Ksc 10 setting up event storage. Remote installation of programs using Kaspersky Security Center

This material, was prepared for professionals involved in managing antivirus protection and security in an enterprise.

This page describes and discusses the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and Kaspersky central management console Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8.B the latter case, When antivirus protection from Kaspersky Lab is already used, it is also common that IT specialists do not know the most interesting moments in the work of new versions of products that really help make life easier for these same IT specialists, and at the same time increase the level of security and reliability.

After reading this article and watching the videos, you will be able to briefly familiarize yourself with the most interesting functionality that provides latest version Kaseprky Security Center management console and Kaspersky Endpoint Security and see how it works.

1. Installation of the Kaspersky Security Center 10 administration server.

You can find the necessary distribution kits on the official Kaspersky Lab website:

ATTENTION! The distribution kit is complete Kaspersky versions Security Center is already included in the Kaspersky Endpoint distribution Security latest versions.

First of all, I would like to talk about where to start installing anti-virus protection from Kaspersky Lab: Not with the anti-viruses themselves on client computers, as it might seem at first glance, but with the installation of the administration server and the central management console Kaspesky Security Center (KSC ). Using this console, you can deploy anti-virus protection on all computers in your organization much faster. In this video you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer antivirus solution for client computers, which even a completely untrained user can install (I think every administrator has such “users”) - the installation interface contains only 2 buttons - “Install” and “Close”.

The administration server itself can be installed on any computer that is always on or is maximally accessible; this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but from previous versions - perhaps you will hear and see something new for yourself...

DID YOU LIKE THE VIDEO?
We do the same supply of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that there is no need to pay anything for this miracle of civilization.

In order to “link” already installed client antiviruses with the administration server, you need very little:

• Install the administration server (First section of this article).
• Install the administration server agent (NetAgent) on all computers - I will tell you about the installation options in the attached video below.
• After installing the administration server agent, the computers, depending on your settings, will be either in the “Non-distributed computers” section or in the “Managed computers” section. If the computers are in “Not distributed computers”, they will need to be transferred to “Managed computers” and configure a policy that will apply to them.

After these steps, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be fewer infections and less headaches for the administrator.

In the video below, I will try to describe scenarios for installing NetAgents on client computers, depending on how your network is structured.

Good day, dear visitor. From the title of the article you already understand that today we'll talk about protection. In one of the previous articles, I reviewed a product related to this area of ​​IT, which showed itself well. Today I will tell you about an equally interesting product from Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be reviewed virtually Hyper-V environment, on second generation machines. Server part will be implemented on the OS domain controller Windows Server 2012 R2, AD mode Windows Server 2012 R2, and client on Windows 8.1.

It is worth noting that we constantly use this product in our IT outsourcing practice.

What is Kaspersky Endpoint Security?

In Kaspersky Endpoint Security for Windows technology world class protection against malware combined with Application Control, Web Control and Device Control, as well as data encryption - all within one application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.

Possibilities:

• Single application
• Single console
• Unified policies

Kaspersky Endpoint Security for Windows is a single application that includes a wide range of essential protective technologies, such as:

• Protection against malware (including firewall and intrusion prevention system)
• Workplace control
• Program control
• Web Control
• Device Control
• Data encryption

Kaspersky Endpoint Security differs in the set of included modules, containing a different number of modules depending on the edition:

• STARTING,
• STANDARD
• ADVANCED
• Kaspersky Total Security for business

In our case we will use ADVANCED.

The following features are available as part of the Kaspersky Endpoint Security for Business START solution:

The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control

...as well as other Kaspersky Lab technologies to ensure IT security

As part of the Kaspersky Endpoint Security for Business solutions ADVANCED and Kaspersky Total The following features are available for Business Security:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control
• Encryption
  ...as well as other Kaspersky Lab technologies to ensure IT security.

Architecture

Server part:

• Server Kaspersky administration Security Center
• Administration console of Kaspersky Security Center
• Kaspersky Security Center Network Agent

Client part:

• Kaspersky Endpoint Security

So let's get started

Installing the administration server

In our case, the administration server will be installed on the AD controller in Windows mode Server 2012 R2. Let's start the installation:

I forgot to clarify, we will use Kaspersky Security Center 10. Let's install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10

In the next wizard window, select the path to unpack the distribution and click “Install”.

After unpacking the distribution, we are greeted by the Kaspersky Security Center installation wizard; after clicking the “Next” button, the wizard asks “Network size”, because We will have only two clients, one x86 and the other x64, then we indicate “Less than 100 computers on the network.”

We set the account under which to start " Administration server" In our case, the domain administrator account.

All yours Kaspersky data Security Center is stored in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you have an already installed DBMS, you can select the name of the SQL server and the name of the database.

At the “Administration server address” stage, the wizard asks you to specify the server address, because Since we have AD installed and DNS integrated, it would be wiser to specify the server name.

After selecting the plugins for management, the installation of Kaspersky Security Center will begin.

After successful installation and the first launch of Kaspersky Security Center, we are greeted by a wizard initial setup, in which we can specify the key, accept the agreement for KSN participation, and indicate the email address for notifications.

The update parameters are also specified and a policy with tasks is created.

After installation, the following will be installed on our server:

• Administration server
• Administration Console
• Administration Agent

But Kaspersky Endpoint Security will not be installed. We will perform a remote installation, because... the administration agent is already installed, then we can deploy Kaspersky Endpoint Security to the server. If there is no administration agent and all incoming connections are blocked in the Firewall Windows remote installation will not work. Expand the “Remote Installation” node and select “Run Remote Installation Wizard”. Select the installation package and click the “Next” button

In the “Select computers for installation” window, select the installation option for computers located in administration groups. Then select the server and click the “Next” button.

A system reboot will be required after updating important modules of Kaspersky Endpoint Security, because... The package is new enough that a reboot is not needed. When choosing credentials, let's leave everything as default, i.e. empty. After clicking the “Next” button, we will see the installation progress of Kaspersky Endpoint Security.

Creating groups

Because Since the policies and tasks intended for servers differ from the policies and tasks of workstations, we will create groups corresponding to the type of administration for different cars. Expand the “Managed computers” node and select “Groups”, click “Create a subgroup”. Let's create two subgroups, “Workstations” and “Servers”. From the “Managed computers – Computers” menu, using “drag and drop"or "cut & copy", move "DC" to the "Servers" group and create a policy and tasks for this group different from the tasks and policies in the "Managed computers" node.

Installing Kaspersky Endpoint Security

To install Kaspersky Endpoint Security remotely, you need to disable UAC during installation. The requirement is “inconvenient”, so we will create a policy in the GPO for Windows Firewall in which we will allow incoming connections according to the following predefined rule “File and Printer Sharing”.

After setting up and distributing Group Policy, let's go to the administration console. Expand the “Administration Server” node and select “Install Kaspersky Anti-Virus”, click “Run Remote Installation Wizard”. In the installation package selection wizard window, select required package and click “Next”. Select clients in the “Unassigned computers” group and click “Next”.

In the next window, leave everything as default and click “Next”. After the window with choosing a key, the wizard prompts you to ask the user to reboot the system after installation of Kaspersky Endpoint Security is completed, leave it as default and click “Next”. At the “Remove incompatible programs” step, you can make adjustments, of course, if they are necessary. Next, the wizard suggests moving client computers to one of the groups; in our case, moving them to the “Workstations” group.

As we can see, the console “speaks” about the successful installation of Kaspersky Endpoint Security on client stations.

As we can see, after installation, the administration server transferred client machines according to the conditions in the remote installation task.

Kaspersky Endpoint Security on the client machine.

Let's create a policy for client stations in which we will enable "Password protection", this is necessary, for example, if the user wants to turn off the antivirus.

Let's try to disable protection on the client machine.

Rules for moving computers

On the administration server, you can set movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security will be installed on a newly discovered PC. This is useful in a scenario where an organization has installed a new PC.

For automation Kaspersky deployments Endpoint Security will set the movement rules for computers. To do this, select the “Unassigned computers” node and select the “Configure rules for moving computers to administration groups” item and create a new rule.

In the created rule, the newly detected PC will be added to the “Workstations” group from the specified range of IP addresses.

Next, we will create a task to automatically deploy anti-virus protection for machines on which it is not installed. To do this, select the “Workstations” group and go to the “Tasks” tab. Let’s create a task to install anti-virus protection with the “Immediate” schedule.

So, we see that the client computer has been added to the “Workstations” group.

Let's go to the "Tasks" tab and see that the installation task has started.

Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated remote installation on one of them, after which the anti-virus was removed for demonstration of this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection; a machine with anti-virus protection has not been touched. After installing anti-virus protection, the KES policy will be applied to this client computer.

Reports

Reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report “About versions of Kaspersky Lab programs”.

The report, in some detail, displays information about installed programs Kaspersky Lab. You can see how many agents, client solutions and servers are installed. Reports can be deleted and added. You can also view the status of anti-virus protection using the “Selection of computers”, which helps you conveniently sort computers with infected objects or with critical events.

In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was reviewed. The controls are indeed convenient and intuitive. But it is worth noting the enormous workload of client systems during the search for viruses and potential threats, given workload mainly caused by heuristic analysis, which requires quite a few resources. The product is very easy to administer and is suitable for both AD and working group. This product installed by many of our clients and shows only the best side.

That's it, people, peace to you!

Dear colleagues! Today I want to tell you about the Kaspersky Anti-Virus Administration System. The thing, I'll tell you, is very interesting.

Using it, you can take control of all computers in your organization in terms of allowing/prohibiting the opening of sites, allowing/prohibiting the launch of programs, including by certain categories (for example, you can prohibit the launch of all browsers except certain ones), allowing/denying connections any equipment - flash drives, hard drives and so on (for example, to prevent users from leaking information), also automate the update of keys for Kaspersky antivirus, minimize traffic consumption when updating antiviruses (after installing KSC and configuring antiviruses installed on workstations on it, they will be updated from this server, and not from the Internet). To install KSC version 10, according to the technical consultant of Kaspersky Lab in Privolzhsky federal district– Pavel Aleksandrova, Windows OS is suitable (not necessarily server) with at least 2-4 GB RAM. Recently, the Smart Solutions company conducted a Practical Master Class on laptops, where your humble servant was able to personally familiarize himself with this creation of Kaspersky Lab. Kaspersky Security Center 10, as Pavel said, is provided free of charge for those who own corporate license for KES (Kaspersky Endpoint Security) 10. Fortunately for us, fellow programmers/system administrators budgetary institutions Republic of Tatarstan, you don’t need to buy anything - all the necessary tools are available from the GIST network at kav.tatar.ru. And also, for your convenience, colleagues, I post video tutorials kindly provided by Igor Aleksandrovich, a company specialist NovaInTech -> Link to video tutorials on Youtube. If after watching the video you still have any questions, I will be happy to help you on Skype (lisischko).

P.S. You can make your Kaspersky Anti-Virus management server subordinate to the TsIT KSC, I won’t say what advantages this gives - I didn’t do this myself, but it is described on the website kav.tatar.ru

Note1: The list of executable files was not replenished on the server, even by the newly created “Inventory” task, until the checkbox was checked in the “ section Additional options” – “Reports and storage” – Inform the administration server “About running programs” in the Anti-Virus policy.

Note4: From time to time, on computers controlled by KSC, everything starts to freeze. The task manager showed that the system is being loaded by the “Kaspersky Security Center Vulnerability Assessment & Patch Management Component” process ( executable file vapm.exe). Analysis of the problem showed that when the system was slowing down, the task “Search for vulnerabilities and required updates” was being performed, transferring this task to manual start and stopping solved the problem. Also, there is an option to uncheck “run missed tasks” in the task schedule (without transferring the launch to manual mode), but I did not try this option, due to the decision that this function was unnecessary for us. UPD: not even half an hour had passed after stopping the task and switching its launch mode to manual, when some trigger started it again. There's no time to figure it out. I deleted the “Search for vulnerabilities and required updates” task; you can always add it later.

A large number of articles describe how to remotely install an application on several computers in domain network(AD). But many people face the problem of finding or creating suitable packages Windows installations Installer (MSI).

Really. In order to install, for example, FireFox for all users of a group, you must either assemble an MSI package yourself (), or download a suitable one from the appropriate website. The only thing is that in the first case - in fact - the task is not at all trivial, but in the second - we get a package configured in the way its creator wanted, and even in fact modified (doubtful, but a minus).

If your organization uses Kaspersky Lab products as anti-virus protection - and you use an administration server - you can install programs remotely even from *.exe packages, using keys to control installation parameters.

Silent installation options

So we need:

• Download the standard distribution of the program we need from the developer’s website (or where you usually get them from)
• Find on the Internet which silent installation keys the program you are using supports.
• Install the program on the user's PC using Kaspersky Security Center

If you will assign installation of programs manually, or all your users use the same set of programs, then you can skip this section, but if you have different software installed in different departments in your organization, you can assign these departments different groups, for which different tasks will be used.

User groups in KSC are divided - similar to the structure used in AD - into directories and sub-directories. Tasks and policies used in parent groups apply to all child groups.

This way, for example, all company users can install FireFox and Chrome, and only Photoshop designers.

So let's get started:

Creating a new installation package is simple: you indicate its name (how it will be displayed in KSC), select “IP for the program, specified by the user", indicate let to the program (exe, bat, cmd, msi) and specify the launch parameters (keys quiet installation).

The specified package can then be used for installation on remote computers.

2) Now we need to create a task to install the created package. If you have previously worked with KSC, or its previous analogue Adminkit. The process of creating a task itself will not be difficult for you.

You can either create a task by going to the folder of the corresponding group, and going to the “Tasks” tab - create new task. Or Go to the “Tasks for sets of computers” section and create a new task.
Set the name of the created task and select the task type “Remote program installation”.

We select the program that we want to install, which user groups will be assigned this task, and indicate the user who is allowed to install the software on all of the computers used (usually a domain administrator).

The only thing in terms of settings is that we are limited only to those parameters that the developer allows you to transfer when installing the program, and configure the proxy server in the browser via command line We are unlikely to succeed. But here standard AD group policies come to our aid. After all, usually alternative browsers-used system settings proxies, and we can assign them to the right users via AD. ;)

Purpose of the work.

This lab is devoted to installing an antivirus management server. Security protection Center.

Preliminary information.

Before you begin installation, you need to decide on the general scenario for deploying anti-virus protection. Two main scenarios offered by Security Center developers:

• - deployment of anti-virus protection within the organization;
• - deployment of anti-virus protection of the client organization’s network (used by organizations acting as service providers). The same scheme can be used within an organization that has several remote divisions, computer networks which are administered independently of the head office network.

In data laboratory work the first scenario will be implemented. If you plan to use the second one, you will additionally need to install and configure the Web-Console component. And here we need to talk about the architecture of the Security Center. It includes the following components:

• 1. Administration server, which performs the functions of centralized storage of information about the LC programs installed in the organization’s network and their management.
• 2. Network Agent carries out interaction between the Administration Server and LC programs installed on the computer. There are versions of the Agent for different operating systems- Windows, Novell and Unix.
• 3. Administration Console provides user interface to manage the Server. The administration console is designed as an extension component to Microsoft Management

Console (MMC). It allows you to connect to the Administration Server both locally and remotely, using local network or via the Internet.

4. Kaspersky Security Center Web-Console is designed to monitor the status of anti-virus protection of the client organization's network, which is managed by Kaspersky Security Center. The use of this component will not be studied in this laboratory workshop.

• 1. Installation and configuration of the Server and Administration Console.
• 2. Creation of administration groups and distribution of client computers among them.
• 3. Remote installation of Network Agent and LC anti-virus programs on client computers.
• 4. Updating signature databases of LC programs on client computers.
• 5. Configuring notifications about anti-virus protection events.
• 6. Launch the on-demand scan task and check the operation of event notifications on client computers.
• 7. Analysis of reports.
• 8. Setup automatic installation antivirus programs on new computers on the network.

This lab will cover the implementation of the first stage. In Fig. Figure 5.35 shows a diagram of a laboratory bench simulating a protected network (it was also described earlier in Table 5.4). The goal of this lab is to install the server and console security administration Center to the AVServ server.

Rice. 5.35.

Table 5.5

Differences in Kaspersky Security Center 9.0 distribution versions

The Security Center distribution package can be downloaded from the link http://www.kaspersky.ru/downloads-security-center. In this case, you can choose the version of the downloaded distribution - Lite or full. In table Table 5.5 lists the differences between the distribution versions for version 9.0, which was used to prepare descriptions of laboratory work. To complete the laboratory you will need full version, since along with the installation of the administration server, the MS SQL Server 2005 Express DBMS will be installed, which is used to store data on the state of anti-virus protection.

Description of work.

After completing the preparatory steps, launch the Security Center installation program on the AVServ server. After the welcome window, you will be asked for the path to save the files needed during the installation process, another welcome window and a window with license agreement, which you must accept to continue the installation process.

When choosing the installation type, select the “Custom” option, which will allow you to familiarize yourself in detail with the list of installed components and applied settings.

If you select the “Standard” option, then as a result of the wizard, Administration Server will be installed along with the server version of Network Agent, Administration Console, application management plugins available in the distribution package, and Microsoft SQL Server 2005 Express Edition (if it has not been installed previously).

The next step is to select the server components to install (Fig. 5.36). We need to install the Administration Server, and leave this checkbox unchecked.

We will not use Cisco NAC technology, which allows us to check the security of a mobile device or computer connecting to the network.

Also, as part of the laboratory workshop, it is not planned to deploy anti-virus protection on mobile devices(such as smartphones), so we are not installing these components now.

The selected network size affects the setting of the values ​​of a number of parameters that determine the operation of anti-virus protection (they are listed in Table 5.6). These settings can be changed, if necessary, after installing the server.

You will also need to specify the account under which the administration server will be launched, or agree to the creation new entry(Fig. 5.37).

In previous versions of Windows (for example, when installing on Windows Server 2003), this window may contain the option " Account systems." Anyway, this entry must have administrator rights, which is required both for creating the database and for subsequent operation of the server.

Table 5.6

Settings based on network size

Rice. 5.37.

The next step is to select the database server to use (Fig. 5.38). For storage Security data Center 9.0 can use Microsoft SQL Server (versions 2005, 2008, 2008 R2, including Express 2005, 2008 editions) or MySQL Enterprise. In Fig. 5.38, A the DBMS type selection window is shown. If selected MySQL server, you will need to specify the name and port number for the connection.

If you use an existing instance of MS SQL Server, you will need to specify its name and the name of the database (by default, it is called KAV). In our laboratory work we will use the recommended configuration, which involves installing MS SQL Server 2005 Express along with the installation of Security Center (Fig. 5.38, b).

Rice. 5.38.

After SQL selection Server, as the DBMS used, you must specify the authentication mode that will be used when working with it. Here we leave the default setting - Microsoft Windows authentication mode (Fig. 5.39).

For storage installation packages and update distribution, the administration server will use the folder provided in general access. You can specify existing folder or create a new one. The default share name is KL8NAKE.

Rice. 5.39.

You also have the option to specify the port numbers used to connect to the Security Center server. By default, TCP port 14000 is used, and for protocol-protected SSL connections- TCP port 13000. If after installation you cannot connect to the administration server, you should check whether these ports are blocked firewall Windows. In addition to those mentioned above, UDP port 13000 is used to transmit information about shutting down computers to the server.

Next, you will need to specify the method for identifying the administration server. This could be an IP address, DNS or NetBIOS names. In used for laboratory practical work virtual network A Windows domain is organized and there is a DNS server, so we will use domain names(Fig. 5.40).

Rice. 5.40.

The next window allows you to select installed plugins to manage antivirus programs OK. Looking ahead, we can say that it will unfold Kaspersky product Endpoint Security 8 for Windows, the plugin for which we will need (Fig. 5.41).

Rice. 5.41.

After this, the selected programs and components will be installed on the server. Once the installation is complete, the administration console will launch or, if you unchecked the last window installation wizard, launch it from the Start menu -> Programs -> Kaspersky Security Center.

Task 1.

In accordance with the description, install the administration server on virtual machine AVServ.

When you launch the console, the initial server setup is performed. In the first step, you can specify activation codes or files license keys For antivirus products OK. If you have a “corporate” key for several computers, with default settings the key will be automatically distributed by the server to client computers.

Rice. 5.42.

You can also agree or refuse to use Kaspersky Security Network(KSN), remote service to provide access to the Kaspersky Lab knowledge base about the reputation of files, Internet resources and software.

The next step is to configure settings for notifying the anti-virus protection administrator by email. Must be specified postal address, smtp-ssrvsr and, if necessary, parameters for authorization on the server (Fig. 5.42). If the laboratory does not have a suitable mail server, you can skip this step and make the settings later.

If you access the Internet through a proxy server, you will need to specify its parameters. After passing this stage it will be completed automatic creation standard policies, group tasks and administration tasks. They will be discussed in more detail in the following labs.

Rice. 5.43.

Next step - automatic start download updates. If the download has started successfully, you can, without waiting for the completion, click the “Next” button and after finishing the initial setup wizard, go to the main window of the Administration Console (Fig. 5.43). It should display that there is one managed computer on the network (along with the administration server, an administration agent was installed on the AVScrv computer), which does not have anti-virus protection. This is considered a critical event.

Task 2.

Execute initial setup server.

The administration console can be installed separately from the Console folder of the distribution disk by running Setup program. If you are using a distribution package downloaded from the Internet, then you need to open the folder specified at the beginning of the installation to save the distribution files. By default this is the C:KSC9 ussianConsole folder.

Rice. 5.44.

Task 3.

Install the Security Center administration console on the Stationl .labs.local virtual machine. Check connectivity to the AVServ.labs.local server. To do this, you must indicate its address or name in the console window (Fig. 5.44), and also agree to receive a server certificate (Fig. 5.45).

Rice. 5.45.

Rice. 5.46.

If the connection fails, check whether the ports used to connect to the Security Center server are blocked on the AVScrv server (see above). The setting can be checked through Control Panel: System and Security -> Windows Firewall -> Allow a program to run through Windows firewall. The corresponding resolution settings must be present, see fig. 5.46 (the names of the rules remain as in previous version product - Kaspersky Administration Kit).