By choosing Kaspersky Lab products, you get reliable protection of your IT infrastructure and the ability to control security in your company using a single, convenient management console Kaspersky Security Center.
- System administration
Review
Previously, IT departments had to work simultaneously with multiple management consoles to manage multiple security tools and perform basic system administration functions. Kaspersky Lab has created a solution that simplifies the work of the administrator.
Ease of Management
The main goal of creating Kaspersky Security Center was to simplify and speed up the setup, launch and management processes for IT security tools and systems in a complex IT environment. A single management console helps you control all Kaspersky Lab security and system administration tools you use. With Kaspersky Security Center, you can control every workplace and every device on your network, centrally solve security problems, and reduce operational costs and increase productivity.
Intuitively clear interface
When developing Kaspersky Security Center, our specialists strived to provide the user with the most easy-to-use interface with clearly organized monitoring panels.
Easy installation
Using the installation wizard, you can quickly and easily install and configure Kaspersky Lab security solutions throughout your IT environment.
Remote access
In addition to the local management console, Kaspersky Security Center has a convenient web console. The presence of such a console allows you to use any computer with Internet access to monitor the security status of the corporate network.
Simple reporting
Kaspersky Security Center allows you to create and configure various reports on the protection status. Reports can be generated either on demand or according to a specified schedule.
Support for multi-platform environments
Running on the Windows operating system, Kaspersky Security Center supports management of multiple operating systems and platforms, including servers and workstations running Windows control, Linux and Novell Netware, as well as mobile devices running Android control, iOS, BlackBerry, Symbian, Windows Mobile and Windows Phone.
How to get Kaspersky Security Center
Kaspersky Security Center is included in Kaspersky TOTAL Security for Business and all Kaspersky Endpoint Security for Business products: STARTER, STANDARD and ADVANCED. Kaspersky Security Center will include only those management tools that are necessary to work with the Kaspersky Lab product you have chosen. If you decide to upgrade to more high level Kaspersky Endpoint Security for Business or the most complete Kaspersky TOTAL Security for Business solution, additional management tools will automatically appear in the Kaspersky Security Center management console.
Job security management
Installation, configuration and management of endpoint protection in Kaspersky Lab solutions are performed in Kaspersky Security Center. From a single console, you can manage the security of your business and protect it from known and new malware. software, prevent IT security risks and reduce security costs.
- Antivirus protection and firewall
Allows the administrator to audit the use of applications, allow or block their launch. - Whitelists
Kaspersky Security Center provides flexible management options for anti-malware protection:- Set and manage protection policies for multiple platforms, including Windows, Linux, and Mac;
- configure protection settings for individual devices, groups of servers and workstations;
- carry out antivirus checks on demand and according to schedule;
- process quarantined objects;
- manage anti-virus database updates;
- manage Kaspersky Security Network cloud protection;
- Configure and manage your firewall and intrusion prevention system (HIPS).
- Control of applications, devices and Web Control
Centralized IT infrastructure management allows you to create security policies and ensure additional protection valuable data, You can set rules for groups and individual users.- restrict the launch of unwanted applications on your network using Application Control;
- create access rules for devices that users connect to the network based on type or serial number device, as well as based on the method of connecting the device;
- Monitor and control Internet access for the entire enterprise or groups of users.
- File server protection
The only infected object from network storage capable of infecting a large number of computers. To avoid this, Kaspersky Security Center makes it possible to configure and manage all protection functions for file servers.- Control malware protection for file servers running:
- Windows;
- Linux;
- Novell NetWare.
- Control malware protection for file servers running:
- Encryption
Many encryption products are considered difficult to deploy and require a separate management console. All Kaspersky Lab encryption technologies can be managed from the same Kaspersky Security Center management console from which you manage other Kaspersky Lab security solutions.- You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
- You can create comprehensive policies that control encryption, anti-malware, device and program control, and other endpoint protection capabilities.
- hard drives(file and folder encryption or full disk encryption);
- removable devices (file and folder encryption or full disk encryption).
Mobile device management
Needs for access to corporate systems mobile devices are growing, and Kaspersky Security Center helps protect them and ensure the safety of using personal devices for work.
- Mobile device protection management
Kaspersky Security Center helps you deploy and configure protection for mobile devices:- configure mobile workplace protection, including creating security policies for iOS;
- install and update software via SMS, messages Email or through users' computers;
- Monitor whether all users have fully deployed security controls on their devices;
- control access to the corporate network;
- set policies for groups or individual users using Active Directory;
- configure ActiveSync settings.
- Malware protection
Kaspersky Lab technologies provide comprehensive protection of mobile devices from malware, and Kaspersky Security Center helps you flexibly manage the functions of this protection:- Run malware scans on demand and on a schedule;
- use anti-spam tools to filter out unwanted calls And text messages(except iOS).
- Mobile Application Management
Kaspersky Security Center allows you to control which programs can be launched on the user's Android mobile device:- use the "Default permission" mode to prevent only blacklisted applications from running;
- use Deny by Default mode to allow only whitelisted programs to run;
- create a policy to control cases of unauthorized flashing of devices
- Encrypting data on mobile devices
In addition to managing data encryption in your IT infrastructure, Kaspersky Security Center also allows you to control data encryption on mobile devices:- manage full encryption disk on devices with the iOS operating system;
- configure encryption of files and folders.
- Containers
Kaspersky Security Center allows you to manage the storage of corporate data on personal devices used for work:- configure containers to completely isolate corporate data from personal data on the user’s device;
- manage container encryption;
- control access of programs to certain resources on a mobile device;
- set restrictions on access to data;
- Use remote troubleshooting tools when you encounter problems with applications or containers.
- Anti-Theft
Remote management using Kaspersky Security Center allows you to still control some important functions if your mobile device is lost or stolen:- remote blocking will prevent unauthorized access to your corporate network;
- the search function allows you to determine the approximate location of the missing mobile device;
- The wipe function gives you the choice to delete corporate data or restore factory settings.
When purchasing Kaspersky Endpoint Security for Business STANDARD, Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business or Kaspersky Security for Mobile devices, all management options mobile devices will be available in Kaspersky Security Center. This way, you can use a single console to manage your mobile devices, endpoint protection, and many other Kaspersky Lab technologies.
System administration tools
In addition to detailed control over the security of the IT infrastructure, Kaspersky Security Center provides system administration tools that simplify infrastructure management tasks and increase productivity and reduce operational costs.
- Deployment of OS and programs
Kaspersky Security Center makes it possible to manage OS and program images: create, quickly copy and deploy. - Software installation
The remote software installation feature in Kaspersky Security Center saves administrators time and helps reduce the amount of traffic transmitted over the corporate network.- Deploy software on demand or according to a schedule.
- Using dedicated update servers
- License management and hardware and software
Kaspersky Security Center allows you to manage hardware and software, as well as track software licenses within your IT infrastructure:- Keep track of all devices on your network with automatic hardware inventory;
- Monitor application usage and track license renewal issues using summary reports generated by Kaspersky Security Center.
- Vulnerability monitoring
After inventorying your hardware and software, you can search for vulnerabilities in operating systems and applications that have not been patched:- generate detailed reports on vulnerabilities;
- Perform vulnerability assessments and prioritize patches.
- Patch installation management
Once you find vulnerabilities, you can efficiently distribute the most important patches using Kaspersky Security Center:- manage the download of patches from Kaspersky Lab servers;
- Manage the installation of Microsoft updates and patches on computers on your network.
- Network access control
Network access control not only provides automatic discovery of devices on the corporate network, but also simplifies setting policies for guest mobile devices:- manage policies for providing access to your corporate network from various devices;
- Manage guest access to the Internet and corporate network resources.
All system administration tools will be available in your Kaspersky Security Center management console if you use Kaspersky Endpoint Security for Business ADVANCED, Kaspersky TOTAL Security for Business, or Kaspersky Systems Management.
Full list of supported applications:
Kaspersky Security Center provides management of the following Kaspersky Lab solutions for protection against information threats:
- mobile device protection:
- Kaspersky Endpoint Security for Smartphone
- workstation protection:
- Kaspersky Endpoint Security for Linux
- Kaspersky Endpoint Security for Mac
- Kaspersky Anti-Virus 6.0 for Windows Workstations MP4
- Kaspersky Anti-Virus 6.0 Second Opinion Solution MP4
- server protection:
- New!
- Kaspersky Endpoint Security for Windows Kaspersky Anti-Virus for Windows Server
- s Enterprise Edition
- Kaspersky Anti-Virus for data storage systems
- Kaspersky Anti-Virus for Linux File Server
- Kaspersky Anti-Virus 6.0 for Windows Servers MP4
- Kaspersky Anti-Virus 5.7 for Novell NetWare
- protection of virtual environments:
New! Kaspersky Security for Virtualization Please note that some versions of security solutions are supported for Microsoft Exchange and ISA Server, as well as previous versions of applications for protecting servers and workstations under Linux control is still carried out using Kaspersky Administration Kit –
previous version
means of centralized management of the protection system.
| System requirements | Administration Server |
|---|---|
| Microsoft® Data Access Components (MDAC) 2.8 or higher or Microsoft® Windows® DAC 6.0
| |
| Microsoft® SQL Server® 2005, 2008, 2008 R2 | |
| 32-bit OS:
|
Windows Server 2003
| System requirements | Administration Server |
|---|---|
| Microsoft® SQL Server® 2005, 2008, 2008 R2
|
|
| 32-bit OS:
|
Windows XP Professional / Vista SP1 / 7 SP1
| System requirements | Administration Server |
|---|---|
| Microsoft® SQL Server® 2005, 2008, 2008 R2
|
|
| 32-bit OS:
|
Kaspersky TOTAL Security for Business includes all the features of Kaspersky Security Center. When using other Kaspersky Lab products, the set of Kaspersky Security Center capabilities will depend on the functionality of the selected solution.
The larger the network, the more System Administrator(or IT department) is trying to automate the management of software products. Antivirus software is no exception in this regard.
Many antivirus manufacturers have in their arsenal tools remote administration, today we will talk about a similar solution from Kaspersky Lab.
In general, Kaspersky Security Center is a rather serious application, which definitely cannot be described in one article. Therefore, in this article we will analyze only its deployment.
You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote administration of the server, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communicating anti-virus software with the server.
The server itself must be deployed only on Windows operating systems. Moreover, the presence of a server edition is not necessary. Systems from XP and higher are supported, but only in the Professional/Enterprise/Ultimate editions. WITH full list Supported systems can be found on the website.
In addition, the server requires MS SQL or MySQL (remote is possible) to operate. If you don’t have a ready-made database server at hand, the Kaspersky Security Center installer will install MS itself SQL Express, which is quite sufficient for most organizations.
So, to deploy the server, download and run installation file(I recommend downloading the full distribution). As a test bench, we selected a computer with an operating system Windows system Server 2012 R2.
You will see a convenient menu in which we are now interested in the “Install Kaspersky Security Center 10” item.
After starting the installation, you will be asked to accept the license agreement and select the installation type. For better control over the installation process, we note the custom installation.
If you have mobile devices on your network, you can install a separate component to manage their security.
Enter the size of your network. This point, however, does not carry any important determining force.
Next, the installation program will ask under which user to run the administration server service. You can specify an existing user with admin rights or allow the installer to create a new one.
The next step is to select a database server. As already mentioned, there are two options here - MS SQL or MySQL. If you do not have a ready-made server, Kaspersky Security Center will carefully deploy MS SQL Express.
At this step in the installation process you may be waiting for little surprise if it is not installed on your system. NET Framework 3.5SP 1.
Windows Server .NET Framework 3.5 SP 1 is built in as a feature and only needs to be enabled. If you do not have a server room operating system, then you need to go to the Microsoft website and download the installer.
Let's consider the option of enabling the component in Windows Server. To do this, open Server Manager and select “Add roles and features.”
A wizard will launch in which we need to indicate that we are going to install roles or components.
Windows Server Add Roles and Features Wizard We select our server and skip the selection of roles. In the list of components, find .NET Framework 3.5 Functions and check them.
Adding a Feature to Windows Server After this, we will return to installing Kaspersky Security Center itself.
We need to select the SQL authentication mode. This could be separate Account, and the current one.
The Kaspersky Security Center server requires a shared folder, which client computers could access to receive updates and installation packages. You can create new folder or specify an existing one.
We indicate the ports through which we will connect to the administration server.
Specify the server address on the network. If the server has and will have a static IP address, you can limit yourself to it. But it’s still more convenient to identify the server by name.
The last step before installation is to select the necessary plugins. Plugins allow you to manage various Kaspersky Lab antivirus products. This is useful if you have a whole “zoo” of versions. Plugins can also be installed later.
Now all that remains is to watch the installation process. Sometimes plugins require you to accept a separate license agreement.
The installation of Kaspersky Security Center is complete.
Now let's go over the initial server setup. The administration console installed with the server looks like this:
Administration console of Kaspersky Security Center The console can also be installed separately. And it’s even necessary so as not to log into the server every time for routine actions.
The left column lists the servers. For now there is only our newly created server. If you administer several servers, then simply click Add Administration Server.
So, click on the newly created server and the Wizard will launch initial setup. You will be asked to activate the program using a code or key. However, this can be done later.
In addition, the wizard will ask for your consent to participate in the Kaspersky Security Network program. Essentially, this is another spy on your computers that sends Kaspersky Lab data about what resources you access and where you pick up the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for end user The point of participating in such a program is questionable.
You will also be asked to indicate mailboxes for notifications from the Kaspersky Security Center server. You can skip this step.
After all these steps the server will start loading latest versions updates from the network. In the future, you can configure not the Kaspersky Lab server on the Internet as an update source, but an upstream server, if there are several of them on your network.
After downloading updates and polling the network, the wizard will display a successful completion message and offer to run the Deploy Protection on Workstations Wizard.
We will talk about deploying protection on workstations in.
New Web Console
Basic advantages of the Web Console versus MMC:
No client-side installation required, just a web browser required
Since you only need a browser, it doesn’t matter what operating system
If you work on a mobile device, you can view reports directly from the beach
Web Console supports the User-Centric model, that is, the administrator assigns a policy not to the device, but to the user. The User-Centric management model works if devices are assigned owners in AD. KSC will be able to receive this information and assign policy profiles not to devices, but to device owners. The old Device-Centric management model, where policy profiles were assigned to devices, remains available and is the default.
Web Console is a separate distribution. It can be installed either on a computer with KSC or on a separate computer.
Interaction scheme:
Web Console is a web server based on the Node.js platform.
The Web Console server part connects to KSC using the new KSC Open API protocol based on HTTPs. The client part is an SPA (Single Page Application).
In its simplest form, SPA is a web application whose components are loaded once on the page, and the content is loaded as needed. Those. when we click on any interface element in the Web Console, JavaScript is launched, which loads modules and renders what we requested. And everything will look as if we went to another page.
Changes in the interface of the MMC administration console
Several new nodes have appeared in the console tree:
Multitenant applications – this may include LC applications that have Multitenancy support functionality, for example, KSV.
Deleted objects – this includes deleted entities, such as tasks, policies, installation packages
Triggering of rules in Smart Training mode – information about triggering of rules in the training mode for the new AAC component comes here
Active threats (previously called Unprocessed files)
So, what can go into the Deleted objects node. All entities that have a Revisions section in their properties go to the Deleted objects node after deletion.
Namely: - Policies - Tasks - Installation packages - Virtual Administration Servers - Users - Security groups - Administration groups
We can say that this is an analogue of the Recycle Bin in Windows.
General and end-to-end forKSC subnet list
In KSC, subnets can be used in multiple places. For example, in the KSC properties, when we want to limit the transmission of traffic by time. In the Agent policy, when setting up connection profiles.
In KSC 10, it was necessary to separately set subnet parameters in each of these places, which was not very convenient.
In KSC 11, in the properties of the Administration Server appeared new section, where you can specify a list of subnets within the organization once and this list will be available anywhere in the KSC where you need to select a subnet as a parameter.
Installation package: protection level indicator
The KES 11.1 installation package in KSC 11 no longer has installation options.
But they added a protection indicator to the properties of the installation package; previously such an indicator was only in the policy. If the administrator decides to disable the installation of an important KES 11.1 component, the indicator will change color. You can also see what influenced the change in the level of protection.
KSC 11: supportdiff – update files
The update servers store several sets of databases, complete and so-called diff files (the difference (delta) between the current and previous update). Diffs can be daily or weekly. KSC 10 was able to download only the full set of databases, now it can download both sets, full and diffs.
The paradox is that KES has long been able to work with diffs, but only when updating from the Internet, now KES can use diffs when updating from KSC. This will significantly reduce internal traffic many times over.
Network Agents: supportdiff – update files
The option to download updates in advance (offline update mode) is enabled in the Agent policy by default
Diff file relay does not work when offline update mode is enabled
Diff files will not be transferred to older versions of Agents
BUT! In the Network Agent properties there is an option “Download updates from KSC in advance”. So, if this option is enabled, and it is enabled by default, then KES will be updated the old fashioned way without using diffs.
KSC 11: Update Agents
Update Agents can now also distribute DIFF update files.
In addition, they can now act as a KSN Proxy and can redirect KSN requests from protected devices to the Administration Server or directly to global KSN servers.
UpdateAgent: support 10,000 nodes
By default, KSC assigns Update Agents automatically.
In KSC 10, if the administrator wanted to assign the Update Agent manually, this caused inconvenience in large networks. Why? Because previously one Update Agent could support up to 500 hosts. And if there are several thousand hosts on the network, then it was necessary to assign many Update Agents to cover the entire network. In addition, not any computer can become an Update Agent; it must meet certain system requirements.
In general, manually assigning an Update Agent in large networks used to be a difficult task.
Now this problem has disappeared, because... now one Update Agent supports up to 10,000 hosts.
Since the number of supported hosts has increased, the system requirements to a computer that can be assigned an Update Agent (processor frequency 3.6 GHz or higher, RAM from 8 GB, free disk space from 120 GB)
FolderKLSHARE has moved: C:\ProgramData\KasperskyLab\adminkit\1093\.working\share\
K.S.C. 11: Plugin Backward Compatibility KES
KSC11 introduces backward compatibility of KES plugins.
Previously, if they were used on the network different versions KES, the administrator had to maintain separate sets of policies and tasks for each version. Now the policies and tasks of KES 11.1 will apply to KES 11.
K.S.C. 11: remote installation
A new section has appeared in the Remote Installation Wizard - Behavior for devices managed through other Administration Servers.
If there are multiple KSC servers on the network, they can see the same devices. This option allows you to avoid installation on a device that is connected to another KSC.
KSC 11: improvements inRBAC
Firstly, RBAC no longer requires a license for the Administration Server.
Secondly, new roles have appeared: - Auditor - Security Officer - Supervisor. By default they are not assigned to anyone.
Thirdly, it became possible to relay the list of roles to subordinates of the Administration Server. Previously, you had to work with roles separately on each Server, which was not very convenient. Now you can create and configure roles in one place on the Main Administration Server and move them down the hierarchy.
KSC 11: new reports
Report on the status of application components– allows the administrator to clearly understand where which components are installed and their current status. This important information, because An installed but not running component reduces the effectiveness of end node protection. Previously, the administrator did not have the opportunity to view the status of KES components in one place on all devices at once. To find out which components were installed and running, we had to look at each host separately, which was inconvenient and time-consuming.
If necessary, based on this report, you can build detailed reports on individual components, for example, see where Endpoint Sensor is installed.
Reportonthreatdetectiondistributedbycomponentanddetectiontechnology- information about which particular protection component detected the threat and using what technology. This allows you to clearly demonstrate the operation of detection technologies and the usefulness of protection components.
Integration withSIEM via syslog
To send events from KSC to the SIEM system via the syslog protocol, a license is no longer required.
But this only applies to Syslog, integration with ArcSight, QRadar and Splunk still requires a license!
Diagnostics of update installationWindows
The option automatically enables Network Agent tracing. Trace files are stored in the folder - %WINDIR%\Temp
TOTALKSC 11:
A full-fledged KSC Web Console has appeared
Implemented support for DIFF update files
Support implemented backward compatibility KES plugins
Update agents can act as a KSN proxy and support up to 10,000 nodes
Adding new roles to RBAC does not require a KSC license
New reports added
Integration with SIEM systems via syslog no longer requires a license
Windows update installation diagnostics have been expanded
Kaspersky Security Center is a unique tool that allows you to control the security of corporate networks and centrally manages various security tools
Application
Many large organizations create corporate networks between devices to facilitate data transfer and management. Such solutions are very smart, however, we should not forget about certain threats and it is worth thinking about security. Kaspersky Security Center from Kaspersky Lab does an excellent job of this task.Benefits of the program
This tool generates a common control center for a system of devices used by all members of the organization. The software is universal, compatible with both computers and mobile devices. The system is entirely under the control of the device administrator, who protects it from viruses and various threats. The implementation of protection occurs at different stages, since it is complex.The Control Center is responsible for monitoring the activities of programs, their opening and blocking of harmful software. It influences all applications and programs installed on computers that are connected to the corporate network. The administrator controls user actions, either by adjusting their own security settings or using standard templates.
Kaspersky Security Center constantly checks the system for weaknesses, updates security components, and monitors the availability of updates for running software. When checking the system, the program provides reports on its actions. Reports are generated automatically when regular checking is activated, but the tool is able to generate them upon user request and convert them into files PDF formats, HTML and XML.
The intuitive interface that the program is equipped with makes the user's work easier.
Key Features:
- Protection for both desktop and mobile devices.
- Supports devices with different operating systems.
- Control is carried out either by several users or by one administrator.
- Blocking unwanted software.
- Convenient security policy settings, the ability to use both standard profiles and create your own.
Good day, dear visitor. From the title of the article you already understand that today we will talk about protection. In one of the previous articles, I reviewed a product related to this area of IT, which showed itself well. Today I will tell you about an equally interesting product from Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be considered in virtual environment Hyper-V, on second generation machines. The server part will be implemented on a domain controller running Windows Server 2012 R2, AD mode Windows Server 2012 R2, and the client part on Windows 8.1.
It is worth noting that we constantly use this product in our IT outsourcing practice.
What is Kaspersky Endpoint Security?
Kaspersky Endpoint Security for Windows combines world-class anti-malware technology with Application Control, Web Control, Device Control, and data encryption - all in one application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.
Possibilities:
- Single application
- Single console
- Unified policies
Kaspersky Endpoint Security for Windows is a single application that includes a wide range of critical security technologies, such as:
- Anti-malware protection (including firewall and intrusion prevention system)
- Workplace control
- Program control
- Web Control
- Device Control
- Data encryption
Kaspersky Endpoint Security differs in the set of included modules containing different quantities modules depending on edition:
- STARTING,
- STANDARD
- ADVANCED
- Kaspersky Total Security for business
In our case we will use ADVANCED.
The following features are available as part of the Kaspersky Endpoint Security for Business START solution:
The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:
- Anti-malware, firewall and intrusion prevention system
- Workplace control
- Program control
- Web Control
- Device Control
...as well as other Kaspersky Lab technologies to ensure IT security
The following features are available as part of the Kaspersky Endpoint Security for Business ADVANCED and Kaspersky Total Security for Business solutions:
- Anti-malware, firewall and intrusion prevention system
- Workplace control
- Program control
- Web Control
- Device Control
- Encryption
...as well as other Kaspersky Lab technologies to ensure IT security.
Architecture
Server part:
- Kaspersky Security Center Administration Server
- Administration console of Kaspersky Security Center
- Kaspersky Security Center Network Agent
Client part:
- Kaspersky Endpoint Security
So let's get started
Installing the administration server
In our case, the administration server will be installed on the AD controller in Windows mode Server 2012 R2. Let's start the installation:
.jpg)
I forgot to clarify, we will use Kaspersky Security Center 10. Let's install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10
In the next wizard window, select the path to unpack the distribution and click “Install”.
.jpg)
After unpacking the distribution, we are greeted by the Kaspersky Security Center installation wizard; after clicking the “Next” button, the wizard asks “Network size”, because We will have only two clients, one x86 and the other x64, then we indicate “Less than 100 computers on the network.”
.jpg)
We specify the account under which the “Administration Server” will start. In our case, the domain administrator account.
.jpg)
Kaspersky Security Center stores all its data in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you have an already installed DBMS, you can select the name of the SQL server and the name of the database.
.jpg)
At the “Administration server address” stage, the wizard asks you to specify the server address, because Since we have AD installed and DNS integrated, it would be wiser to specify the server name.
.jpg)
After selecting the plugins for management, the installation of Kaspersky Security Center will begin.
.jpg)
After successful installation and the first launch of Kaspersky Security Center, we are greeted by the initial setup wizard, in which we can specify a key, accept the agreement for KSN participation, and specify an email address for notifications.
.jpg)
.jpg)
The update parameters are also specified and a policy with tasks is created.
.jpg)
After installation, the following will be installed on our server:
- means of centralized management of the protection system.
- Windows Server 2003
- Administration Agent
But Kaspersky Endpoint Security will not be installed. We will perform a remote installation, because... the administration agent is already installed, then we can deploy Kaspersky Endpoint Security to the server. If there is no administration agent and all incoming connections are blocked in the Firewall Windows remote installation will not work. Expand the “Remote Installation” node and select “Run Remote Installation Wizard”. Select the installation package and click the “Next” button
.jpg)
In the “Select computers for installation” window, select the installation option for computers located in administration groups. Then select the server and click the “Next” button.
.jpg)
A system reboot will be required after updating important modules of Kaspersky Endpoint Security, because... The package is new enough that a reboot is not needed. When selecting credentials, let's leave everything as default, i.e. empty. After clicking the “Next” button, we will see the installation progress of Kaspersky Endpoint Security.
.jpg)
.jpg)
Creating groups
Because Since the policies and tasks intended for servers differ from the policies and tasks of workstations, we will create groups corresponding to the type of administration for different cars. Expand the “Managed computers” node and select “Groups”, click “Create a subgroup”. Let's create two subgroups, “Workstations” and “Servers”. From the “Managed computers – Computers” menu, using “drag and drop” or “cut & copy”, move “DC” to the “Servers” group and create a policy and tasks for this group different from the tasks and policies in the “Managed computers” node "
Installing Kaspersky Endpoint Security
To install Kaspersky Endpoint Security remotely, you need to disable UAC during installation. The requirement is "inconvenient", so we will create a policy in the GPO for Windows Firewall, in which we will allow an incoming connection according to the following predefined rule “ General access to files and printers."
After setup and distribution group policy, let's go to the administration console. Expand the “Administration Server” node and select “Install Kaspersky Anti-Virus”, click “Run Remote Installation Wizard”. In the installation package selection wizard window, select the required package and click “Next”. Select clients in the “Unassigned computers” group and click “Next”.
.jpg)
In the next window, leave everything as default and click “Next”. After the window with choosing a key, the wizard prompts you to ask the user to reboot the system after installation of Kaspersky Endpoint Security is completed, leave it as default and click “Next”. At the step “Deleting does not compatible programs“You can make adjustments, of course, if they are needed. Next, the wizard suggests moving client computers to one of the groups; in our case, moving them to the “Workstations” group.
.jpg)
.jpg)
.jpg)
As we can see, the console “speaks” about the successful installation of Kaspersky Endpoint Security on client stations.
.jpg)
As we can see, after installation, the administration server transferred client machines according to the conditions in the remote installation task.
.jpg)
Kaspersky Endpoint Security on the client machine.
.jpg)
Let's create a policy for client stations in which we will enable "Password protection", this is necessary, for example, if the user wants to turn off the antivirus.
.jpg)
Let's try to disable protection on the client machine.
.jpg)
Rules for moving computers
On the administration server, you can set movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security will be installed on a newly discovered PC. This is useful in a scenario where an organization has installed a new PC.
To automate the deployment of Kaspersky Endpoint Security, we will define movement rules for computers. To do this, select the “Unassigned computers” node and select the “Configure rules for moving computers to administration groups” item and create a new rule.
.jpg)
.jpg)
In the created rule, the newly detected PC will be added to the “Workstations” group from the specified range of IP addresses.
Next, let's create an automatic deployment task antivirus protection for machines that do not have it installed. To do this, select the “Workstations” group and go to the “Tasks” tab. Let’s create a task to install anti-virus protection with the “Immediate” schedule.
So, we see that the client computer has been added to the “Workstations” group.
.jpg)
Let's go to the "Tasks" tab and see that the installation task has started.
.jpg)
Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated a remote installation on one of them, after that the anti-virus was removed to demonstrate this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection, a machine with anti-virus protection was not touched by the defense. After installing anti-virus protection, the KES policy will be applied to this client computer.
Reports
Reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report “About versions of Kaspersky Lab programs”.
.jpg)
The report, in some detail, displays information about installed programs Kaspersky Lab. You can see how many agents, client solutions and servers are installed. Reports can be deleted and added. You can also view the status of anti-virus protection using the “Selection of computers”, which helps you conveniently sort computers with infected objects or with critical events.
In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was reviewed. The controls are indeed convenient and intuitive. But it is worth noting the enormous workload of client systems during the search for viruses and potential threats; this workload is caused mainly by heuristic analysis, which requires quite a lot of resources. The product is very easy to administer and is suitable for both AD and working group. This product has been installed by many of our clients and shows only good results.
That's it, people, peace to you!
