Kaspersky Security for Virtualization 6.1 Light Agent

Removing the Kaspersky Security solution

Virtual machines and user data will no longer be protected if the Kaspersky Security solution is uninstalled.

The procedure to uninstall the Kaspersky Security solution from the virtual infrastructure consists of the following stages:

  1. Removing Protection Servers

    To remove the Protection Server component, remove the deployed SVM from the virtual infrastructure.

    You can remove an SVM from the virtual infrastructure in the following ways:

    You can also remove SVMs manually using virtual infrastructure tools.

    If you completely uninstall the Kaspersky Security solution, you need to remove all SVMs. If necessary, you can remove only some of the SVMs.

    If you have removed all SVMs from any virtual infrastructure, it is recommended to remove the connection settings for this virtual infrastructure from the following lists:

    After removal of SVM, protected virtual machines that were connected to it, can connect to another SVM that operates in the virtual infrastructure.

  2. Removing Light Agent for Linux and Kaspersky Security Center Network Agent

    You need to remove Light Agent for Linux (Kaspersky Endpoint Security for Linux running in Light Agent mode) and Kaspersky Security Center Network Agent from virtual machines and from virtual machine templates.

  3. Removing the Integration Server

    You need to remove the Integration Server and Integration Server Console.

  4. Removing Kaspersky Security management plug-ins

After the Protection Server and Light Agent components are removed, the SVMs and virtual machines on which Light Agents were installed are still displayed in the Kaspersky Security Center Administration Console. After the expiration of the period specified in the Kaspersky Security Center settings (see the Kaspersky Security Center help), information about the SVMs and virtual machines is automatically deleted. You can remove this information from Kaspersky Security Center Administration Console manually after uninstalling the solution.

In this Help section

Removing SVMs using the Integration Server Console

Removing the Light Agent for Linux

Removing Kaspersky Security Center Network Agent on virtual machines

Removing the Integration Server and Integration Server Console

Removing Kaspersky Security management plug-ins

Page top
[Topic 246435]

Removing SVMs using the Integration Server Console

You can remove SVMs using the SVM Management Wizard, which is launched in the Integration Server Console.

To remove SVMs using the SVM Management Wizard:

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the SVM management section, click the SVM management button to start the SVM Management Wizard.
  3. Follow the wizard instructions.

In this section

Selecting an action

Selecting SVMs to remove

Starting SVM removal

SVM removal

Finishing SVM removal

Page top
[Topic 256283]

Selecting an action

At this step, select the SVM removal option.

Proceed to the next step of the wizard.

Page top
[Topic 151247]

Selecting SVMs to remove

At this step, select the SVMs that you want to remove.

The table displays information about virtual infrastructures, to which the connection is configured for SVM Management Wizard, as well as information about the deployed SVMs:

  • Name/Address

    Depending on the type of virtual infrastructure, the column may contain the following:

    • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
    • IP address or the fully qualified domain name of the hypervisor
    • IP address or the fully qualified domain name of the Keystone microservice
    • Name of the OpenStack domain
    • Name of the OpenStack project
    • Name of the SVM deployed on the hypervisor

    If the connection with the virtual infrastructure could not be established, the warning icon is displayed against this connection in the column. A description of the connection error is shown in the table and in the tooltip of the warning icon.

  • State

    This column contains information on the state of the virtual infrastructure object or the SVM.

    For the hypervisor, one of the following values is specified: Enabled or Disabled. If a connection to the hypervisor cannot be established, the column shows Disconnected.

    For the Keystone microservice, the OpenStack project, and the OpenStack domain, one of the following values is specified: Enabled or Disconnected.

    One of the following values is specified for an SVM: Enabled, Disabled.

  • Protection

    This column contains the SVM version number.

  • Type

    This column contains the type of virtual infrastructure object that the SVM Management Wizard will connect to.

    For a virtual infrastructure on the VK Cloud platform, Keystone microservice (OpenStack platform) is displayed as the type of virtual infrastructure object to which the SVM Management Wizard connects.

You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.

To select the SVMs to remove:

In the table, select the check boxes on the left of the SVMs that you want to remove.

If SVMs are being removed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous removal of SVMs deployed in different infrastructures is not supported. You can remove SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

The simultaneous removal of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously remove SVMs deployed within OpenStack projects that are running on the same Keystone microservice.

If the list contains no virtual infrastructure, from which you want to remove the SVM, you must configure SVM Management Wizard connection to this infrastructure.

To configure the connection of SVM Management Wizard to the virtual infrastructure:

  1. Click the Add button.
  2. In the Virtual infrastructure connection settings window that opens, specify the following settings:
    • Type

      Type of virtual infrastructure object that SVM Management Wizard will connect to.

      Depending on the type of virtual infrastructure, select a hypervisor, virtual infrastructure administration server, or Keystone microservice.

      For a virtual infrastructure on the VK Cloud platform, select Keystone microservice (OpenStack platform) as the type of virtual infrastructure object to which you want SVM Management Wizard to connect.

    • Protocol

      Protocol used to connect SVM Management Wizard to the virtual infrastructure. By default, the HTTPS protocol is used.

      The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • Addresses

      Addresses of the virtual infrastructure objects that SVM Management Wizard will connect to.

      Depending on the type of virtual infrastructure, you need to specify the hypervisor address or the address of the virtual infrastructure administration server. To connect to an OpenStack-based infrastructure, you need to specify the address of the Keystone microservice.

      The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN).

      You can specify multiple addresses by separating them with a semicolon, a space, or a new line. The number of correctly recognized addresses is shown under the list of addresses.

      In this field, you can also specify the port used to connect to the virtual infrastructure object in the format <IP address>:<port>.

      If you are configuring a connection to Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service, you can specify the address of the cluster. All hypervisors that are part of the cluster will be added to the list.

      If you are configuring a connection to VMware ESXi hypervisors managed by VMware vCenter Servers running in Linked mode, you can specify the address of any of these VMware vCenter Servers. All the hypervisors running on VMware vCenter servers in Linked mode will be added to the list.

      If you are configuring a connection to hypervisors that are managed by Microsoft SCVMM, you can specify the settings for connecting to Microsoft SCVMM. All hypervisors that are managed by Microsoft SCVMM will be added to the list.

      If you are configuring a connection to an infrastructure managed by Nutanix Prism Element, you need to specify the Nutanix Prism Element address. If the infrastructure is managed by Nutanix Prism Central, specify the Nutanix Prism Central address. All Nutanix Prism Element servers managed by Nutanix Prism Central will be added to the list.

    • OpenStack domain

      Name of the

      that contains an account used to connect SVM Management Wizard to the virtual infrastructure object.

      The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • User name

      Name of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration. This account must have privileges that are sufficient for SVM deployment, removal and reconfiguration.

      If you use a domain account to connect to a virtual infrastructure object, you can specify the account name in the <domain>\<user name> or <user name>@<domain> format.

    • Password

      Password of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.

  3. Click the Connect button.

    The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.

    The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.

    Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

    For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.

    To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

    If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.

    If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.

    If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.

You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

You can use buttons in the Name/address column to:

  • Remove selected virtual infrastructure from the list.

    The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.

  • If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.

    After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

Proceed to the next step of the wizard.

Page top
[Topic 265507]

Starting SVM removal

At this step, the Wizard window shows the number of SVMs selected for removal.

To start removing SVMs, proceed to the next step of the wizard.

Page top
[Topic 151249]

SVM removal

At this step, SVMs are removed from hypervisors. The process takes some time. Please wait until the process is complete.

The window displays information about the removal of each SVM, including the status of its progress, one row at a time: Processing N%, Pending, Skipped, Completed, Error.

Proceed to the next step of the wizard.

Page top
[Topic 151250]

Finishing SVM removal

This step displays information about the SVM removal results in the virtual infrastructure.

The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.

You can view the following information in the brief report:

  • Addresses of the hypervisors from which SVMs were removed, or names of the OpenStack projects within which SVMs were removed (depending on type of the virtual infrastructure).
  • Names of removed SVMs.
  • Brief description of the completed stages of removal of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.

The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.

If the SVM removal process ends with an error, you can use the SVM Management Wizard log when contacting Technical Support.

The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.

Finish the wizard.

Page top
[Topic 151251]

Removing the Light Agent for Linux

You can remove Light Agent for Linux from a virtual machine in one of the following ways:

  • Locally from the command line. For more details, see the Kaspersky Endpoint Security for Linux Help.
  • Remotely using Kaspersky Security Center. Uninstallation is performed using a Remote Application Removal task in the Kaspersky Security Center Administration Console or in the Kaspersky Security Center Web Console. See Kaspersky Security Center help for more information.
Page top
[Topic 256345]

Removing Kaspersky Security Center Network Agent on virtual machines

You can remove Network Agent from a virtual machine in one of the following ways:

  • Locally from the command line. For more details, see the Kaspersky Endpoint Security for Linux Help.
  • Remotely using Kaspersky Security Center. Uninstallation is performed using a Remote Application Removal task in the Kaspersky Security Center Administration Console or in the Kaspersky Security Center Web Console. See the Kaspersky Security Center Help for more information.
Page top
[Topic 256347]

Removing the Integration Server and Integration Server Console

The procedure for removing the Integration Server depends on which version of Kaspersky Security Center you are using to manage the Kaspersky Security solution:

  • If you are using a Windows-based Kaspersky Security Center, and in accordance with the recommendations of Kaspersky experts, you used the Kaspersky Security components installation wizard to install the Integration Server and Integration Server Console, we recommend removing using the wizard as well.

    You can remove the Integration Server and Integration Server Console by using the Kaspersky Security Components Installation Wizard in interactive mode or in silent mode.

  • If you are using Kaspersky Security Center Linux, the Kaspersky Security Components Installation Wizard cannot be used to remove the Integration Server and Integration Server Console. Removal is performed manually.

When removing the Integration Server, you can save the following data used in the operation of the Integration Server for Kaspersky Security for Virtualization 6.1 Light Agent:

  • The SSL certificate used to establish a secure connection to the Integration Server.
  • Accounts for connecting the Integration Server Console, SVM, and Light Agents to the Integration Server.
  • Settings for connecting the Integration Server to hypervisors, virtual infrastructure administration servers, NSX Manager, Kaspersky Security Center Administration Server.
  • if the Kaspersky Security solution is used in multi-tenancy mode: a list of registered tenants and information about the time that virtual machines were protected by the solution.
  • SVM service data.
  • Trace files of the Integration Server and Integration Server Console.

A backup copy of the Integration Server data from the previous version of Kaspersky Security can also be saved if you saved a backup copy of the database and settings and the certificate of the Integration Server in the default folder (%ProgramData%\Kaspersky Lab\VIISLA\Backup\) when upgrading the solution to Kaspersky Security for Virtualization 6.1 Light Agent.

The saved data and settings are automatically used when you install the Integration Server again.

If you remove the Integration Server without saving the data, then along with the Integration Server, all data used in the operation of the Integration Server for the version of Kaspersky Security for Virtualization 6.1 Light Agent is deleted, as well as the backup copy of the data from the Integration Server of the previous version of Kaspersky Security, if the backup copy is located in the default folder.

If, when saving a backup copy of the Integration Server data from the previous version of Kaspersky Security, you specified a different folder than the default folder, then when you remove the Integration Server, the backup copy of the data is not deleted automatically. You can delete a backup copy of Integration Server data manually.

If you are using Kaspersky Security for Virtualization 5.2 Light Agent to protect virtual machines running Windows guest operating systems, the removal procedure will only remove information about Kaspersky Security for Virtualization 6.1 Light Agent from the operating system. The Integration Server and Integration Server Console components will not be removed, because they are used in Kaspersky Security version 5.2. You can remove the Integration Server and Integration Server Console during uninstallation of Kaspersky Security for Virtualization 5.2 Light Agent.

In this section:

Removing using the Kaspersky Security Components Installation Wizard

Removing manually

Page top
[Topic 256348]

Removing using the Kaspersky Security Components Installation Wizard

If you want to save the data used in the operation of the Integration Server, you need to remove the Integration Server using the Kaspersky Security Components Installation Wizard in interactive mode.

To remove the Integration Server and Integration Server Console in interactive mode,

  1. in the list of applications installed on the operating system, select to remove Kaspersky Security for Virtualization <version number> Light Agent – management components.
  2. If you want to save the Integration Server data, click the Save button in the window prompting you to save data.

To remove the Integration Server and Integration Server Console in silent mode,

in the command line, enter the following:

ksvla-components_<version number>_mlg.exe -q -uninstall

where <version number> is the version number of the solution in X.X.X.X format.

Page top
[Topic 265901]

Removing manually

To remove the Integration Server Console, run the following command:

msiexec.exe /X {753E48D9-53CA-41E9-9964-25E18BE21C78} /qn

To remove the Integration Server while preserving the data used by the Integration Server, run the following command:

msiexec.exe /X {D7A8D92A-A48F-421C-BC86-E3052F35FCAD} SAVE_SETTINGS="1" /qn

To remove the Integration Server without preserving the data used by the Integration Server, run the following command:

msiexec.exe /X {D7A8D92A-A48F-421C-BC86-E3052F35FCAD} SAVE_SETTINGS="0" /qn

Page top
[Topic 146913]

Removing Kaspersky Security management plug-ins

Removing web plug-ins

The web plug-ins can be removed in the Kaspersky Security Center Web Console in the list of installed plug-ins (Settings → Web plug-ins).

Removing MMC plug-ins

We recommend closing the Kaspersky Security Center Administration Console before starting the removal of the management MMC plug-ins.

The Protection Server MMC plug-in is removed using the standard tools for removing applications of the operating system of the device where Kaspersky Security Center Administration Console is installed.

To remove the MMC plug-in for managing Light Agent for Linux (Kaspersky Endpoint Security for Linux running in Light Agent mode):

  1. On the device where the Kaspersky Security Center Administration Console is installed, open the Windows registry editor and go to the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\28\Plugins key.

    This key contains the data of all management plug-ins installed in the Administration Console. The name of the managed application is specified in the DisplayName value.

  2. Select the key that corresponds to the plug-in of the Kaspersky Endpoint Security for Linux of the relevant version.
  3. Open the UninstallString value and copy it.
  4. Open the command line prompt as administrator, paste the copied value and press Enter.
Page top
[Topic 197230]