Kaspersky Security for Virtualization 6.2 Light Agent

Removing the Kaspersky Security solution

Virtual machines and user data will no longer be protected if the Kaspersky Security solution is uninstalled.

The procedure to uninstall the Kaspersky Security solution from the virtual infrastructure consists of the following stages:

  1. Removing Protection Servers

    To remove the Protection Server component, remove the deployed SVM from the virtual infrastructure.

    If you completely uninstall the Kaspersky Security solution, you need to remove all SVMs. If necessary, you can remove only some of the SVMs.

    After removal of SVM, protected virtual machines that were connected to it, can connect to another SVM that operates in the virtual infrastructure.

  2. Removing Light Agents and Kaspersky Security Center Network Agent

    You need to remove the following from virtual machines and virtual machine templates:

    • Light Agent (Kaspersky Endpoint Security for Linux or Kaspersky Endpoint Security for Windows installed in Light Agent mode)
    • Kaspersky Security Center Network Agent
  3. Removing the Integration Server

    Depending on the version of Integration Server you were using, you need to remove the Windows-based Integration Server and Integration Server Console or the Linux-based Integration Server.

  4. Removing Kaspersky Security management plug-ins

    You need to remove the management web plug-ins on the device where Kaspersky Security Center Web Console is installed, or the management MMC plug-ins on the device where the Kaspersky Security Center Administration Console is installed.

After the Protection Server and Light Agent components are removed, the SVMs and virtual machines on which Light Agents were installed are still displayed in the Kaspersky Security Center Administration Console. After the expiration of the period specified in the Kaspersky Security Center settings (see the Kaspersky Security Center help), information about the SVMs and virtual machines is automatically deleted. You can remove this information from Kaspersky Security Center Administration Console manually after uninstalling the solution.

In this Help section

Removing the Protection Server

Removing Light Agents and Network Agent

Removing the Windows-based Integration Server and Integration Server Console

Removing the Linux-based Integration Server

Removing Kaspersky Security management plug-ins

Page top
[Topic 246435]

Removing the Protection Server

You can remove an SVM from the virtual infrastructure in the following ways:

You can also remove SVMs manually using virtual infrastructure tools.

If you have removed all SVMs from a virtual infrastructure, we recommend deleting the connection settings for that virtual infrastructure from the list of virtual infrastructures to which the Integration Server connects to get information about the protected infrastructure. If you are using the Integration Server Console, we also recommend deleting the connection settings of that virtual infrastructure from the list of virtual infrastructure objects to which the SVM Management Wizard connects (see, for example, the "Selecting SVMs to remove" step in the SVM removal procedure).

In this section:

SVM removal using the Integration Server Web Console

Removing SVMs using the Integration Server Console

Page top
[Topic 256296]

SVM removal using the Integration Server Web Console

To remove an SVM using Integration Server Web Console, you need to create and run an SVM removal task for the Integration Server to remove the selected SVM.

After it starts, the task appears in the task list in Integration Server Web Console, in the SVM management section, and is added to the task queue on the Integration Server. You can view information about each task and its execution status.

When the task completes successfully, the selected SVM is removed.

To create and run an SVM removal task for the Integration Server:

  1. Open Integration Server Web Console and connect to the Integration Server.
  2. Go to the SVM management section.
  3. Click the New task button and select SVM removal from the drop-down list.

    The Integration Server New Task Wizard will start.

  4. Follow the wizard instructions.
Page top
[Topic 256290]

Selecting SVMs to remove

In this step, you need to select one or more SVMs that you want to remove.

The table displays information about the virtual infrastructures to which connections are configured for the Integration Server. The table also contains information about deployed SVMs. Each row of the table displays the following information about the virtual infrastructure object:

  • Name/Address

    This column contains the IP addresses or fully qualified domain names (FQDN) of the virtual infrastructure objects to which the Integration Server connects, and the names of the SVMs deployed on the hypervisors.

    Depending on the type of virtual infrastructure, the column may display:

    • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
    • IP address or the fully qualified domain name of the hypervisor
    • IP address or the fully qualified domain name of the Keystone microservice
    • OpenStack project and domain name.
  • Status

    This column contains information about the status of the Integration Server's connection to the virtual infrastructure, the state of the infrastructure objects to which the connection is made, and the state of the SVMs deployed in the infrastructure.

    If the Integration Server is not connected to the virtual infrastructure object, the column displays an error message.

  • SVM version

    This column contains the SVM version number.

  • Infrastructure object type

    The column contains the type of the virtual infrastructure object that the Integration Server will connect to.

You can search the list of virtual infrastructure objects based on the Name/Address column. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the search field.

You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Integration Server verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

If the virtual infrastructure from which you want to remove the SVM is not in the list, you need to configure a connection from the Integration Server to this virtual infrastructure.

To select the SVMs to remove:

In the table, select the check boxes on the left of the SVMs that you want to remove.

If SVMs are being removed from an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous reconfiguration of SVMs deployed in different infrastructures is not supported. You can remove SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

The simultaneous removal of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously remove SVMs deployed within OpenStack projects that are running on the same Keystone microservice.

Proceed to the next step of the wizard.

Page top
[Topic 274313]

Start an SVM removal task

This step displays information about the SVMs that will be removed by the task.

To start the SVM removal task, click the Start button.

You can monitor the task progress in Integration Server Web Console, in the SVM management section.

Page top
[Topic 274249]

Removing SVMs using the Integration Server Console

You can remove SVMs using the SVM Management Wizard, which is launched in the Integration Server Console.

To remove SVMs using the SVM Management Wizard:

  1. Open Integration Server Console and connect to the Integration Server.
  2. In the SVM management section, click the SVM management button to start the SVM Management Wizard.
  3. Follow the wizard instructions.

In this section

Selecting an action

Selecting SVMs to remove

Starting SVM removal

SVM removal

Finishing SVM removal

Page top
[Topic 256283]

Selecting an action

At this step, select the SVM removal option.

Proceed to the next step of the wizard.

Page top
[Topic 151247]

Selecting SVMs to remove

At this step, select the SVMs that you want to remove.

The table displays information about virtual infrastructures, to which the connection is configured for SVM Management Wizard, as well as information about the deployed SVMs:

  • Name/Address

    Depending on the type of virtual infrastructure, the column may contain the following:

    • IP address or the fully qualified domain name (FQDN) of the virtual infrastructure administration server
    • IP address or the fully qualified domain name of the hypervisor
    • IP address or the fully qualified domain name of the Keystone microservice
    • Name of the OpenStack domain
    • Name of the OpenStack project
    • Name of the SVM deployed on the hypervisor

    If the connection with the virtual infrastructure could not be established, the warning icon is displayed against this connection in the column. A description of the connection error is shown in the table and in the tooltip of the warning icon.

  • State

    This column contains information on the state of the virtual infrastructure object or the SVM.

    For the hypervisor, one of the following values is specified: Enabled or Disabled. If a connection to the hypervisor cannot be established, the column shows Disconnected.

    For the Keystone microservice, the OpenStack project, and the OpenStack domain, one of the following values is specified: Enabled or Disconnected.

    One of the following values is specified for an SVM: Enabled, Disabled.

  • Protection

    This column contains the SVM version number.

  • Type

    This column contains the type of virtual infrastructure object that the SVM Management Wizard will connect to.

You can search the list of virtual infrastructure objects. The search is performed based on the value of the Name/Address. The search starts as you type in the Search field. The table displays only those virtual infrastructure objects that meet the search criteria. To reset the search results, delete the contents of the Search field.

To select the SVMs to remove:

In the table, select the check boxes on the left of the SVMs that you want to remove.

If SVMs are being removed in an infrastructure based on the OpenStack platform, VK Cloud platform, or TIONIX Cloud Platform, simultaneous removal of SVMs deployed in different infrastructures is not supported. You can remove SVMs in only one of these infrastructures at a time, or in one or more infrastructures of other types.

The simultaneous removal of SVMs within OpenStack projects, which are running on different Keystone microservices, is not supported. You can simultaneously remove SVMs deployed within OpenStack projects that are running on the same Keystone microservice.

If the list contains no virtual infrastructure, from which you want to remove the SVM, you must configure SVM Management Wizard connection to this infrastructure.

To configure the connection of SVM Management Wizard to the virtual infrastructure:

  1. Click the Add button.
  2. In the Virtual infrastructure connection settings window that opens, specify the following settings:
    • Type

      Type of virtual infrastructure object that SVM Management Wizard will connect to.

      Depending on the type of virtual infrastructure, select a hypervisor, virtual infrastructure administration server, or Keystone microservice.

    • Protocol

      Protocol used to connect SVM Management Wizard to the virtual infrastructure. By default, the HTTPS protocol is used.

      The Protocol field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • Addresses

      Addresses of the virtual infrastructure objects that SVM Management Wizard will connect to.

      Depending on the type of virtual infrastructure, you need to specify the hypervisor address or the address of the virtual infrastructure administration server. To connect to an OpenStack-based infrastructure, you need to specify the address of the Keystone microservice.

      The address can be specified as the IP address in IPv4 format or the fully qualified domain name (FQDN).

      You can specify multiple addresses by separating them with a semicolon, a space, or a new line. The number of correctly recognized addresses is shown under the list of addresses.

      In this field, you can also specify the port used to connect to the virtual infrastructure object in the format <IP address>:<port>.

      If you are configuring a connection to Microsoft Windows Server (Hyper-V) hypervisors that are part of a hypervisor cluster managed by the Windows Failover Clustering service, you can specify the address of the cluster. All hypervisors that are part of the cluster will be added to the list.

      If you are configuring a connection to VMware ESXi hypervisors managed by VMware vCenter Servers running in Linked mode, you can specify the address of any of these VMware vCenter Servers. All the hypervisors running on VMware vCenter servers in Linked mode will be added to the list.

      If you are configuring a connection to hypervisors that are managed by Microsoft SCVMM, you can specify the settings for connecting to Microsoft SCVMM. All hypervisors that are managed by Microsoft SCVMM will be added to the list.

      If you are configuring a connection to an infrastructure managed by Nutanix Prism Element, you need to specify the Nutanix Prism Element address. If the infrastructure is managed by Nutanix Prism Central, specify the Nutanix Prism Central address. All Nutanix Prism Element servers managed by Nutanix Prism Central will be added to the list.

    • OpenStack domain

      Name of the

      that contains an account used to connect SVM Management Wizard to the virtual infrastructure object.

      The OpenStack domain field is displayed if you are configuring a connection to a virtual infrastructure based on the OpenStack platform, VK Cloud platform or TIONIX Cloud Platform.

    • User name

      Name of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration. This account must have privileges that are sufficient for SVM deployment, removal and reconfiguration.

      If you use a domain account to connect to a virtual infrastructure object, you can specify the account name in the <domain>\<user name> or <user name>@<domain> format.

    • Password

      Password of the user account that the SVM Management Wizard uses to connect to the virtual infrastructure during SVM deployment, removal and reconfiguration.

  3. Click the Connect button.

    The Virtual infrastructure connection settings window closes. The Wizard adds the selected virtual infrastructure objects to the list and attempts to establish a connection.

    The Wizard verifies the authenticity of all virtual infrastructure objects with which the connection is established.

    Authenticity is not verified for a Microsoft Windows Server (Hyper-V) hypervisor.

    For Keystone microservices, authenticity is verified only when using the HTTPS protocol to connect the SVM Management Wizard to the virtual infrastructure.

    To verify authenticity, the Wizard receives the SSL certificate or fingerprint of the public key from each virtual infrastructure object and verifies them.

    If the authenticity of the received certificate(s) cannot be established, the Verify certificate window opens with a message about this. Click the link in this window to view the details of the received certificate. If the certificate complies with the security policy of your organization, you can confirm the authenticity of the certificate and continue connecting to the virtual infrastructure object. The received certificate will be installed as a trusted certificate on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this certificate to be authentic, click the Cancel button in the Verify certificate window to disconnect, and replace the certificate with a new one.

    If the authenticity of the open key could not be established, the Verify public key fingerprint window opens with a message about this. You can confirm the authenticity of the open key and continue the connection. The open key fingerprint will be saved on the device where the Kaspersky Security Center Administration Console is installed. If you do not consider this open key to be authentic, click the Cancel button in the Verify public key fingerprint window to terminate the connection.

    If a connection cannot be established with a virtual infrastructure object, information about the connection errors is displayed in the table.

You can update the list of virtual infrastructure objects using the Refresh button above the table. When updating a list, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

You can use buttons in the Name/Address column to:

  • Remove selected virtual infrastructure from the list.

    The Integration Server continues to connect to the virtual infrastructure removed from this list, and to receive the information required for SVM operation.

  • If you cannot connect to the virtual infrastructure, open the Virtual infrastructure connection settings window to change the settings of the account used to make the connection.

    After the settings are modified, the Wizard verifies the SSL certificates or fingerprints of the public key, just like what happens when adding virtual infrastructure objects to the list.

Proceed to the next step of the wizard.

Page top
[Topic 265507]

Starting SVM removal

At this step, the Wizard window shows the number of SVMs selected for removal.

To start removing SVMs, proceed to the next step of the wizard.

Page top
[Topic 151249]

SVM removal

At this step, SVMs are removed from hypervisors. The process takes some time. Please wait until the process is complete.

The window displays information about the removal of each SVM, including the status of its progress, one row at a time: Processing N%, Pending, Skipped, Completed, Error.

Proceed to the next step of the wizard.

Page top
[Topic 151250]

Finishing SVM removal

This step displays information about the SVM removal results in the virtual infrastructure.

The wizard displays links that you can use to open a brief report and the SVM Management Wizard log.

You can view the following information in the brief report:

  • Addresses of the hypervisors from which SVMs were removed, or names of the OpenStack projects within which SVMs were removed (depending on type of the virtual infrastructure).
  • Names of removed SVMs.
  • Brief description of the completed stages of removal of each SVM, including the start and end times of each stage. If an error occurred during a particular stage, the relevant information is reflected in the report.

The brief report is saved in a temporary file. To be able to use information from the report later, save the log file in a permanent storage location.

If the SVM removal process ends with an error, you can use the SVM Management Wizard log when contacting Technical Support.

The SVM Management Wizard log is saved on the device where the wizard was launched, in the file %LOCALAPPDATA%\Kaspersky Lab\Kaspersky VIISLA Console\logs\KasperskyDeployWizard_<file creation date and time>.log and does not contain account passwords. A new log file is created each time the wizard starts.

Finish the wizard.

Page top
[Topic 151251]

Removing Light Agents and Network Agent

You can remove Light Agent and Kaspersky Security Center Network Agent from a virtual machine using Kaspersky Security Center. Uninstallation is performed using a Remote Application Removal task in the Kaspersky Security Center Administration Console or in the Kaspersky Security Center Web Console. For details, please refer to the Kaspersky Security Center help.

For other removal methods, see the Help of the application that you are using in Light Agent mode.

Page top
[Topic 197237]

Removing the Windows-based Integration Server and Integration Server Console

The procedure for removing the Windows-based Integration Server depends on which version of Kaspersky Security Center you are using to manage the Kaspersky Security solution:

  • If you are using Kaspersky Security Center Windows, and in accordance with the recommendations of Kaspersky experts, you used the Kaspersky Security components installation wizard to install the Integration Server and Integration Server Console, we recommend removing using the wizard as well.

    You can remove the Integration Server and Integration Server Console by using the Kaspersky Security Components Installation Wizard in interactive mode or in silent mode.

  • If you are using Kaspersky Security Center Linux, the Kaspersky Security Components Installation Wizard cannot be used to remove the Integration Server and Integration Server Console. Removal is performed manually.

You can remove the Integration Server without preserving the data used by the Integration Server.

If you remove the Integration Server and preserve its data, the following data of the Integration Server will be saved:

  • The SSL certificate used to establish a secure connection to the Integration Server.
  • Internal accounts of the Integration Server, which are used to connect management consoles, SVMs, and Light Agents to the Integration Server.
  • Settings for connecting the Integration Server to hypervisors, virtual infrastructure administration servers, NSX Manager, Kaspersky Security Center Administration Server.
  • if the Kaspersky Security solution is used in multi-tenancy mode: a list of registered tenants and information about the time that virtual machines were protected by the solution.
  • SVM service data.
  • Trace files of the Integration Server and Integration Server Console.

A backup copy of the Integration Server data from the previous version of Kaspersky Security can also be saved if you saved a backup copy of the database and settings and the certificate of the Integration Server in the default folder (%ProgramData%\Kaspersky Lab\VIISLA\Backup\) when upgrading the solution to Kaspersky Security for Virtualization 6.2 Light Agent.

The saved data and settings are automatically used when you install the Integration Server again.

If you remove the Integration Server without preserving its data, all data used in the operation of the Integration Server, as well as the backup copy of the Integration Server data from the previous version of Kaspersky Security, are removed along with the Integration Server if the backup copy is located in the default folder.

If, when saving a backup copy of the Integration Server data from the previous version of Kaspersky Security, you specified a different folder than the default folder, then when you remove the Integration Server, the backup copy of the data is not deleted automatically. You can delete a backup copy of Integration Server data manually.

In this section:

Removing using the Kaspersky Security Components Installation Wizard

Removing manually

Page top
[Topic 256348]

Removing using the Kaspersky Security Components Installation Wizard

If you want to save the data used in the operation of the Integration Server, you need to remove the Integration Server using the Kaspersky Security Components Installation Wizard in interactive mode.

To remove the Integration Server and Integration Server Console in interactive mode,

  1. in the list of applications installed on the operating system, select to remove Kaspersky Security for Virtualization <version number> Light Agent – management components.
  2. If you want to save the Integration Server data, click the Save button in the window prompting you to save data.

To remove the Integration Server and Integration Server Console in silent mode,

in the command line, enter the following:

ksvla-components_<version number>_mlg.exe -q -uninstall

where <version number> is the version number of the solution in X.X.X.X format.

Page top
[Topic 265901]

Removing manually

To remove the Integration Server Console, run the following command:

msiexec.exe /X {87C1E11A-03CA-45F7-8693-117909354B43} /qn

To remove the Integration Server while preserving the data used by the Integration Server, run the following command:

msiexec.exe /X {4239BB9B-1D87-427D-9C5D-26D8444BE585} SAVE_SETTINGS="1" /qn

To remove the Integration Server without preserving the data used by the Integration Server, run the following command:

msiexec.exe /X {4239BB9B-1D87-427D-9C5D-26D8444BE585} SAVE_SETTINGS="0" /qn

Page top
[Topic 146913]

Removing the Linux-based Integration Server

Removing the Integration Server will delete the SSL certificate used to establish a secure connection with the Integration Server, and all data used in the operation of the Integration Server: accounts, settings for connecting to infrastructures, information about tenants, and trace files. The data will be permanently deleted. If required, before starting the removal, create a backup copy of the database and Integration Server settings.

To remove the Linux-based Integration Server:

  1. Run the following command:

    sudo apt-get purge ksvla-viis

  2. When prompted, confirm the removal of the Integration Server.
Page top
[Topic 197227]

Removing Kaspersky Security management plug-ins

Removing web plug-ins

The web plug-ins can be removed in the Kaspersky Security Center Web Console in the list of installed plug-ins (Settings → Web plug-ins).

Removing MMC plug-ins

We recommend closing the Kaspersky Security Center Administration Console before starting the removal of the management MMC plug-ins.

The MMC plug-in for Protection Server and the MMC plug-in for Light Agent for Windows (Kaspersky Endpoint Security for Windows running in Light Agent mode) is are removed using the standard tools for uninstalling applications on the operating system on the device where the Kaspersky Security Center Administration Console is installed.

To remove the MMC plug-in for managing Light Agent for Linux (Kaspersky Endpoint Security for Linux running in Light Agent mode):

  1. On the device where the Kaspersky Security Center Administration Console is installed, open the Windows registry editor and go to the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\28\Plugins key.

    This key contains the data of all management plug-ins installed in the Administration Console. The name of the managed application is specified in the DisplayName value.

  2. Select the key that corresponds to the plug-in of the Kaspersky Endpoint Security for Linux of the relevant version.
  3. Open the UninstallString value and copy it.
  4. Open the command line prompt as administrator, paste the copied value and press Enter.
Page top
[Topic 197230]