Administration agent kaspersky security center 10.2 434. Deploying anti-virus protection: installing administration agents, checking compatibility

DLP for mail and SharePoint are new features included in the latest releases of antivirus products that provide security for mail servers or collaboration clients. To use these features, you must enter a special license key, which must be purchased separately. The code comes with the product to protect the mail server itself. The solution's DLP function becomes available after activating the antivirus product.

On February 1, 2017, the release of anti-virus database updates for KES 6.0 stopped.

To receive updates, you need to additionally purchase “Kaspersky License Renewal for previous versions of programs*” for the required number of nodes. But the right to use will expire on December 31, 2017.

On January 1, 2018, the release of updates for 6.0 will be stopped. FSTEC published a letter about the mandatory transition from KAV 6 to other solutions.

Now, through a request, you can receive installation files with forms for 6.0; the FSTEC certificates themselves will expire on January 1, 2018.

If you only purchased Kaspersky System Management for system administration, then you need to download Kaspersky Security Center.

If you already have a license for Kaspersky Lab corporate antivirus and use the Administration Console for full management, then you do not need to install anything.

Kaspersky System Management is a set of administration capabilities included in Kaspersky Security Center.

All of these features are included when you activate a license for . In addition, these functions are included in the Kaspersky System Management solution, which can be used without an antivirus, or in addition to the KES Starter license.

The difference is in the bit depth of the encryption module, Lite has 56, and Strong has 256. A significant difference is present only for Kaspersky Endpoint Security for Business and, and for Starter there are no differences in the installation files. By law, Russian enterprises are allowed to use 56-bit encryption.

The Administration Server (or Server) is a PC with the Administration Server client installed.

The Administration Server service has the following properties:

"Kaspersky Security Center Administration Server."

with autostart when loading the OS.

with a Local System or user account, depending on the settings when installing the Administration Server.

The Administration Server has the following capabilities:

storing the structure of administration groups

storing data about client PC settings

providing a repository of application installers

remote installation of programs on client computers, removal of programs

setting up policies and setting goals on client PCs

storing data about actions that happened on client devices

compiling reports on the functioning of Kaspersky Lab anti-virus solutions

key storage for client PCs

messages about the execution of goals (whether threats are detected or not)

You can install many Administration Servers on a corporate network, thanks to them you can create a hierarchy of the form “Main server - Slave server”. Moreover, the server can have many more servers subordinate to it.

The Administration Server is managed through the Administration Console installed on any PC in the corporate network.

Kaspersky Lab experts do not recommend installing 2 versions of the Console on the Administration Server. Because if you install the latest versions of the Administration Server and Console, but forget to erase the previous version of the Console. The simultaneous operation of two Consoles may cause a malfunction.

To download Network Agent, follow the link.

Installation instructions:

Open the distribution locally (by default it is located in the \\ directory<Адрес сервера администрирования>\KLSHARE\Packages\NetAgent_10.1.249), then follow everything that is written in the instructions that appear.

Run the installation file remotely via Kaspersky Security Center.

Configure group policies.

We continue our series of articles about Kaspersky Security Center.

Today we will talk about one specific problem that may arise when administering KSC.

The fact is that from time to time the Kaspersky Security Center server may lose connection with workstations. This may happen due to a failure in Network Agent.

In this case, you can see the following picture:

As you can see, Kaspersky Security Center Network Agent is running on one of the computers. Such a computer will not receive updates through group tasks and will not provide reports to the KSC server.

As a rule, the problem appears spontaneously and also disappears spontaneously (as I already said, Kaspersky Security Center is fraught with many bugs). The reason here is that the roots of the problem lie in the Network Agent service. Therefore, the problem goes away when you restart the computer and, as a rule, goes unnoticed.

However, servers are a different story. They are able to work without rebooting for weeks and months. Sometimes rebooting the server is simply not an option.

In this case, you should open the services that are in the operating system (the method is equally suitable for both server and desktop operating systems) and find the service Kaspersky Security Center Network Agent.

Most likely, you will see that the service works quite well. Don't believe this statement. Open the service properties and first click the button Stop, and then Launch.

This way you will restart Network Agent on the computer and the problem with it will probably be solved.

If the Kaspersky Security Center administration server was reinstalled

It’s another matter if the KSC administration server was reinstalled while the database was preserved. In this case, you can observe a massive appearance of the status that Network Agent is not functioning. Even if the server name and IP address have not changed. As far as I know, the problem lies in the administration server certificate, which changes after reinstallation.

The solution to the problem suggests itself - reinstall Network Agent on client machines. But you will most likely encounter the fact that the server will give you a message about waiting for a connection without performing the installation. In this case, you need to open the properties of the Network Agent installation task, go to the section Options and refuse installation via Network Agent, forcing loading using Windows. You can leave both options as in the screenshot, or try any of the two. Also, uncheck the option Do not install a program if it is already installed. This will force installation.

Please note that installation must be performed under an account that has local administrator rights on client machines.

Installing Network Agent for the first time on a target computer

The first installation of Network Agent can be performed using the wizard Remote Installation Wizard. By default, the wizard offers to use forced installation options.

But during the first installation, only the option makes sense Using Microsoft Windows tools from a shared folder. It would be more accurate to say - using Microsoft Windows from a shared folder to a folder<имя_компьютера>\Admin$ on the target computer. Of course, you must use an account that is a member of the local Administrators security group on the target computer.

Installation while the Administration Agent is running

To reinstall the Administration Agent, you can use the wizard Remote Installation Wizard. First you need to disable the option Do not install a program if it is already installed. Next, there are two possible options.

Option A

We install the Administration Agent using the Administration Agent itself on the target computer. You do not need to use an account that is a member of the local Administrators security group on the target computer.

Option B

If the Network Agent on the target computer is dysfunctional, you can install it using Microsoft Windows from the shared folder to the folder<имя_компьютера>\Admin$ on the target computer. To do this, you must use one or more accounts that are members of the local Administrators security group on the target computer.

KavAdmKit Platform

KavAdmKit, aka Kaspersky Adminstration Kit, 8.0.2163.

It is also Kaspersky Administration Kit 6.0 MP2, but with a category update installed Patches for Kaspersky Administration Kit.

For some reason the manufacturer removed access to the package on the page

Goal of the work.

Laboratory work is devoted to the issues of automated deployment of anti-virus protection tools on a computer network. The tasks of installing the Administration Agent and scanning computers for software that is incompatible with Kaspersky Lab products are discussed.

Description of work.

During the previous lab, the administration server and management console were installed. Communication between the administration server and client computers is ensured by the administration agent. Therefore, it must be installed on each client computer that will be connected to the centralized anti-virus protection management system. There is no need to install the agent separately on the computer where the administration server is installed, since the server version of the agent was automatically installed along with the server (its feature is that the agent interacts only with the administration server installed on the same computer).

Let's launch all the virtual machines that make up our laboratory stand and look at the process of automated deployment of administration agents. On the AVServ server, let's launch the Kaspersky Security Center administration console (you can also manage the server from the Station 1 workstation, on which the administration console was installed during the first job). First, let's look at the list of managed computers that already have an administration agent. Having opened the knot Managed computers, go to the tab Computers(Fig. 5.47). The list displayed shows only one computer - AVScrv, on which the server version of the Administration Agent is installed. The "critical" status is set due to the fact that there is no anti-virus software on this computer yet.

Rice. 5.47.

The first thing you need to do during agent deployment is perform computer discovery. In the administration console, go to the node Unassigned computers(Fig. 5.48). The search can be performed by querying computers on a Windows network using Active Directory information or by IP address range. The specific method depends on the organization of the protected system. For example, if there are computers on the network that are not included in a Windows domain, searching a range of IP addresses may be preferable to retrieving information from Active Directory.

In our example, all three of the above methods are suitable. Let's use a search on the Windows network - in the appropriate section in the administration console window, click the link Survey now.

Rice. 5.48.

After the survey is completed (the process of completing it is illustrated by the “status bar”), expand the node corresponding to the found Labs domain and see all the detected computers. Select them and click the link Install the program(Fig. 5.49). This will launch the Remote Installation Wizard.

Here it is necessary to explain some features associated with remote software installation using Security Center. Before you begin deploying the program, you need to create an installation package. This is done through the node Repositories->Installation packages(Fig. 5.49). There you need to launch a wizard that will ask for the name of the installation package and the path to the distribution files.

Rice. 5.49.

In our case, Kaspersky Security Center 9.0 was installed from the full version of the distribution and both installation packages - for the administration agent and for the anti-virus product Kaspersky Endpoint Security 8 for Windows - were automatically prepared. So in the first window of the installation wizard you only need to specify the required package (Fig. 5.50).

The next step is to select the method that will be used to install the redistributable package. Due to the fact that the Administration Agent has not yet been installed on client computers, we leave the checkboxes Using Windows tools from a shared folder And Do not install a program if it is already installed(Fig. 5.51).

Rice. 5.50. Remote Installation Wizard: Selecting an Installation Package

Rice. 5.51. Remote Installation Wizard: Selecting an Installation Method

In order for installation using Windows to proceed correctly, ports TCP 139 and 445, UDP 137 and 138 must be opened on the client computer. By default, this setting is made on all client computers included in the Windows domain (in the case of a client with Windows 7, there are some special features which are described below). If there are computers on the network that are not included in the domain, an attempt to automatically install the Network Agent on them may fail. In this case, you can use the riprcp.exe utility to prepare your computer for remote installation, which will make all the necessary settings (see below).

After selecting the installation packages and installation method, you will need to specify the account under which the installation will be carried out. You can skip this step if Network Agent is already installed on your computers. In our case, we need to press the button Add and specify an entry with administrator rights (Fig. 5.52). If the computers are not included in a domain, several such records may be needed.

Rice. 5.52.

The next window determines how the computer will restart if it is required as a result of installing the package. The default setting is to prompt the user for permission to reboot.

For the purposes of our laboratory, the more preferable option would be To restart a computer. And when deploying new software in an existing enterprise network, when installation is performed on servers, you should choose Don't restart your computer and perform a manual reboot later.

Rice. 5.53.

In the following wizard windows you will need to click the button several times Further, to confirm your choice and run the created task for execution. Going to the node Tasks for sets of computers, You can track the installation process and evaluate its results. In the example presented in Fig. 5.54, the installation was successful on one computer, but failed on two.

Rice. 5.54.

If in the one shown in Fig. 5.54 window with the report follow the link More details, then we will see that the installation of the agent on the Serv server was completed successfully, but the program could not be installed on computers NB1 and Station 1 due to the fact that “The computer may be disconnected from the network.” This may happen because the computer is turned off, there are problems with the network infrastructure, or the firewall settings on the computer do not allow remote installation. In our example, the reason for the failure is the firewall settings.

In such cases, when installing Kaspersky Anti-Virus on computers with Windows 7, it is recommended to first configure shared access to network folders.

If your Windows 7 computer is included in a domain, you need to open Control Panel -> Network and Sharing Center, next select Change advanced sharing options and in the block Access to shared folders choose Enable sharing, to allow network users to read and write files in shared folders(Fig. 5.55). This setting must be done on the NB1 and Station 1 computers.

Rice. 5.55.

Rice. 5.56.

In a more general case, a problem with Windows settings can be solved by running the riprcp.exe utility on computers. On the AVServ server it is located in the folder where Security Center was installed: C:Program Files (x86)Kaspersky LabKaspersky Security Center. You can copy the utility to a shared folder and run it from there on machines where the installation failed. Having launched the utility, you need to make the necessary changes (Fig. 5.56), and after making them you may need to reboot. For a large network, such a task can be automated using administrative scripts.

After the changes have been made, re-run the task of installing administration agents (Fig. 5.54, button Launch bottom right). The installation should now be successful.

Exercise 1.

Deploy Security Center Administration Agents to the lab bench virtual machines.

After installation of Administration Agents in the group has been completed Managed computers there should be all 4 virtual machines of the laboratory stand. If only one AVServ server is displayed, it may just be old data and you need to run the command Update from the context menu.

The next task when preparing to deploy antivirus software is to search for programs installed on computers that are incompatible with LC antiviruses. Such programs will have to be uninstalled.

You can remotely uninstall programs from client computers by running remote uninstallation tasks. Security Center allows you to create the following types of tasks:

• - group tasks that are created for client computers of selected administration groups;
• - tasks for sets of computers that are created for selected client computers, depending on whether these computers belong to any administration group.

But before you uninstall the program, you need to find it. Creating a report about incompatible programs can help with this.

To do this you need to go to the node Reports and notifications, choose there and, if necessary, select the item in the context menu Update. The report will include programs identified by administration agents that are known to Security Center as incompatible. First of all, these are other antivirus products.

In our case, the report indicates the presence of the Microsoft Security Essentials 2 x64 program on computer NB1 (Fig. 5.57).

Rice. 5.57.

Let's find NB1 in the group of managed computers and create a task to uninstall the Microsoft Security Essentials antivirus (Fig. 5.58). Please note that after running the wizard the node became active Tasks for sets of computers.

Rice. 5.58.

Rice. 5.59.

In the first window of the wizard, you need to specify the name of the task to be created - “Remove Security Essentials”. Next, you will need to select the type of task: we are interested in remote uninstallation of a program, which relates to tasks for the application Kaspersky Security Center Administration Server, subgroup Additionally(Fig. 5.59).

Rice. 5.60.

Rice. 5.61.

We also know that this program is on the list of incompatible computer antivirus software. We indicate this when selecting the type of program to be deleted (Fig. 5.60).

In the next window, click the button Add and in the list of incompatible programs we will find Microsoft Security Essentials 2 x64 (Fig. 5.61).

In the next window of the task creation wizard, you will need to specify the method in which the uninstallation utility will be downloaded to the client computer. Network Agent is already installed on computer NB1, so you can leave the settings at default (Fig. 5.62). Next you will be asked to restart the computer after uninstallation, select the option To restart a computer.

Rice. 5.62.

The next wizard window allows you to specify the account to use. This is necessary if the Security Center Administrative Agent is not available on the client computer. In our case, you can skip this window, since the agent is present on computer NB1.

In the launch schedule, select the option Immediately and in the last window we will confirm the creation of the task.

Now select the created task in the node Tasks for computer sets and wait until it finishes, which may take some time. The report showed that the task has completed and the computer needs to be rebooted (Fig. 5.63). After an automatic reboot, the task will be marked as successfully completed. Thus, we have completed the necessary steps prior to deploying anti-virus protection tools on the network.

Rice. 5.63.

Task 2.

Scan your computers for incompatible applications and remove any antivirus programs found.

This material was prepared for specialists involved in managing anti-virus protection and security in an enterprise.

This page describes and discusses the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also often the case that IT specialists do not know the most interesting aspects in the work of new versions of products that really help make life easier for these same IT specialists, and at the same time increase level of safety and reliability.

After reading this article and watching the videos, you can briefly familiarize yourself with the most interesting functionality that the latest version of the Kaseprky Security Center and Kaspersky Endpoint Security management console provides and see how it works.

1. Installation of the Kaspersky Security Center 10 administration server.

You can find the necessary distribution kits on the official Kaspersky Lab website:

ATTENTION! The distribution package of the full version of Kaspersky Security Center already includes the distribution package of Kaspersky Endpoint Security of the latest version.

First of all, I would like to talk about where to start installing anti-virus protection from Kaspersky Lab: Not with the anti-viruses themselves on client computers, as it might seem at first glance, but with the installation of the administration server and the central management console Kaspesky Security Center (KSC ). Using this console, you can deploy anti-virus protection on all computers in your organization much faster. In this video you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer for an anti-virus solution for client computers, which even a completely untrained user can install (I think every administrator has such “users”) - the installation interface contains only 2 buttons - “Install” and “Close”.

The administration server itself can be installed on any computer that is always on or is maximally accessible; this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but from previous versions - perhaps you will hear and see something new for yourself...

DID YOU LIKE THE VIDEO?
We do the same supply of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not have to pay anything for this miracle of civilization.

In order to “link” already installed client antiviruses with the administration server, you need very little:

• Install the administration server (First section of this article).
• Install the administration server agent (NetAgent) on all computers - I will tell you about the installation options in the attached video below.
• After installing the administration server agent, the computers, depending on your settings, will be either in the “Non-distributed computers” section or in the “Managed computers” section. If the computers are in “Not distributed computers”, they will need to be transferred to “Managed computers” and configure a policy that will apply to them.

After these steps, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be fewer infections and less headaches for the administrator.

In the video below, I will try to describe scenarios for installing NetAgents on client computers, depending on how your network is structured.