Material prova Kaspersky kl_002 11 1_en_student_guide_v1 0 2

Gestão de Segurança da Informação

•

Exatas

Juliana Oliveira

09/06/2020

Esta é uma pré-visualização de arquivo. Entre para ver o arquivo original

Kaspersky Technical Training
Kaspersky
Endpoint Security
and Management
Student Guide
KL 002.11.1

Kaspersky Lab
www.kaspersky.com
Unit I. Deployment
Introduction .................................................................................................................... 4
Basics of Kaspersky Endpoint Security for Business ................................................................................................... 4
Which products this course covers ......................................................................................................................... 4
What constitutes Kaspersky Security Center .......................................................................................................... 5
What constitutes Kaspersky Endpoint Security ...................................................................................................... 5
How Kaspersky Security Center manages computers ............................................................................................ 7
How the administrator manages protection via the Console ................................................................................. 9
How policies are applied to computers ................................................................................................................ 10
How policies work in groups................................................................................................................................ 10
How tasks are applied to computers .................................................................................................................... 11
How tasks work in groups .................................................................................................................................... 12
How Kaspersky Endpoint Security for Business is licensed ................................................................................. 13
What this course is about ............................................................................................................................................ 15
What we will tell you in this course and what not ................................................................................................ 15
Where to learn more about the products that fall out of this course scope .......................................................... 16
What this course includes .................................................................................................................................... 17
Chapter 1. How to deploy Kaspersky Endpoint Security for Business ........................ 18
1.1 What to install and in what order .......................................................................................................................... 18
1.2 How to organize the process ................................................................................................................................. 19
Chapter 2. How to install Kaspersky Security Center ................................................. 20
2.1 Requirements for the Administration Server ........................................................................................................ 20
Support for server versions of Windows .............................................................................................................. 20
Support for Windows workstations ...................................................................................................................... 21
Virtualization support .......................................................................................................................................... 21
Support for database management servers .......................................................................................................... 22
Additional software requirements ........................................................................................................................ 22
Minimum hardware requirements ........................................................................................................................ 23
2.2 Installation of the Administration Server .............................................................................................................. 23
Where to get the Kaspersky Security Center distribution .................................................................................... 23
Kaspersky Security Center installation shell........................................................................................................ 24
What you need to know before the installation .................................................................................................... 24
Setup wizard ......................................................................................................................................................... 25
Additional consoles and plugins .......................................................................................................................... 36
Installation results ............................................................................................................................................... 37
2.3 Installation of Kaspersky Security Center Web Console ...................................................................................... 39
Setup Wizard ........................................................................................................................................................ 39
Web Console services ........................................................................................................................................... 42
Interaction with Kaspersky Security Center ......................................................................................................... 43
Connecting to several Administration Servers ..................................................................................................... 43
Requirements for browsers .................................................................................................................................. 44

I-2 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

2.4 Quick Start Wizard ................................................................................................................................................ 45
Tutorial ................................................................................................................................................................. 45
Configuring proxy server for Internet access ....................................................................................................... 46
Downloading information about plugins .............................................................................................................. 46
License installation .............................................................................................................................................. 47
Installing plugins .................................................................................................................................................. 49
Kaspersky Security Network ................................................................................................................................. 50
Creating tasks and policies .................................................................................................................................. 51
Network polling ....................................................................................................................................................
52
Configuring email notification ............................................................................................................................. 53
What to do next ..................................................................................................................................................... 53
Automatic license distribution .............................................................................................................................. 54
Chapter 3. How to install Kaspersky Endpoint Security on computers ...................... 55
3.1 Requirements for client computers ....................................................................................................................... 55
Kaspersky Endpoint Security 11 requirements for the operating system ............................................................. 55
The virtual platforms supported by Kaspersky Endpoint Security ....................................................................... 56
Minimum hardware requirements ........................................................................................................................ 57
Requirements for the Network Agent .................................................................................................................... 57
3.2 How to change KES components .......................................................................................................................... 58
Installation packages ............................................................................................................................................ 58
Settings of a Kaspersky Endpoint Security package ............................................................................................. 59
Network Agent package parameters ..................................................................................................................... 64
3.3 How to create a new installation package ............................................................................................................. 66
Why create installation packages ......................................................................................................................... 66
Package creation wizard ...................................................................................................................................... 67
3.4 How to create an installation package for KSWS ................................................................................................. 70
Which other protection applications are available for Windows Servers ............................................................ 70
Advantages of Kaspersky Security 10.1 for Windows Server ............................................................................... 71
Specifics of Kaspersky Security 10.1 for Windows Server ................................................................................... 72
Download the distribution of Kaspersky Security for Windows Server from the official support website ........... 73
Unpack the KSWS distribution on the administrator’s workstation ..................................................................... 74
Create an installation package of Kaspersky Security for Windows Server ........................................................ 74
Package creation wizard ...................................................................................................................................... 75
Components of Kaspersky Security 10.1 for Windows Server .............................................................................. 77
Additional settings of the Kaspersky Security 10.1 for Windows Server package ................................................ 78
3.5 Installation methods .............................................................................................................................................. 79
What to do prior to the installation ...................................................................................................................... 79
Available installation methods ............................................................................................................................. 80
3.6 How to remotely install Network Agent and Kaspersky Endpoint Security ......................................................... 81
Information on the main page of the management console .................................................................................. 81
Remote installation wizard ................................................................................................................................... 83
Where to monitor the installation ......................................................................................................................... 90
Installation results ................................................................................................................................................ 91
3.7 How to simplify local installation ......................................................................................................................... 92
Why install locally ................................................................................................................................................ 92
Standalone installation packages ......................................................................................................................... 92
How to create a standalone package .................................................................................................................... 93
What to do with standalone packages .................................................................................................................. 94

I-3
Introduction

3.8 How to install the Network Agent via Active Directory ....................................................................................... 96
How to install applications via Active Directory ................................................................................................. 96
How to publish the Network Agent package in Active Directory using a task ..................................................... 97
What the task changes in Active Directory .......................................................................................................... 98
3.9 How to uninstall incompatible applications .......................................................................................................... 99
Which programs are incompatible and why uninstall them ................................................................................. 99
What if there are incompatible applications? .................................................................................................... 100
How to find out if there are any incompatible applications ............................................................................... 102
How to uninstall incompatible applications that have not been found .............................................................. 103
How to display computers with an incompatible application ............................................................................ 105
How to uninstall incompatible applications using a task ................................................................................... 106
Chapter 4. How to organize computers into groups .................................................. 110
4.1 How to understand that the deployment has been completed ............................................................................. 110
Where to look for information about the deployment ......................................................................................... 110
Global statuses ...................................................................................................................................................
111
Device selections ................................................................................................................................................ 112
Reports ............................................................................................................................................................... 112
4.2 How the Administration Server discovers computers ......................................................................................... 114
Polling types ....................................................................................................................................................... 114
Where to configure polling................................................................................................................................. 114
Windows network polling ................................................................................................................................... 115
Active Directory polling ..................................................................................................................................... 117
IP range polling ................................................................................................................................................. 119
Where to monitor network polling ..................................................................................................................... 121
How to find out that the Server has discovered new computers ......................................................................... 122
4.3 How to create or import groups .......................................................................................................................... 123
Why create groups ............................................................................................................................................. 123
How to add a group ........................................................................................................................................... 124
Navigation within the group structure ............................................................................................................... 125
How to add a computer to a group .................................................................................................................... 125
How to import a group structure ....................................................................................................................... 126
4.4 How to add computers to groups automatically .................................................................................................. 128
Computer relocation rules ................................................................................................................................. 128
Configuring relocation rules .............................................................................................................................. 129
Conditions in relocation rules ............................................................................................................................ 130
How to synchronize groups with Active Directory ............................................................................................. 132
Tags .................................................................................................................................................................... 133
Rule application order ....................................................................................................................................... 134

I-4 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Introduction

First of all, let us introduce the course and tell you which topics it covers and which it omits. You will also learn
which solutions and products are studied in this course, what they consist of, how they interact and how they are
licensed.
Basics of Kaspersky Endpoint Security for Business
Which products this course covers

I-5
Introduction

This course describes the Kaspersky Endpoint Security for Business solution that includes several Kaspersky Lab
products. This course does not cover all products; it tells only about those that can help to protect a not-too-large
Windows network.
In our course, a not-too-large network means up to approximately 1,000 endpoints in a single location. Endpoints in
this course are servers and workstations running Windows.
To protect such a network, two Kaspersky Endpoint Security for Business products are necessary:
— Kaspersky Endpoint Security for Windows—to protect computers against threats
— Kaspersky Security Center—to centrally manage the protection
Kaspersky Endpoint Security is an application that not only protects against malware and hackers, but also can
control the users’ actions and encrypt files and drives.
What constitutes Kaspersky Security Center
Kaspersky Security Center consists of several programs:
— Kaspersky Security Center Administration Server (“Administration Server”, “KSC Server” or simply
“Server” wherever sounds unambiguous) stores all the settings, collects events, draws up reports, etc. It is
the Server that manages protection on the administrator’s command.
— The database server maintains the database where the KSC Server stores events and some of the settings.
Other settings are stored on the drive among KSC Server installation files.
— Kaspersky Security Center Network Agents (we will call them Network Agents, or simply Agents)
connect Kaspersky Endpoint Security to the Administration Server: Receive settings for Kaspersky
Endpoint Security from the Server, and send events to the server
— Kaspersky Security Center Administration Console provides a management system interface for the
administrator; the administrator configures parameters in the console, consults reports and events, and
manages protection in general Two consoles are available: Traditional MMC and the new Web Console.
What constitutes Kaspersky Endpoint Security

Kaspersky Endpoint Security is a single application that includes numerous components.
juliana.oliveira
Nota
inequivoco
juliana.oliveira
Nota
entre

I-6 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Protection components
Kaspersky
Security Network
Requests the reputation of programs and web pages from Kaspersky Lab servers, provides the
latest information about threats, protects against zero-day attacks and false positives
Behavior
Detection
Monitors what applications do, but analyzes what a program does in general rather than its
individual actions. Stops applications that behave as malware. In particular, stops programs that
try to encrypt files
Exploit
Prevention
Monitors which files start vulnerable programs, and blocks attempts to start executable files
unless initiated by the user
Host Intrusion
Prevention
Also monitors software activities on the computer. Does not allow programs that have bad or
unknown reputation to change system settings and user’s files. Prevents them from fiddling
around with the operating system and other software
Remediation
Engine
Logs changes to the operating system and rolls back any changes performed by suspicious
programs that have been detected by Behavior Detection, Exploit Prevention, or File Threat
Protection
File Threat
Protection
Scans files whenever the user or a program creates, changes, copies, or starts one.
Blocks operations with malicious files, and quarantines these files
Web Threat
Protection
Scans web pages and files that the user or programs download from the Internet. Blocks
dangerous and phishing websites, prohibits downloading malicious files
Mail Threat
Protection
Intercepts email messages, scans their text and attachments, deletes
malicious files from
messages
Firewall
Controls the connections established by the programs running on the computer, and the packets
they receive or send. Blocks packets according to the configured rules. Does not allow an
unknown program or a program that has bad reputation to establish connections
Network Threat
Protection
Scans network packets that the computer receives. Blocks a connection if detects indications of
a network attack
BadUSB Attack
Prevention
Does not permit connecting new input devices (keyboards, etc.) to the computer without the
user’s consent. Protects against USB devices that pretend to be keyboards and send malicious
commands to the computer
AMSI Protection
Provider
Is responsible for integration with Antimalware Scan Interface (AMSI) in Windows 10 and
Windows Server 2016. AMSI is a Windows component that acts as an intermediary between
applications and an antivirus solution. It enables scanning files, links, and scripts, even those
that run in the memory without being saved to a hard drive
Control components
Application
Control
Blocks program start according to the configured rules. Can freeze a computer’s state and block
any new applications.
Device
Control
Blocks access to devices according to the configured rules. The administrator can prohibit access
to all or some of removable drives, Wi-Fi adapters, or modems
Web Control
Blocks access to web pages according to the configured rules. The administrator can prohibit
access to social networks, job search and news websites, torrent trackers, etc.
Adaptive
Anomaly
Control
Contains a set of heuristics for monitoring dangerous behavior that is characteristic of malware.
Permits blocking suspicious activities non-typical of each specific computer. By default, the
component runs in the 2-week training mode: It monitors activities, informs the administrator
about them, and it is the administrator who makes the decision whether an activity is characteristic
of a computer or not.

I-7
Introduction

Encryption components
Full Disk Encryption Encrypts all drives’ contents. Protects files on notebooks, which may be lost or stolen
File Level
Encryption
Encrypts individual files and folders according to the rules. Protects files on notebooks,
which may be lost or stolen
BitLocker
Management
Manages disk encryption via Microsoft BitLocker. Protects files on notebooks, which may
be lost or stolen
Other components and tasks
Virus Scan Scans files on the specified schedule. Performs this more thoroughly than File Threat
Protection.
Update Downloads descriptions of threats and file reputations to the computers, provides protection
when Kaspersky Security Network is inaccessible
Endpoint Sensor Informs the Central Node of Kaspersky Anti-Targeted Attack Platform about the programs’
activities on the computers, helps to detect Advanced Persistent Threats
Integrity check Ensures that nobody can modify Kaspersky Endpoint Security files
Checking connection
with KSN
Checks KSN accessibility from endpoints
For more details about the components and their settings, refer to Units II and III.
How Kaspersky Security Center manages computers

Let’s see how all components of Kaspersky Endpoint Security for Business interact.
In a protected network, two programs are installed on each computer:
— Kaspersky Endpoint Security, for protection
— Kaspersky Security Center Network Agent, for management

I-8 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

The Network Agent connects to the Administration Server on the specified schedule, and also if necessary. By
default, a so-called synchronization takes place every 15 minutes.
What the Server receives from computers
For the administrator to see what’s happening in the network, Network Agent sends the following data to the server:
Events As soon as logged
When Kaspersky Endpoint Security finds malware, cannot
download updates, cannot start components, etc.
Statuses As soon as logged
Kaspersky Endpoint Security is not running
Databases are out of date
KSN is inaccessible
There are dangerous unprocessed objects
Lists
Once per
synchronization interval
List of known executable files
List of vulnerable programs
List of quarantined malicious objects
List of unprocessed threats
List of hardware
List of installed software
Kaspersky Endpoint
Security settings
During a
synchronization

Typically, Agents send only changes in the lists to the server. Once every several hours (3 hours for some lists, 12
hours for others), the Server completely synchronizes the lists with the computers.
Administration Server accepts connections from the Network Agents on TCP port 13000. Agents establish TLS/SSL
connections; they encrypt and compress data using the Administration Server certificate.
What computers download from the Server
For Kaspersky Endpoint Security to protect a computer in a way the administrator wants, the Network Agent
downloads settings for Kaspersky Endpoint Security in the form of policies and tasks from the Server.
During a synchronization, Network Agent compares tasks and policies on the computer with those of the
Administration Server, and if the administrator has changed something on the server, the Agent downloads new
tasks and policies.
Usually, computers receive tasks and policies earlier than at a planned synchronization. Network Agents accept
packets on UDP port 15000. If the Server wants an Agent to urgently connect to the Server, it sends a special signal
to this port. When the administrator modifies a task or policy, the Administration Server contacts Agents on all
computers to which this task or policy pertains. During a synchronization, policies are downloaded only by those
computers that have not received the signal from the Server.
The administrator can also send a synchronization request manually, via a computer’s shortcut menu in the
Administration Console.
Additionally, Agents connect to the Server to download updates for Kaspersky Endpoint Security. For this purpose,
they also connect to port 13000 over an SSL connection.

I-9
Introduction

How the administrator manages protection via the
Console

The events and statuses sent by the Network Agents help the administrator understand what is happening in the
network. The Administration Server summarizes statuses of individual computers and displays them on the main
page of the Administration Console—the Monitoring tab of the Administration Server node.
To better understand what is going on, the administrator can consult reports, which the Administration Server draws
up based on events. There are many search and filter tools in the console that help to arrange events and computers
according to various parameters.
To specify settings for computer protection, the administrator creates tasks and policies in the console:
— Tasks—for operations that have a logical termination. For example, update completes when Kaspersky
Endpoint Security receives all new threat descriptions, virus scanning completes when all files in the scan
scope have been scanned. That is why updates and virus scanning are configured as tasks, which have
schedules
— Policies—for all the other parameters: how to scan files that the user downloads from the Internet or
receives by email, how to scan files opened by programs, which network connections to allow and which to
block. These settings are to be applied permanently to protect the computer, that is why they are specified
in a policy
If different computers need different settings, the administrator organizes computers into groups and creates
individual policies or tasks within each group. For example, to perform virus scanning on servers at weekends, and
on workstations in the background mode during a business day,
the administrator can create two groups (for servers
and workstations) and create virus scan tasks with different schedules for them.

I-10 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

How policies are applied to computers

A policy contains the same parameters as the local settings of Kaspersky Endpoint Security. When the administrator
configures a policy, the local protection settings are changed.
In a policy, each parameter or a group of parameters has the lock button.
If the button appears pressed and the lock is closed, the parameters are applied to the computers where the policy is
enforced. The user cannot modify the values of these parameters in the local interface of Kaspersky Endpoint
Security.
If the button appears released and the lock is open, the computer considers that this parameter has not been specified
in the policy. The user can change these parameters in the local interface.
The settings whose lock is closed are compulsory.
How policies work in groups

I-11
Introduction

Policies are applied to computer groups.
Even if the user has not created any groups, there is the root group on the Administration Server, which is named
Managed devices. If the user wants to create custom groups, they are created as subgroups within the Managed
devices group.
Policies conform to the following rules:
— There may be policies for different applications in a group, for example, the Network Agent policy and the
Kaspersky Endpoint Security policy
— There can be a few policies for the same application in a group, but only one of them can be active.
The Active policy is the policy that the Administration Server sends to the computers.
An Inactive policy does not influence anything, but the administrator can make it active at any moment and
thus quickly reconfigure settings on the target computers.
If the administrator makes a policy active, the policy that has been active so far becomes inactive
automatically.
— If a group has a Kaspersky Endpoint Security policy, and there is a subgroup where there is no Kaspersky
Endpoint Security policy, the parent group’s policy is applied to the subgroup’s computers as well
— If a group has a Kaspersky Endpoint Security policy, and there is a subgroup where another Kaspersky
Endpoint Security policy is configured, the subgroup’s computers receive the policy configured within their
subgroup. However, required (locked) parameters from the parental policy are enforced on the subgroup’s
policy, and the administrator cannot modify them. In a child policy, the administrator can edit only the
parameters that are not locked in the parent group’s policy
— The administrator can choose not to apply a group policy to subgroups: in the subgroup’s policy, clear the
check box that regulates inheriting parameters from the parental policy. After that, the administrator will be
able to edit all parameters in the child policy
How tasks are applied to computers

The administrator manages update and virus scan settings via tasks rather than the policy.

I-12 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

While there can be only one type of Kaspersky Endpoint Security policy1, there are many various task types in
Kaspersky Endpoint Security:
— Virus Scan
— Update
— Rollback
— Inventory
— Add key
— Integrity check
— Change application components
— Checking connection with KSN
— Manage Authentication Agent accounts
Each task type has its own characteristic settings. For example, a virus scan task has its scope and file scan settings,
an update task has an update source and instructions which updates to download.
Every task has a schedule.
Unlike policies, tasks have no locks. All task settings are enforced on the computers and the user cannot modify
them.
Tasks can be created not only by the administrator on the Administration Server, but also by the user in the local
interface. However, if a policy is configured on the Administration Server and enforced on a computer, it will use
only the Administration Server’s tasks. Local tasks will be neither run nor even displayed in the interface, and the
user will not be able to create new local tasks.
How tasks work in groups

The administrator creates tasks in groups for regular activities, such as virus scanning or downloading updates.
Similar to group policies, group tasks have their rules:
— If there is a subgroup in a group, a group task is applied to the subgroup’s computers

1 One for one or a few product versions. For example, Kaspersky Endpoint Security 10 SP2 has its own policy type, and Kaspersky Endpoint
Security 11 has another. Two policies of a single Kaspersky Endpoint Security version contain the same parameters, only the values of these
parameters differ.

I-13
Introduction

— There can be several tasks of each type in a group, for example, a few virus scan tasks. They may differ in
the scope and schedule, for example, one of the tasks may scan the whole computer once a week, and
another one, only critical areas but daily.
— If you want to scan for viruses the same scope with different schedules on different computers, organize
computers into respective groups and create individual tasks within each group. For example, you can run
full scan on servers during the weekends, and on workstations, during business hours in background mode.
— If there is a task in a group, and there is a subgroup with a task of the same type, the subgroup’s computers
will be running both tasks. Usually, this means that the administrator has not thought over thoroughly
enough which tasks are really needed.
You must be especially careful with update tasks. To update Kaspersky Endpoint Security on a computer,
there must be one update task. If an update task is configured within a group and another one in its
subgroup, both will be applied to the computers that comprise the subgroup. If an update task is running
already, another one will return an error if started in the meanwhile. Consequently, the administrator will
keep receiving update errors due to a configuration error while updates will work correctly.
— Subgroups can be excluded from a task scope. Then the subgroup’s computers will receive only the
subgroup’s task, and the parental task will not be used
Unlike a policy, a task can be created not only for a group. It can be created for any list of computers, from a single
computer to an arbitrary set of computers belonging to different groups.
How Kaspersky Endpoint Security for Business is
licensed

Which licenses are available for Kaspersky Endpoint Security for Business
We’ve studied how the components of Kaspersky Endpoint Security for Business interact, and how the
administrator manages them.
Now let us find out which licenses are available for Kaspersky Endpoint Security for Business, and what makes
them different.

I-14 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

There are several levels of licenses in Kaspersky Endpoint Security for Business:
— Cloud
A cloud solution that permits managing security of workstations, servers, and mobile devices via a web
browser. The Administration Server is hosted in Microsoft Azure and it is Kaspersky Lab that takes care of
the infrastructure; the administrator only deploys and manages protection. Technical training KL 040
Kaspersky Endpoint Security Cloud tells about this solution in detail.
— Select
— Advanced
The last two types of licenses are designed for the on-premises products that we will cover in this course.
Different licenses permit using different Kaspersky Lab products and different functions within these products.
What licenses activate in Kaspersky Endpoint Security for Business
You do not need
to activate Kaspersky Security Center to use it. Everything which is necessary for managing
workstation protection is available without a license.
KESB Select permits protecting workstations, servers and mobile devices.
In Kaspersky Endpoint Security, a KESB Select license activates the protection and control components.
In Kaspersky Security Center, a KESB Select license activates the mobile device management functionality. You do
not need to activate Kaspersky Security Center to be able to manage only the protection and control on workstations
and servers.
Kaspersky Endpoint Security for Business Advanced permits protecting the same types of endpoints: Workstations,
servers and mobile devices, but activates more functions encryption.
In Kaspersky Endpoint Security for Windows, a KESB Advanced license permits using encryption.
In Kaspersky Security Center, a KESB Advanced license allows the customer to use Systems Management;
specifically, automatically download and install software fixes and updates, create and deploy images of operating
systems with pre-installed applications, etc.
Targeted licenses
If a customer does not need all KESB Advanced functions, licenses for individual functions are also available:
— Encryption
— Mobile Device Management
— Systems Management
Except for the functionality, these licenses have a limitation on the number of endpoints to be protected. For
example, a customer purchases a license for 100 nodes, and if later wants to protect more devices, purchases a new
license for, say, 150 or 200 nodes.
All the abovementioned licenses are usually valid for a year. After that, the customer renews the license for another
year, and so on.
Subscription licenses
Additionally, Kaspersky Lab supports subscription licenses. These licenses are purchased from special partners, and
the customer pays monthly. The customer can suspend a subscription and resume it later.

I-15
Introduction

With a subscription license, the customer can select which functionality level to use and change the number of nodes
every month if necessary: expand or cut down depending on the current needs.
What this course is about
What we will tell you in this course and what not

Kaspersky Endpoint Security for Business includes many products and capabilities. This course does not try to
cover all of them. It only talks about how to protect a not-too-large network of computers running Windows
operating systems.
That is why this course does not describe all the products that belong to Kaspersky Endpoint Security for Business;
instead, it focuses on:
— Kaspersky Endpoint Security for Windows
— Kaspersky Security Center
— And a little bit about Kaspersky Security for Windows Server
The following products are out of the course scope:
— Kaspersky Endpoint Security for Linux
— Kaspersky Endpoint Security for Mac
— Kaspersky Embedded Systems Security
— Kaspersky Endpoint Security for Android
— Safe Browser for iOS
— Kaspersky Security for Virtualization
— Kaspersky Anti-Targeted Attack Platform / Kaspersky Endpoint Detection and Response
Also, the course does not talk about all the capabilities of Kaspersky Endpoint Security for Windows and Kaspersky
Security Center, but concentrates on how to:
— Install protection on the computers
— Manage computer protection
— Manage the Control components
— Use a single Kaspersky Security Center Administration Server

I-16 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

The following topics fall outside the framework of this course:
— Encryption management
— Third-party vulnerability and patch management
— Creation and deployment of disks with computer images
— Protection of large, complex, and distributed networks using Distribution Points, Connection Gateways, or
several Kaspersky Security Center Administration Servers
Where to learn more about the products that fall out of
this course scope

The following courses, which are devoted to other products and technologies, are available:
How to protect Linux workstations KL 013 1 day
How to protect Linux servers KL 007 1 day
How to protect Mac workstations KL 011 1 day
How to protect Windows servers using Kaspersky Security for Windows Servers KL 005 1.5 days
How to protect devices running embedded versions of Windows KL 037 1 day
How to manage mobile devices KL 010 1 day
How to manage encryption KL 008 1 day
How to fix vulnerabilities and install updates on third-party software KL 009 1 day
How to manage protection in large, complex and distributed networks KL 302 2 days
How to protect virtual machines using Kaspersky Security for Virtualization. Agentless KL 014 1 day
How to protect virtual machines using Kaspersky Security for Virtualization. Light Agent KL 031 1 day
Troubleshooting KL 016 1 day
How to implement a Default Deny policy KL 032 1 day
KATA/KEDR KL 025 2 days

I-17
Introduction

What this course includes

This course consists of presentations and labs, which alternate. The instructor first explains every topic with slides,
and then the students put theory into practice in lab experience.
The Student Guide includes all slides and elaborates on all the topics and product settings.
What to do during the labs is described in detail in the Lab Guide.
The students complete hands-on exercises using virtual machines. The virtual environment depends on the class: It
can be VMware Workstation, VMware vSphere, Microsoft Hyper-V, etc. The Lab Guide is designed for VMware
Workstation.
Students use five virtual machines, which perform the following roles in the labs:
DC Provides AD domain services, DNS, file access
Security-Center It is the Kaspersky Security Center Administration Server, where the administrator manages
protection from
Alex-Desktop Represents a typical desktop computer in a corporate network
Tom-Laptop Represents a notebook that may be taken outside the corporate network for some time
Kali Linux Provides software for attacking organization’s computers

I-18 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Chapter 1. How to deploy Kaspersky Endpoint
Security for Business
1.1 What to install and in what order

In a deployment, all network computers must be protected, and the administrator must be able to manage protection
centrally. To achieve this, you need to install Kaspersky Security Center 11 (KSC 11) and Kaspersky Endpoint
Security 11.1 for Windows (KES 11.1) on the computers.
First, install the Kaspersky Security Center Administration Server. The Administration Server centrally manages
protection, and helps to install other components.
The MMC Kaspersky Administration Console is installed automatically along with the Administration Server. To
manage the server remotely, use remote desktop, or install Kaspersky Security Center Administration Console on
the administrator’s computer.
Web Console can also be installed automatically together with the Administration Server; when the installation
completes, the administrator is prompted which Administration Console to start.
In order to protect the network, install Kaspersky Endpoint Security on every computer. Kaspersky Endpoint
Security alone cannot interact with Kaspersky Security Center; install the Network Agent on every computer to
make centralized management possible.
If you need to enforce different settings on different computers, organize the computers into groups. Do not create
more groups than necessary. To be able to easily find computers, import the structure from Active Directory.
To sum up, deploy protection as follows:
1. Install the Kaspersky Security Center Administration Server
2. Install Kaspersky Security Center Network Agent and Kaspersky Endpoint Security
3. Organize computers into groups

I-19
Introduction

1.2 How to organize
the process

You do not need much time to install all components of Kaspersky Endpoint Security for Business. What consumes
time is troubleshooting.
To save time, do your homework. Try what you want to implement in a test environment. If you encounter issues,
think how to solve them, or find a workaround to use in case the issue arises on the network computers.
However, you are unlikely to stumble upon every possible issue in a test environment. Therefore, in your real
network, start with a small number of computers: 10–20. Try to select different computers to come upon as many
potential issues as possible. If you encounter new issues, return to the test environment, reproduce them and come
up with a solution or a workaround.
Stage the deployment: for example, 100 computers at a time. This way, you will discover new issues gradually, and
the number of problem computers will always be small.
To sum up, deploy as follows:
1. Install software in a test environment
2. Install software on 10-20 typical computers
3. Install software on all computers, by stages, 100 computers at a time
At each step, plan some extra time for troubleshooting. Do not proceed to the following step until you decide how to
solve or get around all issues. Whenever possible, solve issues in a test environment rather than on the network
computers.
Today, an IT test environment is usually made of virtual machines. If virtual machines appear to be a luxury, use the
administrators’ computers for testing.

I-20 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Chapter 2. How to install Kaspersky Security
Center
2.1 Requirements for the Administration Server
To install the Kaspersky Security Center Administration Server, prepare a computer that meets the system
requirements.
If there are fewer than 1000 endpoints in the network, the Administration Server and the database server will easily
share a single computer. If nodes are more numerous, use a more powerful computer or use a dedicated computer
for the database server.
The Administration Server computer can be either physical or virtual. If you are using a virtual Server, make sure
that the virtual environment meets the system requirements.
Support for server versions of Windows

The complete list of supported server operating systems is as follows:
— Microsoft Small Business Server 2008 Standard / Premium 64-bit
— Microsoft Small Business Server 2011 Essentials / Standard / Premium Add-on 64-bit
— Windows Storage Server 2008 R2 / 2012 / 2012 R2 / 2016 64-bit
— Microsoft Windows Server 2008 SP2 (all editions)
— Microsoft Windows Server 2008 Foundation SP2 32-bit / 64-bit
— Microsoft Windows Server 2008 R2 Standard SP1 64-bit
— Microsoft Windows Server 2012 Server Core / Foundation / Essentials / Standard / Datacenter 32-bit / 64-
bit
— Microsoft Windows Server 2012 R2 Server Core / Foundation / Essentials / Standard / Datacenter
— Microsoft Windows Server 2016 Server Core / Standard / Datacenter
— Microsoft Windows Server 2019 Standard / Datacenter

I-22 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Support for database management servers

Administration Server uses a database for which an SQL server is necessary. The following versions of SQL servers
are supported:
— Microsoft SQL Server
— Microsoft SQL Server 2008 Express 32-bit
— Microsoft SQL 2008 R2 Express 64-bit
— Microsoft SQL 2012 Express 64-bit
— Microsoft SQL 2014 Express 64-bit
— Microsoft SQL Server 2008 (all editions) 32-bit / 64-bit
— Microsoft SQL Server 2008 R2 (all editions) 64-bit
— Microsoft SQL Server 2008 R2 Service Pack 2 64-bit
— Microsoft SQL Server 2012 (all editions) 64-bit
— Microsoft SQL Server 2014 (all editions) 64-bit
— Microsoft SQL Server 2016 (all editions) 64-bit
— MySQL
— MySQL Standard Edition 32-bit / 64-bit
— 5.6 / 5.7
— MySQL Enterprise Edition 32-bit / 64-bit
— 5.6 / 5.7
— Microsoft Azure SQL Database
— Amazon RDS
— Microsoft SQL
Microsoft SQL Server Express is not included with Kaspersky Security Center distribution anymore.
Starting with Kaspersky Security Center version 10 SPЗ, administrators are to download and install Microsoft SQL
Server Express manually. Remember that Express editions have their limitations and must not be used for managing
a large number of computers (more than 5000). Detailed information about this is provided in course KL 302.
SQL server can be installed either on the same computer as the Administration Server or on any other network
computer. The Administration Server must have Read and Write access to the SQL database. If the Administration
Server and SQL server are installed on the same computer, access issues do not arise.
Additional software requirements
In addition to the operating system, the following software must be installed on the computer:

I-23
Introduction

— Microsoft .NET Framework 4 (install as a Windows component)
— Windows Data Access Components 6.0
— Windows Installer 4.5 (is included with the distribution)
Allocate a new computer for the Administration Server. If it is impossible, make sure that Kaspersky Security
Center Network Agent is not installed on the computer. The installer automatically detects previous versions
of Network Agent and prompts the administrator to uninstall it.
Minimum hardware requirements
Minimum hardware requirements are as follows:
— 1 GHz or higher processor (1.4 GHz for 64-bit systems)
— 4 GB of RAM
— 10 GB of free hard drive space (if you plan to use the Systems Management functionality, at least 100 GB
of free hard drive space will be necessary)
A more powerful server is required for any significant number of clients. Recommendations are available in the
Implementation Guide. Practical experience of using the Administration Server in large networks is summarized in
course KL 302 “Kaspersky Endpoint Security and Management. Advanced Skills”.
2.2 Installation of the Administration Server
Where to get the Kaspersky Security Center distribution

To install Kaspersky Security Center, run the installer.
Prior to installing Kaspersky Security Center, you should install and configure a database server.
You can download the installer for Kaspersky Security Center 11 from the Kaspersky Lab website
(https://www.kaspersky.com/small-to-medium-business-security/downloads/security-center) or from the product
page on the technical support website (http://support.kaspersky.com/ksc11#downloads).
https://www.kaspersky.com/small-to-medium-business-security/downloads/security-center
http://support.kaspersky.com/ksc11#http://support.kaspersky.com/ksc11

I-24 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

There are two installers:
— ksc_11_<version>_full_en.exe—the full distribution of Kaspersky Security Center 11 that includes
a complete set of its own components, installation packages of Network Agent and Kaspersky Endpoint
Security 11.1 for Windows, Microsoft .NET Framework, and other software, as well as the management
plugins for all supported products. The size of this distribution is about 1 GB
— ksc_11_<version>_lite_ru.exe—the lite version of the distribution that lacks the installation packages of
Kaspersky Endpoint Security 11.1 for Windows, Microsoft .NET Framework, and some other software; as
far as management plugins are concerned, only those of Kaspersky Security Center 11 components are
included. The size of this distribution is about 140 MB. This distribution comes in handy when upgrading
Kaspersky Security Center components
Kaspersky Security Center installation shell
When the full distribution version is run, the installation shell starts. The installation shell permits selecting
the components to install, for example, the Administration Server or the Administration Console. You can also
extract installation
files of the selected components into the specified folder.
The following products are available within the installation shell:
— Kaspersky Security Center Administration Server
— Kaspersky Security Center Administration Console
— Kaspersky Security Center Network Agent
— Kaspersky Endpoint Security for Windows (extract only)
— iOS MDM Server (a component of Kaspersky Security Center for managing mobile devices)
— Kaspersky Endpoint Security for Android (extract only)
— Microsoft Exchange Mobile Devices Server (a component of Kaspersky Security Center for managing
mobile devices)
— Application management plugins
This course covers only Server, Console, Network Agent, and Kaspersky Endpoint Security.
What you need to know before the installation
During the installation, the administrator selects:
— Kaspersky Security Center components (including the new Web Console)
— Installation folder
— SQL server type and connection parameters
— Path to the Administration Server shared folder
— Ports and connection address of the Administration Server
— Management plugins for the products
Almost all of these values can be changed after the installation. Only the SQL server type cannot be modified. If you
select Microsoft SQL, you will not be able to switch to MySQL without losing data.
You can switch to another SQL server of the same type without losing data, but it is not easy. You will need to back
up the Administration Server data, reinstall the Administration Server, select another SQL server, and after that,
restore the data from the backup copy.

I-25
Introduction

Setup wizard
Installation types

Installation of the Administration Server can be either custom or standard2.
During the standard installation, the administrator is prompted to:
— Accept the license agreement for Kaspersky Security Center
— Specify the network size
— Select a database server type
— Configure the database server connection parameters
Kaspersky Security Center distribution does not include a Microsoft SQL server anymore. You should deploy and
configure a Microsoft SQL or MySQL database server in the network prior to installing Administration Server

2 On Windows Server Core, only custom installation is available.

I-26 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

If you select Custom installation and leave all the default settings, the result will be exactly the same as after the
Standard installation.
Components and installation paths

You can install the following components together with the Administration Server:
— SNMP agent
— Packages for mobile device support
The SNMP agent is necessary if you want the Administration Server to send notifications over SNMP. This
component requires the SNMP service (a Windows component) to be installed on the computer. If the SNMP
service is absent, the SNMP agent will not be shown in the list of Administration Server components during the
installation.
The option Install packages for mobile device support adds the components necessary for managing Kaspersky
Endpoint Security for Mobile via Kaspersky Security Center. Detailed information is available in course KL 010.
Under the list of components, you can change the location of Administration Server program files. If you want to
move files because drive C: lacks space, consider moving only the shared folder of the Administration Server. It can
be relocated independently of the program files, and it takes up much more space than the other program files. The
path to the shared folder will be configured later in the installation wizard.
Remember that backup copies of the Administration Server are stored to the %ProgramData%\KasperskySC folder
by default. These copies consume much space, up to several gigabytes, depending on the number of endpoints.
Web Сonsole
Web Console is an application that you can install either together with Kaspersky Security Center or on another
computer.
Web Console is included with the distribution of Kaspersky Security Center 11 and the installation wizard prompts
you to specify whether you want to install Web Console together with the Kaspersky Security Center. If you do not
change anything, the Web Console will be installed with the default parameters; in particular, port 8080 will be used
for connections.

I-27
Introduction

Network size

Four options are represented for the network size:
— Fewer than 100 networked devices
— From 100 to 1,000 networked devices
— From 1,000 to 5,000 networked devices
— More than 5,000 networked devices
The following Administration Server parameters depend on the selected option:
Number of computers in the network Fewer than 100
From 100
to 1,000
From 1,000
to 5,000
More than 5,000
Automatically randomize task start – + + +
Display slave Administration Servers – – + +
Display security settings – – + +

I-28 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Automatic randomization of the task start applies to the schedules of virus scan, update, vulnerability search, and
other group tasks.
If a task starts simultaneously on many computers, the load on the network and Administration Server drastically
increases. To even out the peak, tasks can start on the computers with a random delay.
The administrator can enable randomization and then specify the randomization range manually or select automatic
randomization. On each computer, the delay is selected randomly within the specified or automatically chosen range.
How automatic randomization works
If automatic randomization is used, the randomization range depends on the number of computers where the task
starts:
The number of computers Randomization range
0–200 0 minutes
200-500 5 minutes
500-1,000 10 minutes
1,000-2,000 15 minutes
2,000-5,000 20 minutes
5,000-10,000 In 30 minutes
10,000-20,000 1 hour
20,000-50,000 2 hours
50,000+ 3 hours
Slave Administration Servers and security parameters are described in course KL 302 “Kaspersky Endpoint Security
and Management. Advanced Skills”. These functions are rarely used in small and middle-size networks.
The default settings are the same when the administrator selects either “From 1,000 to 5,000” or “More than 5,000
networked devices.” If you select the “More than 5,000 computers on network” option, the installation wizard will
recommend that you do not use the free version of Microsoft SQL server. Detailed information about large networks
is provided in technical training KL 302 “Kaspersky Endpoint Security and Management. Advanced Skills”.
The network size selection only influences a couple of interface settings, which can easily be modified after
the installation. The threshold value that actually makes the difference is 1,000 computers. Administration Server
operation parameters do not depend on the selected network size.
Selecting the SQL server type
The Administration Server stores events, information about computers and a part of the settings in the SQL database.
The Administration Server can store the database in either of the following types of SQL servers:
— Microsoft SQL Server
— MySQL
The choice depends on the company’s and the administrator’s preferences.
Microsoft SQL Server is an industry standard and is recommended for large networks (5,000 endpoints or more).

I-29
Introduction

MySQL server has open source code and can run on a Linux operating system. That is why MySQL is sometimes
preferred by state institutions.
Starting with version 10 SP3, Kaspersky Security Center distribution does not include Microsoft SQL Server
Express. The administrator is to install and configure an SQL server unassisted. We recommend that you do it
before you start the Kaspersky Security Center
installer.
How to specify a Microsoft SQL server
If you decide to use a Microsoft SQL server, specify the full name of the instance and the name of the database
designed for the Administration Server.

To find the necessary instance in the network, click the button Browse. If it does not show, make sure that SQL
Server Browser service is running on the SQL server. It is disabled by default.

I-30 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

If you have not installed a Microsoft SQL server in advance, you can do it without interrupting the KSC installation
wizard. The SQL server settings page provides two links to Microsoft webpages:
— Microsoft SQL Server 2014 SP2 Express download link (a free version recommended for small networks
up to 5000 endpoints)
— A link to descriptions of Microsoft SQL Server editions, where you will be able to select what you need
How to connect to your Microsoft SQL server

The database for the Administration Server is created by the installer. Later, the Administration Server will connect
to the database to record and extract events.
The installer needs the permission to create a database. The Administration Server will need the write and read
permissions for the database.
If the Microsoft Windows Authentication Mode is selected, the installer connects to the SQL server under the
current Windows user account. Meanwhile, the Administration Server will connect to the database under the
account of its service: KL-AK-<*> by default, or the one selected by the administrator at a previous step.
The current user must have the right to create a database on the SQL server.
If the Kaspersky Security Center administrator does not have permissions to create a database on the SQL server,
the SQL server administrator should create an empty database, and the Kaspersky Security Center administrator is to
specify the names of the instance and database in the installation wizard.
The KL-AK-<*> account (or another one specified by the administrator) must have the read and write permissions
for the database. You cannot check this before the installation, but you can grant the selected account these
permissions afterwards, or even specify another account for the Administration Server service.
If you select the SQL Server Authentication Mode, specify an SQL server account rather than a Windows account.
Both the installer and the Administration Server will use this account to create the database and record events there.
By default, the SQL Server Authentication Mode is disabled in all supported versions of SQL server. It is considered
to be obsolete and unsafe. Microsoft and Kaspersky Lab recommend to use Microsoft Windows Authentication
Mode.
If the SQL server instance is located on another computer, make sure that SQL server allows remote connections,
and that ports are not blocked by the firewall.

I-31
Introduction

How to specify a mySQL server

If you selected MySQL server, specify the database server address, port (typically, 3306), and database name.
The database page does not offer a download link for MySQL. You can find MySQL products on the website
www.mysql.org
How to connect to the mySQL server

Specify the username and password to connect to MySQL server. These name and password will be used by both
the installer to create the database, and by the Administration Server to write into it.
In the latest versions of MySQL server, to enable an account to connect to the server, you need to allow a specific
address or computer name to use it on the SQL server side. See the MySQL documentation for details.
When you click Next, the wizard attempts to connect to the specified server under this account. If the connection
fails, the wizard returns an error that describes the issue it encountered.
http://www.mysql.org/

I-32 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

Administration Server service account

By default, the installer creates a new account named KL-AK-<alphanumeric combination> for starting
the Administration Server service. It is a local account, which is not included in the computer administrators’ group,
but has the same permissions as administrators.
Also, it is added to the KLAdmins group. Members of this group have full access to all the functions and settings of
the Administration Server. For security reasons, this account cannot log on to the system locally.
If the administrator decides to use another account, he or she must grant it all the necessary permissions.
The Administration Server service account must have administrator permissions on the computer selected for
the installation.
If the database is planned to be located on a remote SQL server, the account must have Read and Write access to
the Administration Server database on the SQL server.
If the Administration Server account has domain administrator permissions, some operations are simplified, for
example, remote installation.
Account for accessory services
The KL-AK-* account starts only the Administration Server service: Kaspersky Security Center Administration
Server. The Administration Server also has other services:
— Kaspersky Activation Proxy
— Kaspersky Lab Web Server
— Kaspersky Security Network Proxy
— Kaspersky Security Center Network Agent
— Kaspersky Security Center automation object
The first three services are started under another service account created by the installer: KlScSvc. This account has
the same rights as KL-AK-*: The permissions are equivalent to administrative less the right to log on locally.
The Network Agent and the automation object operate under the Local System account. On some operating systems,
the automation object operates under the Network Service account.
The installation wizard permits selecting another account instead of KlScSvc. For example, if the company already
has a service account for this purpose.

I-33
Introduction

The shared folder of the Administration Server

The shared folder stores signature updates and the installation files for applications, specifically, Network Agent and
Kaspersky Security Center.
By default, the installer creates the shared folder of the Administration Server in the folder with program files.
The local name of this folder is Share, and the network name is KLSHARE.
Right after the installation and initial setup, the shared folder takes up about 300 MB. It may grow up to several
gigabytes depending on how Kaspersky Security Center is used. That is why it might be worthwhile to place
the shared folder of the Administration Server on a drive other than the system one. The location of the shared folder
can be changed later via the Administration Console.
Connection ports of the Administration Server
Administration Server accepts connections from Network Agents on two TCP ports:
— 13000 for SSL connections
— 14000 for non-SSL connections

I-34 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

By default, all connections are encrypted in Kaspersky Security Center, so only SSL port 13000 is used. Port 14000
might be used only if the administrator disables connection encrypting for troubleshooting.

If you want to use other ports, make this decision beforehand and specify them in the installation wizard.
To modify the ports after the Administration Server has been installed, you will have to edit them in several places
in the Console. And to modify the ports after Network Agents have been installed on the network computers, you
will have to use a special task or reinstall the Agents.
In older versions of Kaspersky Security Center, Administration Consoles connect to port 13000. In the recent
versions, KSC Consoles connect on TCP port 13291. You cannot select this port in the installation wizard, but you
can
easily modify it later via the Administration Console.
Web server and activation proxy server services use 4 more ports, which can also be reconfigured in the console.
To be able to establish SSL connections, the Administration Server generates a new certificate valid for 10 years
during the installation. To save and restore the certificate after failures or after reinstalling the Administration Server,
use the backup procedure (see Unit IV “Maintenance” for details).
Administration Server address for Network Agents
The client computers where the Network Agent is installed will connect to the Administration Server using
the address and port specified during the installation.
You can specify the Server address in the form of an IP address (IPv4 only), DNS or NetBIOS name. The choice
depends on the network configuration. Even though an IPv6 address can’t be specified, Network Agents can connect
to the Administration Server via IPv6 if the Administration Server address is specified as a NetBIOS or DNS name.
If the Administration Server has a static IP address that will not be changed in the foreseeable future, it is the best
choice. In this case, the ability to connect depends only on the routers, rather than on the name resolution system.
If the IP address is assigned dynamically (or is static but is changed often), you should not use it as the connection
address, because you will have to modify the client connection settings often. To avoid the trouble, it is better to
specify the server name: Either DNS or NetBIOS. If the DNS service reliably functions in the network, use the DNS
name since DNS name resolution is not usually blocked by local firewalls.
NetBIOS name resolution is based on broadcast queries and answers, which may be blocked by local firewalls.
Therefore, the NetBIOS name should only be used for connections if the other methods cannot be used.

I-35
Introduction

After the installation, the Server connection address and ports can be changed in the properties of Network Agent
installation package.

Management plugins for the programs

The distribution kit of Kaspersky Security Center includes the management plugins for all current versions of
Kaspersky Lab products. The custom installation enables the administrator to select the plugins of the products that
are used or will be used in the network. The plugins can also be installed later from the Kaspersky Security Center
installation shell. Plugin installers are also included with the distributions of the corresponding products.
Every plugin is installed by its own short installation wizard. Some plugins are installed automatically, while others
prompt the administrator to accept the license agreement.
If you upgrade a product to a new version with a new plugin, uninstall the old plugin. The following knowledgebase
article explains how to remove unnecessary plugins: https://support.kaspersky.com/9303
During the standard installation, management plugins for Kaspersky Security Center 11 components and Kaspersky
Endpoint Security 11.1 for Windows are installed, as well as mobile device management plugins. Plugins are
installed at the very end of the Administration Server installation. After the Kaspersky Endpoint Security 11.1
https://support.kaspersky.com/9303

I-36 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

plugin is installed, the installation is finished. On the last page, the administrator can select whether to start the
Administration Console.
Completing the installation

On the last page, the wizard offers to start the local ММС Administration Console or the Web Console immediately
and proceed with the setup in the Administration Server Quick Start Wizard. By default, Web Console will start if it
has been installed.
Usually, Administration Server needs a few minutes to start working and accept connections.
Additional consoles and plugins

If you need plugins for other Kaspersky Lab products, you can install them from the installation shell.
To be able to manage the Administration Server remotely in a way other than via RDP or the Web Console, install a
remote MМС Administration Console. The console has a very simple installation wizard without settings. Plugins

I-37
Introduction

for the console can also be installed from the same installation shell. Plugins are to be installed on each console
rather than on the Administration Server. If the console lacks a plugin, the administrator will not able to open tasks
and policies of the corresponding program and the console will display an error message. To fix this, simply install
the necessary plugin.
Full-fledged management of the Administration Server and other Kaspersky Lab products is possible only via the
MMC console. The first release of the new Web Console does not permit managing encryption, for example, and
does not support any protection products but Kaspersky Endpoint Security for Windows. Also, the new Web
Console does not support Mobile Device Management or Vulnerability Assessment and Patch Management so far.
Installation results

If you select the Custom option when starting the wizard, but agree to the default settings on all wizard pages,
the result will be the same as with the Standard option:
Components
Administration Server
Network Agent
MMC Administration Console
Web Сonsole
Installation
paths
%ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center—program files
%ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console 11—program files
%ProgramData%\KasperskyLab\adminkit—settings
%ProgramData%\KasperskySC\SC_Backup—the folder for backup copies
Services
Kaspersky Security Center Administration Server
Kaspersky Security Center Network Agent
Kaspersky Security Center automation object
Kaspersky Security Network proxy server
Kaspersky Lab Web Server
Kaspersky Activation Proxy
Kaspersky Security Center 11 Management Service
Kaspersky Security Center 11 Web Console
Kaspersky Security Center 11 Web Console Message Queue
Shared
folder
KLSHARE
Its local path is %ProgramData%\KasperskyLab\adminkit\1093\.working\Share

I-38 KASPERSKY LAB™
KL 002.11.1 Kaspersky Endpoint Security and Management

User groups
KLAdmins
KLOperators
(see course KL 302 for details)
Accounts
KL-AK-<*>—starts the service of the Kaspersky Security Center Administration Server
KlScSvc—starts the services of the Kaspersky Activation Proxy, Kaspersky Security Network Proxy
Server, and Kaspersky Lab Web Server
The KL-AK-<*> and KlScSvc accounts have the same permissions as the local administrator, but
are not included in the computer built-in administrators group
KlPxeUser—a user account for the PXE server (see course KL 009 for details)
Connection
ports
8060—http port of Kaspersky Lab Web Server
8061—https port of Kaspersky Lab Web Server
13000—for SSL connections of Network Agents
14000—for non-SSL connections of Network Agents and Administration Consoles
13291—for SSL connections of Administration Consoles
13111—port of Kaspersky Security Network proxy server service
17000—port of Kaspersky Activation Proxy
13299—for SSL connections of Kaspersky Security Center Web Console
SQL server Database name: KAV
Connection
address
DNS name of the server
Plugins
Kaspersky Security Center 11 (11.0) Administration Server
Kaspersky Security Center 11 (11.0) Network Agent
Kaspersky Endpoint Security 11.1 for Windows
Kaspersky Mobile Device Management 11
Installation
packages
Kaspersky Endpoint Security 11.1 for Windows
Kaspersky Security Center 11 (11.0) Network Agent
Microsoft Exchange Mobile device server
iOS MDM Server

I-39
Introduction

Most of these settings can be modified either during the custom installation, or in the product settings after
the installation