Baixe o app para aproveitar ainda mais
Esta é uma pré-visualização de arquivo. Entre para ver o arquivo original
Kaspersky Technical Training Kaspersky Endpoint Security and Management Student Guide KL 002.11.1 Kaspersky Lab www.kaspersky.com Unit I. Deployment Introduction .................................................................................................................... 4 Basics of Kaspersky Endpoint Security for Business ................................................................................................... 4 Which products this course covers ......................................................................................................................... 4 What constitutes Kaspersky Security Center .......................................................................................................... 5 What constitutes Kaspersky Endpoint Security ...................................................................................................... 5 How Kaspersky Security Center manages computers ............................................................................................ 7 How the administrator manages protection via the Console ................................................................................. 9 How policies are applied to computers ................................................................................................................ 10 How policies work in groups................................................................................................................................ 10 How tasks are applied to computers .................................................................................................................... 11 How tasks work in groups .................................................................................................................................... 12 How Kaspersky Endpoint Security for Business is licensed ................................................................................. 13 What this course is about ............................................................................................................................................ 15 What we will tell you in this course and what not ................................................................................................ 15 Where to learn more about the products that fall out of this course scope .......................................................... 16 What this course includes .................................................................................................................................... 17 Chapter 1. How to deploy Kaspersky Endpoint Security for Business ........................ 18 1.1 What to install and in what order .......................................................................................................................... 18 1.2 How to organize the process ................................................................................................................................. 19 Chapter 2. How to install Kaspersky Security Center ................................................. 20 2.1 Requirements for the Administration Server ........................................................................................................ 20 Support for server versions of Windows .............................................................................................................. 20 Support for Windows workstations ...................................................................................................................... 21 Virtualization support .......................................................................................................................................... 21 Support for database management servers .......................................................................................................... 22 Additional software requirements ........................................................................................................................ 22 Minimum hardware requirements ........................................................................................................................ 23 2.2 Installation of the Administration Server .............................................................................................................. 23 Where to get the Kaspersky Security Center distribution .................................................................................... 23 Kaspersky Security Center installation shell........................................................................................................ 24 What you need to know before the installation .................................................................................................... 24 Setup wizard ......................................................................................................................................................... 25 Additional consoles and plugins .......................................................................................................................... 36 Installation results ............................................................................................................................................... 37 2.3 Installation of Kaspersky Security Center Web Console ...................................................................................... 39 Setup Wizard ........................................................................................................................................................ 39 Web Console services ........................................................................................................................................... 42 Interaction with Kaspersky Security Center ......................................................................................................... 43 Connecting to several Administration Servers ..................................................................................................... 43 Requirements for browsers .................................................................................................................................. 44 I-2 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management 2.4 Quick Start Wizard ................................................................................................................................................ 45 Tutorial ................................................................................................................................................................. 45 Configuring proxy server for Internet access ....................................................................................................... 46 Downloading information about plugins .............................................................................................................. 46 License installation .............................................................................................................................................. 47 Installing plugins .................................................................................................................................................. 49 Kaspersky Security Network ................................................................................................................................. 50 Creating tasks and policies .................................................................................................................................. 51 Network polling .................................................................................................................................................... 52 Configuring email notification ............................................................................................................................. 53 What to do next ..................................................................................................................................................... 53 Automatic license distribution .............................................................................................................................. 54 Chapter 3. How to install Kaspersky Endpoint Security on computers ...................... 55 3.1 Requirements for client computers ....................................................................................................................... 55 Kaspersky Endpoint Security 11 requirements for the operating system ............................................................. 55 The virtual platforms supported by Kaspersky Endpoint Security ....................................................................... 56 Minimum hardware requirements ........................................................................................................................ 57 Requirements for the Network Agent .................................................................................................................... 57 3.2 How to change KES components .......................................................................................................................... 58 Installation packages ............................................................................................................................................ 58 Settings of a Kaspersky Endpoint Security package ............................................................................................. 59 Network Agent package parameters ..................................................................................................................... 64 3.3 How to create a new installation package ............................................................................................................. 66 Why create installation packages ......................................................................................................................... 66 Package creation wizard ...................................................................................................................................... 67 3.4 How to create an installation package for KSWS ................................................................................................. 70 Which other protection applications are available for Windows Servers ............................................................ 70 Advantages of Kaspersky Security 10.1 for Windows Server ............................................................................... 71 Specifics of Kaspersky Security 10.1 for Windows Server ................................................................................... 72 Download the distribution of Kaspersky Security for Windows Server from the official support website ........... 73 Unpack the KSWS distribution on the administrator’s workstation ..................................................................... 74 Create an installation package of Kaspersky Security for Windows Server ........................................................ 74 Package creation wizard ...................................................................................................................................... 75 Components of Kaspersky Security 10.1 for Windows Server .............................................................................. 77 Additional settings of the Kaspersky Security 10.1 for Windows Server package ................................................ 78 3.5 Installation methods .............................................................................................................................................. 79 What to do prior to the installation ...................................................................................................................... 79 Available installation methods ............................................................................................................................. 80 3.6 How to remotely install Network Agent and Kaspersky Endpoint Security ......................................................... 81 Information on the main page of the management console .................................................................................. 81 Remote installation wizard ................................................................................................................................... 83 Where to monitor the installation ......................................................................................................................... 90 Installation results ................................................................................................................................................ 91 3.7 How to simplify local installation ......................................................................................................................... 92 Why install locally ................................................................................................................................................ 92 Standalone installation packages ......................................................................................................................... 92 How to create a standalone package .................................................................................................................... 93 What to do with standalone packages .................................................................................................................. 94 I-3 Introduction 3.8 How to install the Network Agent via Active Directory ....................................................................................... 96 How to install applications via Active Directory ................................................................................................. 96 How to publish the Network Agent package in Active Directory using a task ..................................................... 97 What the task changes in Active Directory .......................................................................................................... 98 3.9 How to uninstall incompatible applications .......................................................................................................... 99 Which programs are incompatible and why uninstall them ................................................................................. 99 What if there are incompatible applications? .................................................................................................... 100 How to find out if there are any incompatible applications ............................................................................... 102 How to uninstall incompatible applications that have not been found .............................................................. 103 How to display computers with an incompatible application ............................................................................ 105 How to uninstall incompatible applications using a task ................................................................................... 106 Chapter 4. How to organize computers into groups .................................................. 110 4.1 How to understand that the deployment has been completed ............................................................................. 110 Where to look for information about the deployment ......................................................................................... 110 Global statuses ................................................................................................................................................... 111 Device selections ................................................................................................................................................ 112 Reports ............................................................................................................................................................... 112 4.2 How the Administration Server discovers computers ......................................................................................... 114 Polling types ....................................................................................................................................................... 114 Where to configure polling................................................................................................................................. 114 Windows network polling ................................................................................................................................... 115 Active Directory polling ..................................................................................................................................... 117 IP range polling ................................................................................................................................................. 119 Where to monitor network polling ..................................................................................................................... 121 How to find out that the Server has discovered new computers ......................................................................... 122 4.3 How to create or import groups .......................................................................................................................... 123 Why create groups ............................................................................................................................................. 123 How to add a group ........................................................................................................................................... 124 Navigation within the group structure ............................................................................................................... 125 How to add a computer to a group .................................................................................................................... 125 How to import a group structure ....................................................................................................................... 126 4.4 How to add computers to groups automatically .................................................................................................. 128 Computer relocation rules ................................................................................................................................. 128 Configuring relocation rules .............................................................................................................................. 129 Conditions in relocation rules ............................................................................................................................ 130 How to synchronize groups with Active Directory ............................................................................................. 132 Tags .................................................................................................................................................................... 133 Rule application order ....................................................................................................................................... 134 I-4 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Introduction First of all, let us introduce the course and tell you which topics it covers and which it omits. You will also learn which solutions and products are studied in this course, what they consist of, how they interact and how they are licensed. Basics of Kaspersky Endpoint Security for Business Which products this course covers I-5 Introduction This course describes the Kaspersky Endpoint Security for Business solution that includes several Kaspersky Lab products. This course does not cover all products; it tells only about those that can help to protect a not-too-large Windows network. In our course, a not-too-large network means up to approximately 1,000 endpoints in a single location. Endpoints in this course are servers and workstations running Windows. To protect such a network, two Kaspersky Endpoint Security for Business products are necessary: — Kaspersky Endpoint Security for Windows—to protect computers against threats — Kaspersky Security Center—to centrally manage the protection Kaspersky Endpoint Security is an application that not only protects against malware and hackers, but also can control the users’ actions and encrypt files and drives. What constitutes Kaspersky Security Center Kaspersky Security Center consists of several programs: — Kaspersky Security Center Administration Server (“Administration Server”, “KSC Server” or simply “Server” wherever sounds unambiguous) stores all the settings, collects events, draws up reports, etc. It is the Server that manages protection on the administrator’s command. — The database server maintains the database where the KSC Server stores events and some of the settings. Other settings are stored on the drive among KSC Server installation files. — Kaspersky Security Center Network Agents (we will call them Network Agents, or simply Agents) connect Kaspersky Endpoint Security to the Administration Server: Receive settings for Kaspersky Endpoint Security from the Server, and send events to the server — Kaspersky Security Center Administration Console provides a management system interface for the administrator; the administrator configures parameters in the console, consults reports and events, and manages protection in general Two consoles are available: Traditional MMC and the new Web Console. What constitutes Kaspersky Endpoint Security Kaspersky Endpoint Security is a single application that includes numerous components. juliana.oliveira Nota inequivoco juliana.oliveira Nota entre I-6 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Protection components Kaspersky Security Network Requests the reputation of programs and web pages from Kaspersky Lab servers, provides the latest information about threats, protects against zero-day attacks and false positives Behavior Detection Monitors what applications do, but analyzes what a program does in general rather than its individual actions. Stops applications that behave as malware. In particular, stops programs that try to encrypt files Exploit Prevention Monitors which files start vulnerable programs, and blocks attempts to start executable files unless initiated by the user Host Intrusion Prevention Also monitors software activities on the computer. Does not allow programs that have bad or unknown reputation to change system settings and user’s files. Prevents them from fiddling around with the operating system and other software Remediation Engine Logs changes to the operating system and rolls back any changes performed by suspicious programs that have been detected by Behavior Detection, Exploit Prevention, or File Threat Protection File Threat Protection Scans files whenever the user or a program creates, changes, copies, or starts one. Blocks operations with malicious files, and quarantines these files Web Threat Protection Scans web pages and files that the user or programs download from the Internet. Blocks dangerous and phishing websites, prohibits downloading malicious files Mail Threat Protection Intercepts email messages, scans their text and attachments, deletes malicious files from messages Firewall Controls the connections established by the programs running on the computer, and the packets they receive or send. Blocks packets according to the configured rules. Does not allow an unknown program or a program that has bad reputation to establish connections Network Threat Protection Scans network packets that the computer receives. Blocks a connection if detects indications of a network attack BadUSB Attack Prevention Does not permit connecting new input devices (keyboards, etc.) to the computer without the user’s consent. Protects against USB devices that pretend to be keyboards and send malicious commands to the computer AMSI Protection Provider Is responsible for integration with Antimalware Scan Interface (AMSI) in Windows 10 and Windows Server 2016. AMSI is a Windows component that acts as an intermediary between applications and an antivirus solution. It enables scanning files, links, and scripts, even those that run in the memory without being saved to a hard drive Control components Application Control Blocks program start according to the configured rules. Can freeze a computer’s state and block any new applications. Device Control Blocks access to devices according to the configured rules. The administrator can prohibit access to all or some of removable drives, Wi-Fi adapters, or modems Web Control Blocks access to web pages according to the configured rules. The administrator can prohibit access to social networks, job search and news websites, torrent trackers, etc. Adaptive Anomaly Control Contains a set of heuristics for monitoring dangerous behavior that is characteristic of malware. Permits blocking suspicious activities non-typical of each specific computer. By default, the component runs in the 2-week training mode: It monitors activities, informs the administrator about them, and it is the administrator who makes the decision whether an activity is characteristic of a computer or not. I-7 Introduction Encryption components Full Disk Encryption Encrypts all drives’ contents. Protects files on notebooks, which may be lost or stolen File Level Encryption Encrypts individual files and folders according to the rules. Protects files on notebooks, which may be lost or stolen BitLocker Management Manages disk encryption via Microsoft BitLocker. Protects files on notebooks, which may be lost or stolen Other components and tasks Virus Scan Scans files on the specified schedule. Performs this more thoroughly than File Threat Protection. Update Downloads descriptions of threats and file reputations to the computers, provides protection when Kaspersky Security Network is inaccessible Endpoint Sensor Informs the Central Node of Kaspersky Anti-Targeted Attack Platform about the programs’ activities on the computers, helps to detect Advanced Persistent Threats Integrity check Ensures that nobody can modify Kaspersky Endpoint Security files Checking connection with KSN Checks KSN accessibility from endpoints For more details about the components and their settings, refer to Units II and III. How Kaspersky Security Center manages computers Let’s see how all components of Kaspersky Endpoint Security for Business interact. In a protected network, two programs are installed on each computer: — Kaspersky Endpoint Security, for protection — Kaspersky Security Center Network Agent, for management I-8 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management The Network Agent connects to the Administration Server on the specified schedule, and also if necessary. By default, a so-called synchronization takes place every 15 minutes. What the Server receives from computers For the administrator to see what’s happening in the network, Network Agent sends the following data to the server: Events As soon as logged When Kaspersky Endpoint Security finds malware, cannot download updates, cannot start components, etc. Statuses As soon as logged Kaspersky Endpoint Security is not running Databases are out of date KSN is inaccessible There are dangerous unprocessed objects Lists Once per synchronization interval List of known executable files List of vulnerable programs List of quarantined malicious objects List of unprocessed threats List of hardware List of installed software Kaspersky Endpoint Security settings During a synchronization Typically, Agents send only changes in the lists to the server. Once every several hours (3 hours for some lists, 12 hours for others), the Server completely synchronizes the lists with the computers. Administration Server accepts connections from the Network Agents on TCP port 13000. Agents establish TLS/SSL connections; they encrypt and compress data using the Administration Server certificate. What computers download from the Server For Kaspersky Endpoint Security to protect a computer in a way the administrator wants, the Network Agent downloads settings for Kaspersky Endpoint Security in the form of policies and tasks from the Server. During a synchronization, Network Agent compares tasks and policies on the computer with those of the Administration Server, and if the administrator has changed something on the server, the Agent downloads new tasks and policies. Usually, computers receive tasks and policies earlier than at a planned synchronization. Network Agents accept packets on UDP port 15000. If the Server wants an Agent to urgently connect to the Server, it sends a special signal to this port. When the administrator modifies a task or policy, the Administration Server contacts Agents on all computers to which this task or policy pertains. During a synchronization, policies are downloaded only by those computers that have not received the signal from the Server. The administrator can also send a synchronization request manually, via a computer’s shortcut menu in the Administration Console. Additionally, Agents connect to the Server to download updates for Kaspersky Endpoint Security. For this purpose, they also connect to port 13000 over an SSL connection. I-9 Introduction How the administrator manages protection via the Console The events and statuses sent by the Network Agents help the administrator understand what is happening in the network. The Administration Server summarizes statuses of individual computers and displays them on the main page of the Administration Console—the Monitoring tab of the Administration Server node. To better understand what is going on, the administrator can consult reports, which the Administration Server draws up based on events. There are many search and filter tools in the console that help to arrange events and computers according to various parameters. To specify settings for computer protection, the administrator creates tasks and policies in the console: — Tasks—for operations that have a logical termination. For example, update completes when Kaspersky Endpoint Security receives all new threat descriptions, virus scanning completes when all files in the scan scope have been scanned. That is why updates and virus scanning are configured as tasks, which have schedules — Policies—for all the other parameters: how to scan files that the user downloads from the Internet or receives by email, how to scan files opened by programs, which network connections to allow and which to block. These settings are to be applied permanently to protect the computer, that is why they are specified in a policy If different computers need different settings, the administrator organizes computers into groups and creates individual policies or tasks within each group. For example, to perform virus scanning on servers at weekends, and on workstations in the background mode during a business day, the administrator can create two groups (for servers and workstations) and create virus scan tasks with different schedules for them. I-10 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management How policies are applied to computers A policy contains the same parameters as the local settings of Kaspersky Endpoint Security. When the administrator configures a policy, the local protection settings are changed. In a policy, each parameter or a group of parameters has the lock button. If the button appears pressed and the lock is closed, the parameters are applied to the computers where the policy is enforced. The user cannot modify the values of these parameters in the local interface of Kaspersky Endpoint Security. If the button appears released and the lock is open, the computer considers that this parameter has not been specified in the policy. The user can change these parameters in the local interface. The settings whose lock is closed are compulsory. How policies work in groups I-11 Introduction Policies are applied to computer groups. Even if the user has not created any groups, there is the root group on the Administration Server, which is named Managed devices. If the user wants to create custom groups, they are created as subgroups within the Managed devices group. Policies conform to the following rules: — There may be policies for different applications in a group, for example, the Network Agent policy and the Kaspersky Endpoint Security policy — There can be a few policies for the same application in a group, but only one of them can be active. The Active policy is the policy that the Administration Server sends to the computers. An Inactive policy does not influence anything, but the administrator can make it active at any moment and thus quickly reconfigure settings on the target computers. If the administrator makes a policy active, the policy that has been active so far becomes inactive automatically. — If a group has a Kaspersky Endpoint Security policy, and there is a subgroup where there is no Kaspersky Endpoint Security policy, the parent group’s policy is applied to the subgroup’s computers as well — If a group has a Kaspersky Endpoint Security policy, and there is a subgroup where another Kaspersky Endpoint Security policy is configured, the subgroup’s computers receive the policy configured within their subgroup. However, required (locked) parameters from the parental policy are enforced on the subgroup’s policy, and the administrator cannot modify them. In a child policy, the administrator can edit only the parameters that are not locked in the parent group’s policy — The administrator can choose not to apply a group policy to subgroups: in the subgroup’s policy, clear the check box that regulates inheriting parameters from the parental policy. After that, the administrator will be able to edit all parameters in the child policy How tasks are applied to computers The administrator manages update and virus scan settings via tasks rather than the policy. I-12 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management While there can be only one type of Kaspersky Endpoint Security policy1, there are many various task types in Kaspersky Endpoint Security: — Virus Scan — Update — Rollback — Inventory — Add key — Integrity check — Change application components — Checking connection with KSN — Manage Authentication Agent accounts Each task type has its own characteristic settings. For example, a virus scan task has its scope and file scan settings, an update task has an update source and instructions which updates to download. Every task has a schedule. Unlike policies, tasks have no locks. All task settings are enforced on the computers and the user cannot modify them. Tasks can be created not only by the administrator on the Administration Server, but also by the user in the local interface. However, if a policy is configured on the Administration Server and enforced on a computer, it will use only the Administration Server’s tasks. Local tasks will be neither run nor even displayed in the interface, and the user will not be able to create new local tasks. How tasks work in groups The administrator creates tasks in groups for regular activities, such as virus scanning or downloading updates. Similar to group policies, group tasks have their rules: — If there is a subgroup in a group, a group task is applied to the subgroup’s computers 1 One for one or a few product versions. For example, Kaspersky Endpoint Security 10 SP2 has its own policy type, and Kaspersky Endpoint Security 11 has another. Two policies of a single Kaspersky Endpoint Security version contain the same parameters, only the values of these parameters differ. I-13 Introduction — There can be several tasks of each type in a group, for example, a few virus scan tasks. They may differ in the scope and schedule, for example, one of the tasks may scan the whole computer once a week, and another one, only critical areas but daily. — If you want to scan for viruses the same scope with different schedules on different computers, organize computers into respective groups and create individual tasks within each group. For example, you can run full scan on servers during the weekends, and on workstations, during business hours in background mode. — If there is a task in a group, and there is a subgroup with a task of the same type, the subgroup’s computers will be running both tasks. Usually, this means that the administrator has not thought over thoroughly enough which tasks are really needed. You must be especially careful with update tasks. To update Kaspersky Endpoint Security on a computer, there must be one update task. If an update task is configured within a group and another one in its subgroup, both will be applied to the computers that comprise the subgroup. If an update task is running already, another one will return an error if started in the meanwhile. Consequently, the administrator will keep receiving update errors due to a configuration error while updates will work correctly. — Subgroups can be excluded from a task scope. Then the subgroup’s computers will receive only the subgroup’s task, and the parental task will not be used Unlike a policy, a task can be created not only for a group. It can be created for any list of computers, from a single computer to an arbitrary set of computers belonging to different groups. How Kaspersky Endpoint Security for Business is licensed Which licenses are available for Kaspersky Endpoint Security for Business We’ve studied how the components of Kaspersky Endpoint Security for Business interact, and how the administrator manages them. Now let us find out which licenses are available for Kaspersky Endpoint Security for Business, and what makes them different. I-14 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management There are several levels of licenses in Kaspersky Endpoint Security for Business: — Cloud A cloud solution that permits managing security of workstations, servers, and mobile devices via a web browser. The Administration Server is hosted in Microsoft Azure and it is Kaspersky Lab that takes care of the infrastructure; the administrator only deploys and manages protection. Technical training KL 040 Kaspersky Endpoint Security Cloud tells about this solution in detail. — Select — Advanced The last two types of licenses are designed for the on-premises products that we will cover in this course. Different licenses permit using different Kaspersky Lab products and different functions within these products. What licenses activate in Kaspersky Endpoint Security for Business You do not need to activate Kaspersky Security Center to use it. Everything which is necessary for managing workstation protection is available without a license. KESB Select permits protecting workstations, servers and mobile devices. In Kaspersky Endpoint Security, a KESB Select license activates the protection and control components. In Kaspersky Security Center, a KESB Select license activates the mobile device management functionality. You do not need to activate Kaspersky Security Center to be able to manage only the protection and control on workstations and servers. Kaspersky Endpoint Security for Business Advanced permits protecting the same types of endpoints: Workstations, servers and mobile devices, but activates more functions encryption. In Kaspersky Endpoint Security for Windows, a KESB Advanced license permits using encryption. In Kaspersky Security Center, a KESB Advanced license allows the customer to use Systems Management; specifically, automatically download and install software fixes and updates, create and deploy images of operating systems with pre-installed applications, etc. Targeted licenses If a customer does not need all KESB Advanced functions, licenses for individual functions are also available: — Encryption — Mobile Device Management — Systems Management Except for the functionality, these licenses have a limitation on the number of endpoints to be protected. For example, a customer purchases a license for 100 nodes, and if later wants to protect more devices, purchases a new license for, say, 150 or 200 nodes. All the abovementioned licenses are usually valid for a year. After that, the customer renews the license for another year, and so on. Subscription licenses Additionally, Kaspersky Lab supports subscription licenses. These licenses are purchased from special partners, and the customer pays monthly. The customer can suspend a subscription and resume it later. I-15 Introduction With a subscription license, the customer can select which functionality level to use and change the number of nodes every month if necessary: expand or cut down depending on the current needs. What this course is about What we will tell you in this course and what not Kaspersky Endpoint Security for Business includes many products and capabilities. This course does not try to cover all of them. It only talks about how to protect a not-too-large network of computers running Windows operating systems. That is why this course does not describe all the products that belong to Kaspersky Endpoint Security for Business; instead, it focuses on: — Kaspersky Endpoint Security for Windows — Kaspersky Security Center — And a little bit about Kaspersky Security for Windows Server The following products are out of the course scope: — Kaspersky Endpoint Security for Linux — Kaspersky Endpoint Security for Mac — Kaspersky Embedded Systems Security — Kaspersky Endpoint Security for Android — Safe Browser for iOS — Kaspersky Security for Virtualization — Kaspersky Anti-Targeted Attack Platform / Kaspersky Endpoint Detection and Response Also, the course does not talk about all the capabilities of Kaspersky Endpoint Security for Windows and Kaspersky Security Center, but concentrates on how to: — Install protection on the computers — Manage computer protection — Manage the Control components — Use a single Kaspersky Security Center Administration Server I-16 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management The following topics fall outside the framework of this course: — Encryption management — Third-party vulnerability and patch management — Creation and deployment of disks with computer images — Protection of large, complex, and distributed networks using Distribution Points, Connection Gateways, or several Kaspersky Security Center Administration Servers Where to learn more about the products that fall out of this course scope The following courses, which are devoted to other products and technologies, are available: How to protect Linux workstations KL 013 1 day How to protect Linux servers KL 007 1 day How to protect Mac workstations KL 011 1 day How to protect Windows servers using Kaspersky Security for Windows Servers KL 005 1.5 days How to protect devices running embedded versions of Windows KL 037 1 day How to manage mobile devices KL 010 1 day How to manage encryption KL 008 1 day How to fix vulnerabilities and install updates on third-party software KL 009 1 day How to manage protection in large, complex and distributed networks KL 302 2 days How to protect virtual machines using Kaspersky Security for Virtualization. Agentless KL 014 1 day How to protect virtual machines using Kaspersky Security for Virtualization. Light Agent KL 031 1 day Troubleshooting KL 016 1 day How to implement a Default Deny policy KL 032 1 day KATA/KEDR KL 025 2 days I-17 Introduction What this course includes This course consists of presentations and labs, which alternate. The instructor first explains every topic with slides, and then the students put theory into practice in lab experience. The Student Guide includes all slides and elaborates on all the topics and product settings. What to do during the labs is described in detail in the Lab Guide. The students complete hands-on exercises using virtual machines. The virtual environment depends on the class: It can be VMware Workstation, VMware vSphere, Microsoft Hyper-V, etc. The Lab Guide is designed for VMware Workstation. Students use five virtual machines, which perform the following roles in the labs: DC Provides AD domain services, DNS, file access Security-Center It is the Kaspersky Security Center Administration Server, where the administrator manages protection from Alex-Desktop Represents a typical desktop computer in a corporate network Tom-Laptop Represents a notebook that may be taken outside the corporate network for some time Kali Linux Provides software for attacking organization’s computers I-18 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Chapter 1. How to deploy Kaspersky Endpoint Security for Business 1.1 What to install and in what order In a deployment, all network computers must be protected, and the administrator must be able to manage protection centrally. To achieve this, you need to install Kaspersky Security Center 11 (KSC 11) and Kaspersky Endpoint Security 11.1 for Windows (KES 11.1) on the computers. First, install the Kaspersky Security Center Administration Server. The Administration Server centrally manages protection, and helps to install other components. The MMC Kaspersky Administration Console is installed automatically along with the Administration Server. To manage the server remotely, use remote desktop, or install Kaspersky Security Center Administration Console on the administrator’s computer. Web Console can also be installed automatically together with the Administration Server; when the installation completes, the administrator is prompted which Administration Console to start. In order to protect the network, install Kaspersky Endpoint Security on every computer. Kaspersky Endpoint Security alone cannot interact with Kaspersky Security Center; install the Network Agent on every computer to make centralized management possible. If you need to enforce different settings on different computers, organize the computers into groups. Do not create more groups than necessary. To be able to easily find computers, import the structure from Active Directory. To sum up, deploy protection as follows: 1. Install the Kaspersky Security Center Administration Server 2. Install Kaspersky Security Center Network Agent and Kaspersky Endpoint Security 3. Organize computers into groups I-19 Introduction 1.2 How to organize the process You do not need much time to install all components of Kaspersky Endpoint Security for Business. What consumes time is troubleshooting. To save time, do your homework. Try what you want to implement in a test environment. If you encounter issues, think how to solve them, or find a workaround to use in case the issue arises on the network computers. However, you are unlikely to stumble upon every possible issue in a test environment. Therefore, in your real network, start with a small number of computers: 10–20. Try to select different computers to come upon as many potential issues as possible. If you encounter new issues, return to the test environment, reproduce them and come up with a solution or a workaround. Stage the deployment: for example, 100 computers at a time. This way, you will discover new issues gradually, and the number of problem computers will always be small. To sum up, deploy as follows: 1. Install software in a test environment 2. Install software on 10-20 typical computers 3. Install software on all computers, by stages, 100 computers at a time At each step, plan some extra time for troubleshooting. Do not proceed to the following step until you decide how to solve or get around all issues. Whenever possible, solve issues in a test environment rather than on the network computers. Today, an IT test environment is usually made of virtual machines. If virtual machines appear to be a luxury, use the administrators’ computers for testing. I-20 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Chapter 2. How to install Kaspersky Security Center 2.1 Requirements for the Administration Server To install the Kaspersky Security Center Administration Server, prepare a computer that meets the system requirements. If there are fewer than 1000 endpoints in the network, the Administration Server and the database server will easily share a single computer. If nodes are more numerous, use a more powerful computer or use a dedicated computer for the database server. The Administration Server computer can be either physical or virtual. If you are using a virtual Server, make sure that the virtual environment meets the system requirements. Support for server versions of Windows The complete list of supported server operating systems is as follows: — Microsoft Small Business Server 2008 Standard / Premium 64-bit — Microsoft Small Business Server 2011 Essentials / Standard / Premium Add-on 64-bit — Windows Storage Server 2008 R2 / 2012 / 2012 R2 / 2016 64-bit — Microsoft Windows Server 2008 SP2 (all editions) — Microsoft Windows Server 2008 Foundation SP2 32-bit / 64-bit — Microsoft Windows Server 2008 R2 Standard SP1 64-bit — Microsoft Windows Server 2012 Server Core / Foundation / Essentials / Standard / Datacenter 32-bit / 64- bit — Microsoft Windows Server 2012 R2 Server Core / Foundation / Essentials / Standard / Datacenter — Microsoft Windows Server 2016 Server Core / Standard / Datacenter — Microsoft Windows Server 2019 Standard / Datacenter I-22 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Support for database management servers Administration Server uses a database for which an SQL server is necessary. The following versions of SQL servers are supported: — Microsoft SQL Server — Microsoft SQL Server 2008 Express 32-bit — Microsoft SQL 2008 R2 Express 64-bit — Microsoft SQL 2012 Express 64-bit — Microsoft SQL 2014 Express 64-bit — Microsoft SQL Server 2008 (all editions) 32-bit / 64-bit — Microsoft SQL Server 2008 R2 (all editions) 64-bit — Microsoft SQL Server 2008 R2 Service Pack 2 64-bit — Microsoft SQL Server 2012 (all editions) 64-bit — Microsoft SQL Server 2014 (all editions) 64-bit — Microsoft SQL Server 2016 (all editions) 64-bit — MySQL — MySQL Standard Edition 32-bit / 64-bit — 5.6 / 5.7 — MySQL Enterprise Edition 32-bit / 64-bit — 5.6 / 5.7 — Microsoft Azure SQL Database — Amazon RDS — Microsoft SQL Microsoft SQL Server Express is not included with Kaspersky Security Center distribution anymore. Starting with Kaspersky Security Center version 10 SPЗ, administrators are to download and install Microsoft SQL Server Express manually. Remember that Express editions have their limitations and must not be used for managing a large number of computers (more than 5000). Detailed information about this is provided in course KL 302. SQL server can be installed either on the same computer as the Administration Server or on any other network computer. The Administration Server must have Read and Write access to the SQL database. If the Administration Server and SQL server are installed on the same computer, access issues do not arise. Additional software requirements In addition to the operating system, the following software must be installed on the computer: I-23 Introduction — Microsoft .NET Framework 4 (install as a Windows component) — Windows Data Access Components 6.0 — Windows Installer 4.5 (is included with the distribution) Allocate a new computer for the Administration Server. If it is impossible, make sure that Kaspersky Security Center Network Agent is not installed on the computer. The installer automatically detects previous versions of Network Agent and prompts the administrator to uninstall it. Minimum hardware requirements Minimum hardware requirements are as follows: — 1 GHz or higher processor (1.4 GHz for 64-bit systems) — 4 GB of RAM — 10 GB of free hard drive space (if you plan to use the Systems Management functionality, at least 100 GB of free hard drive space will be necessary) A more powerful server is required for any significant number of clients. Recommendations are available in the Implementation Guide. Practical experience of using the Administration Server in large networks is summarized in course KL 302 “Kaspersky Endpoint Security and Management. Advanced Skills”. 2.2 Installation of the Administration Server Where to get the Kaspersky Security Center distribution To install Kaspersky Security Center, run the installer. Prior to installing Kaspersky Security Center, you should install and configure a database server. You can download the installer for Kaspersky Security Center 11 from the Kaspersky Lab website (https://www.kaspersky.com/small-to-medium-business-security/downloads/security-center) or from the product page on the technical support website (http://support.kaspersky.com/ksc11#downloads). https://www.kaspersky.com/small-to-medium-business-security/downloads/security-center http://support.kaspersky.com/ksc11#http://support.kaspersky.com/ksc11 I-24 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management There are two installers: — ksc_11_<version>_full_en.exe—the full distribution of Kaspersky Security Center 11 that includes a complete set of its own components, installation packages of Network Agent and Kaspersky Endpoint Security 11.1 for Windows, Microsoft .NET Framework, and other software, as well as the management plugins for all supported products. The size of this distribution is about 1 GB — ksc_11_<version>_lite_ru.exe—the lite version of the distribution that lacks the installation packages of Kaspersky Endpoint Security 11.1 for Windows, Microsoft .NET Framework, and some other software; as far as management plugins are concerned, only those of Kaspersky Security Center 11 components are included. The size of this distribution is about 140 MB. This distribution comes in handy when upgrading Kaspersky Security Center components Kaspersky Security Center installation shell When the full distribution version is run, the installation shell starts. The installation shell permits selecting the components to install, for example, the Administration Server or the Administration Console. You can also extract installation files of the selected components into the specified folder. The following products are available within the installation shell: — Kaspersky Security Center Administration Server — Kaspersky Security Center Administration Console — Kaspersky Security Center Network Agent — Kaspersky Endpoint Security for Windows (extract only) — iOS MDM Server (a component of Kaspersky Security Center for managing mobile devices) — Kaspersky Endpoint Security for Android (extract only) — Microsoft Exchange Mobile Devices Server (a component of Kaspersky Security Center for managing mobile devices) — Application management plugins This course covers only Server, Console, Network Agent, and Kaspersky Endpoint Security. What you need to know before the installation During the installation, the administrator selects: — Kaspersky Security Center components (including the new Web Console) — Installation folder — SQL server type and connection parameters — Path to the Administration Server shared folder — Ports and connection address of the Administration Server — Management plugins for the products Almost all of these values can be changed after the installation. Only the SQL server type cannot be modified. If you select Microsoft SQL, you will not be able to switch to MySQL without losing data. You can switch to another SQL server of the same type without losing data, but it is not easy. You will need to back up the Administration Server data, reinstall the Administration Server, select another SQL server, and after that, restore the data from the backup copy. I-25 Introduction Setup wizard Installation types Installation of the Administration Server can be either custom or standard2. During the standard installation, the administrator is prompted to: — Accept the license agreement for Kaspersky Security Center — Specify the network size — Select a database server type — Configure the database server connection parameters Kaspersky Security Center distribution does not include a Microsoft SQL server anymore. You should deploy and configure a Microsoft SQL or MySQL database server in the network prior to installing Administration Server 2 On Windows Server Core, only custom installation is available. I-26 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management If you select Custom installation and leave all the default settings, the result will be exactly the same as after the Standard installation. Components and installation paths You can install the following components together with the Administration Server: — SNMP agent — Packages for mobile device support The SNMP agent is necessary if you want the Administration Server to send notifications over SNMP. This component requires the SNMP service (a Windows component) to be installed on the computer. If the SNMP service is absent, the SNMP agent will not be shown in the list of Administration Server components during the installation. The option Install packages for mobile device support adds the components necessary for managing Kaspersky Endpoint Security for Mobile via Kaspersky Security Center. Detailed information is available in course KL 010. Under the list of components, you can change the location of Administration Server program files. If you want to move files because drive C: lacks space, consider moving only the shared folder of the Administration Server. It can be relocated independently of the program files, and it takes up much more space than the other program files. The path to the shared folder will be configured later in the installation wizard. Remember that backup copies of the Administration Server are stored to the %ProgramData%\KasperskySC folder by default. These copies consume much space, up to several gigabytes, depending on the number of endpoints. Web Сonsole Web Console is an application that you can install either together with Kaspersky Security Center or on another computer. Web Console is included with the distribution of Kaspersky Security Center 11 and the installation wizard prompts you to specify whether you want to install Web Console together with the Kaspersky Security Center. If you do not change anything, the Web Console will be installed with the default parameters; in particular, port 8080 will be used for connections. I-27 Introduction Network size Four options are represented for the network size: — Fewer than 100 networked devices — From 100 to 1,000 networked devices — From 1,000 to 5,000 networked devices — More than 5,000 networked devices The following Administration Server parameters depend on the selected option: Number of computers in the network Fewer than 100 From 100 to 1,000 From 1,000 to 5,000 More than 5,000 Automatically randomize task start – + + + Display slave Administration Servers – – + + Display security settings – – + + I-28 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Automatic randomization of the task start applies to the schedules of virus scan, update, vulnerability search, and other group tasks. If a task starts simultaneously on many computers, the load on the network and Administration Server drastically increases. To even out the peak, tasks can start on the computers with a random delay. The administrator can enable randomization and then specify the randomization range manually or select automatic randomization. On each computer, the delay is selected randomly within the specified or automatically chosen range. How automatic randomization works If automatic randomization is used, the randomization range depends on the number of computers where the task starts: The number of computers Randomization range 0–200 0 minutes 200-500 5 minutes 500-1,000 10 minutes 1,000-2,000 15 minutes 2,000-5,000 20 minutes 5,000-10,000 In 30 minutes 10,000-20,000 1 hour 20,000-50,000 2 hours 50,000+ 3 hours Slave Administration Servers and security parameters are described in course KL 302 “Kaspersky Endpoint Security and Management. Advanced Skills”. These functions are rarely used in small and middle-size networks. The default settings are the same when the administrator selects either “From 1,000 to 5,000” or “More than 5,000 networked devices.” If you select the “More than 5,000 computers on network” option, the installation wizard will recommend that you do not use the free version of Microsoft SQL server. Detailed information about large networks is provided in technical training KL 302 “Kaspersky Endpoint Security and Management. Advanced Skills”. The network size selection only influences a couple of interface settings, which can easily be modified after the installation. The threshold value that actually makes the difference is 1,000 computers. Administration Server operation parameters do not depend on the selected network size. Selecting the SQL server type The Administration Server stores events, information about computers and a part of the settings in the SQL database. The Administration Server can store the database in either of the following types of SQL servers: — Microsoft SQL Server — MySQL The choice depends on the company’s and the administrator’s preferences. Microsoft SQL Server is an industry standard and is recommended for large networks (5,000 endpoints or more). I-29 Introduction MySQL server has open source code and can run on a Linux operating system. That is why MySQL is sometimes preferred by state institutions. Starting with version 10 SP3, Kaspersky Security Center distribution does not include Microsoft SQL Server Express. The administrator is to install and configure an SQL server unassisted. We recommend that you do it before you start the Kaspersky Security Center installer. How to specify a Microsoft SQL server If you decide to use a Microsoft SQL server, specify the full name of the instance and the name of the database designed for the Administration Server. To find the necessary instance in the network, click the button Browse. If it does not show, make sure that SQL Server Browser service is running on the SQL server. It is disabled by default. I-30 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management If you have not installed a Microsoft SQL server in advance, you can do it without interrupting the KSC installation wizard. The SQL server settings page provides two links to Microsoft webpages: — Microsoft SQL Server 2014 SP2 Express download link (a free version recommended for small networks up to 5000 endpoints) — A link to descriptions of Microsoft SQL Server editions, where you will be able to select what you need How to connect to your Microsoft SQL server The database for the Administration Server is created by the installer. Later, the Administration Server will connect to the database to record and extract events. The installer needs the permission to create a database. The Administration Server will need the write and read permissions for the database. If the Microsoft Windows Authentication Mode is selected, the installer connects to the SQL server under the current Windows user account. Meanwhile, the Administration Server will connect to the database under the account of its service: KL-AK-<*> by default, or the one selected by the administrator at a previous step. The current user must have the right to create a database on the SQL server. If the Kaspersky Security Center administrator does not have permissions to create a database on the SQL server, the SQL server administrator should create an empty database, and the Kaspersky Security Center administrator is to specify the names of the instance and database in the installation wizard. The KL-AK-<*> account (or another one specified by the administrator) must have the read and write permissions for the database. You cannot check this before the installation, but you can grant the selected account these permissions afterwards, or even specify another account for the Administration Server service. If you select the SQL Server Authentication Mode, specify an SQL server account rather than a Windows account. Both the installer and the Administration Server will use this account to create the database and record events there. By default, the SQL Server Authentication Mode is disabled in all supported versions of SQL server. It is considered to be obsolete and unsafe. Microsoft and Kaspersky Lab recommend to use Microsoft Windows Authentication Mode. If the SQL server instance is located on another computer, make sure that SQL server allows remote connections, and that ports are not blocked by the firewall. I-31 Introduction How to specify a mySQL server If you selected MySQL server, specify the database server address, port (typically, 3306), and database name. The database page does not offer a download link for MySQL. You can find MySQL products on the website www.mysql.org How to connect to the mySQL server Specify the username and password to connect to MySQL server. These name and password will be used by both the installer to create the database, and by the Administration Server to write into it. In the latest versions of MySQL server, to enable an account to connect to the server, you need to allow a specific address or computer name to use it on the SQL server side. See the MySQL documentation for details. When you click Next, the wizard attempts to connect to the specified server under this account. If the connection fails, the wizard returns an error that describes the issue it encountered. http://www.mysql.org/ I-32 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management Administration Server service account By default, the installer creates a new account named KL-AK-<alphanumeric combination> for starting the Administration Server service. It is a local account, which is not included in the computer administrators’ group, but has the same permissions as administrators. Also, it is added to the KLAdmins group. Members of this group have full access to all the functions and settings of the Administration Server. For security reasons, this account cannot log on to the system locally. If the administrator decides to use another account, he or she must grant it all the necessary permissions. The Administration Server service account must have administrator permissions on the computer selected for the installation. If the database is planned to be located on a remote SQL server, the account must have Read and Write access to the Administration Server database on the SQL server. If the Administration Server account has domain administrator permissions, some operations are simplified, for example, remote installation. Account for accessory services The KL-AK-* account starts only the Administration Server service: Kaspersky Security Center Administration Server. The Administration Server also has other services: — Kaspersky Activation Proxy — Kaspersky Lab Web Server — Kaspersky Security Network Proxy — Kaspersky Security Center Network Agent — Kaspersky Security Center automation object The first three services are started under another service account created by the installer: KlScSvc. This account has the same rights as KL-AK-*: The permissions are equivalent to administrative less the right to log on locally. The Network Agent and the automation object operate under the Local System account. On some operating systems, the automation object operates under the Network Service account. The installation wizard permits selecting another account instead of KlScSvc. For example, if the company already has a service account for this purpose. I-33 Introduction The shared folder of the Administration Server The shared folder stores signature updates and the installation files for applications, specifically, Network Agent and Kaspersky Security Center. By default, the installer creates the shared folder of the Administration Server in the folder with program files. The local name of this folder is Share, and the network name is KLSHARE. Right after the installation and initial setup, the shared folder takes up about 300 MB. It may grow up to several gigabytes depending on how Kaspersky Security Center is used. That is why it might be worthwhile to place the shared folder of the Administration Server on a drive other than the system one. The location of the shared folder can be changed later via the Administration Console. Connection ports of the Administration Server Administration Server accepts connections from Network Agents on two TCP ports: — 13000 for SSL connections — 14000 for non-SSL connections I-34 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management By default, all connections are encrypted in Kaspersky Security Center, so only SSL port 13000 is used. Port 14000 might be used only if the administrator disables connection encrypting for troubleshooting. If you want to use other ports, make this decision beforehand and specify them in the installation wizard. To modify the ports after the Administration Server has been installed, you will have to edit them in several places in the Console. And to modify the ports after Network Agents have been installed on the network computers, you will have to use a special task or reinstall the Agents. In older versions of Kaspersky Security Center, Administration Consoles connect to port 13000. In the recent versions, KSC Consoles connect on TCP port 13291. You cannot select this port in the installation wizard, but you can easily modify it later via the Administration Console. Web server and activation proxy server services use 4 more ports, which can also be reconfigured in the console. To be able to establish SSL connections, the Administration Server generates a new certificate valid for 10 years during the installation. To save and restore the certificate after failures or after reinstalling the Administration Server, use the backup procedure (see Unit IV “Maintenance” for details). Administration Server address for Network Agents The client computers where the Network Agent is installed will connect to the Administration Server using the address and port specified during the installation. You can specify the Server address in the form of an IP address (IPv4 only), DNS or NetBIOS name. The choice depends on the network configuration. Even though an IPv6 address can’t be specified, Network Agents can connect to the Administration Server via IPv6 if the Administration Server address is specified as a NetBIOS or DNS name. If the Administration Server has a static IP address that will not be changed in the foreseeable future, it is the best choice. In this case, the ability to connect depends only on the routers, rather than on the name resolution system. If the IP address is assigned dynamically (or is static but is changed often), you should not use it as the connection address, because you will have to modify the client connection settings often. To avoid the trouble, it is better to specify the server name: Either DNS or NetBIOS. If the DNS service reliably functions in the network, use the DNS name since DNS name resolution is not usually blocked by local firewalls. NetBIOS name resolution is based on broadcast queries and answers, which may be blocked by local firewalls. Therefore, the NetBIOS name should only be used for connections if the other methods cannot be used. I-35 Introduction After the installation, the Server connection address and ports can be changed in the properties of Network Agent installation package. Management plugins for the programs The distribution kit of Kaspersky Security Center includes the management plugins for all current versions of Kaspersky Lab products. The custom installation enables the administrator to select the plugins of the products that are used or will be used in the network. The plugins can also be installed later from the Kaspersky Security Center installation shell. Plugin installers are also included with the distributions of the corresponding products. Every plugin is installed by its own short installation wizard. Some plugins are installed automatically, while others prompt the administrator to accept the license agreement. If you upgrade a product to a new version with a new plugin, uninstall the old plugin. The following knowledgebase article explains how to remove unnecessary plugins: https://support.kaspersky.com/9303 During the standard installation, management plugins for Kaspersky Security Center 11 components and Kaspersky Endpoint Security 11.1 for Windows are installed, as well as mobile device management plugins. Plugins are installed at the very end of the Administration Server installation. After the Kaspersky Endpoint Security 11.1 https://support.kaspersky.com/9303 I-36 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management plugin is installed, the installation is finished. On the last page, the administrator can select whether to start the Administration Console. Completing the installation On the last page, the wizard offers to start the local ММС Administration Console or the Web Console immediately and proceed with the setup in the Administration Server Quick Start Wizard. By default, Web Console will start if it has been installed. Usually, Administration Server needs a few minutes to start working and accept connections. Additional consoles and plugins If you need plugins for other Kaspersky Lab products, you can install them from the installation shell. To be able to manage the Administration Server remotely in a way other than via RDP or the Web Console, install a remote MМС Administration Console. The console has a very simple installation wizard without settings. Plugins I-37 Introduction for the console can also be installed from the same installation shell. Plugins are to be installed on each console rather than on the Administration Server. If the console lacks a plugin, the administrator will not able to open tasks and policies of the corresponding program and the console will display an error message. To fix this, simply install the necessary plugin. Full-fledged management of the Administration Server and other Kaspersky Lab products is possible only via the MMC console. The first release of the new Web Console does not permit managing encryption, for example, and does not support any protection products but Kaspersky Endpoint Security for Windows. Also, the new Web Console does not support Mobile Device Management or Vulnerability Assessment and Patch Management so far. Installation results If you select the Custom option when starting the wizard, but agree to the default settings on all wizard pages, the result will be the same as with the Standard option: Components Administration Server Network Agent MMC Administration Console Web Сonsole Installation paths %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center—program files %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console 11—program files %ProgramData%\KasperskyLab\adminkit—settings %ProgramData%\KasperskySC\SC_Backup—the folder for backup copies Services Kaspersky Security Center Administration Server Kaspersky Security Center Network Agent Kaspersky Security Center automation object Kaspersky Security Network proxy server Kaspersky Lab Web Server Kaspersky Activation Proxy Kaspersky Security Center 11 Management Service Kaspersky Security Center 11 Web Console Kaspersky Security Center 11 Web Console Message Queue Shared folder KLSHARE Its local path is %ProgramData%\KasperskyLab\adminkit\1093\.working\Share I-38 KASPERSKY LAB™ KL 002.11.1 Kaspersky Endpoint Security and Management User groups KLAdmins KLOperators (see course KL 302 for details) Accounts KL-AK-<*>—starts the service of the Kaspersky Security Center Administration Server KlScSvc—starts the services of the Kaspersky Activation Proxy, Kaspersky Security Network Proxy Server, and Kaspersky Lab Web Server The KL-AK-<*> and KlScSvc accounts have the same permissions as the local administrator, but are not included in the computer built-in administrators group KlPxeUser—a user account for the PXE server (see course KL 009 for details) Connection ports 8060—http port of Kaspersky Lab Web Server 8061—https port of Kaspersky Lab Web Server 13000—for SSL connections of Network Agents 14000—for non-SSL connections of Network Agents and Administration Consoles 13291—for SSL connections of Administration Consoles 13111—port of Kaspersky Security Network proxy server service 17000—port of Kaspersky Activation Proxy 13299—for SSL connections of Kaspersky Security Center Web Console SQL server Database name: KAV Connection address DNS name of the server Plugins Kaspersky Security Center 11 (11.0) Administration Server Kaspersky Security Center 11 (11.0) Network Agent Kaspersky Endpoint Security 11.1 for Windows Kaspersky Mobile Device Management 11 Installation packages Kaspersky Endpoint Security 11.1 for Windows Kaspersky Security Center 11 (11.0) Network Agent Microsoft Exchange Mobile device server iOS MDM Server I-39 Introduction Most of these settings can be modified either during the custom installation, or in the product settings after the installation
Compartilhar