
Proceed to the next step of the New Task Wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Name field, enter the name of the system integrity status reset task.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox.
Finish the wizard.
The created custom scan task appears in the list of tasks.
Page top
Network Monitor
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop or server operating system.
Network Monitor is a tool designed for viewing information about the network activity of a protected virtual machine in real time in the local interface of Light Agent for Windows.
To start Network Monitor:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage protection section.
- Open the context menu of the Firewall line and select Network Monitor.
The Network Monitor window opens. In this window, information about the network activity of the protected virtual machine is shown on four tabs:
- The Network activity tab shows all current network connections with protected virtual machine. Both outbound and inbound network connections of the protected virtual machine are displayed.
- The Open ports tab lists all open network ports of the protected virtual machine.
- The Network traffic tab shows the volume of inbound and outbound network traffic between the protected virtual machine and other devices in the network to which you are currently connected.
- The Blocked devices tab lists the IP addresses of remote devices whose network activity has been blocked by the Network Attack Blocker component after detecting network attack attempts from such IP addresses.
Scanning the virtual machine
When the protected virtual machine is started together with Kaspersky Security, real-time protection of the virtual machine is automatically enabled and continues uninterrupted. Real-time protection involves scanning files of a protected virtual machine for malware when they are accessed. When the user or any application accesses a file on a protected virtual machine (for example, reads or writes it), Kaspersky Security intercepts the operation on the file.
In addition to real-time protection, you must regularly run a virus scan of the protected virtual machine to check for viruses and other malware in order to prevent the spread of malware that have not been detected by the application, for example, due to a low security level setting or for other reasons. A virus scan is vital to virtual machine security.
VM low-resource mode is enabled on Windows devices with Light Agent and Kaspersky Security Center Network Agent installed. This is a special mode that pauses Network Agent database updates as well as Vulnerability and Required Update Search (see the Kaspersky Security Center Help for details). This reduces the number of running processes, stops the device from establishing new network connections to get update files and pauses update-related file operations. This economy of resources is especially important for infrastructures where a large number of virtual machines with Light Agent and Kaspersky Security Center Network Agent installed are deployed from VM templates. The optimization thus applies to entire groups of devices, which reduces the load on the hypervisor.
Scan tasks are employed to scan virtual machines.
Virus scan tasks in Kaspersky Security Center
After Kaspersky Security MMC plug-ins are installed, the following scan tasks are automatically created in Kaspersky Security Center:
- Virus scan task for Light Agent for Windows. The task is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Windows component installed that belong to the Managed devices group or to any nested administration group. If necessary, you can change the settings of this task or delete it and create a new virus scan task.
- Virus scan task for Light Agent for Linux. The task is created for the Managed devices administration group and can be started on all virtual machines with the Light Agent for Linux component installed that belong to the Managed devices group or to any nested administration group. If necessary, you can change the settings of this task or delete it and create a new virus scan task.
While performing the Virus scan task, Kaspersky Security performs a virus scan of the areas of the protected virtual machine that are specified in the task settings. Task is managed in Kaspersky Security Center.
Scan tasks in the local interface of Light Agent for Windows
Protected virtual machines that have the Light Agent for Windows component installed can employ the following scan tasks that can be configured through the local interface of Light Agent for Windows:
- Full Scan.
- Critical Areas Scan.
- Custom Scan.
The Full Scan and Critical Areas Scan tasks are somewhat different than the others. For these tasks, it is not recommended to edit the scan scope.
After scan tasks start, their completion progress is displayed in the field next to the name of the running scan task, in the Manage tasks section on the Protection and Control tab of the main application window.
Information on the scan results and events that have occurred during the performance of scan tasks is logged in the application reports.
Scan tasks for Light Agent for Linux
Protected virtual machines that have the Light Agent for Linux component installed can employ the following scan tasks that can be managed from the command line:
Creating a Virus scan task
You can create a Virus scan task for Light Agent for Windows and Light Agent for Linux in the Administration Console.
When creating a task, you can specify the task launch schedule. Regardless of the specified schedule, you can start or stop the task manually at any time.
You can also create, start, or stop the Virus scan task in the Web Console.
To create a Virus scan task for Light Agent for Windows in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Windows list, select Virus scan.
Proceed to the next step of the wizard.
- Create a list of objects to be scanned by Kaspersky Security in the Scan scope window.
Proceed to the next step of the New Task Wizard.
- In the Action of Kaspersky Security for Virtualization 5.2 Light Agent window, do the following:
- Select the action that Kaspersky Security performs if infected files are detected during the scan.
- Select the Run Advanced Disinfection immediately check box if you want the application to run Advanced Disinfection as soon as an active infection is detected during a group virus scan task, and restart the virtual machine after performing Advanced Disinfection without prompting the user for confirmation.
- If you want the application to suspend the launch of the scan task when virtual machine resources are limited, select the Suspend scheduled scanning when the protected virtual machine is unlocked check box.
Proceed to the next step of the wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- Then follow the New Task Wizard instructions.
To create a Virus scan task for Light Agent for Linux in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree, and in the workspace, select the Tasks tab.
- To create a task for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent for Linux list, select Virus scan.
Proceed to the next step of the wizard.
- Create a list of objects to be scanned by Kaspersky Security in the Scan scope window.
Proceed to the next step of the New Task Wizard.
- In the Kaspersky Security for Virtualization 5.2 Light Agent action window, select the action to be performed by Kaspersky Security application if the scan detects infected files.
Proceed to the next step of the wizard.
- If you started the New Task Wizard from the Tasks folder, specify the method of selecting the virtual machines for which you are creating the task. You can select virtual machines from the list of virtual machines discovered by the Administration Server, manually specify the addresses of virtual machines, import a list of virtual machines from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of selection of virtual machines, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the virtual machines for which you want to create the task. To do so, select check boxes in the list on the left of the name of the relevant virtual machine.
- Click the Add or Add IP range button and enter the addresses of virtual machines manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of virtual machines.
- Click Browse and in the window that opens specify the name of the selection containing the virtual machines for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- Then follow the New Task Wizard instructions.
Configuring virus scan task settings for Light Agent for Windows
You can perform the following actions to configure the virus scan task settings for Light Agent for Windows:
- Change the security level.
- Change the action that is performed by the application on detection of an infected file.
- Create the task scan scope.
- Configure scanning of compound files.
- Optimize file scanning.
- Configure Heuristic Analyzer.
- Configure the use of iSwift scanning technology.
This section describes how to configure the Virus scan task settings using the Administration Console. You can also configure the Virus scan task settings using the Web Console when modifying the task settings in the task properties window.
Changing the security level
To perform scan tasks the application uses various combinations of settings. These groups of settings are called security levels. You can select one of the preset security levels or configure security level settings on your own. There are three security levels: High, Recommended, and Low. The Recommended security level is considered the optimal setting, and is recommended by Kaspersky.
To change the security level:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom security level, click the Settings button and, in the window that opens, specify the settings with the name of a scan task.
After you configure a custom security level, the name of the security level in the Security level section changes to Custom.
- To change the security level to Recommended, click the Default button.
- Click the Apply button.
Changing the action to take on infected files
To change the action on infected files:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Block.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- Click the Apply button.
Creating the task scan scope
The scan scope refers to the locations of files which are scanned by the application while running a scan task. You can expand or restrict the scan scope by adding or removing objects for scanning, or by changing the type of files to be scanned.
To create the scan scope:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Scope tab, in the File types section, specify the types of files that must be scanned by the application:
- If you want to scan all files, select All files.
- Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
- Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.
When selecting the type of files to scan, remember the following information:
- There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high.
- An intruder can send a virus or other malware to your virtual machine in an executable file that has had its extension changed to .txt. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, File Anti-Virus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
- The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.
- Click OK in the Virus scan window.
- In the Scan scope section, click the Settings button.
- In the Scan scope window that opens, create the scan scope:
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- In the Select object window that opens, in the Object field, select the object in the tree or specify the path to the object and click Add.
- Click OK.
The added object appears in the list of objects in the Scan scope window.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the scan scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window click Yes.
You cannot remove or edit objects that are included in the default scan scope.
- If you want to exclude an object from the scan scope, clear the check box next to the object in the Scan scope list. The object remains on the list of objects to be scanned, but it is not scanned when the scan task runs.
- To add a new object to the list of objects to be scanned:
- In the Scan scope window, click OK.
- Click the Apply button.
Scan compound files
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In Virus scan window that opens, on the Scope tab, in the Scan compound files section, specify the compound files you want to scan: archives, self-extracting archives, embedded OLE objects, mail files, or password-protected archives by selecting the corresponding check boxes.
- Click the Additional button.
- In the Compound files window that opens, in the Size limit section, do one of the following:
- If you want the application to unpack large compound files, clear the Do not unpack large compound files checkbox.
- If you do not want the application to unpack large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
The application scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the Virus scan window.
- Click the Apply button.
Optimizing file scanning
You can optimize file scanning when running a virus scan task, thereby reducing the scan time and improving the speed of the application. This can be achieved by scanning only new files and those files that have been modified since the previous scan.
To optimize file scanning:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Scope tab in the Scan optimization section, do the following:
- If you want the application to scan only new files and files that have been modified since their previous analysis when running a virus scan task, select the Scan only new and changed files check box.
- If you want the application to skip files after a specified amount of time when running a virus scan task, select the Skip files that are scanned for longer than check box and specify the scan duration (in seconds) for one file in the field to the right of the check box.
- Click OK in the Virus scan window.
- Click the Apply button.
Using of Heuristic Analyzer
When active, the application uses signature analysis. During signature analysis, Kaspersky Security matches the detected object with records in the application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of scanning you can use heuristic analysis. During heuristic analysis, the application analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure use of Heuristic Analyzer:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Additional tab, in the Scan methods section, do one of the following:
- If you want the application to use heuristic analysis during the virus scan task, set the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want the application to use heuristic analysis during the virus scan task, clear the Heuristic Analysis check box.
- Click OK in the Virus scan window.
- Click the Apply button.
Using of iSwift technology
You can enable the use of the iSwift technology, which optimizes the speed of file scanning by excluding files that have not been modified since the most recent scan.
To configure the use of iSwift technology:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Windows and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Additional tab, in the Scan technology section, do one of the following:
- Select the iSwift technology check box if you want to use this technology when running a virus scan task.
- Clear the iSwift technology check box if you do not want to use this technology when running a virus scan task.
- Click OK in the Virus scan window.
- Click the Apply button.
Configuring virus scan task settings for Light Agent for Linux
You can perform the following actions to configure the virus scan task settings for Light Agent for Linux:
- Change the security level.
- Change the action that is performed by the application on detection of an infected file.
- Create the task scan scope.
- Configure scanning of compound files.
- Configure Heuristic Analyzer.
- Configure the usage of iChecker scanning technology.
This section describes how to configure the Virus scan task settings using the Administration Console. You can also configure the Virus scan task settings using the Web Console when modifying the task settings in the task properties window.
Changing the security level
To perform scan tasks the application uses various combinations of settings. These groups of settings are called security levels. You can select one of the preset security levels or configure security level settings on your own. There are three security levels: High, Recommended, and Low. The Recommended security level is considered the optimal setting, and is recommended by Kaspersky.
To change the security level:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, do one of the following:
- If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom security level, click the Settings button and, in the window that opens, specify the settings with the name of a scan task.
After you configure a custom security level, the name of the security level in the Security level section changes to Custom.
- To change the security level to Recommended, click the Default button.
- Click the Apply button.
Changing the action to take on infected files
To change the action on infected files:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Action on threat detection section, select the required option:
- Disinfect. Delete if disinfection fails.
- Disinfect.
- Delete.
- Inform.
The Disinfect. Delete if disinfection fails option is selected by default.
When files are deleted or disinfected, their copies are saved in Backup.
- Click the Apply button.
Creating the task scan scope
The scan scope refers to the locations of files which are scanned by the application while running a scan task. You can expand or narrow the scan scope by adding or removing objects to be scanned by the application.
To create the scan scope:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Scan scope section, click the Settings button.
- In the Scan scope window that opens, create the scan scope:
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- In the Select object window that opens, in the Object field, enter the path to the object and click Add.
- Click OK in the Select object window.
The added object appears in the list of objects in the Scan scope window.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the scan scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window click Yes.
You cannot remove or edit objects that are included in the default scan scope.
- If you want to exclude an object from the scan scope, clear the check box next to the object in the Scan scope list. The object remains on the list of objects to be scanned, but it is not scanned when the scan task runs.
- To add a new object to the list of objects to be scanned:
- In the Scan scope window, click OK.
- Click the Apply button.
Scan compound files
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Scope tab, in the Scan compound files section, specify the types of compound files that you want to scan by selecting the corresponding check boxes: packed files, archives, self-extracting archives, mail databases or mail files.
- Click the Additional button.
- In the Compound files window that opens, in the Time limit section, do one of the following:
- If you want the application to skip files when the specified time runs out, select the Skip files that are scanned for longer than and specify the value you need in the Maximum scan time field.
- If you do not want the application to skip files when the specified time runs out, clear the Skip files that are scanned for longer than check box.
- In the Size limit section, do one of the following:
- If you want the application to unpack large compound files, clear the Do not unpack large compound files check box.
- If you do not want the application to unpack large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
Kaspersky Security application scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the Virus scan window.
- Click the Apply button.
Using of Heuristic Analyzer
When active, the application uses signature analysis. During signature analysis, Kaspersky Security matches the detected object with records in the application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of scanning you can use heuristic analysis. During heuristic analysis, the application analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure use of Heuristic Analyzer:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Additional tab, in the Scan methods section, do one of the following:
- If you want the application to use heuristic analysis during the virus scan task, set the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want the application to use heuristic analysis during the virus scan task, clear the Heuristic Analysis check box.
- Click OK in the Virus scan window.
- Click the Apply button.
Using of iChecker technology
You can enable usage of iChecker technology that increases the scanning speed by excluding certain files from scanning according to a special algorithm that accounts for the release date of the application databases, the date when the file was scanned previously, and changes in the scan settings.
To configure use of iChecker technology:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To configure the settings of a task created for the virtual machines within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To configure the settings of a task created for one or more virtual machines (tasks for a set of devices), select the Tasks folder in the console tree.
- In the list of tasks, select the required virus scan task for Light Agent for Linux and open the Settings: <Task name> window by double-clicking it.
- In the properties window of the task, select the Settings section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the Virus scan window that opens, on the Additional tab, in the Scan technology section, do one of the following:
- Select the iChecker technology check box if you want to use this technology when running a virus scan task.
- Clear the iChecker technology check box if you do not want to use this technology when running a virus scan task.
- Click OK in the Virus scan window.
- Click the Apply button.
Configuring scan task settings in a local interface
You can perform the following actions to configure scan task settings in the local interface:
- Change the security level.
- Change the action that is performed by the application on detection of an infected file.
- Create the scan scope.
- Configure scanning of compound files.
- Optimize file scanning.
- Configure Heuristic Analyzer.
- Configure the use of iSwift scanning technology.
- Select the scan task run mode.
- Configure the scan task to run under a different user account.
Changing the security level
To perform scan tasks the application uses various combinations of settings. These groups of settings are called security levels. You can select one of the preset security levels or configure security level settings on your own. There are three security levels: High, Recommended, and Low. The Recommended security level is considered the optimal setting, and is recommended by Kaspersky.
To change the security level in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, do one of the following:
- If you want to install one of the pre-installed security levels (High, Recommended, or Low), use the slider to select one.
- If you want to configure a custom security level, click the Settings button and, in the window that opens, specify the settings with the name of a scan task.
After you configure a custom security level, the name of the security level in the Security level section changes to Custom.
- To change the security level to Recommended, click the Default button.
- To save changes, click the Save button.
Changing the action to take on infected files
To change the action on infected files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Action on threat detection section, select the required option:
- Select action automatically.
- Perform action: Disinfect. Delete if disinfection fails.
- Perform action: Disinfect.
- Perform action: Delete.
- Perform action: Inform.
The Select action automatically option is selected by default. The application performs the default action defined by Kaspersky experts: Disinfect. Delete if disinfection fails option is selected by default.
Regardless of the option selected, Kaspersky Security application applies the Delete action to the files that are part of the Windows Store application.
When files are deleted or disinfected, their copies are saved in Backup.
- To save changes, click the Save button.
Creating the task scan scope
The scan scope refers to the location and type of files (for example, all hard drives, startup objects, and email databases) that the application scans when performing a scan task. You can expand or restrict the scan scope by adding or removing objects for scanning, or by changing the type of files to be scanned.
It is not recommended to change the scan scope of the full scan task or the critical areas scan task.
To create the scan scope in the local interface:
- On the protected virtual machine, open the main application window.
- Select the Protection and Control tab.
- Open the Manage tasks section.
- Click the line with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
A menu with scan task actions opens.
- Select the Scan scope menu item.
- In the Scan scope window that opens, do one of the following:
- To add a new object to the list of objects to be scanned:
- Click the Add button.
- This opens the Select object window; in that window, select an object and click Add.
- Click OK.
The added object appears in the list of objects in the Scan scope window.
- To change the path to an object:
- Select the object in the list of objects and click Edit.
- In the Select object window that opens, in the Object field, specify another path to the object and click OK.
- To remove an object from the scan scope:
- Select the object in the list of objects and click Delete.
- In the removal confirmation window click Yes.
You cannot remove or edit objects that are included in the default scan scope.
- If you want to exclude an object from the scan scope, clear the check box next to the object in the Scan scope list. The object remains on the list of objects to be scanned, but it is not scanned when the scan task runs.
- To add a new object to the list of objects to be scanned:
- In the Scan scope window, click OK.
- To save changes, click the Save button.
To select the type of scanned objects in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In the window with the name of the selected scan task on the Scope tab in the File types section, specify the types of files that must be scanned by the application when running the selected scan task:
- If you want to scan all files, select All files.
- Select Files scanned by format if you want to scan files of the formats that, according to Kaspersky experts, are currently most susceptible to infection.
- Select Files scanned by extension if you want to scan files with extensions that, according to Kaspersky experts, are currently most susceptible to infection.
When selecting the type of files to scan, remember the following information:
- There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high.
- An intruder can send a virus or other malware to your virtual machine in an executable file that has had its extension changed to .txt. If you select scanning of files by extension, such a file is skipped by the scan. If scanning of files by format is selected, then regardless of the extension, File Anti-Virus analyzes the file header. This analysis may reveal that the file is in .exe format. Such a file is thoroughly scanned for viruses and other malware.
- The list of scanned extensions and the list of scanned file formats are changed dynamically in order to match the current need to maintain your virtual machine security.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Scan compound files
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In this window on the Scope tab, in the Scan of compound files section, specify which compound files you want to scan: archives, self-extracting archives, embedded OLE objects, mail format files, or password-protected archives by selecting the corresponding check boxes.
- If the Scan only new and changed files check box is cleared in the Scan optimization section, you can specify for each type of compound file whether to scan all files of this type or new ones only. To make your choice, click the all / new link next to the name of a type of compound file. This link changes its value when you click it.
If the Scan only new and changed files check box is set, only new files are scanned.
- Click the Additional button.
The Compound files window opens.
- In the Size limit section, do one of the following:
- If you do not want the application to unpack large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
- If you want the application to unpack large compound files, clear the Do not unpack large compound files check box.
A file is considered large if its size exceeds the value in the Maximum file size field.
The application scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Optimizing file scanning
You can optimize file scanning: reduce scanning time and increase the operating speed of the application. This can be achieved by scanning only new files and those files that have been modified since the previous scan. This mode applies both to simple and to compound files. You can also limit the duration for scanning one file. After the specified amount of time, the application will exclude the file from the current scan (except archives and compound files).
To optimize file scanning in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In the opened window on the Scope tab in the Scan optimization section, perform the following actions:
- If you want the application to scan only new files and files that have been modified since their previous analysis when running a scan task, select the Scan only new and changed files check box.
- If you want the application to skip files after a specified amount of time when running a scan task, select the Skip files that are scanned for longer than check box and specify the scan duration (in seconds) for one file in the field to the right of the check box.
- Click OK.
- To save changes, click the Save button.
Using of Heuristic Analyzer
When active, the application uses signature analysis. During signature analysis, Kaspersky Security matches the detected object with records in the application databases. Following the recommendations of Kaspersky experts, signature analysis is always enabled.
For increasing the effectiveness of scanning you can use heuristic analysis. During heuristic analysis, the application analyzes the activity of objects in the operating system. Heuristic analysis can detect new malicious objects for which there are currently no records in the application database.
To configure the use of heuristic analysis in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In the opened window, on the Additional tab in the Scan methods section:
- If you want the application to use heuristic analysis during the scan task, set the Heuristic Analysis check box and use the slider to set the heuristic analysis level: Light, Medium, or Deep.
- If you do not want the application to use heuristic analysis during the scan task, clear the Heuristic Analysis check box.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Using of iSwift technology
You can enable the use of the iSwift technology, which optimizes the speed of file scanning by excluding files that have not been modified since the most recent scan.
To configure the use of iSwift technology in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In the opened window, on the Additional tab in the Scanning technology section, perform one of the following actions:
- Select the iSwift technology check box to use this technology during the scan.
- Clear the iSwift technology check box not to use this technology during the scan.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Configuring the scan task run mode
If it is impossible to run the scan task for any reason (for example, the protected virtual machine is off at that time), you can configure the skipped task to be run automatically as soon as this becomes possible.
You can postpone the scan task start after application startup if you have selected the By schedule update task run mode and the application startup time matches the scan task run schedule. The scan task can only be run after the specified time interval elapses after the startup of Kaspersky Security application.
To configure the scan task run mode in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
In the right part of the window, the settings of the selected scan task are displayed.
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
- Click the Run mode button.
A window with the name of the selected scan task opens.
- In the opened window, on the Run mode tab, select one of the following options for the scan task run mode:
- If you want to start the scan task manually, select Manually.
- If you want to configure the startup schedule for the scan task, select By schedule.
- Do one of the following:
- If you have selected the Manually option, go to step 6 of these instructions.
- If you have selected the By schedule option, specify the settings of the scan task run schedule. To do this, perform the following actions:
- In the Frequency drop-down list, specify when the scan task is to be started. Select one of the following options: Days, Every week, At a specified time, Every month, After application startup, or After every update.
- Depending on the item that is selected in the Frequency drop-down list, specify values for the settings that define the start time of the scan task.
- If you selected the By schedule run mode for the scan task and the application start time coincides with the scheduled start of the scan task, you can postpone startup of the scan task until after the application starts. To do so, specify the amount of time to delay the start of the scan task after the application starts. The scan task can only be run after the specified time interval elapses after the startup of Kaspersky Security application.
This setting is unavailable if the After application startup or After every update items are selected from the Frequency drop-down list.
- If you want the application to run scan tasks that had been skipped as soon as possible, select the Run skipped tasks check box.
This check box is unavailable if the Minutes, Hours, After application startup, or After every update items are selected from the Frequency drop-down list.
- If you want the application to suspend scan tasks when virtual machine resources are limited, select the Suspend scheduled scanning when the protected virtual machine is unlocked check box. This helps to conserve virtual machine resources.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Starting a scan task under the account of a different user
By default, a scan task is run under the account with which you are logged in to the guest operating system of the protected virtual machine. However, you may need to run a scan task under a different user account. You can specify a user who has the appropriate rights in the settings of the scan task and run the scan task under this user's account.
To configure the start of a scan task with the permissions of a different user in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- Click the Run mode button.
A window with the name of the selected scan task opens.
- In the opened window, on the Run mode tab in the User section, select the Run task as check box.
- In the Name field, enter the account name of the user whose rights are necessary for starting the scan task.
- In the Password field, enter the password of the user whose rights are necessary for starting the scan task.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.
Specifics of scanning symbolic and hard links
Kaspersky Security can scan symbolic and hard links to files.
Scanning symbolic links
When real-time protection is enabled, Kaspersky Security scans the file that is accessed via a symbolic link only if this file is included in the real-time protection scope.
If the file, which is accessed via a symbolic link, is not included in the real-time protection scope, the application does not scan this file. If such file contains malicious code, virtual machine security is at risk.
The scan task scans the file that is being accessed via a symbolic link irrespective of the file location. Upon detecting an infected file that is being accessed via a symbolic link, the application disinfects the original file. If disinfection fails, the application deletes the infected file and keeps the symbolic link.
Scanning hard links with the Light Agent for Linux component
Upon detecting an infected file with more than one hard link, Light Agent for Linux disinfects the original file. If disinfection fails, Light Agent for Linux deletes the hard link to the file that is being scanned. And other hard links to this file are not scanned.
When restoring the file with a hard link from Backup, the application creates a copy of the source file with the name of the hard link that was placed in Backup. Connections to other hard links to the source file are not restored.
Scanning hard links with the Light Agent for Windows component
When Light Agent for Windows processes a file which has more than one hard link, the following scenarios are possible depending on the action selected:
- If the Delete action is selected, Kaspersky Security deletes the hard link that is being scanned. Other hard links to this file are not scanned.
- If the Disinfect action is selected, Kaspersky Security disinfects the original file. If disinfection fails, the application deletes the hard link being scanned and creates in its place a copy of the original file with the name of the deleted hard link. And other hard links to this file are not scanned.
Scanning removable drives when they are connected to the virtual machine
Some malicious applications exploit operating system vulnerabilities to replicate themselves via local networks and removable drives. The application allows you to scan removable drives that are connected to the virtual machine for viruses and other malware.
You can configure removable drives scan on connection to the virtual machine in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Advanced settings).
To configure scanning of removable drives on connection to the virtual machine in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Advanced settings section in the list on the left.
- In the right part of the window, in the Scan removable drives on connection section, select the necessary action from the Action on removable drive connection drop-down list:
- Do not scan.
- Full Scan.
- Quick Scan.
- If you want the application to scan removable drives of a size less or equal to a specified value, select the Maximum removable drive size check box and specify a value in megabytes in the field next to it.
The check box is available if the Full Scan or Quick Scan action is set in the Action on removable drive connection drop-down list.
- Click the Apply button.
To configure scanning of removable drives on connection to the virtual machine in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, select the Scheduled tasks section.
In the right part of the window, the general settings of scheduled tasks are displayed.
- In the Scan removable drives on connection section, select the necessary action from the Action on removable drive connection drop-down list:
- Do not scan.
- Full Scan.
- Quick Scan.
If the section is not available, this means that the policy prohibits configuration of the removable drive scan settings for all protected virtual machines in the administration group.
- If you want the application to scan removable drives of a size less or equal to a specified value, select the Maximum removable drive size check box and specify a value in megabytes in the field next to it.
The check box is available if the Full Scan or Quick Scan action is set in the Action on removable drive connection drop-down list.
- To save changes, click the Save button.
Managing unprocessed objects
An infected file is considered processed if the application performed one of the following actions on the infected file according to the defined settings while scanning the protected virtual machine:
- Disinfect.
- Delete.
- Delete if disinfection fails.
An infected file is considered unprocessed if the application did not take action on the infected file according to the defined settings while scanning the protected virtual machine.
This situation is possible in the following cases:
- The scanned file is unavailable (for example, it is located on a network drive or on an external device without write privileges).
- The Inform action is selected in the application settings for scan tasks, in the Action on threat detection section.
Kaspersky Security writes information about unprocessed files as events in the table of unprocessed objects. In addition, the application adds information about attempts to modify files in shared folders to the table of unprocessed objects if the Inform option is selected in the System Watcher settings.
This section describes the actions that you can perform on unprocessed objects in the Light Agent for Windows local interface. Information about unprocessed objects detected on devices is also displayed in Kaspersky Security Center Administration Console (in the Storages → Active threats folder) and in the Web Console (Operations → Storages → Active threats).
Working with unprocessed objects in a local interface
On a protected virtual machine with the Light Agent for Windows component, Kaspersky Security registers information about files that contained a detected threat but were not processed for some reason. This information is recorded as events in the Unprocessed objects table of the local interface of the application.
In the local interface, unprocessed objects are presented in the form of a table. You can perform the following actions while managing data in the table:
- Filter the table of unprocessed objects by column values or by custom filter conditions.
- Use the unprocessed object search function.
- Sort unprocessed objects.
- Group unprocessed objects.
- Change the order and set of columns that are displayed in the table of unprocessed objects.
- Copy selected entries about unprocessed objects to the clipboard.
- Open the folder where the unprocessed file was originally located.
You can perform the following operations with unprocessed files:
- Scan unprocessed files using the current version of application databases or after updating the application databases.
File status may change after the scan. You may perform the necessary actions on the files, depending on their status.
- Restore files with the Disinfected and Not infected status, as well as infected files that contain important information.
You can restore files from the table of unprocessed objects to their original folders or to a different folder of your choice (when the original folder cannot be written to).
- Delete files that have the Infected status.
Starting a Custom Scan task for unprocessed files
You can start a Custom Scan task for unprocessed files manually, for example, after a scan is interrupted for any reason or if you want Kaspersky Security to scan files after another update of application databases.
To start a Custom Scan task for unprocessed files:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
- Select the Unprocessed objects tab.
- In the table on the Unprocessed objects tab, select one or more files that you want to scan. To select multiple files, use the CTRL key.
- Start the Custom Scan task in one of the following ways:
- Click the Rescan button.
- Open the context menu and select Rescan.
When the scan is completed, a notification with the number of scanned files and the number of detected threats appears.
Page top
Restoring unprocessed files
If necessary, you can restore files from the table of unprocessed objects to their original folders.
It is recommended to restore unprocessed files only if the files have been assigned the Disinfected or Not infected status.
To restore unprocessed files:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
- Select the Unprocessed objects tab.
- To restore all files:
- Open the context menu anywhere in the table on the Unprocessed objects tab and select the Restore all item.
The application moves all the unprocessed files from the table of unprocessed objects to their original folders if these folders are write-accessible.
- If the original folder of a restored file cannot be written to, the standard Microsoft Windows Save as window opens. In this window, you can select the destination folder for saving the file.
- Open the context menu anywhere in the table on the Unprocessed objects tab and select the Restore all item.
- To restore one or more files:
- In the table on the Unprocessed objects tab, select one or more unprocessed files that you want to restore. To select multiple files, use the CTRL key.
- Click the Restore button or open the context menu and select the Restore item.
The application moves the selected files to their original folders as long as the folders can be written to.
- If the original folder of a restored file cannot be written to, the standard Microsoft Windows Save as window opens. In this window, you can select the destination folder for saving the file.
Deleting files from the list of unprocessed objects
You can delete an infected file from the table of unprocessed objects.
To delete files from the table of unprocessed objects:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
- Select the Unprocessed objects tab.
- In the table on the Unprocessed objects tab, select one or more files that you want to delete. To select multiple files, use the CTRL key.
- Click the Delete button or open the context menu and select the Delete item.
Before deleting the file, the application creates a backup copy of the file and saves it in Backup, in case you later need to restore the file. It then deletes the selected files from the table of unprocessed objects.
Page top
Interaction with other Kaspersky solutions
Kaspersky Security can interact with the following Kaspersky solutions:
- Kaspersky Endpoint Agent
- Kaspersky Managed Detection and Response
Kaspersky Endpoint Agent
You can install Kaspersky Endpoint Agent on a virtual machine with the Light Agent for Windows component installed. Kaspersky Endpoint Agent provides interaction between Kaspersky Security and Kaspersky solutions designed to detect complex threats: Kaspersky Anti Targeted Attack Platform, Kaspersky Sandbox, Kaspersky Endpoint Detection and Response Optimum.
To use Kaspersky Endpoint Agent in the Kaspersky Security operation:
- When installing or updating Light Agent for Windows, enable integration with Kaspersky Endpoint Agent. To do this, select the Integration with Kaspersky Endpoint Agent option in the list of components or use the corresponding command line parameter, depending on the installation or update method.
You can also enable integration with Kaspersky Endpoint Agent by changing the composition of installed Light Agent for Windows components.
If Kaspersky Endpoint Agent is installed on the virtual machine, but integration with Kaspersky Endpoint Agent is not enabled, interaction between Kaspersky Endpoint Agent and Kaspersky Security is disabled. Kaspersky solutions designed to detect complex threats are not used in the application operation.
- Install Kaspersky Endpoint Agent 3.11 or update Kaspersky Endpoint Agent to version 3.11 on a virtual machine. Installation or update must be run with the SVM_UPDATE_MODE=1 key. Installation or update is performed using standard Kaspersky Endpoint Agent tools.
If Kaspersky Endpoint Agent was installed or updated without the SVM_UPDATE_MODE=1 key, optimization of Kaspersky Endpoint Agent operation on the virtual machine is disabled. Degradation of the virtual machine performance is possible.
- In Kaspersky Security Center, create a task for updating application databases and modules for Kaspersky Endpoint Agent and configure its schedule. Select Kaspersky Security Center Administration Server as the database update source. For more details on creating a task, refer to the help of that Kaspersky solution you use Kaspersky Endpoint Agent to integrate with.
Automatic update of application databases and modules is disabled for Kaspersky Endpoint Agent optimized to work with Light Agent for Windows. If the task of updating application databases and modules is not configured for Kaspersky Endpoint Agent, the databases and modules of Kaspersky Endpoint Agent are not updated.
For more details on installing, updating and removing Kaspersky Endpoint Agent, refer to the help of that Kaspersky solution you use Kaspersky Endpoint Agent to integrate with.
Page top
Managed Detection and Response
Kaspersky Managed Detection and Response solution enables continuous search, detection and elimination of threats aimed at your organization. When interacting with Kaspersky Managed Detection and Response, Kaspersky Security performs the following functions:
- Sending Light Agent for Windows telemetry data to Kaspersky Managed Detection and Response for threat detection.
- Execution of commands received from Kaspersky Managed Detection and Response and aimed at threat prevention.
For detailed information on how the solution works, as well as instructions on how to deploy the solution, refer to the Kaspersky Managed Detection and Response help.
Kaspersky Security can interact with Kaspersky Managed Detection and Response only if the following conditions are met:
- The System Watcher component is installed and enabled on the virtual machine.
- Kaspersky Security uses Kaspersky Security Network in extended mode.
Usage of Private KSN when interacting with Kaspersky Managed Detection and Response ensures that telemetry is sent to the dedicated servers that meet the requirements of the General Data Protection Regulation (GDPR). If Private KSN is not used, telemetry can be sent to Global KSN, which may be violation of the laws of your country.
For optimal use of Kaspersky Managed Detection and Response in Kaspersky Security operation, it is recommended to enable the following Light Agent functional components on the virtual machine:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus.
- Firewall.
- Network Attack Blocker.
Enabling these components is not a prerequisite for using Kaspersky Managed Detection and Response. If these components are disabled on the virtual machine, only limited set of telemetry data is sent to Kaspersky Managed Detection and Response from the Light Agent for Windows installed on this virtual machine.
To use Kaspersky Managed Detection and Response for Kaspersky Security operation, enable interaction with Kaspersky Managed Detection and Response and download the MDR configuration file in Light Agent for Windows policy. The configuration file is provided as a ZIP archive and has the P7 or P7B extension.
Information from the configuration file is passed to the protected virtual machines during the next synchronization with Kaspersky Security Center. After applying the policy on the protected virtual machine, which is configured to use Managed Detection and Response, and updating Kaspersky Security application databases, Light Agent for Windows installed on the virtual machine starts sending telemetry to Kaspersky Managed Detection and Response and can execute commands from Kaspersky Managed Detection and Response.
To enable or disable the use of Managed Detection and Response in Kaspersky Security operation:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Managed Detection and Response section in the list on the left.
Settings for interaction with Kaspersky Managed Detection and Response are displayed in the right part of the window.
- Do one of the following:
- Select the Managed Detection and Response check box if you want to enable the use of Managed Detection and Response in Kaspersky Security operation.
- Clear the Managed Detection and Response check box if you want to disable the use of Managed Detection and Response in Kaspersky Security operation.
- If you enabled the use of Managed Detection and Response, click the Upload button and select the MDR configuration file with the P7 or P7B extension.
If you want to delete a previously downloaded configuration file, click the Delete button.
- Click the Apply button.
Information about whether Managed Detection and Response is used in Kaspersky Security operation on a virtual machine can be viewed in Kaspersky Security Center in the list of Light Agent functional components displayed in the properties of Kaspersky Security installed on the virtual machine with Light Agent for Windows, or in the report on the application components status.
Page top
Updating databases and application modules
Updating the databases and application modules of Kaspersky Security ensures up-to-date protection of virtual machines. New viruses and other types of malware appear worldwide on a daily basis. Kaspersky Security databases contain information about threats and ways of neutralizing them. To enable Kaspersky Security to detect threats in a timely manner, you need to update the databases and application modules regularly.
If application databases have not been updated for a long time, a notification indicating this fact will appear in the Events window of the SVM's properties.
Database and application module updates may change certain Kaspersky Security settings, for example, heuristic analysis settings that improve the effectiveness of protection and scans.
Application database and module updates require a current license to use the application.
An update source is a resource which contains updates for databases and application software modules of Kaspersky applications. The Kaspersky Security Center Administration Server repository is the source of updates for Kaspersky Security for Virtualization 5.2 Light Agent.
Kaspersky Security application database and module updates are performed as follows:
- The Protection Server component downloads the update package from the Administration Server storage to a folder on the SVM.
By default, the update package includes updates of application databases required for operation of Protection Server and Light Agent. You can also update the modules of the Light Agent for Windows, Light Agent for Linux, and Protection Server components. To do so, add application module updates to the update package.
The update package is downloaded using update tasks on the Protection Server component. The task is started from Kaspersky Security Center and is performed on the SVM.
To download an update package from the Administration Server storage successfully, an SVM needs to have access to the Kaspersky Security Center Administration Server.
If databases and application modules have not been updated for a long time, the size of the update package may be large. Downloading this update package may generate additional network traffic (up to several dozen megabytes).
- Database updates are installed from a folder located on the SVM:
- After the update package has been downloaded, the Protection Server component automatically installs on the SVM the database updates needed for the operation of Protection Server.
- The Light Agent component checks the availability of an update package in the folder on the SVM to which it is connected.
To receive updates for Light Agent modules and databases on a virtual machine, Light Agent must interact with an SVM over the HTTP protocol.
If an update package is available, Light Agent installs the application database updates required for the operation of Light Agent on the protected virtual machine. Light Agent databases are updated using the update task on the protected virtual machine. The SVM update task is started according to the schedule. The automatic task launch mode is selected by default. The task is started once every two hours.
On a virtual machine with the Light Agent for Windows component installed, you can configure the update task run schedule in the local interface or start the update task manually, if these functions are not denied by the policy for all protected virtual machines of the administration group. If it is not possible to run the update task for some reason (for example, the virtual machine is powered off at that time), you can configure the skipped update task to be started automatically as soon as it becomes possible.
On a virtual machine with the Light Agent for Linux component installed, you can manually start the update task from the command line.
- Application module updates are installed from a folder on SVMs (if they have been included into the update package):
- Updates for Light Agent for Windows and Light Agent for Linux modules are installed automatically when the update task is run on the protected virtual machine.
You can view a list of installed module updates for Light Agent for Windows in one of the following ways:
- In the local interface of Light Agent for Windows in the Support window.
- Using Kaspersky Security Center in the properties of Kaspersky Security application installed on the virtual machine with Light Agent for Windows (General section).
You can view a list of installed module updates for Light Agent for Linux in one of the following ways:
- By running the command line script named patch_list.pl located in the /opt/kaspersky/lightagent/patching/ folder.
- Using the command
lightagent productinfo. - Using Kaspersky Security Center in the properties of Kaspersky Security application installed on the virtual machine with Light Agent for Linux (General section).
- Installation of application module updates on SVMs is performed using the SVM application module update task.
On SVMs, you can view a list of installed application module updates by using the command line script named patch_list.pl located in the /opt/kaspersky/la/patching/ folder.
After application module updates are installed, the performance of Kaspersky Security is checked on each SVM and protected virtual machine. If problems are detected, the application module update is automatically rolled back.
If application errors occur after you update modules, you can manually roll back an application module update on SVMs and protected virtual machines.
When application module updates are being installed, protection of virtual machines and running tasks are paused.
- Updates for Light Agent for Windows and Light Agent for Linux modules are installed automatically when the update task is run on the protected virtual machine.
To ensure up-to-date protection of temporary virtual machines, you are advised to regularly update Light Agent databases and modules on the virtual machine template from which temporary protected virtual machines have been deployed.
If you selected the Installation on the template for temporary VDI pools check box while installing Light Agent on the virtual machine template, updates that require restarting the protected virtual machine are not installed on temporary virtual machines. On receiving updates that require restarting the protected virtual machine, Light Agent installed on a temporary virtual machine sends a message to Kaspersky Security Center informing it that the protected virtual machine template needs to be updated.
Enabling and disabling application module updates
If application module update is enabled, Kaspersky Security adds updates for Light Agent for Windows, Light Agent for Linux, and Protection Server modules to the update package.
You can enable or disable application module update using the Administration Console when creating a Protection Server policy or in the Protection Server policy settings.
You can also enable or disable application module update in the Web Console when creating or modifying the Protection Server policy settings (Application Settings → Update settings).
To enable or disable application module update in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Update settings section in the list on the left.
- In the right part of the window, do one of the following:
- Select the Update application modules check box if you want application module updates to be included in the update package for Kaspersky Security.
- Clear the Update application modules check box if you want to exclude application module update.
- Click the Apply button.
Updates for Light Agent for Windows and Light Agent for Linux modules are installed automatically on protected virtual machines. The SVM application module update task is used for installing application modules updates on SVMs.
Page top
Automatically downloading the application module and database update package to SVMs
Kaspersky Security Center supports automatic downloads of application database and module update packages to SVMs. This can be done using the following tasks:
- Download updates to the storage task. This task allows you to download an update package from Kaspersky Security Center update source to the Administration Server repository.
The download updates to the repository task is created automatically by the Kaspersky Security Center Initial Configuration Wizard. Only one instance of the download updates to the repository task can be created. This is why you can create a download updates to the repository task only if it has been deleted from the list of Administration Server tasks. For details, please refer to the Kaspersky Security Center help.
- Database update task on the Protection Server. The task allows you to download application database and module update packages to the SVMs included in the selected administration group. The download is performed according to the configured schedule.
After Kaspersky Security management MMC plug-ins are installed in Kaspersky Security Center, the database update task is automatically created on the Protection Server. The task is created for the Managed devices administration group and lets you download the application database and module update packages to all SVMs included in the Managed devices group or to any nested administration group.
To download the application module and database update packages to SVMs, you can use the automatically created database update task on the Protection Server. The task is started every time an update package is downloaded to the Kaspersky Security Center Administration Server repository. If necessary, you can change the settings of this task or delete it and create a new database update task on the Protection Server.
To configure automatic download of application database and module update package:
- Make sure that the download updates to the repository task is available in Kaspersky Security Center. If the download updates to the repository task is absent, create it (please refer to the Kaspersky Security Center help).
- Make sure that Protection Server database update task has been created in Kaspersky Security Center, or create an update task for SVMs on which you want to update the databases and application modules.
Creating a Protection Server database update task
To create a Protection Server database update task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the SVMs within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To create a task for one or more SVMs (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server list, select Database update.
Proceed to the next step of the New Task Wizard.
- If you have started the New Task Wizard from the Tasks folder, specify the method of selection of the SVMs for which you are creating the task. You can select SVMs from the list of virtual machines discovered by the Administration Server, manually specify the SVM addresses, import a list of SVMs from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of SVM selection, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the SVMs on which you want to create the task. To do so, select the check boxes in the list on the left of the names of relevant SVMs.
- Click the Add or Add IP range button and enter the addresses of SVMs manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs.
- Click the Browse button and in the window that opens specify the name of the selection containing SVMs for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Scheduled start drop-down list, select When new updates are downloaded to the repository. Configure the remaining task launch schedule settings. For more information about the task launch schedule settings, refer to the Kaspersky Security Center help.
Proceed to the next step of the New Task Wizard.
- In the Name field, enter the name of the anti-virus database update task.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox. Exit the New Task Wizard. The created custom scan task appears in the list of tasks.
The task is started every time the update package is downloaded into the storage of the Administration Server. You can also start and stop the task manually.
To create a Protection Server database update task in the Web Console:
- Create a task of the Database update type following the instructions of the wizard. The task is created with the default settings.
- At the last step of the wizard, select the Open task properties window after creation check box and close the wizard.
- In the task properties window, on the Schedule tab, in the Scheduled start drop-down list, select When new updates are downloaded to the repository. For more information about the task launch schedule settings, refer to the Kaspersky Security Center help.
- To save changes, click the Save button.
The task is started every time the update package is downloaded into the storage of the Administration Server. You can also start and stop the task manually.
Page top
Creating an SVM application module update task
You can create an application module update task on SVMs using the Administration Console or the Web Console. In the Web Console, the task is created with the default settings. You can configure the task launch schedule in the task properties window.
To create an application module update task on SVMs in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the SVMs within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To create a task for one or more SVMs (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the wizard, select the Application module update on the SVM task type from the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server list.
Proceed to the next step of the New Task Wizard.
- If you have started the New Task Wizard from the Tasks folder, specify the method of selection of the SVMs for which you are creating the task. You can select SVMs from the list of virtual machines discovered by the Administration Server, manually specify the SVM addresses, import a list of SVMs from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of SVM selection, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the SVMs on which you want to create the task. To do so, select the check boxes in the list on the left of the names of relevant SVMs.
- Click the Add or Add IP range button and enter the addresses of SVMs manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs.
- Click the Browse button and in the window that opens specify the name of the selection containing SVMs for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Scheduled start drop-down list, select Manually.
It is not recommended to configure a scheduled start of the SVM application module update task.
Proceed to the next step of the New Task Wizard.
- In the Name field, enter the name of the SVM application module update task.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox. Exit the New Task Wizard.
The created custom scan task appears in the list of tasks. You can start and stop the task manually.
You can view a list of installed application module updates on SVMs by using the command line script named patch_list.pl located in the /opt/kaspersky/la/patching/ folder.
Page top
Configuring the update task run mode in a local interface
The update task is started according to schedule on a protected virtual machine with a Windows operating system. The automatic task launch mode is selected by default. The task is started once every two hours.
To configure the update task run mode on a protected virtual machine with a Windows operating system:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select Update.
In the right part of the window, application database update settings are displayed.
If the Update section is absent, this means that the display and management of local tasks is denied by the policy for all protected virtual machines of the administration group. You can enable or disable the display and management of local tasks in the Light Agent for Windows policy (Advanced settings subsection in the Other settings) section.
- Click the Run mode button.
The Update window opens.
- In the Run mode section, select one of the following options for starting an update task:
- Select Automatically if you want Kaspersky Security to start the update task depending on the availability of the update package on the SVM to which the protected virtual machine is connected. The frequency with which the application checks for update packages increases during virus outbreaks and decreases when there are none.
If there are no new updates on the SVM, the update task is not started.
- If you want to start an update task manually, select Manually.
- If you want to configure a startup schedule for the update task, select By schedule.
- Select Automatically if you want Kaspersky Security to start the update task depending on the availability of the update package on the SVM to which the protected virtual machine is connected. The frequency with which the application checks for update packages increases during virus outbreaks and decreases when there are none.
- Do one of the following:
- If you have selected the Automatically or Manually option, go to step 6 in the instructions.
- If you have selected the By schedule option, specify the settings of the update task run schedule. To do this, perform the following actions:
- In the Frequency drop-down list, specify when to start the update task. Select one of the following options:
- Minutes.
- Hours.
- Days.
- Every week.
- At a specified time.
- Every month.
- After application startup.
- Depending on the item that is selected from the Frequency drop-down list, specify values for the settings that define the startup time of the update task.
When configuring the frequency of the update task, you are advised to take account of the frequency of application database updates on the SVM to which the protected virtual machine is connected.
- In the Postpone running after application startup for field, specify the time interval by which the start of the update task is postponed after the startup of Kaspersky Security.
If the After application startup item is selected from the Frequency drop-down list, the Postpone running after application startup for field is not available.
- If you want Kaspersky Security to run skipped update tasks as soon as possible, select the Run skipped tasks check box.
If Minutes, Hours or After application startup is selected from the Frequency drop-down list, the Run skipped tasks check box is unavailable.
- In the Frequency drop-down list, specify when to start the update task. Select one of the following options:
- Click OK.
- To save changes, click the Save button.
Regardless of the selected task run mode, you can start or stop a task at any time.
Page top
Updating Light Agent for Windows databases and modules on a virtual machine template
To update Light Agent databases and application modules on a virtual machine template:
- On the hypervisor, turn on the protected virtual machine being used as a temporary protected virtual machine template.
- By default, when installed on a protected virtual machine Light Agent starts automatically when the operating system is loaded. If you have disabled automatic startup of the application, start Light Agent on the protected virtual machine and make sure that Light Agent is connected to the SVM.
- Update the Light Agent databases and modules manually or wait for the Light Agent module and database update task to start according to schedule.
- After the update is complete, power off the protected virtual machine.
- Create new temporary protected virtual machines from the updated template. To learn more, see the virtual infrastructure documentation.
To automate the process of updating Light Agent databases and modules on virtual machine templates, you can use tools such as Microsoft Virtual Machine Servicing Tool (for templates based on the Microsoft Windows Server (Hyper-V) hypervisor), and Citrix PowerShell SDK and Citrix Provisioning (Citrix Provisioning Services) (for templates based on Citrix XenDesktop).
To automate the process of updating Light Agent databases and modules on virtual machines managed by VMware Horizon, you can use the VMware vSphere PowerCLI scripting language to create a script to automatically update the snapshot of a protected virtual machine and recreate the pool of temporary protected virtual machines using the Get-Snapshot and Update-AutomaticLinkedClonePool constructs.
Page top
Rolling back the last update of databases and application modules
After the databases and application modules are updated for the first time, the function of rolling back the databases and application modules to their previous versions becomes available.
Every time an update is started on an SVM, Kaspersky Security creates a backup copy of the existing application databases and modules and only then proceeds to update them. This lets you roll back the databases and application modules to their previous versions when necessary. The update rollback feature is useful if the new application database version contains an invalid signature that causes Kaspersky Security to block a safe application.
Kaspersky Security application database and module updates are rolled back in the following order:
- Rolling back the last update of databases and application modules on the SVM. You can roll back the last application database and module update on one or several SVMs:
- Rollback of the last database update on an SVM is performed using the database update rollback task on the Protection Server. The task is started from Kaspersky Security Center and is performed on the SVM.
- Rollback of application module updates on SVMs is performed by a script.
- Rolling back the last database update on protected virtual machines. After a database update has been rolled back on an SVM, the last database update is automatically rolled back on all protected virtual machines connected to this SVM. If a protected virtual machine is disabled or paused, the last database update on this machine will be performed after it is enabled according to the Light Agent update task start schedule. The automatic task launch mode is selected by default. The task is started once every two hours.
On a protected virtual machine with the Light Agent for Windows component installed, you can configure the update task run schedule in the local interface or start the update task manually, if these functions are not denied by the policy for all protected virtual machines of the administration group.
On a protected virtual machine with the Light Agent for Linux component installed, you can manually start the update task from the command line.
- Rollback of an application module update on protected virtual machines.
To roll back the last application database and module update:
- Create a Protection Server database update rollback task for SVMs on which you want to roll back the database update.
- Start the Protection Server database update rollback task.
- If necessary, perform a rollback of an application module update on SVMs and protected virtual machines.
Creating a Protection Server database update rollback task
You can create an update rollback task using the Administration Console or using the Web Console. In the Web Console, the task is created with the default settings. You can configure the task launch schedule in the task properties window.
To create a Protection Server database update rollback task in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- Do one of the following:
- To create a task for the SVMs within the selected administration group, select the folder with the name of this administration group in the console tree and in the workspace select the Tasks tab.
- To create a task for one or more SVMs (tasks for a set of devices), select the Tasks folder in the console tree.
- Click the New task button to start the New Task Wizard.
- At the first step of the Wizard, select the type of task. To do so, in the Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server list, select Rollback.
Proceed to the next step of the New Task Wizard.
- If you have started the New Task Wizard from the Tasks folder, specify the method of selection of the SVMs for which you are creating the task. You can select SVMs from the list of virtual machines discovered by the Administration Server, manually specify the SVM addresses, import a list of SVMs from a file, or specify a previously configured selection of devices (for details, please refer to the Kaspersky Security Center help). Depending on the specified method of SVM selection, perform one of the following operations in the window that opens:
- In the list of detected virtual machines, specify the SVMs on which you want to create the task. To do so, select the check boxes in the list on the left of the names of relevant SVMs.
- Click the Add or Add IP range button and enter the addresses of SVMs manually.
- Click the Import button, and in the window that opens select a TXT file with the list of addresses of SVMs.
- Click the Browse button and in the window that opens specify the name of the selection containing SVMs for which you want to create the task.
Proceed to the next step of the New Task Wizard.
- In the Scheduled start field, select Manually. Configure the remaining task launch schedule settings. For more information about the task launch schedule settings, refer to the Kaspersky Security Center help.
Proceed to the next step of the New Task Wizard.
- Enter the update rollback task name in the Name field.
Proceed to the next step of the New Task Wizard.
- If you want the task to start as soon as the New Task Wizard finishes, select the Run task when the wizard is complete checkbox. Exit the New Task Wizard.
The created custom scan task appears in the list of tasks. You can start and stop the task manually.
Page top
Rolling back application module updates on SVMs and virtual machines
A script is used to perform rollback of an application module update on an SVM and virtual machine with the Light Agent for Linux component.
On a virtual machine with the Light Agent for Windows component installed, you can use the standard application removal tools of the operating system to roll back updates of modules.
Some of the installed application module updates for Light Agent for Windows are not displayed in the list applications that can be removed. If you need to roll back an application module update that cannot be removed, contact Kaspersky Technical Support.
To roll back an application module update on an SVM:
In the command line on the SVM, run the script named patch_rollback.pl located in the /opt/kaspersky/la/patching/ folder.
The script lets you roll back only the most recently installed application module update. You can view a list of all installed module updates by running the command line script named patch_list.pl located in the /opt/kaspersky/la/patching/ folder.
To roll back an application module update on a virtual machine with the Light Agent for Linux component installed:
In the command line on the virtual machine, run the script named patch_rollback.pl located in the /opt/kaspersky/lightagent/patching/ folder.
The script lets you roll back only the most recently installed application module update. You can view a list of all installed module updates by running the command line script named patch_list.pl located in the /opt/kaspersky/lightagent/patching/ folder.
When application module updates are being rolled back, protection of virtual machines and running tasks are paused.
Page top
Participating in Kaspersky Security Network
To enhance the protection of virtual machines, Kaspersky Security can use data received from Kaspersky users all over the world. Kaspersky Security Network is designed for getting such data.
Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky online knowledge base with information about the reputation of files, web resources, and software. Using data from Kaspersky Security Network ensures faster response of Kaspersky Security to unknown threats, improves performance of some protection components, and reduces risk of false positives.
If you are participating in Kaspersky Security Network, KSN services provide Kaspersky Security with information about the category and reputation of scanned files, as well as information about the reputation of scanned web addresses.
The types of KSN are distinguished by the location of their infrastructure:
- Global KSN – this infrastructure is hosted by Kaspersky servers.
- Private KSN – the infrastructure is located within the corporate network or hosted by third-party servers of the service provider, for example on the Internet service provider's network.
Information about which type of KSN is used by Kaspersky Security can be viewed in the Protection Server policy properties, in the local interface of Light Agent for Windows, and in the command line of Light Agent for Linux.
Interaction between SVMs and protected virtual machines managed by Kaspersky Security Center and the KSN infrastructure is provided by the KSN Proxy service. To use KSN in Kaspersky Security operations, the KSN Proxy service must be enabled in Kaspersky Security Center.
To use the Private KSN, it must be enabled and configured in Kaspersky Security Center.
You can select the type of KSN used by Kaspersky Security and configure the KSN proxy server service and Private KSN in Kaspersky Security Center Administration Server properties (in the KSN proxy server section in the Administration Console; in the KSN proxy server settings section in the Web Console). See Kaspersky Security Center help for more information.
You can configure the use of KSN by Kaspersky Security in the properties of the Protection Server policy.
The Light Agent uses KSN in its operation in accordance with the settings received from the SVM to which it is connected. If the Light Agent disconnects from the SVM, it continues to use the settings received the last time it was connected.
If the KSN Proxy service is disabled in Kaspersky Security Center, data exchange between Kaspersky Security components and KSN is not performed. If KSN usage is enabled in the Protection Server policy, the application performance may decrease. It is recommended to disable KSN usage in the Protection Server policy if the KSN Proxy service is disabled in Kaspersky Security Center.
Kaspersky Security components send information to Kaspersky depending on the selected KSN mode (standard KSN or extended KSN). The KSN mode affects the amount of data that is transmitted to Kaspersky when KSN is being used.
Your participation in Kaspersky Security Network when using extended KSN helps Kaspersky promptly receive information about the types and sources of new threats and develop solutions for neutralizing them.
Participation in Kaspersky Security Network is voluntary. The decision to participate in KSN is made during the creation of a Protection Server policy, and this decision can be changed at any time.
About data provision when Kaspersky Security Network is being used
If you are participating in Kaspersky Security Network and are using KSN in standard mode, you agree to automatically transmit the following data to Kaspersky:
- Information necessary for scanning files: name and ID of the detected threat according to the Kaspersky classification, checksum of the scanned object or type of hash function, and the ID of the utilized anti-virus databases.
- Information necessary for obtaining the reputation of web addresses: the scanned web address, type of connection protocol, utilized port number, and the web address from which the user was directed to the scanned web address.
- General information: type and full version of Kaspersky Security, information about the application components and about the application module updates, and information about the operating system installed on the SVMs and protected virtual machines.
If you are participating in Kaspersky Security Network and are using KSN in extended mode, you agree to automatically send Kaspersky all the data listed in the Kaspersky Security Network Statement. Files (or parts thereof) that could be exploited by hackers to harm the virtual machine or data stored in its operating system may also be sent to Kaspersky for analysis. Extended KSN is used by default. You can disable the use of extended KSN in the Protection Server policy properties.
You can view the text of the Kaspersky Security Network Statement in the Protection Server policy properties in the Kaspersky Security Network settings section.
The settings that define the scope and recipient of data sent to Kaspersky when KSN is being used are stored in configuration files on the protected virtual machine. The security of configuration files on the protected virtual machine is ensured by a Self-Defense mechanism. If you have disabled the Self-Defense mechanism, you need to protect these configuration files against unauthorized access. Contact Technical Support representatives for details.
For information about the storage, protection and destruction of statistical information that is obtained during the use of KSN and transmitted to Kaspersky, please refer to the Privacy Policy on Kaspersky website.
If you do not participate in Kaspersky Security Network, the data listed in the Kaspersky Security Network Statement is not transmitted to Kaspersky.
Page top
Viewing the Kaspersky Security Network Statement
To view the Kaspersky Security Network Statement in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Kaspersky Security Network settings section in the list on the left.
- In the right part of the window, click the KSN Statement button.
This opens a window containing the text of the Kaspersky Security Network Statement.
You can also read Kaspersky Security Network Statement in the Web Console when creating or modifying the Protection Server policy (Application settings → Kaspersky Security Network Settings).
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
Page top
Configuring the use of KSN in the Protection Server policy
You can configure KSN usage in Kaspersky Security operation in the Protection Server policy settings using the Administration Console, and in the Web Console when creating or editing the Protection Server policy settings (Application settings → Kaspersky Security Network settings).
If the use of KSN is enabled in the active Protection Server policy, KSN services are used by Kaspersky Security both when protecting virtual machines and when performing scan tasks on virtual machines.
If the policy with enabled use of KSN is inactive, KSN is not used by Kaspersky Security.
If you want Kaspersky Security to use the KSN, please make sure the required KSN type is configured in Kaspersky Security Center. To use Global KSN, the KSN proxy server service must be enabled in Kaspersky Security Center. To use Private KSN, it must be enabled and configured in Kaspersky Security Center. You can configure the KSN proxy server service and Private KSN in Kaspersky Security Center Administration Server properties (in the KSN proxy server section in the Administration Console; in the KSN proxy server settings section in the Web Console). See Kaspersky Security Center help for more information.
To configure use of KSN in the operation of Kaspersky Security in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Kaspersky Security Network settings section in the list on the left.
- To enable the use of KSN, in the right part of the window do the following:
- Select the Use KSN to check files and web addresses check box.
- In the opened window, read the Kaspersky Security Network Statement.
All data transmission and processing conditions set forth in the Kaspersky Security Network Statement for Kaspersky Security for Virtualization 5.2 Light Agent also apply to the Kaspersky Security update 5.2.1.
- If you agree with all the terms of the Statement, select I have read, understand, and accept the terms of this Kaspersky Security Network Statement and click OK.
- By default, KSN is used in extended mode. The KSN mode affects the amount of data that is automatically transmitted to Kaspersky when KSN is being used. If you want to disable the use of extended KSN, clear the Use extended KSN check box.
You can select the type of KSN used by Kaspersky Security and configure the Private KSN usage in Kaspersky Security Center Administration Server properties. See Kaspersky Security Center help for more information.
- If you want to disable the use of KSN, clear the Use KSN to check files and web addresses check box.
- Click the Apply button.
Checking the connection to Kaspersky Security Network in a local interface
To check the connection to Kaspersky Security Center:
- Open the main application window.
- In the upper part of the window, click the Kaspersky Security Network button.
The Kaspersky Security Network window opens.
The round KSN button in the left part of the window indicates whether KSN services are being used by Kaspersky Security:
- If KSN services are being used by Kaspersky Security, the KSN button is green. The following information is displayed under the KSN button:
- Enabled status
- Type of KSN used: Private KSN or Global KSN
- KSN mode: standard or extended KSN
- Date of last synchronization with KSN servers
File and web resource reputation statistics are shown in the right part of the window.
Kaspersky Security receives statistical data on the usage of KSN services when you open the Kaspersky Security Network window. The statistics are not updated in real time.
- If KSN services are not being used by Kaspersky Security, the KSN button is gray. The status that is shown under the KSN button reads Disabled.
A connection to KSN servers may be absent for the following reasons:
- Use of KSN is disabled in the Protection Server policy.
- The application has not been activated or the license has expired.
- The virtual machine is not connected to the Internet.
- The KSN Proxy service is disabled in Kaspersky Security Center (please refer to the Kaspersky Security Center help).
- If KSN services are being used by Kaspersky Security, the KSN button is green. The following information is displayed under the KSN button:
Configuration of additional application settings
You can configure advanced features of the application in the following ways:
- Configure the display of advanced settings in the Protection Server policy.
- Configure advanced settings of SVM operation.
- Configure mechanisms for application Self-Defense and protection against external management of the application.
- Configure password protection of access to application functions.
- Configure the interaction between the Light Agent local interface and the user.
- Restore the standard application settings in the local interface.
- Create and use a configuration file that contains operational settings of the application.
Configuring the display of advanced policy properties for the Protection Server
By default, the Protection Server Policy Wizard and the Protection Server policy properties do not display the SVM advanced settings.
If you want to configure additional SVM operation settings using Kaspersky Security Center Administration Console, you first need to create the AdvancedUI key of the REG_DWORD type and set this key to 1 in the following operating system registry branch on the device, where Kaspersky Security Center Administration Console is installed:
- HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\Products\SVM\<version>\Settings\ (for 32-bit operating systems).
- HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\Products\SVM\<version>\Settings\ (for 64-bit operating systems).
where <version> refers to the number of the installed version of Kaspersky Security in X.X.X.X format.
If you want to configure additional SVM operation settings using the Web Console, create the AdvancedPluginSettings.json file in the following folder:
- <Kaspersky Security Center Web Console installation folder>\server\plugins\SVM_<version> – for the devices with the Windows operating system.
- <Kaspersky Security Center Web Console installation folder>/server/plugins/SVM_<version> – for the devices with the Linux operating system.
where <version> refers to the number of the installed version of Kaspersky Security in X_X_X_X format.
The structure and parameters of the AdvancedPluginSettings.json file can be viewed in the template file named ~AdvancedPluginSettings.json, located in the same folder.
The AdvancedPluginSettings.json file must contain the AdvancedUI parameter with the 1 value:
{
"AdvancedUI" : 1
}
After the file is created or saved, reopen the Protection Server policy in the Web Console.
Page top
Configuring advanced settings of SVM operation
You can configure additional SVM operation settings in the Protection Server policy settings using the Administration Console, and in the Web Console when creating or editing the Protection Server policy settings (Application settings → Advanced settings). First, enable display of additional Protection Server policy settings.
To configure additional SVM settings in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Advanced settings section in the list on the left.
- In the right part of the window, configure the following advanced settings of the SVM:
- If necessary, configure the SVM trace level.
- Click the Apply button.
Application Self-Defense
Kaspersky Security defends the protected virtual machine with the Light Agent for Windows component against malicious applications, including malware that attempts to block the operation of Kaspersky Security or remove it from the protected virtual machine.
The stability of the security system on the protected virtual machine with the Light Agent for Windows component is ensured by the Self-Defense and remote control defense mechanisms provided by Kaspersky Security.
The Self-Defense mechanism prevents alteration or deletion of application files on the hard drive, memory processes, and entries in the system registry.
Remote Control Defense blocks all attempts from a remote device to control application services.
Enabling or disabling Self-Defense
The Kaspersky Security Self-Defense mechanism is enabled by default. You can disable Self-Defense, if necessary.
Disabling Self-Defense reduces the level of virtual machine protection against malware.
You can enable or disable Self-Defense mechanism in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Advanced settings).
To enable or disable the Self-Defense mechanism in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Advanced settings section in the list on the left.
- In the right part of the window, in the Self-Defense settings section, do one of the following:
- To enable the Self-Defense mechanism, select the Enable Self-Defense check box.
- To disable the Self-Defense mechanism, clear the Enable Self-Defense check box.
- Click the Apply button.
To enable or disable the Self-Defense mechanism in the local interface:
- Open the application settings window.
- In the left part of the window, select the Other settings section.
Advanced protection settings are displayed in the right part of the window.
- Do one of the following:
- To enable the Self-Defense mechanism, select the Enable Self-Defense check box.
- To disable the Self-Defense mechanism, clear the Enable Self-Defense check box.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
Enabling or disabling Remote Control Defense
The remote control defense mechanism is enabled by default. You can disable the remote control defense mechanism, if necessary.
You can enable or disable remote control defense mechanism in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Advanced settings).
To enable or disable the remote control defense mechanism in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the policy properties window, select the Advanced settings section in the list on the left.
- In the right part of the window, in the Self-Defense settings section, do one of the following:
- To enable the remote control defense mechanism, select the Disable external management of the system service.
- To disable the remote control defense mechanism, clear the Disable external management of the system service.
- Click the Apply button.
To enable or disable the remote control defense mechanism in the local interface:
- Open the application settings window.
- In the left part of the window, select the Other settings section.
Advanced application settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Do one of the following:
- To enable the remote control defense mechanism, select the Disable external management of the system service check box.
- To disable the remote control defense mechanism, clear the Disable external management of the system service check box.
- To save changes, click the Save button.
Supporting remote administration applications
You may occasionally need to use a remote administration application while external control protection is enabled. In the local interface, you can configure the operation of a remote administration application on a protected virtual machine.
To configure the operation of remote administration applications:
- Open the application settings window.
- In the left part of the window, select the Anti-Virus protection section.
The anti-virus protection settings are shown in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- In the Exclusions and trusted zone section, click the Settings button.
The Trusted zone window opens.
- Select the Trusted applications tab.
- Open the context menu of the Add button and do one of the following:
- To find the remote administration application in the list of applications that are installed on the protected virtual machine, select the Applications item. The Select application window opens.
- To specify the path to the executable file of the remote administration application, select Browse. The Select file window opens.
- Select an application.
The Exclusions for application window opens.
- Select the Do not monitor application activity check box.
- In the Exclusions for application window, click OK.
The trusted application that you have added appears in the trusted applications list.
- In the Trusted zone window, click OK.
- To save changes, click the Save button.
Password-protecting access to application settings in a local interface
Multiple users with different levels of computer literacy can share a single protected virtual machine. If users have unrestricted access to Kaspersky Security and its settings, the overall security level of the protected virtual machine may be reduced.
You can restrict access to the application by setting a user name and password and specifying the operations for which the application must prompt the user for this information.
We recommend exercising care when you use a password to restrict access to the application. If you have forgotten the password, you need to contact Kaspersky Technical Support to receive instructions on disabling password protection.
This section describes how to configure protection of access to the application settings using the Administration Console and the Light Agent for Windows local interface. You can also enable and disable access protection and change the access password using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Other settings → Interface).
Enabling and disabling password protection
To enable or disable Password protection in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- To restrict access to the application using a password:
- In the Password protection section, select the Enable password protection check box and click the Settings button.
The Password protection window opens.
- In the New user name field, type the name of the user on whose behalf the application will be accessed.
- In the New password field type a password for accessing the application.
For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
- Confirm the password in the Confirm password field.
- In the Password scope section, specify the application operations for which the virtual machine user must enter the password:
- If you want to restrict access to all operations with the application, select the All operations (except danger notifications) option.
- Select the Selected operations option if you want to specify the operations that require entry of the password. In the section below, select the check boxes next to the names of the relevant operations.
- In the Password protection window, click OK.
- In the Password protection section, select the Enable password protection check box and click the Settings button.
- If you want to cancel password protection of the application, clear the Enable password protection check box.
- Click the Apply button.
After password protection is enabled, the Password check window opens each time a virtual machine user performs a password-protected operation.
If you do not want the application to prompt you for the password each time you attempt to perform another password-protected operation during the current session, you can select the Save password for current session check box in the Password check window.
When the Save password for current session check box is cleared, the application prompts you for the password every time that you attempt a protected operation.
To enable or disable the Password protection in the local interface:
- Open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
- If you want to use a password to restrict access to the application, complete step 6 of the previous instructions.
If the Enable password protection check box is not available, this means that you cannot enable or disable password protection because the setting defined by the policy is applied to all protected virtual machines within the administration group.
- To cancel the application access restriction using a password:
- Clear the Enable password protection check box.
- Click the Save button.
The Password check window opens.
- Enter the user name in the User name field.
- In the Password field type a password for accessing the application.
- In the Password check window, click OK.
- To save changes, click the Save button.
Changing the application access password
To change the application access password in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- In the Password protection section, click the Settings button.
The Password protection window opens.
- In the New user name field, type the new name of the user on whose behalf the application will be accessed.
- In the New password field type a new password for accessing the application.
For security purposes, you are advised to set a password that is at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
- Confirm the new password in the Confirm password field.
- Click OK.
The application verifies the entered passwords. If the passwords match, the application applies the new password and closes the Password protection window. If the passwords do not match, the application displays the appropriate message.
- Click the Apply button.
To change the application access password in the local interface:
- Open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–10 of the previous instructions.
- To save changes, click the Save button.
Specifying a reason when terminating the application or disabling protection components in a local interface
Kaspersky experts do not recommend to unnecessarily terminate the application or disable protection components since in this case protection of the virtual machine and your personal data is exposed to threats.
You can configure a prompt for the reason why the user is terminating the application or disabling protection components in the local interface of Light Agent. The given reason is sent to Kaspersky Security Center as an event together with the corresponding Application successfully stopped or Task stopped events.
You can configure the request for the reason for terminating the application or disabling protection components in the Light Agent for Windows policy properties in the Administration Console, in the Light Agent for Windows local interface, and in the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Interface).
To configure the request for the reason for terminating the application or disabling protection components in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- In the Reasons for disabling section, click the Settings button.
The Reasons for disabling window opens.
- Select the check boxes next to the actions for which the user must specify a reason and click OK.
- Click the Apply button.
Now, when the user attempts to terminate the application or disable protection components in the local interface, the Reason for disabling window will open and require that the user enter the reason for their selected action.
To configure the request for the reason for terminating the application or disabling protection components in the local interface:
- Open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that you cannot configure a reason prompt because the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–7 of the previous instructions.
- To save changes, click the Save button.
Configuring user interaction with the local interface
You can configure the settings for user interaction with the local interface in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Interface).
To configure the settings for interaction between a user and the local interface in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- Configure the settings for starting and displaying the local interface on the virtual machine.
To ensure that Kaspersky Security can operate on a virtual machine that uses Windows Terminal Services technology, you must clear the Start the local application interface check box.
If you use Light Agent in a virtual desktop infrastructure (VDI) with Microsoft Windows desktop operating system, you are advised to clear the Start the local application interface check box to improve virtual infrastructure performance.
- To configure the display of user support information:
- In the User support section, click Settings.
The Support information window opens.
- Create a list of links to web resources that will be displayed in the local interface. Use the buttons above the list to add, edit, delete or move links in the list.
- Click OK in the Support information window to save changes and close the window.
- In the User support section, click Settings.
- Click the Apply button.
To configure the settings for interaction between a user and the local interface in the local interface:
- Open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that you cannot configure the local interface display settings because the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Configure the settings for displaying the local interface: password protection, notifications, prompt for a reason for disabling application components.
- To save changes, click the Save button.
Restoring the standard application settings in a local interface
Based on the information about the operating system and applications installed on the protected virtual machine, Kaspersky experts will recommend optimum security settings for the virtual machine. While using Kaspersky Security, you can always restore the standard application settings on the protected virtual machine. The settings are restored in the local interface using the Initial Configuration Wizard.
To restore the standard application settings:
- Open the application settings window.
- In the left part of the window, select the Other settings section.
Advanced application settings are displayed in the right part of the window.
- In the Manage settings section, click the Restore button.
The Initial Configuration Wizard starts.
- In the General information window, click the Next button to start using the Initial Configuration Wizard.
- The Restore settings window shows the application components and tasks whose settings have been modified.
If custom settings have been created for any of the components during the operation of any component, they are also shown in this window. Special settings include lists of trusted web addresses, exclusions, network rules, Application Control rules, and others.
Custom settings are created as you use Kaspersky Security, taking into account your individual tasks and security needs. Custom settings normally take a lot of time to create, which is why Kaspersky experts recommend saving them. Otherwise, all settings created during operation of the application will be lost.
Select check boxes opposite the components and tasks for which you want to restore the standard settings.
- Click the Next button.
- At the next stage, the Initial Configuration Wizard analyzes information about Microsoft Windows applications. These applications are added to the list of trusted applications whose actions within the operating system are not subject to any restrictions. The data analysis process is displayed in the System Analysis window.
After completing analysis of the operating system, the Initial Configuration Wizard automatically proceeds to the next step.
- In the Finish initial configuration of the application window, click Finish.
The Initial Configuration Wizard closes, and the standard application settings are restored.
- To save changes, click the Save button.
Using a configuration file
You can save Light Agent settings to a configuration file in CFG format.
A configuration file with Light Agent settings lets you accomplish the following tasks:
- Create a policy for Light Agent for Windows and migrate Light Agent for Windows settings previously saved on the protected virtual machine into the newly created policy.
- Create a policy for Light Agent for Linux and migrate Light Agent for Linux settings previously saved on the protected virtual machine into the newly created policy.
- Migrate the application settings from one protected virtual machine to another. As a result, Kaspersky Security will be configured identically on both protected virtual machines.
- Import previously configured Light Agent settings while installing Light Agent for Windows from the command line.
You can export and import Light Agent for Windows settings using Light Agent for Windows local interface or using the command line.
You can export and import Light Agent for Linux settings from the command line.
Exporting and importing Light Agent for Linux settings from the command line
To export application settings to a configuration file, run the following command:
lightagent export <path to the configuration file>
where <path to the configuration file> is the path to the file in which you want to save the application settings. Specify a full path to the configuration file.
The application will create a configuration file in XML format.
To import application settings from a configuration file, run the following command:
lightagent import <path to the configuration file>
where <path to the configuration file> is the path to the file from which you want to import the application settings. Specify a full path to the configuration file.
You can use a configuration file created only by Kaspersky Security for Virtualization 5.2 Light Agent application version.
Page top
Exporting and importing Light Agent for Windows settings in a local interface
To export application settings to a configuration file in the local interface:
- Open the application settings window.
- In the left part of the window, select the Other settings section.
Advanced application settings are displayed in the right part of the window.
- In the Manage settings section, click the Save button.
A standard Microsoft Windows Please select a configuration file window opens.
- Enter the name of the configuration file and specify the path to the location where you want to save it.
- Click the Save button.
To import application settings from a configuration file in the local interface:
- Open the application settings window.
- In the left part of the window, select the Other settings section.
Advanced application settings are displayed in the right part of the window.
- In the Manage settings section, click the Upload button.
A standard Microsoft Windows Please select a configuration file window opens.
- Select the file from which you want to import application settings and click the Open button.
You can use a configuration file created only by Kaspersky Security for Virtualization 5.2 Light Agent application version.
- To save changes, click the Save button.
Backup
If Kaspersky Security detects malicious code in a file while scanning a protected virtual machine, the application blocks the file, assigns the Infected status to it, places a copy of it in Backup, and attempts to disinfect the file.
Backup storage is a list of backup copies of files that have been deleted or modified by the application during the disinfection process. Backup copy is a file copy created by the application before disinfection or deletion of this file. Backup copies of files are stored in a special format and do not pose a threat.
On detecting malicious code in a file that is part of the Windows Store application, Kaspersky Security immediately deletes the file without copying it to Backup. You can restore the integrity of the Windows Store application using tools of the Microsoft Windows operating system.
If file disinfection succeeds, the status of the backup copy of the file changes to Disinfected. You can restore the file from its disinfected backup copy to its original folder.
In Kaspersky Security Center, in Backup there is a consolidated list of files that were placed in Backup by Kaspersky applications on devices. You can view the properties of files in Backups on protected virtual machines, run virus scan for the files in Backup, and delete files from Backup using the Administration Console or the Web Console. Kaspersky Security Center does not copy files from Backups to the Administration Server. Instead, all the files reside in Backups on protected virtual machines. Files are restored on the protected virtual machine.
You can work with the Backup on the protected virtual machine in the local interface of Light Agent for Windows or from the command line of Light Agent for Linux.
When the application is removed, Backup files are removed from the protected virtual machine.
When the defined amount of time expires and the maximum size of Backup is reached, the application automatically deletes backup copies of files with any status from Backup.
You can also manually delete the backup copy of either a restored or unrestored file.
Configuring Backup settings
You can configure the following Backup settings:
- Maximum Backup storage term for backup copies of files.
The default maximum storage period for backup copies of files in Backup is 30 days. When the maximum storage term expires, the application automatically deletes the oldest files from Backup. You can cancel the time-based restriction or change the maximum file storage term.
- Maximum size of Backup.
By default, the maximum Backup size is 100 MB. When the maximum size is reached, Kaspersky Security will automatically delete the oldest files from Backup so that the maximum size is not exceeded.
You can configure Backup settings in the Light Agent policy properties in the Administration Console, in the Light Agent for Windows local interface, and in the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Reports and Storages) and Light Agent for Linux policy settings (Application settings → Other settings).
To configure Backup settings on the virtual machines in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- In the list of policies, select Light Agent for Windows policy to configure Light Agent for Windows settings, or Light Agent for Linux policy to configure Light Agent for Linux settings, and open the Settings: <Policy name> window by double-clicking it.
- In the policy properties window, select the Reports and Storages section in the list on the left.
- If you want to configure the term for storing backup copies of files in the Backup, in the right part of the window, in the Backup settings section, do one of the following:
- If you want to restrict the storage period for backup copies of files in Backup, select the Store files no longer than check box and specify the maximum storage period for backup copies of files in the field to the right of the check box.
The default maximum storage period for backup copies of files in Backup is 30 days.
- If you want to cancel the limit for storing backup copies of files in Backup, clear the Store files no longer than check box.
- If you want to restrict the storage period for backup copies of files in Backup, select the Store files no longer than check box and specify the maximum storage period for backup copies of files in the field to the right of the check box.
- If you want to configure the size of Backup, in the right part of the window, in the Backup settings section, perform one of the following actions:
- If you want to restrict the size of Backup, select the Maximum storage size check box and specify the maximum size of Backup in the field to the right of the check box.
By default, the maximum size is 100 MB.
- If you want to remove the limit on the size of Backup, clear the Maximum storage size check box.
- If you want to restrict the size of Backup, select the Maximum storage size check box and specify the maximum size of Backup in the field to the right of the check box.
- Click the Apply button.
To configure Backup settings for a virtual machine with Light Agent for Windows in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Reports and Storages.
- Complete steps 7–8 of the previous instructions.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- To save changes, click the Save button.
Working with Backup in a local interface
In the local interface of Light Agent for Windows, backup copies of files in Backup are presented in the form of a table.
You can perform the following actions with backup copies of files:
- View the list of backup copies of files.
- Restore files from backup copies to their original folders.
- Delete backup copies of files from Backup.
You can also perform the following actions while managing data in the table:
- Filter the list of backup copies of files by column values or by custom filter conditions.
- Use the file backup copy search function.
- Sort backup copies of files.
- Change the order and set of columns that are displayed in the list of backup copies of files.
- Copy selected backup copies of files to clipboard.
Restoring files from Backup in a local interface
In the local interface of Light Agent for Windows, you can restore the file from its backup copy to its original folder.
We recommend that you restore files from backup copies only when they have Disinfected status.
To restore files from the Backup in the local interface:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
- Select the Backup tab.
- To restore all files from the Backup, open the context menu anywhere in the table and select the Restore all item.
The application restores all files from their backup copies to their original folders.
- To restore one or more files from Backup:
- In the table, on the Backup tab, select one or more backup copies that you want to restore. To select multiple backup copies, use the CTRL key.
- Click the Restore button or open the context menu and select the Restore item.
The application restores files from the selected backup copies to their original folders.
Deleting backup copies of files from Backup in a local interface
In the local interface of Light Agent for Windows, you can delete backup copies of recovered files and non-recovered files.
To delete backup copies of files from the Backup in the local interface:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
- Select the Backup tab.
- To delete all backup copies of files from Backup, do one of the following:
- Click the Clear storage button.
- Open the context menu anywhere in the table and select Clear storage.
- To delete one or more backup copies of files from the Backup:
- In the table on the Backup tab, select one or more backup copies that you want to delete. To select multiple backup copies, use the CTRL key.
- Click the Delete button or open the context menu and select the Delete item.
Reports and notifications
All sorts of events occur during the operation of the application. They can be either formal or critical. For example, you can use an event to notify about a successful application database update or record a specific component error that needs to be fixed.
The list of all events in the application operation is displayed in Kaspersky Security Center in the Administration Console and in the Web Console. More detailed information on events is provided in Kaspersky Security Center help.
A notification is a message containing information about an event that occurred on an SVM or a protected virtual machine. Notifications keep the user informed about application events in a timely manner.
You can configure notification settings in the Light Agent for Windows policy and in the local interface of the application.
Based on events that occur during application operation, the application generates various types of reports. Reports are generated in Kaspersky Security Center and in the local interface of Light Agent for Windows.
You can use Kaspersky Security Center reports to, for example, receive information about infected files, modifications to protection settings, use of keys and application databases. You can generate and view Kaspersky Security Center reports in the Administration Console and in the Web Console. For detailed information on working with Kaspersky Security Center reports, please refer to the Kaspersky Security Center help.
On a protected virtual machine with the Light Agent for Windows component, reports include information about the operation of each application functional component, performance of each scan task and update task, and the overall operation of the Light Agent.
Configuring event and notification settings for Light Agent for Windows
You can configure the following methods for notifying about events occurring during operation of Light Agent for Windows:
- As pop-up notifications in the Microsoft Windows taskbar notification area.
- Via email.
The notification method is configured for each type of event.
The application also supports logging of information about events in the Microsoft Windows event log and/or use the application reports.
You can configure the following event and notification settings for Light Agent for Windows:
- Logging of Light Agent for Windows events
- Display of on-screen notifications
- Notifications about events via email
This section describes how to configure notification settings using the Administration Console and the Light Agent for Windows local interface. You can also configure notification settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Other settings → Interface).
Page top
Configuring logging of events of Light Agent for Windows
To configure event logging in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the administration group containing the relevant virtual machines with the Light Agent for Windows component.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- In the Notifications section, click the Settings button.
The Notifications window opens.
Kaspersky Security components and tasks are shown in the left part of the window. The right part of the window lists events generated for the selected component or task.
- In the left part of the window, select the component or task for which you want to configure the event logging settings.
- Select the check boxes next to the relevant types of events in the following columns:
- Save to the application log if you want to save events in application logs.
- Save in Windows event log if you want to save events in the Microsoft Windows event log.
- In the Notifications window, click OK.
- Click the Apply button.
To configure event logging in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Configuring the display of on-screen notifications
To configure the display of on-screen notifications in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the administration group containing the relevant virtual machines with the Light Agent for Windows component.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- In the Notifications section, click the Settings button.
The Notifications window opens.
Kaspersky Security components and tasks are shown in the left part of the window. The right part of the window lists events generated for the selected component or task.
- In the left part of the window, select the component or task for which you want to configure the display of on-screen notifications.
- In the Notify on the screen column, select the check boxes next to the required types of events.
- In the Notifications window, click OK.
- Click the Apply button.
Information about the selected events is displayed on the screen as pop-up notifications in the Microsoft Windows taskbar notification area.
To configure the display of on-screen notifications in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–9 of the previous instructions.
- To save changes, click the Save button.
Information about the selected events is displayed on the screen as pop-up notifications in the Microsoft Windows taskbar notification area.
Page top
Configuring event notifications via email
To configure email notifications about events in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, select the administration group containing the relevant virtual machines with the Light Agent for Windows component.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the Light Agent for Windows policy properties window, select the Interface section in the list on the left.
The local interface settings are displayed in the right part of the window.
- In the Notifications section, click the Settings button.
The Notifications window opens.
Kaspersky Security components and tasks are shown in the left part of the window. The right part of the window lists events generated for the selected component or task.
- In the left part of the window, select the component or task for which you want to configure event notifications via email.
- In the Notify by email column, set the check boxes next to the required types of events.
- Click the Email notification settings button in the lower part of the window.
The Email notification settings window opens.
- Select the Send event notifications check box to enable the delivery of events notifications, selected in the Notify by email column.
- Specify the email notification delivery settings.
- In the Email notification settings window, click OK.
- In the Notifications window, click OK.
- Click the Apply button.
To configure email notifications about events in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Interface.
The local interface settings are displayed in the right part of the window.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–13 of the previous instructions.
- To save changes, click the Save button.
Configuring report settings
You can configure the following settings for Light Agent reports:
- Maximum report storage term.
The default maximum storage term for reports on events that are logged by the application is 30 days. After that period of time, the application automatically deletes the oldest entries from the report file. You can cancel the time-based restriction or change the maximum report storage duration.
- Maximum size of the report file.
By default, the maximum size of a file containing a report is 1024 MB. To avoid exceeding the maximum size, the application automatically deletes the oldest entries from the report file when the maximum report file size is reached. You can cancel the restriction on the size of the report file or change the maximum size of the report file.
You can configure the settings of reports on Light Agent for Windows operation in the Light Agent for Windows policy properties using the Administration Console, in the Light Agent for Windows local interface, and using the Web Console when creating or editing the Light Agent for Windows policy settings (Application settings → Other settings → Reports and Storages).
To configure the settings of the reports on Light Agent for Windows operation in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
- In the list on the left, select the Reports and Storages section.
- If you want to configure a storage term for reports, in the right part of the window, in the Report parameters section, perform one of the following actions:
- If you want to restrict the storage period for reports, select the Store reports no longer than check box and specify the maximum storage period for reports in the field to the right of the check box.
The default maximum storage term for reports is 30 days.
- If you want to remove the limit on the report storage term, clear the Store reports no longer than check box.
- If you want to restrict the storage period for reports, select the Store reports no longer than check box and specify the maximum storage period for reports in the field to the right of the check box.
- If you want to configure the report file size, in the right part of the window, in the Report parameters section, perform one of the following actions:
- If you want to restrict the report file size, select the Maximum file size check box and specify the maximum report file size in the field to the right of the check box.
By default, the maximum report file size is 1024 MB.
- If you want to remove the limit on the report file size, clear the Maximum file size check box.
- If you want to restrict the report file size, select the Maximum file size check box and specify the maximum report file size in the field to the right of the check box.
- Click the Apply button.
To configure the settings of the reports on Light Agent for Windows operation in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Reports and Storages.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.
- Complete steps 6–7 of the previous instructions.
- To save changes, click the Save button.
Managing reports in a local interface
In the local interface of Light Agent for Windows, you can generate the following types of reports:
- System Audit report. Contains information about events occurring during your interaction with the application and in the course of application operation in general, which are unrelated to any particular application component or task.
- All protection components report. Contains information about events that are logged in the course of operation of the following application components:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus.
- System Watcher.
- Firewall.
- Network Attack Blocker.
- Report on the operation of an application component or task. Contains information about events that occur in the course of operation of a selected application component or task.
Report data is presented in the form of a table which contains a list of events. Each table line contains information on a separate event. Event attributes are located in the table columns. Certain columns are compound ones which contain nested columns with additional attributes. Events that are logged during the operation of various components and tasks have different sets of attributes.
By default, report events are sorted in the ascending order of values in the Event date column. The event importance level is also displayed next to the date of the event in the Event date column.
The following importance levels of events are available in reports:
- Information events.
icon. Formal events that do not normally contain important information. - Important events.
icon. Events that need attention because they reflect important situations in the operation of the application. - Critical events.
icon. Events of critical importance and functional failure that indicate problems in the operation of the application.
You can manage report data as follows:
- Filter the list of events by column values or custom conditions.
- Use the search function to find a specific event.
- Sort the list of events by each column.
- Maximize or minimize grouped data.
- Change the order and arrangement of columns that are shown in the report.
- View the selected event in a separate section.
- Save the report to a text file.
- Delete report information on application components and tasks that are combined into groups.
The application automatically removes records from report files after the time period defined in the application settings, or when the maximum size of the report file is reached. You can cancel these limitations or set other values for these settings.
View reports
To view reports in the local interface:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
The Reports tab of the Reports and Storages window opens. The System Audit report is displayed under the Reports tab by default.
- Do one of the following:
- To generate the All Protection Components report, in the left part of the window in the Anti-Virus protection section, select the All protection components item in the list of components and tasks.
The All Protection Components report is displayed in the right part of the window, which contains a list of events on the operation of all protection components of the application.
- To generate a report on the operation of a specific component or task, in the left part of the window, select the relevant component or task in the list of components and tasks.
A report is displayed in the right part of the window, containing a list of events in the operation of the selected component or task.
By default, report events are sorted in the ascending order of values in the Event date column.
- To generate the All Protection Components report, in the left part of the window in the Anti-Virus protection section, select the All protection components item in the list of components and tasks.
- If necessary, use the filter, search, and sorting functions to locate the necessary event in the report.
- If you want to view detailed information about a reported event in a separate section, select the event in the report.
A section appears in the lower part of the window, with the attributes of this event.
Saving a report to file
In the local interface of Light Agent for Windows, you can save a generated report to a file in TXT or CSV format.
The application logs events in the report in a way as they are displayed on the screen: in other words, with the same set and sequence of event attributes.
To save a report to a file in the local interface:
- On the protected virtual machine, open the main application window.
- In the upper part of the main application window, click the Reports link to open the Reports and Storages window.
The Reports tab of the Reports and Storages window opens. The System Audit report is displayed under the Reports tab by default.
- Do one of the following:
- If you want to generate the All Protection Components report, in the left part of the window, select the All protection components item in the list of components and tasks.
The "All protection components" report is displayed in the right part of the window, containing a list of events in the operation of all protection components.
- To generate a report on the operation of a specific component or task, in the left part of the window, select the relevant component or task in the list of components and tasks.
A report is displayed in the right part of the window, containing a list of events in the operation of the selected component or task.
- If you want to generate the All Protection Components report, in the left part of the window, select the All protection components item in the list of components and tasks.
- If necessary, you can modify how data is presented in the report by:
- Filtering the list of events by column values or by custom filter conditions.
- Running an event search.
- Changing the order and arrangement of columns that are displayed in the report.
- Sorting the list of events by each column.
- Click the Save report button in the upper right part of the window.
A context menu opens.
- In the context menu, select the encoding for saving the report file: Save as ANSI or Save as Unicode.
The standard Save as window of Microsoft Office opens.
- In the Save as window, specify the destination folder for the report file.
- In the File name field, type the report file name.
- In the File type field, select the necessary report file format: TXT or CSV.
- Click the Save button.
Removing information from reports
The application automatically deletes records in report files according to the values defined in the application settings. You can also delete information from reports in the local interface of Light Agent for Windows.
To remove information from reports:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Other settings section, select Reports and Storages.
- In the right part of the window, in the Report parameters section, click the Delete reports button.
The Removing information from reports window opens.
- Select check boxes opposite the reports from which you want to delete information:
- All reports.
- General protection report. Contains information about the operation of the following application components:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus.
- Firewall.
- Network Attack Blocker.
- Scan tasks report. Contains information about completed scan tasks:
- Full Scan.
- Critical Areas Scan.
- Custom Scan.
- Update task report. Contains information about completed update tasks:
- Firewall rules processing report. Contains information about Firewall operation.
- Control components report. Contains information about the operation of the following application components:
- Application Startup Control.
- Application Privilege Control.
- Device Control.
- Web Control.
- System Integrity Monitoring Report. Contains information about the System Integrity Monitoring component operation.
- Data from System Watcher. Contains information about System Watcher component operation.
- In the Removing information from reports window, click OK.
SVM reconfiguration
You can change the following SVM configuration settings:
- Remote access mode for root account
- SVM IP settings
- List of virtual networks that SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server
- Settings of SVM connection to the Kaspersky Security Center Administration Server
- Configuration password and root account password
To reconfigure the SVM:
- Open Integration Server Console and connect to the Integration Server.
- In the SVM management section, click the SVM management button to start the SVM Management Wizard.
- Follow the wizard instructions.
You can also reconfigure SVMs using the klconfig script API manually or by means of automation tools.
Selecting an action
At this step, choose the SVM reconfiguration option.
Proceed to the next step of the wizard.
Page top
Selecting SVM for reconfiguration
At this step, you must select the SVMs that you want to reconfigure.
The table displays the following information about the virtual infrastructures, to which the SVM Management Wizard connection is configured, as well as information about the deployed SVMs:
- Name/Address
- State
- Protection
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of virtual infrastructure object that the SVM Management Wizard connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure object to which the SVM Management Wizard connects.
You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.
To selecting an SVM for reconfiguration,
In the table, select the checkboxes on the left of the names of SVMs that you want to reconfigure.
If SVMs are being reconfigured in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous reconfiguration of SVMs deployed in different infrastructures is not supported. You can reconfigure SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.
SVMs in OpenStack projects that are running on different Keystone microservices cannot be reconfigured simultaneously. You can simultaneously reconfigure SVMs deployed in OpenStack projects that are running on the same Keystone microservice.
If the list does not contain virtual infrastructure, in which you want to reconfigure SVM, you must configure the SVM Management Wizard connection to this virtual infrastructure.
To configure the connection of SVM Management Wizard to the virtual infrastructure:
- Click the Add button.
- In the Virtual infrastructure connection settings window that opens, specify the following settings:
- Type
For a virtual infrastructure based on the ALT Virtualization Server platform, you need to select KVM as the type of virtual infrastructure object that the SVM Management Wizard will connect to.
For a virtual infrastructure on the VK Cloud platform, select Keystone microservice (OpenStack platform) as the type of virtual infrastructure object to which you want SVM Management Wizard to connect.
- Protocol
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- Addresses
- OpenStack domain
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
- Password
- Type
- Click the Connect button.
The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.
The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.
To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.
If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.
If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.
You can use the Refresh button above the table to update the list of virtual infrastructure objects. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
You can use buttons in the Name/address column to:
- Remove selected virtual infrastructure from the list.
The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.
- If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.
After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.
Proceed to the next step of the wizard.
Page top
Entering the configuration password
At this step, specify the configuration password that was created during SVM deployment.
Proceed to the next step of the wizard.
Page top
Editing SVM network settings
This step is displayed if you are reconfiguring an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
At this step, you can change the virtual network(s) that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server.
Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.
To change the list of virtual networks used by an SVM:
- Select the Edit SVM network settings check box.
The window displays a table containing the following information about SVMs selected for reconfiguration:
- For each SVM, specify one or more virtual networks in the Network name column.
- If the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform, you can also specify the VLAN ID.
Proceed to the next step of the wizard.
Page top
Editing SVM network settings (infrastructures based on OpenStack)
This step is displayed if you are performing SVM reconfiguration in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
At this step, you can change the virtual network or networks that the SVMs use to connect to Light Agents, the Integration Server and the Kaspersky Security Center Administration Server, and can change the Security Group for each virtual network.
Changing the list of networks on SVMs results in the creation of new network adapters. This could change the IP address of an SVM.
To edit SVM network settings:
- Select the Change SVM network settings check box.
The window displays a table containing the following information about SVMs selected for reconfiguration:
- For each SVM, specify one or more virtual networks in the column.
- If necessary, specify one or more security groups for each selected network in the Security group column.
Proceed to the next step of the wizard.
Page top
Changing SVM IP settings
For this step, you can edit IP addressing settings used for all SVMs. You can use dynamic or static IP addressing.
To edit the IP address settings:
- Select the Edit SVM IP settings check box.
If you added virtual networks for one or more SVMs at the previous step of the Wizard, the Edit SVM IP settings check box is not displayed. You cannot proceed to the next step until the network settings of SVMs selected for reconfiguration have been configured.
- If you want to use DHCP network settings for all SVMs, select Dynamic IP addressing (DHCP).
By default, the IP address of the DNS server and the IP address of the alternative DNS server received over the DHCP protocol are used for each SVM. If you specified several virtual networks for the SVM at the previous step, by default the network settings for the SVM are received from the DHCP server of the first virtual network in the list of the specified virtual networks.
If you want to manually specify the IP address of the DNS server and alternative DNS server, clear the Use list of DNS servers received via DHCP check box. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if an SVM is deployed in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
- OpenStack project
The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
Specify the IP addresses of DNS servers in the DNS server and Alternative DNS server table columns.
- Hypervisor
- If you want to specify all network settings of the SVM manually, select Static IP addressing. This opens a table containing the following information:
- Hypervisor
The Hypervisor column is displayed if an SVM is deployed in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
- OpenStack project
The OpenStack project column is displayed if the SVM is deployed in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
- SVM name
- Network name
Specify the following network settings for each SVM:
- SVM IP address
- Subnet mask
- Gateway
- DNS server
- Alternative DNS
- Hypervisor
Proceed to the next step of the wizard.
Page top
Changing Kaspersky Security Center connection settings
At this step, you can edit the settings of SVM connection to the Kaspersky Security Center Administration Server.
To edit the settings for connecting SVMs to Kaspersky Security Center Administration Server:
- Select the Change Kaspersky Security Center connection settings check box.
- Specify the following settings:
Proceed to the next step of the wizard.
Page top
Changing the configuration password and root account settings
At this step, you can modify the following settings:
- Configuration password (the password used to reconfigure SVMs).
Rootaccount password.- SVM remote access mode for the
rootaccount.
If you want to change the configuration password, select the Change the klconfig account password (configuration password) check box and specify the new configuration password in the Password and Confirmation fields.
If you want to change the root account password, select the Change the root account password check box and specify the new password in the Password and Confirmation fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
If you want to change the root account's remote access mode for SVMs, select the Change the root account remote access mode check box and then perform one of the following actions:
- To allow the
rootaccount to access SVMs using SSH, select the Allow remote access using SSH for root account check box. - To prevent the
rootaccount from accessing SVMs using SSH, clear the Allow remote access using SSH for root account check box.
Proceed to the next step of the wizard.
Page top
Starting SVM reconfiguration
This step is displayed if you are reconfiguring an SVM in a virtual infrastructure running on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform.
At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.
General settings for all SVMs:
- Number of SVMs
- Configuration password
- Root account password
- Remote access for the root account via SSH
- Kaspersky Security Center connection settings
- SVM IP settings
Individual settings for each SVM:
- Hypervisor
- SVM name
- Network name
- VLAN ID
The VLAN ID column is displayed only if the SVMs that you selected for reconfiguration are deployed in a virtual infrastructure running the Microsoft Hyper-V platform.
- All IP addressing settings that you provided for the SVM.
To start the reconfiguration of the SVM, go to the next step in the wizard.
Page top
Starting SVM reconfiguration (infrastructures based on OpenStack)
This step is displayed if you are performing SVM reconfiguration in a virtual infrastructure managed by the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform.
At this step, the Wizard displays all of the previously entered settings required for reconfiguration of the SVM.
General settings for all SVMs:
- Keystone microservice address
- Number of SVMs
- Configuration password
- Root account password
- Remote access for the root account via SSH
- Kaspersky Security Center connection settings
- SVM IP settings
Individual settings for each SVM:
- OpenStack project
- SVM name
- Network name
- Security group
- All IP addressing settings that you provided for the SVM.
To start the reconfiguration of the SVM, go to the next step in the wizard.
Page top
SVM reconfiguration
At this step, the SVMs are reconfigured.
The window displays, one row at a time, the stages of SVM reconfiguration of each SVM with the status of each stage: Pending, Connecting, Processing N%, Completed, Error.
The process takes some time. Please wait until the process is complete.
Proceed to the next step of the wizard.
Page top
Finishing SVM reconfiguration
This step displays information about the results of SVM reconfiguration.
The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.
The brief report contains the following information:
- Addresses of hypervisors whose SVM configuration was changed, or OpenStack project names containing the deployed SVMs that have been reconfigured (depending on type of the virtual infrastructure).
- Names of SVMs that have been reconfigured.
- Brief description of the completed stages of reconfiguration of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.
The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.
The SVM Management Wizard log saves information specified by you at every step of the wizard. If errors occur during reconfiguration of SVMs, you can use the wizard log when contacting Technical Support.
The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.
Finish the wizard.
Page top
Viewing and editing Integration Server settings
Viewing and editing Integration Server settings is performed using the Integration Server Console. You can edit the following settings:
- Passwords of Integration Server accounts:
- Integration Server administrator account.
- Account that is used for connecting SVMs to the Integration Server.
- The account that is used for connecting Light Agents to the Integration Server.
Account names cannot be edited.
- Settings that the Integration Server uses for connection to the virtual infrastructure.
If required, you can delete the settings for connecting the Integration Server to the virtual infrastructure.
Viewing Integration Server settings in the Integration Server Console
To view Integration Server settings:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Integration Server settings section.
The right part of the Console shows the following settings of the Integration Server to which the connection has been established:
- Integration Server version.
- Name of the user account that was used to establish the connection to the Integration Server.
- Type of authentication used when connecting to the Integration Server.
- New IP address in IPv4 format or the fully qualified domain name (FQDN) of the Integration Server.
If you enabled the logging of information to the Integration Server trace file, you can view this file by clicking the View trace file link. The trace file can be viewed with the Notepad text editor.
Page top
Changing passwords of Integration Server accounts
You can change the passwords of the following Integration Server accounts:
- Integration Server administrator account.
- Account that is used for connecting SVMs to the Integration Server.
- The account that is used for connecting Light Agents to the Integration Server.
- Account that is used for interaction with the Integration Server REST API.
Account names cannot be edited.
To change the passwords of Integration Server accounts:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Integration Server user accounts section.
- In the table on the right, select the name of the account whose password you want to change.
- Click the Change the account password link located above the table to open the Account password window and enter the new password in the Password and Confirm password fields.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters:
! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters. - In the Account password window, click OK.
If you changed the account password for connecting SVMs to the Integration Server, you need to reconfigure the SVM connection to the Integration Server in the Protection Server policy.
If the Light Agent policy includes a configured connection of Light Agents to the Integration Server and you have changed the password of the account used for connecting Light Agents, you need to reconfigure the connection of Light Agents to the Integration Server in the Light Agent for Windows policy and in the Light Agent for Linux policy.
The new account settings for connecting to the Integration Server are relayed to the policy when the policy settings are saved.
Page top
Changing and deleting the settings for connection of the Integration Server to the virtual infrastructure
The Integration Server connects to each protected virtual infrastructure and receives necessary information for application operation. Depending on the type of protected virtual infrastructure the Integration Server connects to one of the following virtual infrastructure objects:
- hypervisor;
- virtual infrastructure administration server;
- Keystone microservice.
When connecting to virtual infrastructure objects, the Integration Server uses settings that were specified during installation of the Protection Server by default.
In the Infrastructure connection settings section of the Integration Server Console, you can perform the following actions:
- Edit the settings for connecting the Integration Server to virtual infrastructure (except for the infrastructure address).
- In the infrastructure running on VMware vCenter Server: enable or disable the use of VMware NSX Manager by Kaspersky Security, and modify the settings for connecting the Integration Server to VMware NSX Manager.
- Delete the virtual infrastructure from the list of infrastructures to which the Integration Server connects.
The Infrastructure connection settings section of the Integration Server Console displays a list of all virtual infrastructures to which the Integration Server connects.
The list is displayed as a table, with each row containing the following information:
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of a virtual infrastructure that the Integration Server connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.
If the Integration Server is not connected to the virtual infrastructure object, the table displays an error message.
The Integration Server verifies the authenticity of all virtual infrastructure objects with which a connection is being established, except a Microsoft Windows Server (Hyper-V) hypervisor. Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor. Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.
To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.
If it fails to ascertain the authenticity of the certificate or public key received from the virtual infrastructure object, the Integration Server breaks the connection with the virtual infrastructure. An error message is displayed in the table. You can resolve this error in one of the following ways:
- Confirm the authenticity of the certificate or public key received from the virtual infrastructure object.
- Replace the existing certificate with a new one, if you suggest that the existing certificate is not authentic.
To confirm the authenticity of the certificate or public key received from the virtual infrastructure object:
- Go to the SVM Management section of Integration Server Console, then launch SVM Management Wizard, and open the list of virtual infrastructures to which connection for SVM Management Wizard is configured (see, for example, the "Selecting infrastructure for SVM deployment" step of the Protection Server installation procedure).
- Confirm authenticity of the certificate or public key in the opened Certificate verification or Open key fingerprint verification window (it depends on the type of the virtual infrastructure object).
If the use of VMware NSX Manager by Kaspersky Security is enabled, the Integration Server also checks the VMware NSX Manager certificate and the table displays a message if a certificate error is detected. You can resolve an error in the VMware NSX Manager certificate in one of the following ways:
- Verify the authenticity of the certificate. To view information about the received certificate, you need to click the Confirm VMware NSX Manager certificate authenticity link that is displayed in the error message. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- If you do not consider the certificate trustworthy, you can disconnect by clicking the Cancel button, and replace the certificate with a new one.
Changing the settings for connection of the Integration Server to the virtual infrastructure
To change the settings for connecting the Integration Server to the virtual infrastructure:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
- In the table, select a virtual infrastructure whose connection settings you want to modify, and click the Edit link above the table.
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of a virtual infrastructure that the Integration Server connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.
The Changing virtual infrastructure connection settings window opens.
The Address field displays the IP address in IPv4 format or the fully qualified domain name (FQDN) of the virtual infrastructure object to which the Integration Server is connected for interaction with protected virtual infrastructure. The Address field cannot be changed.
- Make the necessary changes.
You can change the following settings for connecting the Integration Server to the virtual infrastructure:
- Protocol
The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- OpenStack domain
The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.
- User name
- Password
- Protocol
- If you selected a virtual infrastructure running on VMware vCenter Server in the list of virtual infrastructures to which the Integration Server connects, you can configure the use of VMware NSX Manager by Kaspersky Security. You can enable or disable the use of VMware NSX Manager, and modify the settings for connecting the Integration Server to VMware NSX Manager.
To enable Kaspersky Security to use VMware NSX Manager, at the bottom of the Changing virtual infrastructure connection settings window, do the following:
- Select the Use VMware NSX Manager check box.
- In the VMware NSX Manager type drop-down list select one of the following items:
- VMware NSX-V Manager, if VMware NSX Manager from the VMware NSX Data Center for vSphere package is installed on your infrastructure.
- VMware NSX-T Manager, if VMware NSX Manager from the VMware NSX-T Data Center package is installed on your infrastructure.
- Specify the following connection settings:
- New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
If VMware NSX-T Manager is clustered in your virtual infrastructure, specify the virtual IP address of the cluster. First assign a virtual IP address and certificate to the cluster (for more information on configuring the VMware NSX-T Manager cluster, refer to the VMware documentation).
- Name and password of the account that the Integration Server must use to connect to VMware NSX Manager. A VMware NSX Manager account that has been assigned the Enterprise Administrator role is required.
- New IP address in IPv4 format or the fully qualified domain name (FQDN) of the VMware NSX Manager.
To change the connection settings of the Integration Server to VMware NSX Manager, at the bottom of the Changing virtual infrastructure connection settings window, specify the VMware NSX Manager type and the new account name and password.
If you change the account password for connecting to VMware NSX-T Manager, the Integration Server can connect to VMware NSX Manager no earlier than 15 minutes after saving the new connection settings.
To disable the use of VMware NSX Manager by Kaspersky Security, clear the Use VMware NSX Manager check box.
- Click the OK button in the Changing virtual infrastructure connection settings window.
The Integration Server performs the following actions:
- Verifies authenticity of every virtual infrastructure object whose connection settings have been changed.
Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.
Authentication for microservices of the OpenStack platform, VK Cloud platform, and TIONIX Cloud Platform is performed only if you are using HTTPS for connecting the Integration Server to the virtual infrastructure.
To verify authenticity, the Integration Server receives an SSL certificate or fingerprint of the public key from each virtual infrastructure object.
If a certificate received from a virtual infrastructure object is not trusted for the Integration Server or does not match a previously installed certificate, an error message is displayed in the list of virtual infrastructure objects to which the Integration Server connects.
- If you enabled the use of VMware NSX Manager or changed the VMware NSX Manager connection settings, the Integration Server verifies the authenticity of VMware NSX Manager. To verify authenticity, the Integration Server receives an SSL certificate from VMware NSX Manager.
If the certificate received from VMware NSX Manager is not trusted for the Integration Server or does not match the previously installed certificate, the Certificate verification window opens with the appropriate message. Click the link in this window to view the details of the received certificate. If you do not consider this certificate to be authentic, click the Cancel button to disconnect, and replace the certificate with a new one.
If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to VMware NSX Manager. To do so, click the Trust the certificate button in the Verify certificate window. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed.
- Verifies authenticity of every virtual infrastructure object whose connection settings have been changed.
Deleting the settings for connection of the Integration Server to the virtual infrastructure
If you want the Integration Server to stop receiving information from the virtual infrastructure, you can remove this infrastructure from the list of infrastructures, to which the Integration Server connects.
It is recommended to remove a virtual infrastructure from the list only if there are no installed Kaspersky Security application components in it.
To remove the settings for connecting the Integration Server to the virtual infrastructure:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Infrastructure connection settings section.
- In the table on the right side of the window, select a virtual infrastructure you want to remove, and click the Delete link.
For a virtual infrastructure based on the ALT Virtualization Server platform, KVM is displayed as the type of a virtual infrastructure that the Integration Server connects to.
For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure to which the SVM Management Wizard connects.
- Confirm the deletion in the window that opens.
If you have removed the virtual infrastructure from this list, it is recommended to remove it also from the list of virtual infrastructures, to which the SVM Management Wizard connection is configured (see, for example, the "Selecting SVMs to remove" step of the SVM removal procedure).
Page top
Monitoring SVM status
You can receive information about the status of SVMs deployed in the virtual infrastructure by using any network management system that utilizes the SNMP protocol. An SVM is installed with an SNMP agent that can send information about the status of the SVM to the network management system of your organization.
SNMP Agent can relay the following SVM status information:
- RAM usage by the Protection Server (scanserver service) as a percentage of the maximum value that, when reached, causes the application to restart.
- Page file usage by the Protection Server (scanserver service) as a percentage of the maximum value that, when reached, causes the application to restart.
- Number of virtual machines with desktop operating systems that are under the protection of this SVM (includes only virtual machines that are not powered off and not paused).
- Number of virtual machines with server operating systems that are under the protection of this SVM (includes only virtual machines that are not powered off and not paused).
- Information about whether virtual machine scan tasks are currently running on the SVM.
- If scan tasks are running: information about the number of virtual machines that are currently waiting to be scanned, and the number of virtual machines that are being simultaneously scanned.
- Information about the status of the following application services on SVMs:
- scanserver (Protection Server)
- klnagent (Kaspersky Security Center Network Agent)
- nginx
- watchdog (wdserver)
SNMP Agent relays the Running (service is running) or Stopped (service is not running) value for each service.
This data is specific to the application, and such information is contained in the MIB file KSVLA-MIB.txt that is provided together with the application. You can use this file to receive additional information from SVMs. You can also receive other values of SNMP counters from the standard set of the Net-SNMP package.
You can enable or disable SNMP monitoring in the Administration Console when creating a Protection Server policy or in the Protection Server policy settings.
You can also enable or disable SNMP monitoring in the Web Console when creating or modifying the Protection Server policy settings (Application Settings → SNMP Monitoring Settings).
If SNMP Monitoring is enabled in the active Protection Server policy, the SNMP agent installed on an SVM relays information about the status of the SVM to the network management system of your organization.
If the policy that enables SNMP monitoring is inactive, information about the status of SVMs is not relayed.
To enable or disable SNMP Monitoring in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the SNMP monitoring settings section in the list on the left.
- In the right part of the window, do one of the following:
- Select the Enable SNMP monitoring of the SVM status check box if you want to receive SVM status information.
- Clear the Enable SNMP monitoring of the SVM status check box if you want to disable SVM status monitoring.
- Click the Apply button.
Application components integrity check
Kaspersky Security components contain a multitude of various binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker can replace one or more application modules or files with other modules or files containing malicious code. To prevent the application modules and files from replacement, Kaspersky Security can check the integrity of application files and modules. The application checks files and modules for the presence of unauthorized changes or corruption. If an application file and module has an incorrect checksum, it is considered corrupted.
Integrity check is performed for the files and modules of the following application components:
- Kaspersky Security MMC management plug-ins
- Integration Server
- Integration Server Console
- Protection Server
- Light Agent for Windows
- Light Agent for Linux
The integrity check of the application components files and modules is performed using the integrity_check_tool utility. The utility checks the integrity of files and modules listed in special lists called manifest files. The manifest file for an application component lists the files and modules integrity of which is critical for correct operation of the application component. The integrity of the manifest files is also checked.
During the integrity check of Light Agent for Windows files and modules, the presence of the following Light Agent functional components on the virtual machine is also checked:
- File Anti-Virus.
- Mail Anti-Virus.
- Web Anti-Virus (only on virtual machines with desktop operating systems).
- System Watcher.
- AMSI Protection (except for virtual machines with an OS version earlier than Windows 10 or Windows Server 2016).
- Application Startup Control.
- Web Control (only on virtual machines with desktop operating systems).
- System Integrity Monitoring (only on virtual machines with server operating system).
- Application Privilege Control (only on virtual machines with desktop operating systems).
- Integration with Kaspersky Endpoint Agent.
Light Agent for Windows files and modules integrity check fails if the specified functional components are not installed on the virtual machine.
Location of manifest files and integrity check utilities
- MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check.xml.
- Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check_tool.exe.
- MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Windows:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.windows.plg\integrity_check.xml.
- Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.windows.plg\integrity_check_tool.exe.
- MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Linux:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.linux.plg\integrity_check.xml.
- Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.linux.plg\integrity_check_tool.exe.
- Protection Server:
- Combined manifest file for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check.xml.
- Protection Server manifest file: /opt/kaspersky/la/config/integrity.xml.
- Network Agent for Linux manifest file: /opt/kaspersky/la/config/klnagent_integrity.xml.
- Integrity check tool for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check_tool.
- Integration Server:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check.xml.
- Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check_tool.exe.
- Integration Server Console:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check.xml.
- Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check_tool.exe.
- Light Agent for Windows:
- Manifest file depending on the operating system:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check.xml – for 64-bit operating systems.
- %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check.xml – for 32-bit operating systems.
- Integrity check utility depending on the operating system:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check_tool.exe – for 64-bit operating systems.
- %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check_tool.exe – for 32-bit operating systems.
- Manifest file depending on the operating system:
- Light Agent for Linux:
- Combined manifest file for Light Agent for Linux and Network Agent for Linux: /opt/kaspersky/lightagent/bin/integrity_check.xml.
- Light Agent for Linux manifest file: /opt/kaspersky/lightagent/config/integrity.xml.
- Network Agent for Linux manifest file: opt/kaspersky/lightagent/config/klnagent_integrity.xml.
- Integrity check utility for Light Agent for Linux and Network Agent for Linux: /opt/kaspersky/lightagent/bin/integrity_check_tool.
Starting integrity check utility for the application components
To run the integrity check utility on the SVM and on the virtual machine with Light Agent for Linux installed, the root account is required. An administrator account is required for running the integrity check utility for all other application components.
To check the integrity of an application component, run the utility from the folder where the utility is located for this component by executing one of the following commands:
- In Windows operating system:
integrity_check_tool.exe -v[|--verify] -m[|--manifest] <path to the manifest file> - In Linux operating system:
integrity_check_tool -v[|--verify] -m[|--manifest] <path to the manifest file>
where <manifest file path> is the full path to the manifest file of the component.
You can run the tool with the following optional settings:
-V,--verbose– display additional information about successfully checked files and modules. If this setting is not specified, only the check result (succeeded/failed), information about errors and general check statistics are displayed.-L,--log-file <file>, where<file>is the name of the file where the events that occurred during the scan are logged. By default, the events are sent to the standard stdout stream.-l,--log-level <0-1000>, where<0-1000>is the verbosity level for events. The default verbosity level is 0.
You can view the description of all available integrity check tool options in the tool options help. To do this, run the utility with the -h [--help] setting.
Application components integrity check results
Application components integrity check results are displayed as follows:
SUCCEEDED– integrity of the files and modules is confirmed (return code0).FAILED– integrity of the files is not confirmed (return code is other than0).
Using Kaspersky Security for Virtualization 5.2 Light Agent in multitenancy mode
When using Kaspersky Security in multitenancy mode, one Kaspersky Security instance installed in the provider organization infrastructure (hereinafter also referred to as the "provider") allows protection of isolated virtual infrastructures of tenant organizations or isolated units of one tenant organization (hereinafter also referred to as the "tenant").
The procedures for deploying and using Kaspersky Security in multitenancy mode are automated by tools of the Integration Server REST API.
The following Kaspersky Security usage scenarios in multitenancy mode are provided:
- Deploying tenant protection infrastructure by means of the Integration Server REST API using Kaspersky Security Center virtual Administration Servers and receiving tenant protection reports.
- Receiving tenant protection reports without deploying tenant protection infrastructure by means of the Integration Server REST API.
If the tenant protection infrastructure is already deployed in your infrastructure without using the Integration Server REST API, you can register existing tenants and their virtual machines and receive tenant protection reports.
Kaspersky Security for Virtualization 5.2 Light Agent allows you managing protection of the tenants in whose virtual infrastructure Kaspersky Security for Virtualization 5.1 Light Agent is installed. Policies are used for enabling and disabling protection of virtual machines with Light Agent version 5.1 installed. To enable and disable protection of virtual machines with Light Agent version 5.2 installed, no policies for enabling and disabling protection are required.
Deploying tenant protection infrastructure
The tenant protection infrastructure created using the Integration Server REST API is based on the usage of Kaspersky Security Center virtual Administration Servers. Each tenant is provided with a virtual Administration Server and an account to be used by the tenant administrator to connect to the virtual Administration Server.
One Kaspersky Security Center Administration Server can support up to 500 virtual Administration Servers.
Tenant virtual machines with Light Agents installed are located on the tenant virtual Administration Server.
Tenant administrators can perform the following actions on their virtual Administration Server:
- Centrally manage protection of their virtual machines using the Light Agent policies and group tasks.
- Receive information about their infrastructure protection status using event notifications and reports available on the virtual Administration Server.
- Work with copies of files placed in backup storage on all virtual machines of this tenant.
For more information about virtual Administration Servers, see the Kaspersky Security Center help.
The provider's administrator installs the application in their infrastructure and ensures the operation of Light Agents and other application components:
- Configures the settings for connecting Light Agents installed on the tenant virtual machines to the SVM and to the Integration Server.
- Activates the application and controls licensing restrictions.
- Updates databases and application modules.
- Configures the Protection Server settings.
The provider's administrator can also configure general protection settings of the tenant virtual machines.
During operation, information that may contain personal and confidential data is transmitted between Kaspersky Security Center and Kaspersky Security components installed in the provider's infrastructure and on the tenant virtual machines.
Before creating a tenant protection infrastructure, perform the following steps:
- Install or update Kaspersky Security.
The following components must be installed in the provider's infrastructure:
- Kaspersky Security MMC plug-ins, Integration Server, and Integration Server Console.
- Protection Server.
If you want to use the web interface to interact with Kaspersky Security Center, you also need to install web plug-ins using the Web Console.
- Prepare the application for work:
- Prepare the Protection Server for operation.
- In the Integration Server Console, change the default multitenancy account password. A multitenancy account is created automatically as a result of Integration Server installation. It is required to interact with the Integration Server REST API.
- In the Integration Server Console, configure the Integration Server connection settings to the Kaspersky Security Center Administration Server. These settings are required for authorization on the Kaspersky Security Center Administration Server when executing requests to the Integration Server REST API.
Tenant protection infrastructure deployment consists of the following steps:
- Creating a tenant and Kaspersky Security Center virtual Administration Server for the tenant.
- Configuring location of SVMs for protecting tenant virtual machines and configuring the Protection Server operation settings.
- Configuring SVM discovery settings and general operation settings for Light Agents, installed on the tenant virtual machines.
- Installing Kaspersky Security Center Network Agent and Light Agent on the tenant virtual machines and moving the virtual machines to a virtual Administration Server configured for the tenant.
- Registering the tenant virtual machines in the Integration Server database.
- Activating the tenant.
- Transferring the following Kaspersky Security Center virtual Administration Server connection settings to the tenant administrator:
- Address of the virtual Administration Server configured for the tenant.
- Administrator account settings of the virtual Administration Server.
It is recommended that the tenant administrator changes the account password received from the provider administrator.
The steps of the tenant protection infrastructure deployment can be automated using the Integration Server REST API and Kaspersky Security Center OpenAPI.
To prevent unauthorized access, it is recommended to deploy the SVM and the device on which the Kaspersky Security Center Administration Server and the Integration Server are installed in a dedicated virtual network and to configure routing with address translation (SNAT) from the tenant subnets to this subnet.
Configuring the Integration Server connection settings to the Kaspersky Security Center Administration Server
For the Integration Server REST API interaction with the Kaspersky Security Center Administration Server during execution of requests, an account is required that has the following permissions in the Kaspersky Security Center:
- Permissions in the functional areas of the Administration Server:
- General functionality → Basic functionality: Read, Modify
- General functionality → Administration group management: Modify
- General functionality → User permissions: Modify access control lists
- General functionality → Virtual Administration Servers: Read, Modify, Execute, Manage
- Permissions to read and modify objects in the functional areas related to Light Agent settings.
You can create and configure an account for connecting the Integration Server to the Kaspersky Security Center in the Security section of the Kaspersky Security Center Administration Server properties window.
By default, the Security section is not displayed in the Administration Server properties window. To enable the display of the Security section, you must select the Display security settings sections check box in the Configure interface window (View → Configure interface menu) and restart the Kaspersky Security Center Administration Console.
For more information on the account permissions in the Kaspersky Security Center, refer to the Kaspersky Security Center help.
To configure the settings for connecting the Integration Server to Kaspersky Security Center Administration Server:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the Kaspersky Security Center connection settings section.
- Specify the following connection settings:
- IP address in IPv4 format or fully qualified domain name (FQDN) of the Kaspersky Security Center Administration Server.
- Name and password of the account that will be used for interaction between the Integration Server REST API and the Kaspersky Security Center Administration Server.
- Click the Save button.
The Integration Server performs a connection attempt to verify the specified connection settings. If the SSL certificate received from the Kaspersky Security Center Administration Server is not trusted for the Integration Server, a notification is displayed. Click the link in this window to view the details of the received certificate. If the received certificate complies with the security policy of your organization, you can confirm the certificate authenticity by clicking the Install certificate button. The received certificate is saved as a trusted certificate for the Integration Server.
After the connection is established, the Integration Server saves the connection settings.
Creating a tenant and a virtual Administration Server
At this step of the tenant protection infrastructure deployment, tenant information is added to the Integration Server database and a virtual Administration Server is created for the tenant. The procedures are automated by means of the Integration Server REST API.
The actions performed in response to the REST API request depend on the tenant type specified when calling the REST API method: tenant protection infrastructure deployment is available only for the complete tenant type.
Specify the following information in the REST API request:
- Tenant name.
- Tenant type: Complete.
- Settings of the account used by the tenant administrator to connect to the virtual Administration Server configured for the tenant. During the procedure, an account with the main administrator permissions will be automatically created on the virtual Administration Server.
Kaspersky Security Center verifies the uniqueness of account names within the main Kaspersky Security Center Administration Server and all its virtual Administration Servers. By default, if the account name is not unique, the account creation fails. If you want to use same account names for the virtual Administration Servers, you can disable uniqueness check for internal user names. See Kaspersky Security Center help for more information.
As a result of the procedure, the following actions are performed:
- The tenant data is saved in the Integration Server database and the tenant is assigned a unique identifier.
- Kaspersky Security Center virtual Administration Server and an account to be used by the tenant administrator to connect to the virtual Administration Server are created for each tenant.
- When the first tenant is registered in the console tree of Kaspersky Security Center main Administration Server, a folder with the Multitenancy KSV LA default name is created in the Managed devices folder. You can change this name if required.
- The following structure of folders and nodes is created for each tenant in the Multitenancy KSV LA folder:
<Tenant name> folder
- Administration Servers node
- Administration Servers <Tenant name> node
- Folders and administration groups required for managing protection of this tenant, similar to the structure of folders and groups of Kaspersky Security Center main Administration Server.
- Administration Servers <Tenant name> node
- Administration Servers node
- The policies for enabling and disabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed are created in the Multitenancy KSV LA → <Tenant name> folder.
Policies for enabling and disabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure. Policies for enabling and disabling protection are used to define the SVM discovery settings and configure general operation settings for Light Agents.
Configuring SVM location and Protection Server settings
At this step of tenant security infrastructure deployment, you can perform the following actions:
- Configure the location of the SVMs that will protect tenant virtual machines in Kaspersky Security Center administration group hierarchy.
- Configure the operation settings of the Protection Server installed on these SVMs using the Protection Server policy.
- Configure the general settings of the Light Agents that will be installed on the tenant virtual machines using the Light Agent policies.
You can deploy SVMs that will protect tenant virtual machines in any folder or administration group on the main Kaspersky Security Center Administration Server.
It is not recommended to deploy SVMs and Protection Server policy in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
If you want the SVM to protect virtual machines of only particular tenants, restrict the Light Agent access to SVM in one of the following ways:
- Using the connection tags mechanism. Tags must be specified in the Protection Server policy and in the Light Agent policy. It is recommended to close the configured settings with the "lock" in order to prohibit changing these settings in the local application settings and in policies of the nested hierarchy level.
- By blocking network connections from the tenant subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
It is not recommended to configure connection tags in Light Agent policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
Per the order of Kaspersky Security Center policy inheritance on all SVMs in the hierarchy of administration groups, the default Protection Server policy is applied. It is created in the Managed devices folder on the main Administration Server as a result Kaspersky Security MMC plug-ins installation. If you want to configure specific operation settings for the SVMs that will protect tenant virtual machines, create a Protection Server policy in the folder where the SVM that protects tenant virtual machines is located.
If you want to centrally enable Kaspersky Security Network usage to protect tenant virtual machines, make sure that the personal data of tenants is legally processed.
Page top
Configuring SVM discovery settings for Light Agents and general tenant protection settings
At this stage of deployment of the tenant protection framework, create a Light Agent policy in one of the following folders:
- In the Multitenancy KSV LA → <Tenant name> folder, to configure general operation settings for all Light Agents that will be installed on the virtual machines of one particular tenant. The policy in the Multitenancy KSV LA → <Tenant name> folder must be created for each tenant.
- In the Multitenancy KSV LA folder, to configure general operation settings for all Light Agents that will be installed on the virtual machines of all tenants.
In the Light Agent policy, configure the Light Agent operation settings as follows:
- Settings for connecting Light Agents to SVMs:
- Enable the use of the Integration Server for SVM discovery in the Light Agent policy. Light Agents installed on the virtual machines of the tenants of complete type must use the Integration Server to discover SVMs that are available for connection.
- If you want to restrict Light Agents access to SVMs using the mechanism of connection tags, you can assign connection tags to Light Agents.
If you use the application under a standard license, connection tags are not available. To restrict Light Agents access to SVMs, you can block network connections from the tenant subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
The default values can be used for other settings for connecting Light Agents to SVMs.
It is recommended to lock all the settings for connecting Light Agents to SVMs with the "lock" in order to prohibit changing these settings in the local application settings and in policies of the nested hierarchy level.
- If required, you can configure general operation settings for the Light Agents that will be installed on the tenant virtual machines.
Using the "lock" attribute, you can allow or block changing of settings or groups of settings in the local application settings, task settings, or in policies of the nested hierarchy level (for nested administration groups and secondary Administration Servers). Tenant administrators cannot configure "locked" settings. If the "locks" are open, the tenant administrator can to independently configure the operation of Light Agent components.
If Light Agents and SVMs of Kaspersky Security for Virtualization 5.1 Light Agent are installed in the tenant virtual infrastructure, it is recommended to use the policies enabling tenant protection that were automatically created in the Multitenancy KSV LA → <Tenant name> folder to configure general operation settings for these Light Agents.
It is not recommended to configure general operation settings of Light Agents in the policies located in folders and administration groups to which the tenant administrator has access, that is, in folders and administration groups under the Administration Server <Tenant name> node.
Page top
Installing Light Agent on tenant virtual machines
At this step of the tenant security infrastructure deployment, the following actions are performed:
- Kaspersky Security Center Network Agent, that is configured to connect to the tenant virtual Administration Server, is installed on the tenant virtual machines.
- Tenant virtual machines are moved to the Managed devices folder of the virtual Administration Server configured for the tenant.
- Light Agent for Windows or Light Agent for Linux is installed on the tenant virtual machines.
The listed actions can be performed both on the provider side and on the tenant side after the tenant administrator is provided with the virtual Administration Server connection settings.
If installation is performed on the provider side
You can automate installation of applications on the tenant virtual machines and moving virtual machines to administration groups be means of Kaspersky Security Center OpenAPI. Refer to the Knowledge Base for more details.
You can also use other installation options:
- Remote application installation on virtual machines using the Installation Wizard or remote installation task.
To install applications on virtual machines with Windows operating systems, Network Agent installation package is required. For each tenant, you need to prepare Network Agent installation package. The installation package properties must include connection settings for the virtual Administration Server configured for this tenant. You can specify the administration group to which the virtual machine will be moved after Network Agent is installed on it in the properties of a package or a remote installation task. For more information about configuring installation packages, refer to the Kaspersky Security Center help.
To install applications on virtual machines with Linux operating systems, a separate Network Agent installation package is not required. Network Agent is included in the Light Agent for Linux installation package. The settings for connecting Network Agent to the virtual Administration Server must be configured in the properties of the Light Agent for Linux installation package.
Installation packages required for installing Light Agent for Windows, Light Agent for Linux and Network Agent are located on the main Kaspersky Security Center Administration Server in the Advanced → Remote installation → Installation packages folder. You can distribute installation packages to the selected virtual Administration Servers using the Administration Server task or automate the distribution of packages using Kaspersky Security Center OpenAPI. Refer to the Knowledge Base for more details.
- Deploying virtual machines with Windows operating systems from the virtual machine template.
You need to prepare a virtual machine template for each tenant with the Network Agent, configured to connect to the tenant virtual Administration Server, and with the Light Agent. Then you can deploy virtual machines for the tenant from this template.
When installing Network Agent on a virtual machine template, it is recommended to enable optimization of Network Agent settings for VDI.
If installation is performed on the tenant side
If there are installation packages or virtual machine templates prepared by the provider’s administrator, the tenant’s administrator can install Network Agent and Light Agent on the tenant virtual machines.
Page top
Registering tenant virtual machines
At this step of the tenant security infrastructure deployment, tenant virtual machines are registered. The procedure is automated by means of the Integration Server REST API.
In the request to the REST API, specify the identifier (BIOS ID) of the virtual machine and the identifier of the tenant to which these virtual machines belong.
As a result, information about the virtual machine is saved in the Integration Server database and connection is established between the virtual machine and the tenant.
Page top
Activating the tenant
At this step of the tenant security infrastructure deployment, the tenant is activated. Tenants are registered in the Integration Server database with the Inactive status. While the tenant is inactive, Light Agents installed on the tenant’s virtual machines do not receive information about the SVMs they can connect to, and protection of the tenant virtual machines is disabled. To start protecting tenant virtual machines, you must activate the tenant.
The tenant activation procedure is automated by means of the Integration Server REST API.
As a result of the procedure, the following actions are performed:
- Tenant status changes to Active. The tenant status is preserved in the Integration Server database. You can receive information about the tenant status using the Integration Server REST API or by viewing the list of tenants in the Integration Server Console.
- The Light agents installed on the tenant virtual machines receive a list of SVMs available for connection from the Integration Server. The Light Agents select the best SVM for connection in accordance with the configured SVM connection settings, thus enabling protection of the tenant virtual machines.
- The status of the policies for enabling and disabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed is changed.
Policies for enabling and disabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure.
Registering existing tenants and their virtual machines
If the tenant protection infrastructure is configured without Integration Server REST API usage, information about the tenants and their virtual machines must be added to the Integration Server database for the tenant protection reports to be generated.
Registration of an existing tenant and its virtual machines in the Integration Server database consists of the following steps:
- Creating a tenant in the Integration Server database.
The tenant creation procedure is automated by means of the Integration Server REST API.
The actions performed in response to the REST API request depend on the tenant type specified when calling the REST API method. To enter the tenant data into the Integration Server database without creating a tenant protection infrastructure, specify the simple tenant type.
Specify the following information in the REST API request:
- Tenant name.
- Tenant type: Simple.
As a result, the tenant data is saved in the Integration Server database and the tenant is assigned an identifier.
- Registering the tenant virtual machines in the Integration Server database.
The virtual machine registration procedure is automated by means of the Integration Server REST API.
In the request to the REST API, specify the identifier (BIOS ID) of each virtual machine and the identifier of the tenant to which these virtual machines belong.
As a result, the data on the tenant virtual machines is saved in the Integration Server database.
- Activating the tenant.
The tenant activation procedure is automated by means of the Integration Server REST API.
After activation, the tenant status is preserved in the Integration Server database. You can receive information about the tenant status using the Integration Server REST API or by viewing the list of tenants in the Integration Server Console.
In the case of a simple tenant type, its status (active or inactive) does not affect the protection state of the tenant's virtual machines.
Enabling and disabling tenant protection
Tenants registered in the Integration Server database may have the Active or Inactive status. By default, the tenant status is Inactive.
For the complete tenant type, the status determines the protection status of the tenant virtual machines:
- If the tenant’s status is "active", the Integration Server sends the list of SVMs available for connection to the Light Agents installed on the tenant virtual machines. The Light Agents select the best SVM for connection in accordance with the configured SVM connection settings and connect to it. Protection of the tenant virtual machines is enabled.
- If the tenant’s status is "inactive", the Integration Server sends the address of the non-existent SVM to the Light Agents installed on the tenant virtual machines. This means that Light Agents are not able to connect to any SVM. Protection of the tenant virtual machines is disabled.
To enable protection of the virtual machines for a complete tenant type, you must activate the tenant. To disable protection of the virtual machines for a complete tenant type (suspend provision of protection services to the tenant), you can deactivate the tenant.
After the tenant is deactivated, events from the Light Agents installed on the tenant virtual machines are logged to the Kaspersky Security Center Administration Server. An event that there are no SVMs available for connection is logged once, and the events that it is not impossible to complete the update task on the protected virtual machine are logged every 2 hours.
To avoid unauthorized application usage, after the tenant deactivation it is recommended to block network connections from the deactivated tenant’s subnet to the following TCP ports of the SVM subnet: 80, 9876, 9877, 11111, 11112.
For a simple tenant type, the tenant status does not affect the virtual machine protection status.
The tenant activation and deactivation procedures are automated by means of the Integration Server REST API.
Page top
Getting tenant information
Kaspersky Security provides the following methods for getting tenant information:
- Viewing the list of tenants in the Integration Server Console.
- Receiving the list of tenants, list of tenant virtual machines and tenant information using the Integration Server REST API.
To view the list of tenants in the Integration Server Console:
- Open Integration Server Console and connect to the Integration Server.
- In the list on the left, select the List of tenants section.
In the workspace on the right, a list of all tenants registered in the Integration Server database opens. The list is displayed as a table.
The following information about each tenant is displayed in the list:
- Status – tenant status in the Integration Server database. The status is indicated by the following icon:
- means the tenant has the "Active" status.
- means the tenant has the "Inactive" status.
For the complete tenant type, the status determines the protection status of the tenant virtual machines:
- If the tenant’s status is Active, protection of the tenant virtual machines is enabled.
- If the tenant’s status is Inactive, protection of the tenant virtual machines is disabled.
For a simple tenant type, the tenant status does not affect the virtual machine protection status.
- Information about the tenant and the tenant’s virtual machines:
- Tenant name
- Tenant type: Complete or Simple
- Tenant identifier
- For the complete tenant type: identifier of the virtual Administration Server configured for the tenant
- List of identifiers (BIOS ID) or names of the tenant virtual machines
- Administrator account – name of the account used by the administrator of the complete tenant to connect to the virtual Administration Server configured for the tenant. The list displays the account name specified when the tenant was created, even if this name was subsequently changed.
You can update the list of tenants using the Refresh link above the table.
Page top
Receiving tenant protection reports
A virtual machine is considered protected if the Light Agent installed on it is connected to the SVM. Each SVM can receive data about the time intervals when Light Agents were connected to the SVM and pass this data to the Integration Server database. Based on this information, you can receive reports on the protection status of the tenant virtual machines using the Integration Server REST API.
You can use the tenant protection report to obtain information about all protected tenant virtual machines and all time intervals when each virtual machine was protected by Kaspersky Security. The report can also be used to obtain information about the protection of all virtual machines that connected to the SVM during the specified reporting period, including the virtual machines that do not belong to any tenant.
Receiving tenant protection reports consists of the following steps:
- Enabling the function of transferring report data to the Integration Server database.
- Report generation. The report is generated as a CSV file in a temporary folder.
- Report upload. The generated report can be uploaded in its entirety or in parts for integration into the provider’s reporting system.
Enabling the function of transferring report data
By default, the function of transferring report data is disabled on the Integration Server. If you want to receive tenant protection reports, enable the function of transferring report data in the Integration Server configuration file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\viislaservice.exe.config.
To enable the function of receiving report data:
- Open the viislaservice.exe.config configuration file for editing.
- Set the
EnableTenantsProtectionReportsparameter totrueand save the file. - Restart the Integration Server.
The Integration Server will receive data on the time intervals when Light Agents were connected to SVMs from each SVM.
If the function of receiving report data is enabled, but SVM is not connected to the Integration Server, the data packets are queued for sending. When the maximum number of packets in the queue is reached, older data packets are deleted. The parameters for sending data are set up in the /etc/opt/kaspersky/agents_monitor/agents_monitor.conf configuration file on SVM. You can configure the maximum queue size for the packets to be sent using the max_queue_size parameter.
The received data is stored in the Integration Server database. The default report retention period is 460 days. You can configure this value using the TenantsProtectionPeriodsRecordsLifetimeDays parameter in the viislaservice.exe.config configuration file of the Integration Server.
The size of the Integration Server database increases proportionally to the number of the tenant protected virtual machines.
Generating tenant protection reports
The report generation procedure is automated by means of the Integration Server REST API.
You can pass the following report generation parameters in the request to the REST API:
- Identifier of the tenant for which want to generate the protection report.
- Start date and time of the period for which you want to generate a report.
- End date and time of the period for which you want to generate a report.
If the tenant identifier is not specified in the request, the report will include data on all virtual machines that were protected during the specified period. Including the data on virtual machines that do not belong to the tenants.
If the report generation period is not specified in the request, the report will include data stored in the Integration Server database from the earliest date up to the current moment.
To obtain reliable information in the reports, it is recommended to follow these rules when specifying the reporting period:
- Specify the reporting period accurate to a day.
- Set the end of the reporting period not less than 60 minutes from the current moment.
As a result of the report generation procedure, the report identifier is returned. The report is generated in the protected service folder %ProgramData%\Kaspersky Lab\VIISLA\protectionPeriodsReports. By default the report is stored within 24 hours from the moment of generation. To get the report, use the report identifier in the request to the REST API to upload the report.
You can configure the report retention period using the TenantsProtectionReportsLifetimeHours parameter in the Integration Server configuration file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\viislaservice.exe.config.
The data in the report is presented line by line. Each line contains information about one virtual machine protection period in the following format:
{tenant ID};{tenant name};{virtual machine ID};{virtual machine name};{date and time when protection was enabled};{date and time when protection was disabled}
where:
{tenant ID}– identifier of the tenant to which the virtual machine belongs. If the virtual machine does not belong to any tenant, nothing is displayed in this field.{tenant name}– tenant name specified when the tenant was created. If the virtual machine does not belong to any tenant, nothing is displayed in this field.{virtual machine ID}– identifier of the virtual machine that was protected by the application.{virtual machine name}– name of the virtual machine that was protected by the application.{date and time when protection was enabled}– start date and time of the virtual machine protection period.{date and time when protection was disabled}– end date and time of the virtual machine protection period.
If during the reporting period the virtual machine was protected by the application several times (protection was enabled and disabled), the report displays each virtual machine protection period.
Page top
Uploading tenant protection reports
The report upload procedure is automated by means of the Integration Server REST API.
In the request to the REST API, the report identifier obtained at the previous step and the data display format (CSV) must be specified.
Other data display formats are not supported.
You can upload all report data or get partial data.
You can integrate data obtained as a result of the query into your reporting system.
Page top
Removing virtual machines from the protected infrastructure
To remove a virtual machine from the protected infrastructure of a complete tenant type:
- Unregister the virtual machine in the Integration Server database. The virtual machine unregistration procedure is automated by means of the Integration Server REST API.
As a result, information about the tenant virtual machine is deleted from the Integration Server database.
- Remove Light Agent for Windows or Light Agent for Linux and Kaspersky Security Center Network Agent from the virtual machine.
You can perform these actions manually in Kaspersky Security Center interface or automate removal using Kaspersky Security Center OpenAPI. Refer to the Knowledge Base for more details.
- Remove the virtual machine from the list of the tenant managed devices. You can move the virtual machine to the Unassigned devices folder of Kaspersky Security Center main Administration Server or delete the virtual machine from Kaspersky Security Center.
You can perform these actions manually in Kaspersky Security Center interface or automate virtual machine removal form the list of managed devices using Kaspersky Security Center OpenAPI. Refer to the Knowledge Base for more details.
If the virtual machine is removed from the protected infrastructure of a simple tenant type, unregister the virtual machine in the Integration Server database.
Page top
Removing tenants
If you want to stop provision of services to a complete tenant type, remove the tenant. To do so, perform the following actions:
- Remove Light Agent for Windows, Light Agent for Linux and Kaspersky Security Center Network Agent from the tenant virtual machines.
You can perform these actions manually in Kaspersky Security Center interface or automate removal using Kaspersky Security Center OpenAPI. Refer to the Knowledge Base for more details.
- Remove the tenant from the Integration Server database, as well as remove the tenant protection infrastructure. The removal procedure is automated by means of the Integration Server REST API. When calling the REST API method, specify the
removeTenantArtifacts=trueparameter.As a result of the procedure, the following actions are automatically performed:
- Information about the tenant and the tenant virtual machines is deleted from the Integration Server database.
- The following tenant protection infrastructure is removed from Kaspersky Security Center: virtual Administration Server and the account for connecting to it, the Multitenancy KSV LA → <Tenant name> folder and its contents (subfolders and administration groups, policies and tasks, and installation packages).
- If there are no other tenants, the Multitenancy KSV LA folder is also deleted.
If provision of protection services is terminated for the simple tenant type, remove the tenant from the Integration Server database.
Page top
Using the Integration Server REST API in multi-tenancy scenarios
Interaction with the Integration Server REST API is based on requests and responses and is carried out over the HTTPS protocol using the multitenancy account.
Account parameters are passed as the following string {username}:{password} at every method call in the Authorization request header and are encoded with the Base64 method. Authentication of the Basic type is used.
The address of the request to the Integration Server REST API consists of the following parts:
https://{Integration Server address}:{Integration Server port}/{method}?{parameters}
where:
{Integration Server address}– IP address or fully qualified domain name (FQDN) of the Integration Server.{Integration Server port}– port for connecting to the Integration Server (port 7271 by default).{method}– method to call.{parameters}– method parameters, if any.
For processing requests that are time consuming and run asynchronously, tasks are used. The task is created as an intermediate query result.
Methods for working with tenants
Using the Integration Server REST API, you can perform the following actions when working with tenants and tenant virtual machines:
- Get information about the tenant
- Get a list of tenants
- Get a list of tenant virtual machines
- Create a new tenant and its protection infrastructure, or register an existing tenant
- Remove a tenant
- Activate and deactivate a tenant
- Register and unregister tenant’s virtual machines
The set of actions performed as a result of some REST API requests depends on the tenant type attribute that you specify when adding the tenant information to the Integration Server database. Deployment and deletion of the tenant protection infrastructure using the Integration Server REST API is available for the complete tenant type. For the simple tenant type, only report receiving function is automated.
Getting tenant information
Allows you to get information about the tenant from the Integration Server database.
Method:
GET /api/2.0/virtualization/tenants/{tenant ID}
where:
{tenant ID} – tenant identifier in the Integration Server database (required parameter).
In case of successful completion of the request, the REST API returns the following information about the tenant:
<tenant id="{ID}" created="{date and time}" updated="{date and time}">
<name>{name}</name>
<description>{description}</description>
<userData><![CDATA[{additional information}]]></userData>
<!-- Data in the vKsc section is available only for a complete tenant type -->
<vKsc id="{ID}">
<user>
<name>{administrator}</name>
</user>
</vKsc>
<status>{status}</status>
<type>{tenant type}</type>
</tenant>
where:
tenant id="{ID}"– tenant identifier in the Integration Server database.created="{date and time}"– date and time when the tenant was registered in the Integration Server database in YYYY-MM-DDThh:mm:ss format.updated="{date and time}"– date and time when the tenant data was updated in the Integration Server database in YYYY-MM-DDThh:mm:ss format.{name}– tenant name specified when the tenant was created.{description}– tenant description.{additional information}– additional information about the tenant stored in the Integration Server database.vKsc id="{ID}"– identifier assigned to the tenant virtual Administration Server in Kaspersky Security Center.{administrator}– name of the administrator of the tenant virtual Administration Server.{status}– current tenant status:ActiveorInactive.{tenant type}– tenant type:CompleteorSimple.
Return codes:
200 (OK)– request completed successfully. The response returns the tenant information.403 (Forbidden)– access to the resource is denied.404 (Not Found) VIRMT_TenantWithSpecifiedIdNotFound– tenant with the specified identifier is not found in the Integration Server database.
Getting a list of tenants
Allows you to get a list of all tenants, information about which is stored in the Integration Server database, as well as information about each tenant.
Method:
GET /api/2.0/virtualization/tenants
Return codes:
200 (OK)– request completed successfully. The response returns information about all tenants as a list.403 (Forbidden)– access to the resource is denied.
Getting a list of tenant virtual machines
Allows you to get a list of all registered tenant virtual machines.
Method:
GET /api/2.0/virtualization/tenants/{tenant ID}/vms
where:
{tenant ID} – tenant identifier in the Integration Server database (required parameter).
In case of successful completion of the request, the REST API returns a list of virtual machines and the following information about each tenant virtual machine:
<vm id="{ID in the database}" biosId={BIOS ID} created="{date and time}" updated="{date and time}">
<name>{name}</name>
<userData><![CDATA[{additional information}]]></userData>
</vm>
where:
{ID in the database}– identifier assigned to the virtual machine in the Integration Server database.{BIOS ID}– virtual machine identifier (BIOS ID) in UUID format.created="{date and time}"– date and time when the virtual machine was registered in the Integration Server database in YYYY-MM-DDThh:mm:ss format.updated="{date and time}"– date and time when the virtual machine data was updated in the Integration Server database in YYYY-MM-DDThh:mm:ss format.{name}– virtual machine name.{additional information}– additional information about the virtual machine stored in the Integration Server database.
Return codes:
200 (OK)– request completed successfully. The response returns a list of the tenant virtual machines.403 (Forbidden)– access to the resource is denied.404 (Not Found) VIRMT_TenantWithSpecifiedIdNotFound– tenant with the specified identifier is not found in the Integration Server database.
Creating a new tenant
Depending on the tenant type that you specify when calling the REST API method, the following actions can be performed:
- For a complete tenant type:
- Add tenant data to the Integration Server database.
- Create the tenant protection infrastructure in Kaspersky Security Center (virtual Administration Server, account for connecting to it, structure of folders and administration groups).
- Create the policies for enabling and disabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed in the Multitenancy KSV LA → <Tenant name> folder.
Policies for enabling and disabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure.
- Add information about the tenant virtual Administration Server to the Integration Server database.
- For a simple tenant type: add the tenant data to the Integration Server database.
Method:
POST /api/2.0/virtualization/tenants
The following parameters must be specified in the request body:
<tenant>
<name>{name}</name>
<description>{description}</description>
<userData><![CDATA[{additional information}]]></userData>
<preferredViisAddress>{IP address}</preferredViisAddress>
<type>{tenant type}</type>
<!-- Data in the vKsc section can be specified only for a complete tenant type -->
<vKsc>
<user>
<name>{administrator name}</name>
<password>{administrator password}</password>
</user>
</vKsc>
</tenant>
where:
{name}– tenant name (required parameter).{description}– tenant description (optional parameter).{additional information}– additional information about the tenant (optional parameter).{IP address}– IP address of the Integration Server to which the Light Agents installed on the tenant virtual machines will connect (optional parameter). The specified address is used by default when creating the Light Agent policy. If the parameter is not specified, the policy uses the Integration Server IP address from the request to REST API.{tenant type}– type of tenant:CompleteorSimple(optional parameter).{administrator name}– name of the administrator account used to connect to the tenant virtual Administration Server (required when creating a complete tenant type). The account will be created automatically during the procedure.{administrator password}– password for the administrator account encoded by the Base64 method (required when creating a complete tenant type).
The request is executed asynchronously, REST API returns identifier of the CreateTenant task. Using the task, you can monitor the progress of the tenant creation procedure. When the task execution completes, the result field displays information about the tenant including the created tenant identifier, or an error message. In case of an error at any step of the procedure, all the changes are rolled back.
Return codes:
202 (Accepted)– the request is accepted for execution. The response returns the identifier of the CreateTenant task.400 (Bad request) VIRMT_MandatoryParameterIsNotSpecified– one of the required parameters is not specified in the request body, for example, the tenant name.400 (Bad request) VIRMT_InvalidTenantType– invalid tenant type is specified in the request body, the specified tenant type does not exist.400 (Bad request) VIRMT_VKscCredentialsNotSpecified– name or password of the administrator account of Kaspersky Security Center virtual Administration Server is not specified (when creating a complete tenant type).400 (Bad request) VIRMT_InvalidViisAddressFormat– invalid format of the Integration Server IP address.403 (Forbidden)– access to the resource is denied.
Possible error codes in the task:
KSC_ServiceNotConfigured– Kaspersky Security Center connection settings are not specified.VIRMT_TenantGroupAlreadyExists– the folder with the name corresponding to the specified tenant name already exists in Kaspersky Security Center.VIRMT_TenantWithSpecifiedNameAlreadyExists– the tenant with the specified name already exists in the Integration Server database.VIRMT_PasswordNotComplyPolicy– failed to create an administrator account for Kaspersky Security Center virtual Administration Server: the specified password does not meet Kaspersky Security Center password requirements.VIRMT_UserWithSpecifiedNameAlreadyExists– failed to create an administrator account for Kaspersky Security Center virtual Administration Server: a user with the specified name already exists in Kaspersky Security Center.
Activating the tenant
Allows you to perform the following actions depending on the tenant type:
- For a complete tenant type:
- Change the tenant status to Active.
- Change the status of the policies for enabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed.
Policies for enabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure. If there are no policies for enabling tenant protection, they will be automatically created.
- For a simple tenant type: only change the tenant status to Active.
Method:
POST /api/2.0/virtualization/tenants/{tenant ID}/activate
where:
{tenant ID} – tenant identifier in the Integration Server database (required parameter).
The request is executed asynchronously, REST API returns identifier of the ChangeTenantActivation task. Using the task, you can monitor the progress of the tenant status changing procedure. When the task execution completes, the result field displays confirmation that the tenant status is changed (true) or an error message.
Return codes:
202 (Accepted)– the request is accepted for execution. The response returns the identifier of the ChangeTenantActivation task.403 (Forbidden)– access to the resource is denied.
Error codes in the task:
VIRMT_TenantWithSpecifiedIdNotFound– the tenant with the specified identifier is not found in the Integration Server database.KSC_ServiceNotConfigured– Kaspersky Security Center connection settings are not specified.
Deactivating the tenant
Allows you to perform the following actions depending on the tenant type:
- For a complete tenant type:
- Change the tenant status to Inactive.
- Change the status of the policies for disabling protection of the virtual machines with Kaspersky Security for Virtualization 5.1 Light Agent installed.
Policies for disabling protection are applied only if Kaspersky Security for Virtualization 5.1 Light Agent is installed in the tenant virtual infrastructure. If there are no policies for disabling tenant protection, they will be automatically created.
- For a simple tenant type: only change the tenant status to Inactive.
Method:
POST /api/2.0/virtualization/tenants/{tenant ID}/deactivate
where:
{tenant ID} – tenant identifier in the Integration Server database (required parameter).
The request is executed asynchronously, REST API returns identifier of the ChangeTenantActivation task. Using the task, you can monitor the progress of the tenant status changing procedure. When the task execution completes, the result field displays confirmation that the tenant status is changed (true) or an error message.
Return codes:
202 (Accepted)– the request is accepted for execution. The response returns the identifier of the ChangeTenantActivation task.403 (Forbidden)– access to the resource is denied.
Error codes in the task:
VIRMT_TenantWithSpecifiedIdNotFound– the tenant with the specified identifier is not found in the Integration Server database.KSC_ServiceNotConfigured– Kaspersky Security Center connection settings are not specified.
Registering tenant virtual machines
Allows you to add information about the tenant virtual machines to the Integration Server database.
Method:
POST /api/2.0/virtualization/tenants/{tenant ID}/vms/register
where:
{tenant ID} – tenant identifier in the Integration Server database (required parameter).
The following parameters must be specified In the request body:
<vm biosId="{BIOS ID}">
<name>{name}</name>
<userData><![CDATA[{additional information}]]></userData>
</vm>
where:
{BIOS ID}– unique virtual machine identifier (BIOS ID) (required parameter).{name}– virtual machine name (optional parameter).{additional information}– additional information about the virtual machine (optional parameter).
Return codes:
200 (OK)– request completed successfully (information about the virtual machine is added to the Integration Server database).403 (Forbidden)– access to the resource is denied.404 (Not Found) VIRMT_TenantWithSpecifiedIdNotFound– tenant with the specified identifier is not found in the Integration Server database.409 (Conflict) VIRMT_VmWithSpecifiedBiosIdAlreadyExists– virtual machine with the specified identifier is already registered in the Integration Server database.
Unregistering a virtual machine
Allows you to delete information about the tenant virtual machine from the Integration Server database.
Unregistration does not disable protection of the tenant virtual machine. You can disable protection of the virtual machine for complete tenant type by following all the steps of the procedure for removing virtual machines from the protected infrastructure.
Method:
POST /api/2.0/virtualization/tenants/{tenant ID}/vms/unregister?biosId={ID}
or
POST /api/2.0/virtualization/tenants/{tenant ID}/vms/unregister?vmId={ID}
where:
{tenant ID}– tenant identifier in the Integration Server database (required parameter).biosId={ID}– virtual machine identifier (BIOS ID) in UUID format (required parameter).vmId={ID}– virtual machine identifier in the Integration Server database in the UUID format (required parameter).
Return codes:
200 (OK)– request completed successfully (information about the virtual machine is deleted from the Integration Server database).403 (Forbidden)– access to the resource is denied.404 (Not Found) VIRMT_TenantWithSpecifiedIdNotFound– tenant with the specified identifier is not found in the Integration Server database.404 (Not Found) VIRMT_VmWithSpecifiedIdNotFound– virtual machine with the specified identifier is not found in the Integration Server database.
Removing a tenant
Allows you to perform the following actions depending on the tenant type and the specified parameters:
- For a complete tenant type:
- Delete information about the tenant and the tenant virtual machines from the Integration Server database.
- Delete the tenant protection infrastructure deployed from Kaspersky Security Center (virtual Administration Server, account for connecting to it, structure of folders and administration groups, policies, tasks, and installation packages). If there are no other tenants, the Multitenancy KSV LA folder is also deleted.
- Delete information about the tenant virtual Administration Server from the Integration Server database.
Calling the tenant removal method does not disable protection on the tenant virtual machines. To disable protection, perform all steps of the tenant removal procedure, including removal of Light Agent for Windows, Light Agent for Linux and Kaspersky Security Center Network Agent from the virtual machines. To suspend protection of the virtual machine for complete tenant type, use the tenant deactivation method.
- For a simple tenant type: remove the tenant from the Integration Server database.
Method:
DELETE /api/2.0/virtualization/tenants/{tenant ID}?removeTenantArtifacts={true|false}
where:
{tenant ID}– tenant identifier in the Integration Server database (required parameter).removeTenantArtifacts={true|false}– optional parameter that determines if to remove the tenant protection infrastructure when removing the tenant from the Integration Server database. Possible values:true– when the tenant is removed, the following actions are performed:- Remove the tenant virtual Administration Server.
- Delete the administrator account of the tenant virtual Administration Server.
- Delete the Multitenancy KSV LA → <Tenant name> folder and its contents.
- Delete the Multitenancy KSV LA folder if there are no other tenants.
false– only the tenant is deleted from the Integration Server database, the tenant protection infrastructure is not deleted.
The request is executed asynchronously, REST API returns identifier of the DeleteTenant task. Using the task, you can monitor the progress of the tenant deletion procedure. When the task execution completes, the result field displays information about the removed tenant or an error message.
In case of an error at any step of the procedure, all the changes are rolled back.
Return codes:
202 (Accepted)– the request is accepted for execution. The response returns the identifier of the DeleteTenant task.403 (Forbidden)– access to the resource is denied.
Error codes in the task:
VIRMT_TenantWithSpecifiedIdNotFound– the tenant with the specified identifier is not found in the Integration Server database.KSC_ServiceNotConfigured– Kaspersky Security Center connection settings are not specified.
Methods for working with reports
Using the Integration Server REST API, you can perform the following actions when working with tenant protection reports:
- Generate a report
- Upload a report
Report generation
Allows you to generate a report based on data saved to the Integration Server database, taking into account the specified report settings. You can specify the tenant on whose protection you want to generate a report, and the time interval for which you want to receive data.
In the header of the Accept request, pass the data output format: Accept:application/csv.
Method:
POST /api/2.0/virtualization/reports/tenants?tenantId={tenant ID}&from={date and time}&to={date and time}
where:
tenantId={tenant ID}– tenant identifier in the Integration Server database. If a tenant is specified, the report includes only information about the protection periods of this tenant’s virtual machines. If the tenant is not specified, the report will include data on all virtual machines that were protected during the specified period.from={date and time}– start date and time of the reporting period in YYYY-MM-DDThh:mm:ss format. If the value is not specified, the date of the earliest record in the Integration Server database is used.to={date and time}– end date and time of the reporting period in YYYY-MM-DDThh:mm:ss format. If the value not specified, the current date is used.
The request is executed asynchronously, REST API returns identifier of the CreateTenantReport task. Using the task, you can monitor the progress of the report generation procedure. When the task execution completes, the result field displays the report identifier or an error message.
Return codes:
202 (Accepted)– the request is accepted for execution. The response returns the identifier of the CreateTenantReport task.403 (Forbidden)– access to the resource is denied.404 (Not Found)– tenant with the specified identifier is not found in the Integration Server database.
Report upload
Allows you to upload a report generated before.
In the header of the Accept request, pass the data output format: Accept: application/csv.
The report can be uploaded in parts. You can specify the data range in the Range request header, for example:
Range: bytes=0-1023
In response to a request with this header, the REST API returns the 206 (Partial content) result and the first kilobyte of data. The response contains the Content-Range and Content-Length headers.
For example:
Content-Range: bytes=0-1023/123456
Content-Length: 1024
Method:
GET /api/2.0/virtualization/reports/tenants/{report ID}
where:
{report ID} – report identifier obtained as a result of successful completion of the CreateTenantReport task (required parameter).
Return codes:
200 (OK)– request completed successfully. The response returns the report data in the format specified in theAcceptheader.206 (Partial content)– request completed successfully. The response returns the part of the report specified by theRangeheading.403 (Forbidden)– access to the resource is denied.404 (Not Found)– report with the specified identifier is not found.415 (Unsupported Media Type)– unsupported format of the requested data (incorrect format was passed in theAcceptrequest header).
Methods for working with tasks
The tasks are used for processing requests that are time consuming and run asynchronously. Task statuses allow you to monitor the progress of actions specified in the request.
A task may have one of the following states:
- Created – task is created but not started.
- Starting – the task is in the process of starting.
- Running – the task is running. For a task in this state, the execution progress is displayed as a percent value.
- Completed – the task has been successfully completed. For a task in this state, the task execution result is displayed. The result contains task-specific data, for example, the new tenant identifier when the CreateTenant task is completed.
- Stopping – the task is being prepared for completion. If you stopped a task, it may be in this state before switching to the Canceled state.
- Failed – the task failed. For a task in this state, detailed error information is indicated.
- Canceled – the task is terminated by the user or the system. For a task in this state, detailed error information is indicated.
- Queued – the task has been queued and is waiting for execution to start.
By means of the Integration Server REST API, you can perform the following tasks:
- Get a list of tasks
- Get information about a specified task
- Cancel execution of a specified task
Getting task information
Allows you to get information about the task by its identifier.
Method:
GET /api/2.0/virtualization/tasks/{ID}
where:
{ID} – task identifier (required parameter).
In case of successful completion of the request, the REST API returns the following information about the task:
<task id="{ID}" created="{date and time}" stateChanged="{date and time}" changed="{date and time}">
<state>{state}</state>
<type>{type}</type>
<stage>{stage}</stage>
<progress>{execution progress}</progress>
<result>{result}</result>
<!-- If the task execution fails, an error message is displayed instead of the result.
<error>{error message}</error>
</task>
where:
{ID}– task ID.created="{date and time}"– task creation time in YYYY-MM-DDThh:mm:ss format.stateChanged="{date and time}"– time of the task state change in YYYY-MM-DDThh:mm:ss format.changed="{date and time}"– task change time in YYYY-MM-DDThh:mm:ss format.{state}– task state.{type}– task type. For example:CreateTenant– a task that is used in the tenant creation procedure.ChangeTenantActivation– a task that is used in the tenant activation and deactivation procedures.DeleteTenant– a task that is used in the tenant deletion procedure.CreateTenantReport– a task that is used in the tenant protection report generation procedure.
{name}– task name.{stage}– task execution stage.{execution progress}– the progress of task execution indicated as a percentage.{result}– task execution result, for example, information about the created tenant or report identifier.{error message}– if an error occurs during task execution, an error message is displayed.
Return codes:
200 (OK)– request completed successfully.403 (Forbidden)– access to the resource is denied.404 (Not Found)– task with the specified identifier is not found in the Integration Server database.
Getting a list of tasks
Allows you to get a list of all existing tasks and information about each task in the list.
Method:
GET /api/2.0/virtualization/tasks?createdFrom={date and time}&state={status}&type={type}
where:
createdFrom={date and time}– date and time in YYYY-MM-DDThh:mm:ss format (optional parameter). If the parameter is specified, the list displays the tasks that were created not earlier than the specified date and time.state={state}– task state (optional parameter). If the parameter is specified, the list displays only the tasks with the specified state.type={type}– task type (optional parameter). If the parameter is specified, the list displays only the tasks of the specified type.
Return codes:
200 (OK)– request completed successfully. The response returns a list of tasks.403 (Forbidden)– access to the resource is denied.
Canceling a task
Allows you to stop running tasks. Some tasks cannot be completed immediately. In this case, the 202 (Accepted) code is returned and the task state changes to Stopping.
Method:
POST /api/2.0/virtualization/tasks/{ID}/cancel
where:
{ID} – task identifier (required parameter).
Return codes:
200 (OK)– request completed successfully (the task was canceled).202 (Accepted)– request is accepted for execution (the task state changes to Stopping).403 (Forbidden)– access to the resource is denied.404 (Not Found)– task with the specified identifier is not found.405 (Method Not Allowed)– for child tasks: you can cancel a child task only if you cancel the parent task.409 (Conflict)– the task is already in one of the following states: Cancelled, Failed, Stopped.
Managing Light Agent for Linux from the command line
The following commands are provided for managing Light Agent for Linux installed on a virtual machine from the command line:
- delete – deletes a file from Backup
- export – exports Light Agent for Linux settings to a configuration file
- import – imports Light Agent for Linux settings from a configuration file
- license – displays information about the license for the SVM
- list – displays the list of Backup files
- productinfo – displays the application information
- restore – restores a file from Backup
- scan – starts a virus scan of the virtual machine
- statistics – displays statistics on the operation of the task
- status – displays information about the current status of the task
- start – starts the task
- stop – stops the task
- svminfo – displays information about an SVM to which the protected virtual machine is connected
- trace – enables or disables the generation of trace files on the protected virtual machine
- update – starts the database update task with additional settings
- viisinfo – displays information about the Integration Server to which the protected virtual machine is connected
The help command displays help for all commands.
Command syntax:
lightagent help [<command>]
where <command> is the name of the command for which you want to receive help.
Before executing the commands, make sure that the lightagent service is running on the protected virtual machine.
Viewing license information
The license command displays information about the license under which the application was activated.
To view information about the license under which the application has been activated, execute the following command:
lightagent license
This command outputs the following information:
License source. IP address of the SVM or fully qualified domain name (FQDN) of the SVM to which Light Agent for Linux is connected.Key. A key added on the SVM.License type. The type of license and<number of licensing units>(<server(s)>or<core(s)>). Possible values:Commercial.Trial.Beta. For beta testing.Subscription.
Expiration date. License expiration date (in the YYYY-MM-DDThh:mm:ss format).Days till expiration. The number of days until the license expiration date.
Settings:
<number of licensing units> <server(s)>. Maximum number of simultaneously running virtual machines with server operating systems for which protection is enabled.<number of licensing units> <core(s)>. Maximum number of physical processor cores used simultaneously on all hypervisors on which SVMs are deployed.
Viewing information about the application
The productinfo command displays information about the application.
To view information about the application, run the following command:
lightagent productinfo
This command outputs the following information:
Product version– version of installed Kaspersky Security application.Product installation date– date and time of application installation (in the YYYY-MM-DDThh:mm:ss format).Update information– database update details:Bases timestamp– anti-virus database update release date and time.Last successful update date– date and time when anti-virus databases were last updated (in the YYYY-MM-DDThh:mm:ss format).
Installed patches– information about the installed application module updates.id– identifier of the application module update.description– description of the application module update.
KSN information– information about KSN usage:Use KSN to check files and web addresses. Possible values:Yes,No.Use extended KSN. Possible values:Yes,No.KSN type. Possible values:Global KSNPrivate KSN
Viewing SVM information
The method used by Light Agents to discover SVMs is configured by the administrator in the Light Agent for Linux policy.
You can receive information about the SVM to which Light Agent is connected using the svminfo command.
To view information about the SVM to which Light Agent is connected, execute the following command:
lightagent svminfo
This command outputs the following information:
Current SVM. IP address of the SVM to which Light Agent is connected, or the fully qualified domain name (FQDN) of the SVM. If the SVM to which Light Agent is connected is local,localis indicated in brackets next to the IP address or fully qualified domain name of the SVM. If the SVM to which Light Agent is connected is not local,not localis indicated in brackets.Discovery method. Method of receiving information about SVMs. Possible values:VIIS. Using the Integration Server.List. Using the list of SVM addresses.
List of known SVMs. A list of SVMs to which Light Agents can connect. This information is displayed only if theListmethod is specified as theDiscovery method.
Viewing information about the Integration Server
The viisinfo command returns information about the Integration Server to which the Light Agent is connected.
To view information about the Integration Server to which the Light Agent is connected, run the following command:
lightagent viisinfo
This command outputs the following information:
Viis address– IP address or fully qualified domain name (FQDN) of the Integration Server to which Light Agent is connected, and the Integration Server port.Status– status of the Light Agent connection to the Integration Server. Possible values:Connected– Light Agent is connected to the Integration Server.No connection– there is no connection to the Integration Server.
Starting and stopping a task
A user can start or stop the following types of tasks:
- Real-time protection task
- Database update task
To run a task, execute the following command:
lightagent start <task type>
where <task type> is the type of task that you want to run.
If you do not specify the task type, the application will display a list of all tasks for which you can run this command. Possible values:
File_Monitoring. Real-time protection task.Updater. Database update task.
You can also use the start a database update task with additional settings command to run the update task.
To stop a task, execute the following command:
lightagent stop <task type>
where <task type> is the type of task that you want to stop.
If you do not specify the task type, the application will display a list of all tasks for which you can run this command. Possible values:
File_Monitoring. Real-time protection task.Updater. Database update task.
Viewing the status of the task
One aspect of managing tasks is viewing the current status of tasks.
You can view the current status of the following types of tasks:
- Real-time protection task
- Custom scan task
- Database update task
To view the status of a task, execute the following command:
lightagent status <task type>
where <task type> is the type of task whose status you want to view.
If you do not specify the task type, the application will display a list of all tasks for which you can run this command. Possible values:
File_Monitoring. Real-time protection task.Scan_Objects. Custom scan task.Updater. Database update task.
The command displays one of the following task status values:
Starting. The task is starting.Running. The task is in progress.Pausing. The task is being paused.Paused. The task has been paused.Resuming. The task is being resumed.Stopping. The task is stopping.Stopped. The task is stopped.Database update is expected. This status is displayed after the application is installed. Databases will be updated after connecting Light Agent for Linux to an SVM. To connect Light Agent to an SVM, you must specify the SVM discovery method.Stop reason. The reason why the task execution finished. Possible values:Unknown. The value is unknown.NeverRun. The task was never started.Completed. The task has been successfully completed.Canceled. The task was aborted by the user.Failed. The task failed due to an internal error.
Viewing task performance statistics
You can view performance statistics for the following types of tasks:
- Custom scan task
- Database update task
To view task performance statistics, execute the following command:
lightagent statistics <task type>
where <task type> is the type of task whose performance statistics you want to view.
If you do not specify the task type, the application will display a list of all tasks for which you can run this command. Possible values:
Scan_Objects. Custom scan task.Updater. Database update task.
This command displays the following custom scan task information:
Current time. The current time.Time Start. The task start time.Time Finish. The time when the task was finished.Completion. The percentage of task completion.Stop reason. The reason why the task execution finished. Possible values:Unknown. The value is unknown.NeverRun. The task was never started.Completed. The task has been successfully completed.Canceled. The task was aborted by the user.Failed. The task stopped due to an internal error.
Processed objects. The number of processed files.Total detected. The number of infected files.Threats detected. The number of malware types detected.Untreated. The number of unprocessed files.Disinfected. The number of disinfected files.Deleted. The number of deleted files.Skipped. The number of skipped files.Archived. The number of archives.Packed. The number of packed files.Password protected. The number of files protected by password.Corrupted. The number of damaged files.Errors. The number of errors during scanning.Last object. The last file scanned.
This command displays the following database update task information:
Current time. The current time.Time Start. The task start time.Time Finish. The time when the task was finished.Completion. The percentage of task completion.Stop reason. The reason why the task execution finished. Possible values:Unknown. The value is unknown.NeverRun. The task was never started.Completed. The task has been successfully completed.Canceled. The task was aborted by the user.Failed. The task stopped due to an internal error.
Total downloaded size. The total size of updates downloaded (in bytes).Speed. The update download speed (bytes/s).
Scanning the virtual machine
Protected virtual machines that have the Light Agent for Linux component installed can employ the following tasks that can be managed from the command line:
- Full scan – thorough scan of the protected virtual machine's operating system, including system memory, startup objects, boot sectors, and all hard drives, removable drives and network drives.
- Custom scan - a scan of user-selected objects on the protected virtual machine.
You can perform the following actions from the command line, to start and configure scan task settings:
- Start full scan task for all objects of the protected virtual machine's file system.
- Start custom scan task, defining the scan task scope.
- Configure scanning of compound files.
- Specify the action that is performed by the application on detection of an infected file.
- Configure the usage of iChecker scanning technology.
- Configure advanced settings for scan tasks.
Please note the special considerations when scanning hard links and symbolic links.
Full Scan
You can start the full scan of all objects of the protected virtual machine's file system, including system memory, startup objects, boot sectors, and all hard drives, removable drives and network drives.
To start a full scan task, execute the following command:
lightagent scan
You can also use a configuration file to run a scan task or start it with advanced settings, allowing to log task-related events to file.
Page top
Custom Scan
You can start a Custom Scan task on a protected virtual machine by specifying the list of files and objects to scan, the file names (or paths to them) or templates of file names (or paths to them).
To start a custom scan task, execute the following command:
lightagent scan [<path to the file or folder>][<path to the file or folder>...][--boot][--memory][--startup][--@:<filelist.lst>]
where:
<path to the file or folder>– path to the file or folder that you want to scan for viruses and other malware. You can use masks to specify the path to a file or folder. If you do not specify the paths to files or folders, the application scans all objects of the file system of the protected virtual machine.boot– scan disk boot sectors.memory– scan system memory.startup– scan startup objects.@:<filelist.lst>– scan files from the list. In the text file, specify the files or folders that you want to scan for viruses and other malware by typing them from a new line.
You can also use a configuration file to run a scan task or start it with advanced settings, allowing to log task-related events to file.
Page top
Scan compound files
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
You can also reduce the compound file scan duration by specifying the following restrictions:
- Restriction on the duration of compound file scan: the application stops scanning a compound file after the specified amount of time.
- Restriction on the maximum size of the compound file to be scanned: the application does not unpack or scan compound files whose size exceeds the specified value.
To configure scanning of compound files, execute the following command:
lightagent scan [--e:a] [--e:b] [--e:<maximum scan time>] [--es:<maximum file size>]
where:
--e:a– do not scan archives.--e:b– do not scan mail databases and email format files.--e:<maximum scan time>– do not scan compound files if the scan takes longer than the specified time. Specify the maximum scan duration for a file in seconds.--es:<maximum file size>– do not scan compound files if their size exceeds the specified value. Specify the maximum size of a compound object to be scanned, in megabytes.
Selecting the action to take on infected files
You can specify the actions that Kaspersky Security will perform when it detects infected files.
To specify actions to take on infected files, execute the following command:
lightagent scan [<path to the file or folder>] [--i<0-4>]
where:
<path to the file or folder>– path to the file or folder that you want to scan for viruses and other malware. If you do not specify the paths to files or folders, the application scans all objects of the file system of the protected virtual machine.i0– on detecting infected files, perform the Inform action. If this parameter is specified, Kaspersky Security informs you about the detection of infected files.i1– on detecting infected files, perform the Disinfect action. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application leaves such files unchanged.i2– on detecting infected files, perform the Disinfect action. Delete if disinfection fails. Skip compound files if they cannot be disinfected or deleted. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application removes them. If the infected file is part of a compound file and cannot be deleted, the application leaves this file unchanged.i3– on detecting infected files, perform the Disinfect action. Delete if disinfection fails option is selected by default. If this parameter is specified, Kaspersky Security automatically attempts to disinfect all infected files that are detected. If disinfection fails, the application removes them. If the infected file is part of a compound file and cannot be deleted, the application deletes the entire compound file. This action is performed by default.i4– on detecting infected files, perform the Delete action. If this parameter is specified, Kaspersky Security automatically deletes the infected file, having first created a backup copy of the file. If the infected file that is part of a compound file cannot be deleted, the application deletes the entire compound file.
Using iChecker technology in scans
You can enable usage of iChecker technology during protected virtual machine scanning. iChecker technology increases scanning speed by excluding certain files from scanning. Files are excluded from scanning by using a special algorithm that takes into account the release date of Kaspersky Security databases, the date that the file was last scanned on, and any modifications to the scanning settings. Usage of iChecker technology during protected virtual machine scanning is enabled by default.
To disable usage of iChecker technology, execute the following command:
lightagent scan --iChecker:off
To enable usage of iChecker technology, execute the following command:
lightagent scan --iChecker:on
Configuring advanced settings for scan tasks
You can use a configuration file to run a scan task or start this task with advanced settings, allowing to log task-related events to file.
To configure advanced scan settings, execute the following command:
lightagent scan [--R[A]:<path to the report file>][--C:<path to the configuration file>]
where:
R:<path to the report file>– save only important events that occur during the scan task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.RA:<path to the report file>– save all events that occur during the scan task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.C:<path to the configuration file>– use the settings specified in the configuration file during the scan task. Specify a full path to the configuration file.Examples:
Run a scan task using the settings from the configuration file named config:
lightagent scan --C:/temp/configExample of a configuration file with settings that prescribe a scan of a file named example, while saving information about events that occur during the scan in the file named report.log:
./example --RA:/tmp/report.log
Database update
In addition to the standard start command, you can use a command to start a database update task with advanced settings. These settings enable logging of update task events to a file, or use of configuration file settings when running an update task.
To run a database update task, execute the following command:
lightagent update [--R[A]:<path to the report file>] [--C:<path to the configuration file>]
where:
R:<path to the report file>– save only important events that occur during the update task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.RA:<path to the report file>– save all events that occur during the update task in the report file. Specify the full path to the file for logging events. The application creates this file and logs events in it.C:<path to the configuration file>– use the settings specified in the configuration file during the update. Specify a full path to the configuration file.Example:
Start the database update task and save information about task-related events in the update.txt file:
lightagent update --RA:/usr/local/update.txt
The command logs the following information in the report file:
Update source– network address of the SVM folder where application databases are stored.Completion. The percentage of task completion.Update status– task execution result. Possible values:Succeed– the task has been successfully completed.Failed– the task failed due to an internal error.
Managing Backup
You can perform the following actions in Backup from the command line of Light Agent for Linux:
- View the list of backup copies of files.
- Restore files from backup copies to their original folders.
- Delete backup copies of files from Backup.
Viewing the list of files in Backup
To view the list of files in Backup, execute the following command:
lightagent list backup
This command displays a list of files in Backup containing the following information about the files:
- Date and time at which the file was moved to Backup (in the YYYY-MM-DDThh:mm:ss format).
- Numerical identifier of a file in Backup.
- Path to the file's original folder to which it can be restored.
Restoring files from Backup
You can restore the file from its backup copy to its original folder.
Restoring infected files from Backup can result in virtual machine infection.
To restore a file from Backup:
lightagent restore <file ID> [--replace]
where:
<file ID>– the numerical identifier of the file in Backup that you can find out by using the list command.replace– overwrite the file having the specified ID with the restored file if it is located in the same folder.
The application restores the file to the folder where the file was originally located.
Page top
Removing files from Backup
To delete a file from Backup:
lightagent delete <file ID>
where:
<file ID> – the numerical identifier of the file in Backup that you can find out by using the list command.
Managing Light Agent for Windows from the command line
The following commands are provided for managing Light Agent for Windows installed on a virtual machine from the command line:
- EXIT – terminates Light Agent for Windows
- EXPORT – exports Light Agent for Windows settings to a file
- IMPORT – imports Light Agent for Windows settings from a file
- LICENSE – displays information about the license for the SVM
- RESTORE – restores a file from Backup
- SCAN – starts a virus scan of the virtual machine
- START – starts the task
- STATISTICS – displays statistics on the task execution
- STATUS – displays information about the current status of the task
- STOP – stops the task
- SVMINFO – displays information about the SVM to which the Light Agent installed on the virtual machine is connected
- TRACES – enables or disables the generation of trace files on the protected virtual machine
- UPDATE – updates databases and application modules
The HELP command displays help for commands.
EXIT command
Terminates Light Agent for Windows operation.
To execute the command for Light Agent for Windows termination, first enable protection of access to Light Agent functions and settings and specify the settings of the account used for access.
Command syntax:
EXIT /login:<user name> /password:<password>
Settings:
/login:<user name>– name of the account used to access the application./password:<password>– name of the account used to access the application.Examples:
avp.com EXIT /login:LOGIN /password:PASSWORD
EXPORT command
Exports Light Agent for Windows settings to a file.
Command syntax:
EXPORT <file name>
Settings:
<file name> – name of the file to which the settings should be exported.
Use the TXT extension for files in text format.
Examples:
|
IMPORT command
Imports Light Agent for Windows settings from a file.
To execute the command for importing Light Agent for Windows settings, first enable protection of access to Light Agent functions and settings and specify the settings of the account used for access.
Command syntax:
IMPORT <file name> /login:<user name> /password:<password>
Settings:
<file name>– file from which the settings should be imported (only binary files are supported)./login:<user name>– name of the account used to access the application./password:<password>– name of the account used to access the application.Examples:
avp.com IMPORT settings.cfg /login:LOGIN /password:PASSWORD
LICENSE command
Displays information about the license for the SVM.
Command syntax:
LICENSE /check
Settings:
/check – displays information about the license under which the application was activated.
RESTORE command
Restores a file from the backup.
Command syntax:
RESTORE [/REPLACE] <file name> [/login:<user name>] [/password:<password>]
Settings:
/REPLACE– overwrite the existing file.<file name>– name of the restored file./login:<user name>– name of the account used to access the application./password:<password>– name of the account used to access the application.Examples:
avp.com RESTORE /REPLACE C:\eicar.com
SCAN command
Starts virus scan of the virtual machine.
Command syntax:
SCAN [<files>] [/ALL][/MEMORY][/STARTUP][/MAIL][/REMDRIVES] [/FIXDRIVES][/NETDRIVES][/@:<filelist.lst>] [/i<0-4>] [/e:a|s|b|<mask>|<maximum scan time>] [/R[A]:<report file>] [/C:<configuration file>]
Settings:
<files>– list of files and folders separated by spaces (long paths must be enclosed in quotation marks)./ALL– scan all file system objects of the protected virtual machine./MEMORY– scan the memory of the protected virtual machine./STARTUP– scan startup objects./MAIL– scan mailboxes./REMDRIVES– scan removable drives./FIXDRIVES– scan hard drives./NETDRIVES– scan network drives./@:<filelist.lst>– scan files in the list./i0– inform./i1– disinfect or skip if disinfection fails./i2– disinfect or delete if disinfection fails (in this case, the application does not delete files from containers but deletes containers that have an executable extension)./i3– disinfect or delete if disinfection fails (in this case, the application deletes containers if it is impossible to delete the object from the container)./i4– delete (including deletion of containers if it is impossible to delete the object from the container)./i8(default) – immediately ask the user./i9– ask the user after the task completes./fe– quick scan mode (by extension)./fi– smart scan mode (by format)./fa(default) – scan all files.--e:a– do not scan archives./e:b– do not scan mail databases and the text of email messages./e:<mask>– do not scan files by mask.--e:<maximum scan time>– do not scan compound files if the scan takes longer than the specified time. Specify the maximum scan duration for a file in seconds./es:<maximum file size>– do not scan files if their size exceeds the specified value. Specify the maximum size of a file to be scanned, in megabytes./iSwift=<on|off>– enable or disable iSwift technology./C:<configuration file>– specify the configuration file./R:<report file>– save only critical events to the report file./RA:<report file>– save all events to the report file.Examples:
avp.com SCAN /R:log.txt /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" C:\Downloads\test.exeavp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log
START command
Starts the task execution.
Command syntax:
START [<profile>] [/login:<user name>] [/password:<password>] [/R[A]:<report file>]
Settings:
<profile>– profile name. Available profiles:- File_Monitoring (FM). File Anti-Virus.
- Scan_IdleScan. Scanning when the protected virtual machine is idle.
- Scan_My_Computer. Full scan task.
- Scan_Objects. Custom scan task.
- Scan_Qscan. Startup objects scan task.
- Scan_Startup (STARTUP). Critical areas scan task.
- SW2. System Watcher.
- Updater. Database update task.
- Web_Monitoring (WM). Web Anti-Virus.
- AmsiTask (Amsi). AMSI Protection.
If the profile name is not specified, the command displays the list of available profiles. You can also view this list using the following command:
avp.com HELP START./login:<user name>– name of the account used to access the application./password:<password>– password./R:<report file>– save only critical events to the report./RA:<report file>– save all events to the report.Examples:
avp.com START Scan_Objects
STATISTICS command
Displays the task execution statistics.
Command syntax:
STATISTICS [<profile>]
Settings:
<profile> – profile name. Available profiles:
- Scan_Objects. Custom scan task.
- Updater. Database update task.
If the profile name is not specified, the command displays the list of available profiles.
Page top
STATUS command
Displays information about the current status of the task.
Command syntax:
STATUS [<profile>]
Settings:
<profile> – profile name. Available profiles:
- File_Monitoring (FM). File Anti-Virus.
- Scan_IdleScan. Scanning when the protected virtual machine is idle.
- Scan_My_Computer. Full scan task.
- Scan_Objects. Custom scan task.
- Scan_Qscan. Startup objects scan task.
- Scan_Startup (STARTUP). Critical areas scan task.
- SW2. System Watcher.
- Updater. Database update task.
- Web_Monitoring (WM). Web Anti-Virus.
- AmsiTask (Amsi). AMSI Protection.
If the profile name is not specified, the command displays the list of available profiles. You can also view this list using the following command: avp.com HELP STATUS.
STOP command
Stops the task execution.
To execute the task termination command, first enable protection of access to Light Agent functions and settings and specify the settings of the account used for access.
Command syntax:
STOP [<profile>] /login:<user name> /password:<password>
Settings:
<profile>– profile name. Available profiles:- File_Monitoring (FM). File Anti-Virus.
- Scan_IdleScan. Scanning when the protected virtual machine is idle.
- Scan_My_Computer. Full scan task.
- Scan_Objects. Custom scan task.
- Scan_Qscan. Startup objects scan task.
- Scan_Startup (STARTUP). Critical areas scan task.
- SW2. System Watcher.
- Updater. Database update task.
- Web_Monitoring (WM). Web Anti-Virus.
- AmsiTask (Amsi). AMSI Protection.
If the profile name is not specified, the command displays the list of available profiles. You can also view this list using the following command:
avp.com HELP STOP./login:<user name>– name of the account used to access the application./password:<password>– password.
SVMINFO command
Displays information about the SVM to which the Light Agent installed on the virtual machine is connected.
Command syntax:
SVMINFO
TRACES command
Enables or disables generation of trace files on the protected virtual machine.
Command syntax:
TRACES on|off|clear|copyto <UNC-path> [/login:<user name>] [/password:<password>]
Settings:
on– enable tracing.off– disable tracing.clear– delete all trace files.copyto <UNC-path>– save the trace file in the specified folder./login:<user name>– name of the account used to access the application./password:<password>– password.Examples:
avp.com TRACES offavp.com TRACES onavp.com TRACES clearavp.com TRACES copyto C:\Traces
UPDATE command
Updates Light Agent databases and modules on the protected virtual machine.
Command syntax:
UPDATE [source] [/R[A]:<report file>] [/C:<configuration file>] [/APP on|off]
Settings:
source– path to the local folder of the update source./R:<report file>– save only critical events to the report file./RA:<report file>– save all events to the report file./C:<configuration file>– specify the configuration file./APP <on|off>– enable or disable downloading of automatic patches.Examples:
avp.com UPDATE "ftp://my_server/kav updates" /RA:avbases_upd.txt
Contacting Technical Support
This section describes the ways to get technical support and the terms on which it is available.
How to get technical support
If you cannot find a solution to your issue in the application help or in other sources of information about the application, you are advised to contact Technical Support. Technical Support specialists will answer your questions about installing and using the application.
Kaspersky provides support for this application during its life cycle (see the product support life cycle page). Before contacting Technical Support, please read the support rules.
You can contact Technical Support in one of the following ways:
- Visit the Technical Support website.
- Submit a request to Kaspersky Technical Support through the Kaspersky CompanyAccount portal.
Technical Support via Kaspersky CompanyAccount
Kaspersky CompanyAccount is a portal for organizations that use Kaspersky applications. The Kaspersky CompanyAccount portal is designed to facilitate interaction between users and Kaspersky experts via online requests. The Kaspersky CompanyAccount portal lets you monitor the progress of electronic request processing by Kaspersky experts and store a history of electronic requests.
You can register all of your organization's employees under a single Kaspersky CompanyAccount. A single account lets you centrally manage electronic requests from registered employees to Kaspersky and also manage the privileges of these employees via Kaspersky CompanyAccount.
The Kaspersky CompanyAccount portal is available in the following languages:
- English
- Spanish
- Italian
- German
- Polish
- Portuguese
- Russian
- French
- Japanese
To learn more about Kaspersky CompanyAccount, visit the Technical Support website.
Page top
Getting information for Technical Support
Getting data files
After you inform Kaspersky Technical Support specialists about your issue, they may ask you to send the following files:
- SVM system statistics files
- Dump files of the Protection Server and Light Agents
- Trace files of the application components Installation Wizard
- Trace files of Light Agent for Windows Installation Wizard
- Trace files of the Integration Server and Integration Server Console
- Trace files of SVMs, Light Agent, and Kaspersky Security management plug-ins
A dump file contains all information about the operation memory of Kaspersky Security processes at the time the dump file was created.
A trace file helps track down step-by-step execution of application commands and detect the phase of application operation when an error occurs.
Editing application settings
Technical Support specialists may also require additional information about the operating system, processes that are running on the protected virtual machine, detailed reports on the operation of application components.
While conducting diagnostic work Technical Support specialists may ask you to change application settings for debugging purposes:
- Activate the functionality that gathers extended diagnostic information.
- Run the utilities, included in the application distribution kit.
- Change the settings for storing diagnostic information.
- Enable debugging mode for the Integration Server.
- Configure interception of network traffic and save it to file.
- Fine-tune the settings of application functional components, Light Agents, Protection Server, Integration Server, Integration Server Console and management plug-ins, which cannot be configured by means of the application operation management tools described in this Help (Kaspersky Security Center, local interface, command line).
Technical Support experts will provide you with all the information needed to perform the listed operations, including a description of the sequence of steps, settings to be modified, configuration files, scripts, additional command line functionality, debugging modules, special-purpose utilities, and will inform you about the scope of data submitted for debugging purposes.
The extended diagnostic information is saved on your virtual machine. The data is not automatically sent to Kaspersky.
You are strongly advised to perform the above-mentioned steps solely under the guidance of Technical Support specialists and according to their instructions. Unassisted modification of the application operation settings in the ways not described in the application help or in the recommendations from the Technical Support specialists can lead to slowdowns and malfunctions of the operating system, decrease of the virtual machine protection level, as well as to a violation of the availability and integrity of the processed information.
Configuring additional web plug-ins settings
Technical Support experts may recommend you to configure the following settings in the AdvancedPluginSettings.json file with additional web plug-ins operation parameters:
- Settings for SVM selection algorithms for connection.
- Response waiting time for the interaction of application components.
- Configuration settings for Certificate Revocation List verification.
AdvancedPluginSettings.json files must be created in the web plug-ins installation folders:
- <Kaspersky Security Center Web Console installation folder>\server\plugins\<plug-in identifier> – for the devices with the Windows operating systems
- <Kaspersky Security Center Web Console installation folder>/server/plugins/<plug-in identifier> – for the devices with the Linux operating systems
where the <plug-in identifier> may have one of the following values:
- SVM_5_2_0_0 – web plug-in identifier for Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server.
- KSVLA_5_2_0_0 – web plug-in identifier for Kaspersky Security for Virtualization 5.2 Light Agent for Windows.
- KSVLALIN_5_2_0_0 – web plug-in identifier for Kaspersky Security for Virtualization 5.2 Light Agent for Linux.
The web plug-in installation folders also contain templates of files with examples of configured setting named ~AdvancedPluginSettings.json.
You are strongly advised to perform the above-mentioned steps solely under the guidance of Technical Support specialists and according to their instructions. Unassisted modification of the application operation settings in the ways not described in the application help or in the recommendations from the Technical Support specialists can lead to slowdowns and malfunctions of the operating system, decrease of the virtual machine protection level, as well as to a violation of the availability and integrity of the processed information.
Disabling the rollback function
You may need to disable the rollback function to analyze an error that occurred during SVM deployment.
To disable the rollback function:
- On the device with Kaspersky Security Center Administration Console installed, open the %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\Kaspersky.VIISConsole.UI.exe.config file in a text editor for editing.
You must edit the file under the administrator account.
- In the
<appSettings></appSettings>section, edit the<!--<add key="disableRollback" value="1" />-->string as follows:<add key="disableRollback" value="1" /> - Save and close the Kaspersky.VIISConsole.UI.exe.config file.
Getting information about SVMs connected to the Integration Server
Technical Support experts may ask you to provide information about the SVMs that are connected to the Integration Server. You can view a list of all SVMs connected to the Integration Server in the Integration Server Console.
Application performance diagnostics
For application performance diagnostics, you may need to turn on debug mode for the Integration Server. To turn on debug mode, you need to use special configuration file settings. For more detailed information, please contact Technical Support.
For diagnostics of the Integration Server, Technical Support experts may ask you to use the diagnostic tool named viis_console included in the application distribution kit. For more detailed information, please contact Technical Support.
About Protection Server and Light Agent dump files
A dump file contains information about the operation memory of Kaspersky Security processes at the time the dump file was created.
A dump file can also contain personal data. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Protection Server dump files
By default, Protection Server dump files are not created. You can enable or disable logging of dump files.
To enable logging of Protection Server dump files:
- Create an etc/opt/kaspersky/la/dumps_enabled file.
- Restart the scanserver service by running the
systemctl restart la-scanservercommand.
By default, all created dump files are located in the /var/opt/kaspersky/la/dumps directory. The name of each *.dmp file contains the date and time when the file was created, the process identifier (PID), and the dump number in the session.
You can change the dump logging settings in the ScanServer.conf configuration file (in the [dumps] section).
Access to the dump files requires the password of the SVM root account assigned during Protection Server installation. If you change the default directory for storing dump files, Kaspersky Security does not control access to dump files. If the file system where the specified directory is located supports appropriate access control, the root account permissions are required to access the dump files.
Protection Server dump files are not automatically sent to Kaspersky. Dump files are automatically deleted when uninstalling the application.
To disable logging of Protection Server dump files:
- Delete the etc/opt/kaspersky/la/dumps_enabled file.
- Restart the scanserver service by running the
systemctl restart la-scanservercommand.
About Light Agent for Windows dump files
Light Agent for Windows dump files (*.dmp) are created automatically when an application failure occurs and are saved to the %ProgramData%\Kaspersky Lab folder.
Saved dump files can contain sensitive data. The files are saved in readable format, access to files is not restricted. To control access to data, you need to protect the dump files on your own.
Light Agent for Windows dump files are not automatically sent to Kaspersky. Dump files are automatically deleted when uninstalling the application.
About Light Agent for Linux dump files
By default, Light Agent for Linux dump files are not created. You can enable or disable logging of dump files.
To enable logging of dumps for Light Agent for Linux:
- Create a /etc/opt/kaspersky/lightagent/dumps_enabled file.
- Restart the lightagent service by executing one of the following commands:
systemctl restart lightagent– for systems with systemd support/etc/init.d/lightagent restart– for systems with SysV init support
By default, all created dump files are located in the /var/opt/kaspersky/lightagent/dumps directory. The name of each *.dmp file contains the date and time when the file was created, the process identifier (PID), and the dump number in the session.
You can change the dump logging settings in the LightAgent.conf configuration file (in the [dumps] section).
If you changed the default directory for dump files, the dump files will not be automatically deleted when you uninstall Light Agent for Linux. You can delete the files manually.
The root account permissions are required to access the dump files. If you change the default directory for storing dump files, Kaspersky Security does not control access to dump files. If the file system where the specified directory is located supports appropriate access control, the root account permissions are required to access the dump files.
Light Agent for Linux dump files are not automatically sent to Kaspersky. Dump files are automatically deleted when uninstalling the application, unless you changed the default dump file storage directory.
To disable logging of dumps for Light Agent for Linux:
- Delete the /etc/opt/kaspersky/lightagent/dumps_enabled file.
- Restart the lightagent service by executing one of the following commands:
systemctl restart lightagent– for systems with systemd support/etc/init.d/lightagent restart– for systems with SysV init support
About the Kaspersky Security components installation Wizard trace files
Information about the progress and results of the Kaspersky Security Components Installation Wizard is written to trace files. If installation, upgrade, or removal of MMC plug-ins, Integration Server or Integration Server Console ends with an error, you can use these trace files when contacting Technical Support.
Trace files of the Kaspersky Security Components Installation Wizard are files in TXT format. They are automatically saved on the same device where the Wizard was started.
If you installed Kaspersky Security components, unpacked the Light Agent distribution packages or downloaded SVM images, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_<version number>_Light_Agent_BundleInitialInstall_logs_<date and time>.zip, where:
- <version number> refers to the number of the installed version of Kaspersky Security.
- <date and time> refers to the date and time when the installation was completed.
If you upgraded Kaspersky Security components, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_<version number>_Light_Agent_BundleMajorUpgrade_logs_<date and time>.zip, where:
- <version number> refers to the number of the installed version of Kaspersky Security.
- <date and time> refers to the date and time when the upgrade was completed.
If you removed Kaspersky Security components, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_<version number>_Light_Agent_BundleUninstall_logs_<date and time>.zip, where:
- <version number> refers to the number of the installed version of Kaspersky Security.
- <date and time> refers to the date and time when the removal was completed.
Trace files of the Kaspersky Security Components Installation Wizard contain the following information:
- Diagnostic information about the process of installation, upgrade, or removal of Kaspersky Security components or the unpacking of Light Agent distribution packages.
- Name of the device on which the user started the procedure for installing, upgrading or removing Kaspersky Security components, and the name of the user that started the procedure.
- Information about errors that occurred during the process of installation, upgrade, or removal of Kaspersky Security components.
- Path to the folder used for unpacking the Light Agent distribution packages.
Trace files of Kaspersky Security components Installation Wizard are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Trace files of Kaspersky Security components Installation Wizard are not automatically sent to Kaspersky.
Page top
About Light Agent for Windows Installation Wizard trace files
Information about the progress and results of installation or removal of Light Agent for Windows is written to trace files located in the %Temp% folder on the virtual machine.
If you installed Light Agent, the following files are created in the %Temp% folder:
- kl-install-<date and time>.log, where <date and time> refers to the date and time of installation completion.
- kl-setup-<date and time>.log, where <date and time> refers to the date and time of installation completion.
- ucaevents.log.
If you removed Light Agent, an MSI*.log file is created in the %Temp% folder (for example, MSI1f3f.log).
Trace files contain the following information:
- Diagnostic information about the process of installing and removing Light Agent for Windows.
- Path to the Light Agent installation folder.
- Information about errors that occur during the process of installing and removing Light Agent.
Trace files may contain personal data, including the last name, first name and middle name, only if such data is included in the path to files on protected virtual machines.
If installation or removal of Light Agent for Windows ends with an error, you can use these files when contacting Technical Support.
Trace files of Light Agent for Windows Installation Wizard are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Trace files of Light Agent for Windows Installation Wizard are not automatically sent to Kaspersky.
Page top
About trace files of the Integration Server and Integration Server Console
Information about the operation of the Integration Server and the Integration Server Console may be recorded in the following trace files:
- %ProgramData%\Kaspersky Lab\VIISLA\logs\service.log – the Integration Server trace file.
- %ProgramData%\Kaspersky Lab\VIISLA Console\logs\console.log – the trace file of the Integration Server Console.
Trace files are created only after you have enabled the logging of information on the Integration Server operation. By default, information about the operation of the Integration Server and Integration Server Console is not saved.
You can enable the logging of information to Integration Server and Integration Server Console trace files, and change the verbosity level of information in trace files by using the following configuration files:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\Nlog.config is for the Integration Server trace file.
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\NLog.config is for the Integration Server Console trace file.
Contact Technical Support representatives for details.
If you enabled the logging of information to the Integration Server trace file, you can view this file by clicking the View trace file link in the Integration Server settings section of the Integration Server Console. The link is available only if the Integration Server Console is installed on the same device as the Integration Server.
The following information may be saved in the Integration Server trace file:
- Diagnostic information about the operation of the Integration Server, its workload, and the results of a data integrity check.
- Headers and contents of HTTP requests that are sent and received by the Integration Server during its operation.
- IP addresses of SVMs and protected virtual machines, and the IP address of the device hosting the Kaspersky Security Center Administration Console and the Kaspersky Security MMC plug-ins if the Kaspersky Security Center Administration Console is installed separately from the Kaspersky Security Center Administration Server.
- Tracing of requests to the Integration Server.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server accounts.
- Depending on the type of virtual infrastructure:
- IP addresses or fully qualified domain names (FQDN) of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
- IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
- If Kaspersky Security is used in multitenancy mode:
- Names and identifiers of the tenants registered in the Integration Server database.
- Account names of Kaspersky Security Center virtual Administration Servers administrators.
- Identifiers and IP addresses of the tenant virtual machines.
The following information may be saved in the Integration Server Console trace file:
- Diagnostic information about the operation of the Integration Server Console.
- Tracing of command line parameters and results of checking them.
- Headers and contents of HTTP requests that are sent and received by the Integration Server Console during its operation.
- Information about navigations through sections of the Integration Server Console and working with interface elements.
- IP address of the Kaspersky Security Center Administration Server.
- Port numbers for interaction with the Kaspersky Security Center Administration Server through the Kaspersky Security Center Network Agent.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server accounts.
- Depending on the type of virtual infrastructure:
- IP addresses or fully qualified domain names (FQDN) of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
- IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
- If Kaspersky Security is used in multitenancy mode, the names of tenants registered in the Integration Server database are listed.
You can use Integration Server trace files and Integration Server Console trace files when contacting the Technical Support. The information recorded in trace files may be needed for analysis and identification of the causes of errors in the operation of the Integration Server.
Trace files of the Integration Server and Integration Server Console are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Integration Server trace files and Integration Server Console trace files are not automatically sent to Kaspersky.
Page top
Trace files of SVMs, Light Agent, and Kaspersky Security management plug-ins
Trace files of SVMs, Light Agent, and Kaspersky Security management plug-ins may contain the following general data:
- Event time
- Number of the thread of execution
- Name of the Kaspersky Security component that caused the event
- Degree of event importance (informational event, warning, critical event, error)
- Description of the event involving execution of a command received from the Kaspersky Security component, and the result of execution of this command
SVM trace files
During SVM operation, the following trace files may be created on an SVM:
- Protection Server trace file (ScanServer.log). The name of the file contains the file creation date and time. In addition to general data, this file may contain the following information:
- Personal data, including the last name, first name and middle name, if such data is included in the path to files on protected virtual machines.
- The name of the account used to log in to the operating system if the user account name is part of a file name.
- Your email address or web address containing the name of your account and password if they are contained in the name of the detected object.
- Settings for connecting SVMs to the Integration Server.
- Information about connecting Light Agents to SVM: unique SVM identifier, unique identifier and information about the operating system of the virtual machine, on which Light Agent is installed, time intervals during which the Light Agent was connected to the SVM.
- boot_config.log trace file This file records the results of executing commands of the SVM first startup script.
- wdserver.log trace file. This file records information about events that occur during operation of the watchdog service (wdserver). The file contains general data.
- SnmpTool.log trace file This file records information about events that occur during operation of the SNMP service (SnmpTool). The file contains general data.
- Trace file of the Kaspersky Security Center Network Agent. This file records information about events occurring during operation of the Kaspersky Security Center connectivity module. The file contains general data.
boot_config.log and wdserver.log trace files are created automatically.
You can create the ScanServer.log and SnmpTool.log trace files using the ScanServer.conf and SnmpTool.conf configuration files that are located in the /etc/opt/kaspersky/la/ directory on the SVMs. A special script is used to create a Network Agent trace file.
For detailed information on how to create and configure trace files, please contact our Technical Support experts.
All created SVM trace files are located in the folder /var/log/kaspersky/la/.
ScanServer.log trace file can also be created in the Protection Server policy.
To create the ScanServer.log trace file in the Protection Server policy:
- Open Kaspersky Security Center Administration Console.
- Enable the display of advanced Protection Server policy properties in the operating system registry.
- In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Advanced settings section in the list on the left.
- In the right part of the window, in the Trace level drop-down list, select the trace level.
You are advised to clarify the required trace level with a Technical Support specialist.
- Click Apply to start the tracing process.
SVM trace files are stored in readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
SVM trace files are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling Kaspersky Security.
Page top
Light Agent for Windows trace files
During operation of Light Agent for Windows on a virtual machine, the following trace files may be created:
- SRV.log and GUI.log trace files The name of each file contains the application version number, file creation date and time, and process ID (PID). In addition to general data, these files may contain the following information:
- Personal data, including the last name, first name and middle name, if such data is included in the path to files on a protected virtual machine.
- The user name and password if they were transmitted openly. This data can be recorded in trace files during web traffic scanning. Traffic is written to trace files only from the Network Monitor component.
- The user name and password if they are contained in HTTP headers.
- The name of the Microsoft Windows account if the account name is included in a file name.
- Your email address or web address containing the name of your account and password if they are contained in the name of the detected object.
- Websites that you visit and redirects from these websites. This data is written to trace files when the application scans websites.
- SRV.exception.log trace file. The file name contains the application version number, file creation date and time, and process ID (PID). Information about unhandled exceptions is logged to this file.
- Dumpwriter.log trace file The file name contains the application version number, file creation date and time, and process ID (PID). This file records service information required for troubleshooting errors that occur when the dump file is written. The file contains general data.
- AVPCon.log trace file. The file name contains the application version number, file creation date and time, and process ID (PID). This file records information about events occurring during operation of the Kaspersky Security Center connectivity module. The file contains general data.
- Trace file of the Mail Anti-Virus plug-in – MCOU.log. The file name contains the application version number, file creation date and time, and process ID (PID). In addition to general data, this file may contain parts of messages, including email addresses.
- ALL.log trace file The file name contains the application version number, file creation date and time, and process ID (PID). This file records information about command line events. The file contains general data.
- Trace files of the Light Agent components change task (modify_watcher.base.log, modify_install.log, Setup.log). The names of the modify_watcher.base.log and modify_install.log files contain the application version number, file creation date and time, and process ID (PID). These files record information about the components change task and the events that occur when the task is performed. In addition to general data, files may contain personal data, including the last name, first name and middle name, if such data is included in the path to files on protected virtual machines.
- COMAV.log trace file. The file name contains the application version number, file creation date and time, and process ID (PID). In addition to general data, this file contains information about scan results upon AMSI requests from third-party applications.
By default, the Light Agent for Windows trace files are not created. You can create all trace files for Light Agent for Windows in one of the following ways:
- In the local interface of Light Agent for Windows.
- From the command line for Light Agent for Windows.
- Through register keys (see Knowledge Base for more details).
All created trace files, except for the trace file of the components change task named Setup.log, are located in the folder %ProgramData%\Kaspersky Lab. The trace file of the components change task (Setup.log) is located in the application installation folder in the Setup subfolder.
To obtain access to files in the folder %ProgramData%\Kaspersky Lab, enable the display of hidden files and folders.
To create trace files in the Light Agent for Windows local interface:
- Start the tracing process. To do this, perform the following actions:
- On the protected virtual machine, open the main application window.
- In the lower part of the main application window, click the Support link to open the Support window.
- In the Support window, click the System tracing button.
The Information for Technical Support window opens.
- In the Information for Technical Support window, select the Enable tracing check box.
- In the Level drop-down list, select the trace level.
You are advised to clarify the required trace level with a Technical Support specialist. Unless otherwise directed by a Technical Support specialist, set the trace level to Normal (500).
- Click OK.
- Reproduce the situation where the problem occurred.
- Stop the tracing process. To do this, perform the following actions:
- On the protected virtual machine, open the main application window.
- In the lower part of the main application window, click the Support link to open the Support window.
- In the Support window, click the System tracing button.
The Information for Technical Support window opens.
- In the Information for Technical Support window, clear the Enable tracing check box.
- Click OK.
Trace files of Light Agent for Windows are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Light Agent for Windows trace files are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling the application, unless you changed the default trace file storage folder.
Page top
Light Agent for Linux trace files
During operation of Light Agent for Linux on a virtual machine, the following trace files may be created:
- LightAgent.log trace file. The name of the file contains the file creation date and time. In addition to general data, this file may contain the following information:
- Personal data, including the last name, first name, and middle name, if such data is included in the path to files on a protected virtual machine.
- The name of the account used to log in to the Linux operating system if the user account name is part of a file name.
- Your email address or web address containing the name of your account and password if they are contained in the name of the detected object.
- avp-cli.log trace file. This file records information about command line events. The file contains general data.
- install.log trace file. This file records the results of execution of commands that generate the necessary settings for preparing to start Light Agent for Linux. The file contains general data.
- wdserver.log trace file. This file records information about events that occur during operation of the watchdog service (wdserver). The file contains general data.
- autopatch.log trace file. This file records information about the search for a suitable application module update and about application module update installation. The file contains general data.
- Trace file of the Kaspersky Security Center Network Agent. This file records information about events occurring during operation of the Kaspersky Security Center connectivity module. The file contains general data.
wdserver.log, autopatch.log and install.log trace files are created automatically.
You can create the avp-cli.log and LightAgent.log trace files using the LightAgent.conf and avp-cli.conf configuration files that are located in the /etc/opt/kaspersky/lightagent/ directory on the protected virtual machine. A special script is used to create a Network Agent trace file.
For detailed information on how to create and configure trace files, please contact our Technical Support experts.
By default, all created Light Agent for Linux trace files are located in the /var/log/kaspersky/lightagent/ directory.
You can also create the LightAgent.log trace file by starting the tracing process from the command line on the protected virtual machine.
To create the LightAgent.log trace file from the command line:
- Start the tracing process by running the following command:
lightagent traces on [<trace level>]where <trace level> is the verbosity level of debug information. Possible values: 100, 200, 300, 400, 500, 600, 700, 800, 900, 1000. You are advised to clarify the required trace level with a Technical Support specialist. This parameter is optional. If you do not specify the value of the trace level, the application creates trace file with the default level of detail – 500.
- Reproduce the situation where the problem occurred.
- Stop the tracing process by running the following command:
lightagenttraces offBy default, the LightAgent.log trace file is created in the /var/log/kaspersky/lightagent/ directory. If you want to save the file to another directory, run the command
lightagenttraces --copyto <path to the trace file> [--overwrite]where:
copyto <path to the trace file>saves the trace file in the specified folder. Specify the full path to the folder in which you want to save the trace file.overwrite– if the specified directory already contains the trace file with this name, overwrite this file with the saved trace file.
If the LightAgent.log trace file is located in the default directory (/var/log/kaspersky/lightagent), you can delete it by running the command
lightagent traces --clear
Trace files of Light Agent for Linux are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Light Agent for Linux trace files are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling the application, unless you changed the default trace file storage directory.
Page top
Trace files of Kaspersky Security MMC plug-ins
During operation of the application on a device with Kaspersky Security Center Administration Server installed, the following trace files of Kaspersky Security MMC plug-ins can be created:
- KSVLA_AdminGUI.log – trace file of the management MMC plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Windows. The file name contains the application version number, file creation date and time, and process ID (PID). This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Light Agent for Windows policy and tasks.
- KSVLALIN_AdminGUI.log – trace file of the management MMC plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Linux. The file name contains the application version number, file creation date and time, and process ID (PID). This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Light Agent for Linux policy and tasks.
- Trace file of the management MMC plug-in for Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server. The file name is specified by the user, and the user name and process ID (PID) are added to the specified name. This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Protection Server policy and tasks.
In addition to general data, these files may contain the following information:
- Personal data, including the last name, first name, and middle name, if such data is part of the path to files.
- The name of the account used to log in to the operating system if the user account name is part of a file name.
By default, trace files of Kaspersky Security MMC plug-ins are not created. You can create all trace files of the MMC plug-ins by using the registry keys. Contact Technical Support representatives for detailed information on how to create trace files.
All created trace files of the MMC plug-ins are located in the folder specified by the user during registry key configuration.
Trace files of Kaspersky Security MMC plug-ins are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Trace files of Kaspersky Security MMC plug-ins are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling the application.
Page top
Trace files of Kaspersky Security web plug-ins
If you use web interface to manage Kaspersky Security using Kaspersky Security Center, information about the events that occur during Kaspersky Security web plug-ins operation can be written to the following files:
- logs-SVM_<version>-client#ephemeral.<device name>-<file revision number>.<date> – trace file of the client part of Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server web plug-in.
- logs-SVM_<version>-server#ephemeral.<device name>-<file revision number>.<date> – trace file of the server part of Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server web plug-in.
- logs-KSVLA_<version>-client#ephemeral.<device name>-<file revision number>.<date> – trace file of the client part of Kaspersky Security for Virtualization 5.2 Light Agent for Windows web plug-in.
- logs-KSVLA_<version>-server#ephemeral.<device name>-<file revision number>.<date> – trace file of the server part of Kaspersky Security for Virtualization 5.2 Light Agent for Windows web plug-in.
- logs-KSVLALIN_<version>-client#ephemeral.<device name>-<file revision number>.<date> – trace file of the client part of Kaspersky Security for Virtualization 5.2 Light Agent for Linux web plug-in.
- logs-KSVLALIN_<version>-server#ephemeral.<device name>-<file revision number>.<date> – trace file of the server part of Kaspersky Security for Virtualization 5.2 Light Agent for Linux web plug-in.
where:
- <version> refers to the number of the installed Kaspersky Security version in X_X_X_X format.
- <device name> is the name of the device on which the web plug-in is running.
- <file revision number> is the file sequence number. Multiple trace files for one web plug-in can be generated during a day. The maximum file size is 50 MB. When the maximum file size is reached, a new file is created.
- <date> is the date when the first record in the file was created in the YYYY-MM-DD format.
Trace files for the web plug-ins are created automatically if logging of the Web Console activities is enabled in Kaspersky Security Center Web Console Installation Wizard (for more details, refer to Kaspersky Security Center help).
Trace files of the web plug-ins are stored in the Kaspersky Security Center Web Console installation folder in the "logs" subfolder.
Trace files of Kaspersky Security Web plug-ins are stored in a readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.
Trace files of Kaspersky Security Web plug-ins are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling the application.
Page top
SVM Management Wizard log
During SVM deployment and reconfiguration, the SVM Management Wizard logs all information that you specify at every step of the wizard in the wizard log.
You can use the wizard log when contacting Technical Support if SVM deployment or reconfiguration has ended with an error. Information recorded in the wizard log is not sent to Kaspersky automatically.
The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.
During SVM deployment, the following information is saved in the wizard log:
- Selected action (SVM deployment).
- Type of the virtual infrastructure object, to which SVM Management Wizard connects.
- Address of the virtual infrastructure object, to which SVM Management Wizard connects.
- For deployment on the Microsoft Hyper-V, Citrix Hypervisor, VMware vSphere, KVM, Proxmox VE, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, ALT Virtualization Server or Astra Linux platform:
- The version of the hypervisor or virtual infrastructure administration server.
- The name of the hypervisor and the version of the operating system installed on the hypervisor, and the number of virtual machines on the hypervisor.
- When deploying in an infrastructure based on the OpenStack platform, VK Cloud platform or the TIONIX Cloud Platform: the name and ID of the domain and OpenStack project within which the SVM is deployed.
- Name of the account used to connect the SVM Management Wizard to the virtual infrastructure.
- Name of the account used to connect the Integration Server to the virtual infrastructure.
- SVM image version.
- Versions of previously deployed SVMs.
- Status of the publisher of the SVM image.
- SVM image path and SVM image data.
- SVM image validation status.
- For deployments on the VMware vSphere platform:
- A list of all VMware ESXi hypervisors managed by a single VMware vCenter Server, their state, the protection status and privileges of the account used to connect to the VMware vCenter Server.
- A list of VMware ESXi hypervisors that were selected for SVM deployment, and their versions.
- When deploying on the Microsoft Hyper-V platform, the OpenStack platform, VK Cloud platform or the TIONIX Cloud Platform:
- Whether or not parallel deployment of several SVMs is enabled, as well as number of parallel sessions.
- VLAN ID.
- Settings for the SVM being deployed that you specified.
- Settings to connect the SVM to the Kaspersky Security Center Administration Server (IP address, port, SSL port).
- Whether or not
rootaccount access to the SVM is allowed using SSH. - For deployments on the Microsoft Hyper-V platform: type of the Integration Server authentication on the hypervisor (local / domain).
- SVM IP settings (IP address, IP address of default network gateway, IP address of main and alternative DNS servers, subnet mask).
During SVM reconfiguration, the following information is saved in the wizard log:
- Selected action (SVM reconfiguration)
- Depending on the type of virtual infrastructure:
- IP addresses or fully qualified domain names (FQDN) of hypervisors on which SVMs are being reconfigured
- Names of OpenStack domains and projects, within which the SVMs being reconfigured operate
- IP addresses or full domain names of SVMs being reconfigured
- Information on whether or not the reconfiguration will change the following:
- Settings of accounts for connecting to the SVM (configuration password,
rootaccount password, capability to connect to the SVM using therootaccount through SSH) - List of virtual networks used by the SVM
- SVM IP settings (IP address, IP address of the default network gateway, IP address of the main and alternative DNS servers, subnet mask)
- Settings of accounts for connecting to the SVM (configuration password,
Using the utilities and scripts from the Kaspersky Security distribution kit
To analyze the cause of errors in the operation of Kaspersky Security, Technical Support experts may ask you to use the following utilities included in the Kaspersky Security distribution kit:
- ai_config is the utility that allows converting the SVM settings from configuration database format to text file and back.
- cleanUpdateShare.sh is the script for removing the old Light Agent bases from the SVM.
- configure.sh is the script for managing the SVM, viewing and modifying the SVM configuration settings. It is used by the SVM Management Wizard to reconfigure the SVM using the
klconfigaccount. - dump_ods_scan_queue and dump_ods_scan_queue.sh are the utilities for viewing current scan tasks queue.
- eventlog_client and eventlog_client.sh are the utilities for generating the events to be sent to Kaspersky Security Center.
- firewall.sh is the script for opening up the ports to connect to Network Agent.
- first_boot.sh is the script for changing the SVM configuration on the first boot of the SVM.
- get_used_mem.sh is the script for showing memory usage statistics.
- kvp_read is the utility for viewing shared data of a hypervisor from the Hyper-V KVP Exchange storage.
- la-kvm-guest is the init.d script for managing the KVM guest service.
- la-scanserver is the init.d script for managing the scanserver service.
- managenet.sh is the script for managing the network interfaces.
- on_product_install.sh is the script which allows to set a one-time SVM configuration during the SVM deployment.
- sfw is the utility for managing the netfilter firewall of the Linux operating system.
- show_inventory and show_inventory.sh are the utilities for viewing the virtual infrastructure inventory, loaded to the SVM by the Integration Server.
- show_virt_info and show_virt_info.sh are the utilities for viewing the virtual machine information (for example bios version or hypervisor information).
- snmp.sh is the script for enabling or disabling the SNMP monitoring on the SVM.
- storage_util is the utility for managing the storage of the data, used for the Kaspersky Security database updates.
- viis_console and viis_console.sh are the utilities for connecting to and managing the Integration Server, which allow to connect to the Integration Server, get information about the Integration Server and connection of utilities to the Integration Server, manage the list of virtual infrastructure objects to which the Integration Server connects, manage SVM information which is sent by SVMs to the Integration Server, get information about virtual infrastructure inventory, get statistics on utilities operation.
- patch_detector.pl is the script for searching the application module update in the folder specified and run the KSV Patch Installer to install it.
- patch_installer.pl is the script for installing the Kaspersky Security module updates from the tar.gz file.
- patch_list.pl is the script for generating the list of the Kaspersky Security module updates installed on the SVM in XML format.
- patch_rollback.pl is the script for rolling back the latest Kaspersky Security module update installed.
Appendices
This section provides information that complements the primary text of the document.
Using the klconfig script API to define SVM configuration settings
The main resource for deploying and configuring an SVM is the SVM Management Wizard, which you can run from the Integration Server Console.
You can also perform initial configuration of new SVMs and change the configuration settings of previously deployed SVMs using the klconfig script API manually or by means of automation tools.
If the SVM Management Wizard is not used, the SVM deployment procedure consists of the following stages (the sequence and number of stages depends on the type of virtual infrastructure):
- SVM deployment using virtual infrastructure tools from the image included in the Kaspersky Security distribution kit, and configuration of SVM system resources.
- Configuring an SVM first startup script. To configure certain SVM configuration settings, you can use a script that is started when the SVM is started for the first time.
- Starting the SVM. At this step, the SVM receives an IP address.
- Assigning SVM configuration settings and checking the success of SVM deployment using configuration commands.
You can also use configuration commands to change the configuration settings of previously deployed SVMs.
Executing configuration commands
Configuration commands are executed over SSH using the klconfig account.
To execute a command, enter the following into the command line:
ssh klconfig@<SVM address> <command>
where:
<SVM address>– IP address of the SVM or localhost if the command is run on an SVM.<command>– command, with parameters (if necessary).
Each command requires entry of the klconfig account password (configuration password) if you have not configured authorization by SSH key for accessing the SVM without a password (the setsshkey command).
Certain commands require additional interactive entry of data. For example, the passwd command requires entry of a new user password.
Each command displays the result of its execution in the following format:
KLCONFIG OK– if the command was executed successfully.KLCONFIG FAILED– if an error occurred during execution of the command.
Certain commands may provide additional information about an error in the following format:
ERROR:<NNNN error description>
where <NNNN error description> is the digital error code and text description. Some errors may not contain a digital code.
For example, executing the connectorlang command without parameters for an SVM with the IP address 10.16.98.17 returns an error message and a message about how to use the command (the lang parameter is required):
> ssh klconfig@10.16.98.17 connectorlang
> klconfig@10.16.98.17’s password:
Usage: connectorlang lang
KLCONFIG FAILED
Result of execution of the same command with the correct parameters:
> ssh klconfig@10.16.98.17 connectorlang en
> klconfig@10.16.98.17’s password:
KLCONFIG OK
The result of execution of each command is written to the file results.log located in the folder /var/opt/kaspersky/klconfig/.
Page top
Using the SVM first startup script
An SVM supports the use of a first startup script to run configuration commands. It is recommended to use an SVM first startup script to perform the following tasks:
- Configure the network settings of SVMs when using static IP addressing. You can use the following commands:
network, dns, manageservices(to restart the network service). - Configure authorization by SSH key for accessing an SVM without the
klconfigaccount password (configuration password). Thesetsshkeycommand is provided for this purpose.
It is not recommended to use a long list of commands because the first startup script is intended for performing a minimal set of commands.
Commands using the standard input stream, for example, passwd, should not be sent to the first startup script. This leads to the inability to start the SVM.
To send commands to the first startup script, you need to specify them in the following format:
KL_CMD1="<command 1>" KL_CMD2="<command 2>" … KL_CMDn="<command N>"
where <command> is the name of the command, with parameters (if necessary).
For example, the following sequence of commands lets you configure SVM network settings when using static IP addressing:
KL_CMD1="network eth0 10.65.78.35 255.255.255.0 10.65.78.255 10.65.78.1" KL_CMD2="manageservices restart network"
While the first startup script is being run, commands are numbered and executed in the order in which they were sent to the first startup script.
After the script is executed, the file named boot_config.log containing the script execution results is created in the folder /var/log/kaspersky/la/.
You can use the following special commands when creating a first startup script:
RESET– delete the boot_config_done file (an indicator that the first startup script has already been executed). As a result, all commands sent to the first startup script will also be executed the next time the SVM is started.ALWAYS– execute the commands following this command even if the SVM first startup script has already been executed (the boot_config_done file is present).REPORT– write information about the command execution results to a file.
For example:
KL_CMD1="ALWAYS" KL_CMD2="network eth0 10.65.78.35 255.255.255.0 10.65.78.255 10.65.78.1"
The mechanism used to send commands to the first startup script depends on the type of hypervisor:
- Citrix Hypervisor: first startup commands can be added to the kernel command line in the following format:
KL_CMD1="…" KL_CMD2="…" - Microsoft Windows Server (Hyper-V) hypervisor: uses a system of exchanging key-value pairs (for details, please refer to the Microsoft documentation).
- VMware ESXi hypervisor: first startup commands can be conveyed in one of the following ways:
- In a VMX configuration file
- In the VMware vSphere Web Client Console: Edit Settings / Options / Advanced / General / Configuration Parameters
- Using the
vmware-cmd setguestinfocommand
First startup commands must be specified in the following format:
guestinfo.klfirstboot.cmd1guestinfo.klfirstboot.cmd2 - KVM hypervisor: commands may be inserted into the file /opt/kaspersky/la/bin/kvm_first_boot_args in string format:
KL_CMD1="…" KL_CMD2="…" - Proxmox VE hypervisor: commands may be inserted into the file /var/opt/kaspersky/la/patches/default_patch_index/bin/kvm_first_boot_args in the following format:
KL_CMD0=%command1%KL_CMD1=%command2% - R-Virtualization hypervisor: uses the QEMU guest agent utility that lets you execute commands under the
rootaccount:POST /api/0/vm/%vm_id%/executeIn the request body:
command_with_args=[ "bash", "-c", "%command%" ]
Configuring SVM configuration settings
Initial configuration of an SVM using configuration commands consists of the following steps:
- Modify the SVM name (the
hostnamecommand). - For each network interface of the SVM:
- Configure DNS settings if static IP addressing is used (the
dnscommand). - Configure the settings for connecting the SVM to Kaspersky Security Center Administration Server: address and ports (the
nagentcommand). - Initial configuration of the Protection Server (the
productinstallcommand). - Accept Kaspersky Security End User License Agreement and the Privacy Policy (the
accept_eula_and_privacypolicycommand or theaccept_eula_and_privacypolicysetting in the ScanServer.conf configuration file).You must accept the terms of the End User License Agreement and the Privacy Policy for the proper SVM operation.
- Start the Protection Server (the
manageservices start scanservercommand).
In addition, you can configure the following SVM configuration settings:
- Select the language of Kaspersky Security Center Network Agent Connector (the
connectorlangcommand). - Change the configuration password and
rootaccount password that were defined by default (thepasswd klconfigandpasswd rootcommands). - Allow or deny access to the SVM over SSH under the
rootaccount.
After initial configuration of the SVM is completed, it is recommended to make sure that the SVM is deployed and configured successfully. To do so, you can use the checkconfig command.
accept_eula_and_privacypolicy
This command allows you to accept or decline the terms of Kaspersky Security End User License Agreement between you and Kaspersky and the Privacy Policy that describes processing and transmission of data.
You must accept the terms of the End User License Agreement and the Privacy Policy to install Protection Server. The text of the End User License Agreement and Privacy Policy is included in the Kaspersky Security distribution kit.
Settings
<acceptFlag> = yes|no – possible values:
- yes – accept the terms of the End User License Agreement and the Privacy Policy.
- no – do not accept the terms of the End User License Agreement and the Privacy Policy.
By setting this parameter to yes, you confirm the following:
- You have fully read, understood and accept the terms and conditions of the Kaspersky Security End User License Agreement.
- You have fully read and understood the Privacy Policy, you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy.
Example:
|
Specific errors
None.
Page top
apiversion
This command displays the current version of the klconfig script API.
Settings
None.
Example:
|
Specific errors
None.
checkconfig
This command lets you check if the configuration of one or multiple Kaspersky Security components is correct.
Settings
findsvm hv_connect network routing sc_connect
where:
- findsvm – check for the SVM in the list of virtual infrastructure objects (Inventory).
- hv_connect – check the connection between the SVM and the Integration Server and check for a list of virtual infrastructure objects (Inventory).
- network – check the network configuration.
- permitrootlogin — check whether the
rootaccount is allowed to gain access to the SVM over SSH. - routing – check network routing.
- sc_connect – check the connection to Kaspersky Security Center.
You can specify one or multiple parameters.
Example:
|
Specific errors
The command always returns KLCONFIG, even if an error was detected. For this reason, it is recommended to always pay attention to errors when analyzing the output.
0001 Hostname is not set or contains invalid data. The domain name of the SVM is not set or contains an invalid value, for example, LightAgentSVM, localhost or localdomain. Use the hostname command to define the domain name of the SVM.
0002 Could not get hostname FQDN. Failed to receive the fully qualified domain name (FQDN) of the SVM. Check the SVM name and DNS settings.
0003 Could not find the host interface IP address. The IP address of the network interface eth0 is not found or is not configured.
0004 Host interface IP address <host IP> does not match DNS <DNS IP of hostname>. The IP address associated with the primary network interface does not match the IP address returned for the domain name of the SVM in the DNS PTR entry.
0010 Could not find the default route. A default network route is not configured.
0011 Cannot ping the default route address. Failed to verify the default network route using the ping command. Check the network settings.
0030 Inventory is not valid. The list of virtual infrastructure objects (Inventory) is empty or contains invalid values. Make sure that the SVM has received a policy with the correct Integration Server address. Use the checkconfig sc_connect command to make sure that the SVM is connected to Kaspersky Security Center.
0060 Could not get the UUID of the SVM. Failed to receive a unique ID (BIOS ID) for the SVM.
0061 Could not find our self in the inventory. Failed to detect the unique ID of the SVM in the list of virtual infrastructure objects (Inventory). Check the Integration Server settings.
0062 Could not find host in inventory path. Failed to detect information about the hypervisor on which an SVM is deployed in the list of virtual infrastructure objects (Inventory). Check the Integration Server settings.
0070 klnagchk reported failure. The klnagchk command returned an error. Analyze the additional error messages.
0071 Could not verify klnagent settings. Cannot verify the settings of the Kaspersky Security Center Network Agent. Kaspersky Security Center Network Agent is not configured or is configured incorrectly.
0072 Could not connect to the Kaspersky Security Center Server. Kaspersky Security Center Network Agent cannot connect to the Kaspersky Security Center Administration Server. Check the settings of Kaspersky Security Center Network Agent and make sure that the network is configured correctly.
0073 Could not connect to the klnagent administration agent. Failed to connect to Kaspersky Security Center Network Agent. Possibly, Kaspersky Security Center Network Agent is not running on the SVM.
0074 Could not get the klnagent administration agent statistics. Kaspersky Security Center Network Agent cannot obtain Administration Server statistics. Kaspersky Security Center Network Agent on the SVM is operating incorrectly.
0100 Could not look up <address> in DNS. The domain name or IP address is not found. Check the DNS settings.
0101 Look up of <address> returned no DNS data. The DNS search returned no data. The DNS server responded, but the relevant types of entries were not detected.
0110 Host to IP to host is not equal in DNS. An error occurs when a DNS check is looped: a search is run for the IP address based on the domain name, and then a search for the domain name based on this IP address returns a name that is different from the original name.
Page top
check_viis_infra_accessibility
This command lets you check the accessibility of the Integration Server. If executed successfully, the command does not return any additional information.
Settings
<address>[:<port>] [<infrastructure_id>]
where:
- <address> – IP address for connecting to the Integration Server.
- <port> – port number used for connecting to the Integration Server (optional parameter).
- <infrastructure_id> – ID of the virtual infrastructure (optional parameter).
Example 1:
|
Example 2:
|
Specific errors
0300 Failed to verify the integration server connectivity. Failed to verify the accessibility of the Integration Server. Analyze the additional information in the command output.
connectorlang
This command lets you define the language of Kaspersky Security Center Network Agent Connector in the configuration file /etc/opt/kaspersky/la/ScanServer.conf. The Connector language affects the language of the events and errors sent to Kaspersky Security Center.
The new settings are applied after the Protection Server is restarted.
Settings
<lang> – language ID. Possible values:
- de – German.
- en – English.
- fr – French.
- ja – Japanese.
- ru – Russian.
- zh-Hans – Chinese (Simplified).
- zh-Hant – Chinese (Traditional).
Example:
|
Specific errors
None.
Page top
dhcp
This command lets you configure the use of DHCP for the network interface of the SVM.
The new settings are applied after the file /etc/resolv.conf is overwritten as a result of a restart of the SVM or network service (the manageservices restart network command).
If you want to change the IP address assignment method for SVMs using static IP addressing to the use of DHCP, sequentially execute the dns and dnssearch commands without parameters after the dhcp command. This lets you delete the previously configured list of DNS servers and search domains in the file /etc/resolv.conf.
If you want to add a DNS server or search domain to the list of DNS servers and search domains received over the DHCP protocol when using dynamic IP addressing, first restart the SVM or restart the network service (the manageservices restart network command). This lets you overwrite the file /etc/resolv.conf. Then execute the dns and dnssearch commands with the necessary parameters.
Settings
<InterfaceName> [<MakePrimary>]
where:
- <InterfaceName> – name of the network interface. For example, eth0.
- <MakePrimary> = yes|no – indicator of whether it is the primary network interface (optional parameter). Possible values:
- yes – network interface is primary.
- no – network interface is not primary.
The primary network interface sets the default route and DNS servers (DEFROUTE = yes, PEERDNS = yes). Only one network interface from those utilized by an SVM may be primary. If the "primary" indicator is assigned to multiple network interfaces, the last one of them becomes the primary network interface.
Example:
|
Specific errors
None.
Page top
dhcprenew
This command lets you renew and continue the lease of an IP address for the network interface on the DHCP server.
Depending on the specifics of the virtual infrastructure in which the SVM is running, command execution may result in modification of the IP address and termination of network connections.
You can use this command to let the DHCP server accept the new name of the SVM.
Settings
<InterfaceName> – name of the network interface of the SVM. For example, eth0.
Example:
|
Specific errors
0140 Failed to release dhcp. Failed to release the IP address for the specified network interface on the DHCP server.
0141 Failed to request a new lease. Failed to receive a new IP address lease for the specified network interface on the DHCP server.
Page top
dns
This command lets you define a list of DNS servers that will be used in the specified order in the file /etc/resolv.conf. The previously configured list of DNS servers is deleted.
If you are also planning to configure the use of DHCP (the dhcp command), execute the dns command after the dhcp command is executed and after the SVM is restarted or the network service is restarted (the manageservices restart network command).
As a result of execution of the dns command, the list of search domains in the file /etc/resolv.conf is deleted. If you are planning to configure a list of search domains, execute the dnssearch command after the dns command.
Settings
[<Server1>] [<Server2>] [<Server3>]
where <Server> is the IP address of the DNS server (optional parameter). You can specify up to three IP addresses.
If the command is executed without parameters (no address is specified), all nameserver entries in the file /etc/resolv.conf are deleted.
Example:
|
Specific errors
None.
Page top
dnslookup
This command lets you receive an IP address from the DNS server based on the domain name, or vice versa (analogous to the host command in Linux). The command returns only the first entry.
You can also use this command to verify that DNS is operating correctly.
Settings
<HostNameOrIpAddress> – domain name or IP address.
Example:
|
Specific errors
None.
Page top
dnssearch
This command lets you define a list of search domains that are used to determine domain names for name resolution in the file /etc/resolv.conf. The previously configured list of search domains is deleted.
If you are also planning to configure a list of DNS servers (the dns command), execute the dnssearch command after the dns command because the dns command will cause the list of search domains in the file /etc/resolv.conf to be deleted.
Settings
[<Domain1>] [<Domain2>] [<Domain3>]
where:
<Domain> – name of the search domain (optional parameter). You can specify up to three domains.
If the command is executed without parameters (no domain is specified), all search entries in the file /etc/resolv.conf are deleted.
Example:
|
Specific errors
None.
Page top
dnsshow
This command lets you view information about DNS settings from the file /etc/resolv.conf.
The command returns all entries in one string, separated by a space. If an empty string is returned, the DNS settings are not configured.
Settings
<InfoKind> = nameservers|search – type of information that you want to view. Possible values:
- nameservers – display the list of DNS servers.
- search – display the list of search domains.
Example:
|
Specific errors
None.
Page top
getdnshostname
The command returns the domain name corresponding to the IP address of the primary network interface.
Settings
None.
Example:
|
Specific errors
0100 Could not look up <IP> in DNS. Failed to find the IP address. Check the DNS settings.
Page top
gethypervisordetails
The command allows to receive information about the SVM path. One of the following values is returned depending on type of the virtual infrastructure:
- For virtual infrastructures based on Microsoft Hyper-V, XenServer, VMware vSphere, KVM, Proxmox VE, Basis, Skala-R, HUAWEI FusionSphere, Nutanix Acropolis, Alt Virtualization Server, Astra Linux or Numa vServer – the IP address or fully qualified domain name (FQDN) of the hypervisor on which the SVM is deployed.
- For virtual infrastructures running on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform – IP address or fully qualified domain name (FQDN) of the Keystone microservice that manages the OpenStack project within which the SVM is deployed.
Information is available only after the SVM is connected to the Integration Server whose connection settings are specified in the Protection Server policy applied on the SVM.
Settings
address or all – return name or address of the hypervisor, on which the SVM is running, or name or address of the Keystone microservice that manages the OpenStack project, within which the SVM is deployed.
Example:
|
Specific errors
0060 Could not get the UUID of the SVM. Failed to receive the unique ID of the SVM (BIOS ID).
0061 Could not find our self in the inventory. The unique ID of the SVM is not found in the list of virtual infrastructure objects (Inventory). Check the Integration Server settings.
0062 Could not find host in inventory path. The list of virtual infrastructure objects (Inventory) does not contain information about the hypervisor on which the SVM is running, or about the Keystone microservice that manages the OpenStack project, within which the SVM is deployed. Check the Integration Server settings.
Page top
hostname
This command lets you define the domain name of the SVM and make sure that the IP address and domain name of the SVM are in the file /etc/hosts.
Settings
<hostname> [<IP>]
where:
- <hostname> – domain name of the SVM.
- [<IP>] – IP address of the SVM (optional parameter).
Example:
|
Specific errors
0120 Invalid hostname characters <characters>. Invalid characters in the SVM name.
0121 Invalid hostname, empty label present. The SVM name contains an empty section.
Page top
listpatches
This command lets you generate an XML list of Kaspersky Security application module updates installed on SVMs.
The XML file has the following format:
<?xml version="1.0" encoding="UTF-8"?>
<patches>
<patch>
<id>patchId</id>
<sha_256>checkSum</sha_256>
<status>status</status>
<patch_type>type</patch_type>
<version>productTargetVersion</version>
<description><![CDATA[description]]></description>
<status_changed_date>statusChangedDate</status_changed_date>
dependsOn
</patch>
<patch>
...
</patch>
...
</patches>
where:
- patchId is an identifier of the Kaspersky Security module update.
- checkSum is a hash of the TGZ archive in HEX format.
- status is a module update installation status. Possible values:
- installed: the module update was successfully installed.
- failed: an error occurred.
- rolledback: the module update was rolled back.
- type is a type of module update. Possible values:
- auto: module update received with the update package from the Kaspersky Security Center Administration Server repository.
- config: module update resulting from applying a configuration file.
- custom: a special release of a module update.
- productTargetVersion is a version of the update.
- description is a description of the update.
- statusChangedDate is date and time of the status change.
- depensOn is an ID of the module update upon which this specific module update depends (optional parameter).
Settings
None.
Example:
|
manageservices
This command lets you start, stop, or restart the specified service.
Remotely stopping or restarting the network service may cause the connection to drop or hang. For this reason, two types of network service are provided: network_local and network. For the network_local service, the action is applied immediately (synchronous). It is recommended to use this type of service in the SVM first startup script. For the network service, the action is applied asynchronously (in a separate shell). Therefore, the klconfig script can return control. This means that the invoking side must check the command execution result in no less than 20 seconds.
Settings
<Action> <ServiceType1> [<ServiceType2>] [<ServiceType3>]
where:
- <Action> = start|stop|restart – type of action applied. Possible values:
- start
- stop
- restart
- <ServiceType> – type of service. Possible values:
- klnagent – Kaspersky Security Center Network Agent.
- network – network service (asynchronous).
- network_local – network service (synchronous).
- scanserver – Protection Server.
- sshd – SSH service.
Example:
|
Specific errors
None.
Page top
nagent
This command lets you set the address and ports for connecting an SVM to the Kaspersky Security Center Administration Server.
Settings
<Address> <SslPort> [<Port>]
where:
- <Address> – IP address or fully qualified domain name (FQDN) of the device on which the Kaspersky Security Center Administration Server is installed.
- <SslPort> – Number of the port for connecting an SVM to the Kaspersky Security Center Administration Server using an SSL certificate (13000 is recommended).
- <Port> – Port number for connecting an SVM to the Kaspersky Security Center Administration Server (14000 is recommended) (optional parameter).
Example:
A repeated call of the command may return the following result:
|
Specific errors
None.
Page top
network
This command lets you configure static IP addressing and SVM network settings.
The new settings are applied after the SVM is restarted or the network service is restarted (the manageservices restart network command).
Settings
<InterfaceName> <IP> <NetMask> <Broadcast> [<GateWay>]
where:
- <InterfaceName> – name of the network interface, for example, eth0.
- <IP> – IP address of the network interface that you want to assign.
- <NetMask> – network mask.
- <Broadcast> – broadcast address.
- <GateWay> – gateway address (optional parameter). It should be set only on one network interface that uses DHCP.
Example:
|
Specific errors
None.
Page top
ntp
This command lets you assign an NTP server and make sure that it is running.
Settings
<ServerName> – fully qualified domain name (FQDN) or IP address of the NTP server.
Example:
|
Specific errors
None.
Page top
passwd
This command lets you change the password for the specified account.
Passwords must be no longer than 60 characters. You can use only letters of the Latin alphabet (uppercase and lowercase letters), numerals, and the following special characters: ! # $ % & ' ( ) * " + , - . / \ : ; < = > _ ? @ [ ] ^ ` { | } ~. For security purposes, you are advised to set passwords that are at least 8 characters long and use at least three of the four categories of characters: lowercase letters, uppercase letters, numerals, and special characters.
The password is read from the standard input stream of the SSH connection without an invitation.
Settings
<UserName> – name of the account for which you need to create a password.
Example:
|
Specific errors
0130 Invalid password. Invalid password.
Page top
permitrootlogin
The command allows or denies access to the SVM over SSH under the root account
The new settings are applied after the SVM is restarted or the SSH service is restarted (the manageservices restart sshd command).
Settings
<AllowOrNot> = yes|no – possible values:
- yes — allow access to the SVM over SSH under the
rootaccount. - no — deny access to the SVM over SSH under the
rootaccount.Example:
> ssh klconfig@10.16.98.17 permitrootlogin yes> klconfig@10.16.98.17’s password:Permit root login = yesKLCONFIG OK
Specific errors
None.
Page top
productinstall
This command lets you perform various one-time tasks for Protection Server installation, such as configuring the installation ID.
You can execute a command more than once consecutively.
The new settings are applied after the SVM is restarted or the scanserver service is restarted (the manageservices restart scanserver command).
Settings
None.
Example:
|
Specific errors
None.
Page top
reboot
This command lets you restart the SVM in one minute.
Settings
None.
Example:
|
Specific errors
None.
Page top
resetnetwork
This command lets you return all network settings to their default values, including DNS settings and the settings of network interfaces. This means that DHCP will be used with the first network interface as the primary network interface for the SVM.
You can use this command to reset network settings to their original state before SVM configuration settings were changed.
The new settings are applied after the SVM is restarted or the network service is restarted (the manageservices restart network command).
Settings
None.
Example:
|
Specific errors
None.
Page top
rollbackpatch
This command lets you roll back the last update of the Kaspersky Security modules on SVMs.
Settings
[Patchid] is an ID of the Kaspersky Security module update (optional parameter). If no ID is specified, the last installed module update will be determined automatically.
Example:
|
Specific errors
None.
Page top
setsshkey
This command lets you configure authorization by SSH key for accessing an SVM without the klconfig account password (configuration password). As a result of command execution, the specified key (text in Base64 encoding) is added to the authorized SSH key file. The key is valid for 2 hours.
You can use this command in the SVM first startup script for configuring access to the SVM prior to setting the configuration password.
Settings
<Base64EncodedAuthorizationKeyEntry> – key (text encoded in 64-bit code without spaces).
Example:
|
Specific errors
0160 Could not decode key. Make sure that the key is correctly encoded and does not contain spaces.
Page top
settracelevel
This command lets you configure the trace level for the Protection Server (ScanServer.log).
The trace level is changed immediately if the <Immediately>=yes parameter is set. Otherwise, the change occurs after a restart of the SVM or Protection Server (the manageservices restart scanserver command).
Settings
<TraceLevel> [<Immediately>]
where:
- <TraceLevel> is a numerical value that determines the trace level. Possible values:
- 0: creation of trace files is disabled.
- 100: informational messages about the Protection Server components being started and stopped.
- 200: messages about critical errors in the Protection Server operation.
- 300: messages about errors and critical errors in the Protection Server operation.
- 400: critical warnings and messages about ordinary and critical errors.
- 500: all warnings and messages about ordinary and critical errors.
- 600: important messages, all warnings and messages about ordinary and critical errors.
- 700: informational messages, important messages and all warnings and messages about ordinary and critical errors.
- 800: debugging messages and all informational and important messages, as well as all warnings and messages about ordinary and critical errors.
- 900: debugging messages with more detailed information and all informational and important messages, as well as all warnings and messages about ordinary and critical errors.
- 1000: all possible messages and warnings.
- <Immediately> = yes|no is an indicator determining when the new trace level settings should be applied (optional parameter). Possible values:
- yes: apply immediately.
- no: apply after restart of the SVM or the scanserver service (the
manageservices restart scanservercommand).
Example:
|
Specific errors
0150 Could not update <configfile>. Failed to update the configuration file /etc/opt/kaspersky/la/ScanServer.conf. Make sure that the file exists and is accessible.
Page top
test
This command returns information about an SVM.
You can use this command for SVM operability validation.
Settings
None.
Example:
|
Specific errors
None.
Page top
timezone
This command lets you set the time zone for an SVM.
This change is applied after the SVM is restarted.
Settings
<TimeZoneName> – name of the time zone in Linux format.
Example:
|
Specific errors
None.
Page top
version
This command returns the SVM version.
Settings
None.
Example:
|
Specific errors
None.
Page top
Settings in the setup.ini file
The setup.ini file contains Kaspersky Security installation settings and is used when installing Light Agent for Windows from the command line or using the directory service group policy mechanism.
The setup.ini file is divided into sections, each section contains a specific group of settings.
Page top
Settings in the ScanServer.conf file
The ScanServer.conf file contains the SVM operation settings. The file is located on the SVM in the /etc/opt/kaspersky/la/ directory.
Root account permissions are required to view and modify the file.
This section describes the settings in the ScanServer.conf file that allow you to configure logging of the SVM traces and dumps, usage of the SVM system log, and agree to the terms of the End User License Agreement. Information about other settings, if necessary, can be obtained from the Technical Support.
Unassisted modification of the Kaspersky Security operation settings in the ways not described in the Kaspersky Security help or in the recommendations from the Technical Support specialists can lead to slowdowns and malfunctions of the operating system, decrease of the virtual machine protection level, as well as to a violation of the availability and integrity of the processed information.
Page top
Settings in the LightAgent.conf file
The LightAgent.conf file contains Light Agent for Linux operation settings. The file is located on the protected virtual machine in the /etc/opt/kaspersky/lightagent/ directory.
Root account permissions are required to view and modify the file.
This section describes the settings in the LightAgent.conf file that allow you to configure logging of Light Agent for Linux traces and dumps and usage of Light Agent for Linux system log. Information about other settings, if necessary, can be obtained from the Technical Support.
Unassisted modification of the application operation settings in the ways not described in the application help or in the recommendations from the Technical Support specialists can lead to slowdowns and malfunctions of the operating system, decrease of the virtual machine protection level, as well as to a violation of the availability and integrity of the processed information.
Page top
Object ID values for SNMP
The table presents the values and descriptions of object identifiers (OID) that are used to transfer information about the SVM state.
Values and descriptions of OID settings for SNMP
Symbolic name |
Description |
Settings |
OID |
ksvlaODSStatus |
Status of the virtual machine scan task. |
|
.1.3.6.1.4.1.23668.1491.1539.0.0 |
ksvlaODSQueueLenght |
Number of virtual machine scan tasks in Waiting status. |
|
.1.3.6.1.4.1.23668.1491.1539.0.1 |
ksvlaODSTaskCount |
Number of simultaneously running virtual machine scan tasks. |
|
.1.3.6.1.4.1.23668.1491.1539.0.2 |
ksvlaProtectedServerCount |
Number of protected virtual machines running server operating systems. |
|
.1.3.6.1.4.1.23668.1491.1539.1.0 |
ksvlaProtectedDesktopCount |
Number of protected virtual machines running desktop operating systems. |
|
.1.3.6.1.4.1.23668.1491.1539.1.1 |
ksvlaScanServerStatus |
Status of the scanserver service (Protection Server). |
|
.1.3.6.1.4.1.23668.1491.1539.2.0 |
ksvlaKlnagentStatus |
Status of the klnagent service (Kaspersky Security Center Network Agent). |
|
.1.3.6.1.4.1.23668.1491.1539.2.1 |
ksvlaNginxStatus |
Status of the nginx service. |
|
.1.3.6.1.4.1.23668.1491.1539.2.2 |
ksvlaWatchdogStatus |
Status of the watchdog service (wdserver). |
|
.1.3.6.1.4.1.23668.1491.1539.2.3 |
ksvlaMemoryConsumption |
RAM usage (percentage) by the scanserver service. |
|
.1.3.6.1.4.1.23668.1491.1539.3.0 |
ksvlaSwapConsumption |
Page file usage (percentage) by the scanserver service. |
|
.1.3.6.1.4.1.23668.1491.1539.3.1 |
Sources of information about the application
Kaspersky Security page on Kaspersky website
On the Kaspersky Security page, you can view general information about the application, its functions and features.
Kaspersky Security page in the Knowledge Base
Knowledge Base is a section on the Technical Support website.
On the Kaspersky Security page in the Knowledge Base you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application.
Knowledge Base articles can answer questions relating not only to Kaspersky Security but also to other Kaspersky applications. Knowledge Base articles can also include Technical Support news.
Discussing Kaspersky applications on the Forum
If your question does not require an urgent answer, you can discuss it with Kaspersky experts and other users on our Forum.
On this Forum, you can view existing threads, leave your own comments, and create new discussion threads.
Page topGlossary
Activation code
A code provided by Kaspersky when you receive a trial license or buy a commercial license to use Kaspersky Security. This code is required for activating the application.
The activation code is a unique sequence of twenty Latin characters and numerals in the format XXXXX-XXXXX-XXXXX-XXXXX.
Active key
The key that is currently being used by the application.
Administration Server
A Kaspersky Security Center component that centrally stores information about all Kaspersky applications that are installed within an enterprise network. It can also be used to manage these applications.
Application activation
The process of implementing a license that allows you to use a fully-functional version of the application until the license expires.
Application databases
Databases that contain descriptions of computer security threats that are known to Kaspersky by the moment of release of the databases. Application databases are compiled by Kaspersky experts and are updated every hour.
Backup
A dedicated storage for backup copies of files that have been deleted or modified during disinfection.
Backup copy of a file
A copy of a virtual machine file that is created when this file is disinfected or removed. Backup copies of files are stored in Backup in a special format and pose no danger.
Compound file
A compound file is comprised of several individual files that are stored in one physical file, and each of those files is accessible. Examples of compound files include archives, installation packages, embedded OLE objects, and files in email formats. A common technique for concealing viruses is to implant them into compound files. To detect viruses concealed using this method, the compound file must be unpacked.
Database of malicious web addresses
A list of addresses of web resources whose content may be considered dangerous. The list is created by Kaspersky experts. It is regularly updated and is included in the Kaspersky application distribution kit.
Database of phishing web addresses
A list of web resources that Kaspersky experts have determined to be phishing-related. The database is regularly updated and is included in the Kaspersky application distribution kit.
Desktop key
A license key that corresponds to the licensing scheme based on the number of virtual machines with operating systems for workstations.
End User License Agreement
A binding agreement between you and AO Kaspersky Lab that stipulates the terms on which you may use the application.
Heuristic Analysis
A technology designed to detect threats that cannot be detected using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.
Infectable file
A file which, due to its structure or format, can be used by intruders as a "container" to store and spread malicious code. As a rule, these are executable files, with such file extensions as .com, .exe, and .dll. There is a fairly high risk of intrusion of malicious code in such files.
Integration Server
Component of Kaspersky Security for Virtualization Light Agent. It facilitates interaction between Kaspersky Security components and the virtual infrastructure.
Kaspersky CompanyAccount
A portal for sending requests to Kaspersky and tracking the progress made in processing them by the Kaspersky experts.
Kaspersky Security Network (KSN)
An infrastructure of cloud services that provides access to the online Knowledge Base of Kaspersky, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky applications respond faster to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
Key file
An 'xxxxxxxx.key' file that is provided by Kaspersky when you receive a trial license or buy a commercial license to use Kaspersky Security. A key file is required for activating the application.
Key with a limitation on the number of processor cores
A license key that corresponds to the licensing scheme based on the number of cores used in the physical processors on the hypervisors where protected virtual machines are running.
Key with a limitation on the number of processors
A license key that corresponds to the licensing scheme based on the number of processors used on the hypervisors where protected virtual machines are running.
Keylogger
A program designed for hidden logging of information about keys pressed by the user. Keyloggers function as keystroke interceptors.
License
A time-limited right to use the application granted under the End User License Agreement.
License certificate
A document that Kaspersky transfers to the user together with the key file or activation code. It contains information about the license granted to the user.
License key (key)
Unique alphanumeric sequence. A license key makes it possible to use the application in accordance with the terms of the End User License Agreement, such as the type of license, license validity term, and license restrictions. You may use the application only if you have a valid license key.
Light Agent
Component of Kaspersky Security for Virtualization Light Agent. It is installed on each virtual machine that needs to be protected.
OLE object
An object attached to another file or embedded into another file using the Object Linking and Embedding (OLE) technology. An example of an OLE object is a Microsoft Office Excel spreadsheet embedded into a Microsoft Office Word document.
OpenStack domain
An OpenStack domain is a collection of OpenStack accounts, groups of infrastructure objects, and projects in virtual infrastructures based on OpenStack (including infrastructures based on the VK Cloud platform or TIONIX Cloud Platform). Each account belongs to a particular OpenStack domain.
OpenStack project
The OpenStack project is a method of resource distribution in virtual infrastructures based on the OpenStack platform (including infrastructure running on VK Cloud platform and TIONIX Cloud Platform). All infrastructure resources are distributed among OpenStack projects. Each OpenStack project belongs to a particular OpenStack domain.
Phishing
A kind of online fraud aimed at obtaining unauthorized access to confidential data of users.
Protected virtual machine
A virtual machine with the Light Agent component installed.
Reserve key
A key that confirms the right to use the application but is not currently in use.
Server key
A license key that corresponds to the licensing scheme based on the number of virtual machines with server operating systems.
Signature Analysis
A threat detection technology that uses the Kaspersky application databases containing descriptions of known threats and methods for neutralizing them. Protection that uses signature analysis provides the minimum acceptable security level. As recommended by Kaspersky experts, the application always has this analysis method enabled.
Startup objects
A set of applications that are required for the operating system and software installed on the virtual machine to start and operate correctly. The operating system launches these objects at every startup. There are viruses capable of infecting such objects specifically, which may lead, for example, to blocking of operating system startup.
SVM
A secure virtual machine is a special virtual machine with the scanserver service installed (scanserver is the Protection Server component of Kaspersky Security for Virtualization Light Agent).
SVM Management Wizard
A wizard that deploys, removes, and reconfigures the SVM with the Protection Server component.
Update source
A resource that contains updates for databases and application software modules of Kaspersky applications. The update source for Kaspersky Security is the storage of the Kaspersky Security Center Administration Server.
Page top
Information about third-party code
Information about third-party code is contained in the file legal_notices.txt, in the application installation folder.
Page top
Trademark notices
Registered trademarks and service marks are the property of their respective owners.
Apache is either a registered trademark or a trademark of the Apache Software Foundation.
Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
Ubuntu and LTS are registered trademarks of Canonical Ltd.
Citrix, Citrix Provisioning, Citrix Provisioning Services, Citrix Virtual Apps and Desktop, XenDesktop, and XenServer are either registered trademarks or trademarks of Cloud Software Group, Inc., and/or its subsidiaries in the United States and/or other countries.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark rights in other terms used herein.
HUAWEI, FusionCompute and FusionSphere are trademarks of Huawei Technologies Co., Ltd.
Core is a trademark of Intel Corporation or its subsidiaries.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Microsoft, Active Directory, Excel, Hyper-V, Windows, and Windows Server are trademarks of the Microsoft group of companies.
OpenStack is a registered trademark of the OpenStack Foundation in the United States and other countries.
Red Hat Enterprise Linux and CentOS are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
Debian is a registered trademark of Software in the Public Interest, Inc.
OpenAPI is a trademark of The Linux Foundation.
VMware, VMware ESXi, VMware Horizon, VMware NSX, VMware NSX Manager, VMware Tools, VMware vCenter Server, VMware vSphere, VMware vSphere PowerCLI, VMware vSphere Web Client are registered trademarks and/or trademarks of VMware, Inc. in the United States and other countries.
Page top