Protecting the connection between the Light Agent and the Protection Server
You can configure encryption of the connection between Light Agents and Protection Servers. To do this, you need to enable encryption of the data channel between the Light Agent and the Protection Server in the Protection Server settings on the SVM and in the Light Agent settings.
A Light Agent for which connection protection is enabled can only connect to SVMs for which encryption of the data channel between the Light Agent and the Protection Server is enabled. A Light Agent for which connection protection is disabled can only connect to SVMs for which channel encryption is disabled or an unsecure connection between the Protection Server and the Light Agent is allowed.
Using encryption to protect the connection may slow the performance of the Kaspersky Security solution.
Page top
[Topic 254889]
Configuring connection protection on the Protection Server
You can use the Web Console or the Administration Console to configure connection protection on the Protection Server in a Protection Server policy.
Expand all | Collapse all
How to configure connection protection on the Protection Server in Kaspersky Security Center Web Console
To configure connection protection on the Protection Server:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies and policy profiles.
A list of policies opens.
- Select the administration group containing the SVM with the Protection Server whose settings you want to configure. To do so, click the link in the Current path field located above the list of policies and policy profiles, and select an administration group in the window that opens.
The list displays only the policies configured for the selected administration group.
- Click on the name of the desired policy in the list.
- In the policy properties window that opens, select the Application settings tab and go to the Connection protection section.
- In the right part of the window, configure the following settings:
- Encrypt data channel between Light Agent and the Protection Server
Encrypt the connection between Light Agents and Protection Servers.
If the check box is selected, a secure connection is established between the Light Agent and the policy-controlled Protection Server after the Light Agent connects to the SVM with this Protection Server. A Light Agent can connect to an SVM that has connection protection enabled only if the Light Agent also has connection protection enabled or the SVM allows unsecure connections.
If the check box is cleared, an unsecure connection is established between the Light Agent and the Protection Server after the Light Agent connects to the SVM with this Protection Server.
This check box is cleared by default.
- Allow nonsecure connection if secure connection cannot be established
Allow an unsecure connection between Light Agents and Protection Servers.
If the check box is selected, an unsecure connection may be established between Light Agents and policy-controlled Protection Servers if a secure connection cannot be established.
If the check box is cleared, only a secure connection can be established between Light Agents and policy-controlled Protection Servers. A Light Agent will not be able to connect to the SVM if a secure connection cannot be established to the Protection Server on this SVM.
This check box is cleared by default.
Only Light Agents for which connection protection is configured will connect to SVMs with Protection Servers managed by this policy.
- Click the Save button.
How to configure connection protection on the Protection Server in Kaspersky Security Center Administration Console
To configure connection protection on the Protection Server:
- In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the SVM with the Protection Server whose settings you want to configure.
- In the workspace, select the Policies tab.
- Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
- In the policy properties window, select the Connection protection section in the list on the left.
- In the right part of the window, configure the following settings:
- Encrypt data channel between Light Agent and the Protection Server
Encrypt the connection between Light Agents and Protection Servers.
If the check box is selected, a secure connection is established between the Light Agent and the policy-controlled Protection Server after the Light Agent connects to the SVM with this Protection Server. A Light Agent can connect to an SVM that has connection protection enabled only if the Light Agent also has connection protection enabled or the SVM allows unsecure connections.
If the check box is cleared, an unsecure connection is established between the Light Agent and the Protection Server after the Light Agent connects to the SVM with this Protection Server.
This check box is cleared by default.
- Allow nonsecure connection if secure connection cannot be established
Allow an unsecure connection between Light Agents and Protection Servers.
If the check box is selected, an unsecure connection may be established between Light Agents and policy-controlled Protection Servers if a secure connection cannot be established.
If the check box is cleared, only a secure connection can be established between Light Agents and policy-controlled Protection Servers. A Light Agent will not be able to connect to the SVM if a secure connection cannot be established to the Protection Server on this SVM.
This check box is cleared by default.
Only Light Agents for which connection protection is configured will connect to SVMs with a Protection Server managed by this policy.
- Click the Apply button.
[Topic 254959]
Configuring connection protection on the Light Agent
You can configure the settings for connection protection on the Light Agent in the Light Agent policy (in the policy of the application running in Light Agent mode). Connection protection settings for Light Agent for Windows are also available in the local interface of Kaspersky Endpoint Security for Windows.
By default, protection of the connection between Light Agents and the Protection Server is disabled. To enable connection protection, select the Encrypt data channel between Light Agent and the Protection Server check box.
If the check box is selected, a secure connection is established between the Light Agent, which is managed by policy, and the Protection Server on the SVM that the Light Agent is connecting to. A Light Agent for which connection protection is enabled can only connect to an SVM on which connection protection is enabled or an unprotected connection to the Protection Server is allowed.
If the check box is cleared, an unprotected connection is established between the Light Agent and the Protection Server on the SVM that the Light Agent is connecting to.
For details about configuring the applications running in Light Agent mode, see the Help for the relevant application.
Page top
[Topic 254958]