Configuring integration of the Endpoint Agent component with the KEDR functional block

This section contains information on configuring the integration of the KEDR functional block with applications that are used in the role of the Endpoint Agent component.

Configuring a trusted connection with Kaspersky Endpoint Agent

Actions to configure a trusted connection are performed both on the Kaspersky Anti Targeted Attack Platform side through the web interface and the application administrator menu, and on the Kaspersky Endpoint Agent side through the KSC Administration Console.

You can use one of the following options to configure a trusted connection:

• Without validating the Kaspersky Endpoint Agent TLS certificate on the Kaspersky Anti Targeted Attack Platform side.
  • Configuring the connection with the Central Node server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
    2. Downloading the TLS certificate of the Central Node server to your computer.
    3. Uploading the TLS certificate of the Central Node server to Kaspersky Endpoint Agent using the Administration Console (MMC).
  • Configuring the connection with the Sensor server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
    2. Authorizing the Sensor component on the Central Node server.
    3. Generating or uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server.
    4. Downloading the TLS certificate of the Sensor server to your computer.
    5. Uploading the TLS certificate of the Sensor server to Kaspersky Endpoint Agent using the Administration Console (MMC).
• Validating the Kaspersky Endpoint Agent TLS certificate on the Kaspersky Anti Targeted Attack Platform side.
  • Configuring the connection with the Central Node server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
    2. Downloading the TLS certificate of the Central Node server to your computer.
    3. Uploading the TLS certificate of the Central Node server to Kaspersky Endpoint Agent using the Administration Console (MMC).
    4. Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform.
    5. Generating and downloading the crypto container with the TLS certificate of Kaspersky Endpoint Agent or uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform.

       If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.

    6. Uploading the crypto container with Kaspersky Endpoint Agent certificate to Kaspersky Endpoint Agent using the Administration Console (MMC).
  • Configuring the connection with the Sensor server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
    2. Authorizing the Sensor component on the Central Node server.
    3. Generating or uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server.
    4. Downloading the TLS certificate of the Sensor server to your computer.
    5. Uploading the TLS certificate of the Sensor server to Kaspersky Endpoint Agent using the Administration Console (MMC).
    6. Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform.
    7. Generating and downloading the crypto container with the TLS certificate of Kaspersky Endpoint Agent or uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform.

       If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.

    8. Uploading the crypto container with Kaspersky Endpoint Agent certificate to Kaspersky Endpoint Agent using the KSC Administration Console.

Configuring the validation of the Kaspersky Endpoint Agent TLS certificate by the Central Node server and uploading a crypto container to Kaspersky Endpoint Agent

To configure the validation of Kaspersky Endpoint Agent TLS certificate by the Central Node server and upload the crypto container with the Kaspersky Endpoint Agent certificate to Kaspersky Endpoint Agent:

1. Open the KSC Console.
2. In the console tree, open the Policies folder.
3. In the Kaspersky Endpoint Agent policy section, select the required policy and double-click it to open its properties.

   The properties of the selected policy are displayed.

4. In the KATA integration section, select the KATA Central Node subsection.

5. Click Configure additional security.
6. In the window that opens, select the Secure the connection with client certificate check box.
7. Click Upload.

   This opens the file selection window on your local computer.

8. Select the cryptographic container file of the Kaspersky Endpoint Agent certificate that was generated on the Kaspersky Anti Targeted Attack Platform server and downloaded to the hard drive of your computer.
9. Click OK.

   The window closes.

10. Make sure the toggle switch in the upper right corner of the group of settings is in the Under policy position.
11. Click OK.

The crypto container with the Kaspersky Endpoint Agent certificate is uploaded to Kaspersky Endpoint Agent. Kaspersky Anti Targeted Attack Platform now validates the TLS certificate of Kaspersky Endpoint Agent when it tries to connect.

Uploading a TLS certificate of the Central Node server or Sensor to Kaspersky Endpoint Agent

To upload a TLS certificate of the Central Node server or Sensor to Kaspersky Endpoint Agent

1. Open the KSC Console.
2. In the console tree, open the Policies folder.
3. In the Kaspersky Endpoint Agent policy section, select the required policy and double-click it to open its properties.

   The properties of the selected policy are displayed.

4. In the KATA integration section, select the KATA integration settings subsection.

5. Select the Enable KATA integration check box.
6. In the Address field, enter the address of the Central Node server of the Kaspersky Anti Targeted Attack Platform program that you want to configure integration with, and select a port to use for the connection. Port 443 is used by default.
7. Select the Use pinned certificate to secure connection check box.
8. Click Add a TLS certificate....

   This opens the Adding TLS certificate window.

9. To add a TLS certificate previously created on the Kaspersky Anti Targeted Attack Platform side and downloaded, do one of the following:
   • Add a certificate file. To do so, click Browse...; in the window that is displayed, select a certificate file and click Open.
   • Paste the content of the certificate file to the Paste TLS certificate data: field.

   Kaspersky Endpoint Agent can store only one TLS certificate for the Kaspersky Anti Targeted Attack Platform server. If you have added a TLS certificate before and are adding a TLS certificate again, only the last added certificate is used.

   If you have configured traffic redirection to the server with the Sensor component, you must download the TLS certificate of the Sensor server and then upload it here.

10. Click Add.

    Information about the added TLS certificate is displayed in the section for integration with Kaspersky Anti Targeted Attack Platform.

11. Make sure the toggle switch in the upper right corner of the group of settings is in the Under policy position.
12. Click OK.

The TLS certificate of the Central Node server is downloaded to Endpoint Agent.

Configuring the integration and trusted connection with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side

To configure integration with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side:

1. Open the KSC Console.
2. In the console tree, open the Policies folder.
3. In the Kaspersky Endpoint Agent policy section, select the required policy and double-click it to open its properties.

   The properties of the selected policy are displayed.

4. In the KATA integration section, select the KATA integration settings subsection.

5. Select the Enable KATA integration check box.
6. In the Address field, enter the address of the Central Node server of the Kaspersky Anti Targeted Attack Platform program that you want to configure integration with, and select a port to use for the connection. Port 443 is used by default.
7. Select the Use pinned certificate to secure connection check box.
8. Click Add a TLS certificate....

   This opens the Adding TLS certificate window.

9. To add a TLS certificate previously created on the Kaspersky Anti Targeted Attack Platform side and downloaded, do one of the following:
   • Add a certificate file. To do so, click Browse...; in the window that is displayed, select a certificate file and click Open.
   • Paste the content of the certificate file to the Paste TLS certificate data: field.

   Kaspersky Endpoint Agent can store only one TLS certificate for the Kaspersky Anti Targeted Attack Platform server. If you have added a TLS certificate before and are adding a TLS certificate again, only the last added certificate is used.

   If you have configured traffic redirection to the server with the Sensor component, you must download the TLS certificate of the Sensor server and then upload it here.

10. Click Add.

    Information about the added TLS certificate is displayed in the section for integration with Kaspersky Anti Targeted Attack Platform.

11. Click Add client certificate....
12. In the window that is displayed, select the Secure with client certificate check box.
13. Click Download.

    This opens the file selection window on your local computer.

14. Select the cryptographic container file of the Kaspersky Endpoint Agent certificate that was generated on the Kaspersky Anti Targeted Attack Platform server and downloaded to the hard drive of your computer.
15. Click OK.

    The window closes.

16. In the Timeout period (sec.): field, enter the maximum response timeout of the Kaspersky Anti Targeted Attack Platform Central Node server in seconds.
17. In the Send sync request to KATA server every (min.) field, enter the period in minutes.
18. If you do not want Kaspersky Endpoint Agent to send information about repeated running of processes to the Kaspersky Anti Targeted Attack Platform server, select the Apply TTL period for events transmission check box. If the process is started after the next TTL period expires, Kaspersky Endpoint Agent does not consider this a repeated start of the process.
19. If you have set the "Apply TTL period for events transmission" check box, specify the time in the TTL period (min.) field.
20. Make sure the toggle switch in the upper right corner of the group of settings is in the Under policy position.
21. Click OK.

The integration with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side is configured.

Configuring a trusted connection with Kaspersky Endpoint Security

To configure a trusted connection, you must perform actions both on the Kaspersky Anti Targeted Attack Platform side and on the Kaspersky Endpoint Security side.

You can use one of the following options to configure a trusted connection:

• Configuring the connection with the Central Node server without validating the TLS certificate of Kaspersky Endpoint Security in Kaspersky Anti Targeted Attack Platform.

  Kaspersky Endpoint Security establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Security when Kaspersky Endpoint Security tries to connect.

  If you are using this alternative configuration for the trusted connection, the procedure is as follows:

  1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
  2. Downloading the TLS certificate of the Central Node server.
  3. Connecting a computer with Kaspersky Endpoint Security to the Central Node server:
     • Connecting Kaspersky Endpoint Security for Windows.
     • Connecting Kaspersky Endpoint Security for Linux.
     • Connecting Kaspersky Endpoint Security for Mac.
• Configuring the connection with the Central Node server with validation of the TLS certificate of Kaspersky Endpoint Security on the Kaspersky Anti Targeted Attack Platform side.

  Kaspersky Endpoint Security establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Additional security of the connection is configured in Kaspersky Endpoint Security and the TLS certificate of Kaspersky Endpoint Security is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Security when Kaspersky Endpoint Security tries to connect.

  If you are using this alternative configuration for the trusted connection, the procedure is as follows:

  1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
  2. Downloading the TLS certificate of the Central Node server.
  3. Enabling the validation of the Kaspersky Endpoint Security TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform
  4. Generating and downloading the crypto container with the TLS certificate of Kaspersky Endpoint Security or uploading an independently prepared TLS certificate of Kaspersky Endpoint Security using the web interface of Kaspersky Anti Targeted Attack Platform.

     If you want to prepare the TLS certificate of Kaspersky Endpoint Security on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.

  5. Connecting a computer with Kaspersky Endpoint Security to the Central Node server:
     • Connecting Kaspersky Endpoint Security for Windows.
     • Connecting Kaspersky Endpoint Security for Linux.
     • Connecting Kaspersky Endpoint Security for Mac.

Downloading the TLS certificate of the Central Node server

To download the TLS certificate of the server:

1. In the window of the application web interface, select the Settings section, Certificates subsection.
2. In the Server certificate section, click Download.

The server certificate file will be saved in the downloads folder of the browser.

Generating a TLS certificate for the Central Node server in the web interface of Kaspersky Anti Targeted Attack Platform

If you are already using a Central Node server TLS certificate, generating a new certificate causes the currently used certificate to be removed and replaced with the newly generated certificate.

You must enter the data of the new certificate everywhere the old certificate was used.

If you replace the TLS certificate, you will need to:

• Reauthorize mail sensors (KSMG, KLMS) on Central Node
• Reconfigure the connection of Central Node, PCN, and SCN to Sandbox
• Reconfigure traffic forwarding from Endpoint Agent to Sensor and trusted connection with Endpoint Agent.
• Upload a new certificate to Active Directory (if you are using Active Directory).

Make sure to delete all Endpoint Agent host isolation rules. Connection with isolated hosts will be lost and you will not be able to manage them.

To generate a TLS certificate for a Central Node server:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the window of the application web interface, select the Settings section, Certificates subsection.
3. In the Server certificate section, click Generate.

   This opens the action confirmation window.

4. Click Yes.

Kaspersky Anti Targeted Attack Platform generates a new TLS certificate. The page is automatically refreshed.

Uploading an independently prepared TLS certificate for the Central Node server using the web interface of Kaspersky Anti Targeted Attack Platform.

You can choose to prepare the TLS certificate on your own and upload it using the Kaspersky Anti Targeted Attack Platform web interface.

The TLS certificate file prepared for upload must satisfy the following requirements:

• The file must contain the certificate itself and a private encryption key for the connection.
• The file must be in PEM format.

  The application does not support other formats of certificates.

  If you have prepared a certificate in a different format, you must convert it to the PEM format.

• The private key length must be 2048 bits or longer.

For more details on preparing TLS certificates for import, please refer to the documentation on Open SSL.

If you are already using a Central Node server TLS certificate, uploading a new certificate causes the currently used certificate to be removed and replaced with the uploaded certificate.

You must enter the data of the new certificate everywhere the old certificate was used.

If you replace the TLS certificate, you will need to:

• Reauthorize mail sensors (KSMG, KLMS) on Central Node
• Reconfigure the connection of Central Node, PCN, and SCN to Sandbox
• Reconfigure traffic forwarding from Endpoint Agent to Sensor and trusted connection with Endpoint Agent

Delete all Endpoint Agent host isolation rules. The connection with isolated hosts is severed and you cannot manage them.

To upload an independently prepared TLS certificate using the Kaspersky Anti Targeted Attack Platform web interface:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the window of the application web interface, select the Settings section, Certificates subsection.
3. In the Server certificate section, click Upload.

   This opens the file selection window.

4. Select a TLS certificate file to download and click the Open button.

   This closes the file selection window.

   The TLS certificate is added to the Kaspersky Anti Targeted Attack Platform.

   Reconfigure traffic forwarding from Endpoint Agent to Sensor and trusted connection with Endpoint Agent

Make sure to delete all Endpoint Agent host isolation rules. Connection with isolated hosts will be lost and you will not be able to manage them

Enabling the validation of the TLS certificate of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform

To turn on trusted connection with the application that is used in the role of the Endpoint Agent component:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Certificates subsection.
3. In the Endpoint Agent certificates section, turn on the Validate Endpoint Agent TLS certificates switch.

Kaspersky Anti Targeted Attack Platform will check TLS certificate data when the application that is used in the role of the Endpoint Agent component attempts to connect to Kaspersky Anti Targeted Attack Platform.

Generating a TLS certificate of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform and downloading a crypto container

To generate a TLS certificate for the connection of Kaspersky Anti Targeted Attack Platform with the application that is being used in the Endpoint Agent component role:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Certificates subsection.
3. In the Endpoint Agent certificates section, click Generate and export.

The new TLS certificate is displayed in the TLS certificate table. The crypto container file with the Kaspersky Endpoint Agent certificate in the PFX format is downloaded to the browser downloads folder on your local computer.

You can use the crypto container to configure the validation of Kaspersky Endpoint Agent TLS certificate by the Central Node server when attempting to connect to Kaspersky Anti Targeted Attack Platform.

By default, the crypto container is not password-protected. You can protect the crypto container with a password. For details on managing TLS certificates, see the OpenSSL documentation.

The crypto container contains only the certificate file, but not the private key file. Kaspersky Anti Targeted Attack Platform does not store private keys for the TLS encryption of the connection.

Uploading an independently prepared TLS certificate of the Endpoint Agent component using the web interface of Kaspersky Anti Targeted Attack Platform

You can choose to prepare the TLS certificate on your own and upload it using the Kaspersky Anti Targeted Attack Platform web interface.

The TLS certificate file prepared for upload must satisfy the following requirements:

• The file must contain the certificate itself and a private encryption key for the connection.
• The file must be in PEM format.
• The private key length must be 2048 bits or longer.

For more details on preparing TLS certificates for import, please refer to the OpenSSL documentation.

If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate and upload the crypto container to Kaspersky Endpoint Agent.

You can use the crypto container to configure the validation of Kaspersky Endpoint Agent TLS certificate by the Central Node server when attempting to connect to Kaspersky Anti Targeted Attack Platform.

For details on managing TLS certificates, see the OpenSSL documentation.

The crypto container must contain only the certificate file, but not the private key file. Kaspersky Anti Targeted Attack Platform does not store private keys for the TLS encryption of the connection.

To upload an independently prepared TLS certificate using the Kaspersky Anti Targeted Attack Platform web interface:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Certificates subsection.
3. In the Endpoint Agent certificates section, click Upload.

   This opens the file selection window.

4. Select a TLS certificate file to download and click the Open button.

   This closes the file selection window.

The TLS certificate is added to the Kaspersky Anti Targeted Attack Platform.

Viewing the table of TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform

To view the list of TLS certificates for connection with applications that are used in the role of the Endpoint Agent component using the Kaspersky Anti Targeted Attack Platform web interface:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Certificates subsection.
3. The Endpoint Agent certificates section displays a list of TLS certificate with the following details for each certificate:
   • TLS certificate – Fingerprint of the certificate.
   • Serial number —Serial number of the certificate.
   • Expires —Expiration date of the certificate.

Filtering and searching TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform

You can filter TLS certificate displayed in the table by one or both columns (TLS certificate and Serial number) or enter search criteria to search TLS certificates by these columns.

To filter and search TLS certificates in the table:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Certificates subsection.
3. The Endpoint Agent certificates section displays a list of TLS certificate with the following details for each certificate:
   • TLS certificate – Fingerprint of the certificate.
   • Serial number —Serial number of the certificate.
   • Expires —Expiration date of the certificate.
4. If you want to filter or search TLS certificates by certificate fingerprint:
   1. Click the TLS certificate link to open the filter configuration window.
   2. In the TLS certificate text box, enter a few characters of the certificate fingerprint.
   3. Click Apply.
5. If you want to filter or search TLS certificates by serial number:
   1. Click the Serial number link to open the filter configuration window.
   2. In the Serial number text box, enter a few characters of the serial number.
   3. Click Apply.

The table displays only those TLS certificates that match the filter criteria you have set.

To clear the filter for one or more filtering criteria:

Click to the right of the header of the table column for which you want to clear the filter conditions.

If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.

The selected filters are cleared.

Deleting TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform

To delete one or more TLS certificates for connection with applications that are used in the role of the Endpoint Agent component using the Kaspersky Anti Targeted Attack Platform web interface:

1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
2. In the Kaspersky Anti Targeted Attack Platform web interface window, select the Settings section, Endpoint Agent certificates subsection.

   The Endpoint Agent certificates section displays a list of TLS certificates.

3. Select check boxes next to one or more TLS certificates that you want to delete.
4. Click Delete.

   This opens the action confirmation window.

5. Click Yes.

The selected TLS certificates are deleted.

Configuring traffic redirection from the Endpoint Agent component to the Sensor server

You can use the Sensor server as a proxy server for communication between the Endpoint Agent component and the Central Node to reduce the load on the Central Node.

When configuring the traffic redirection, keep in mind the following limitations:

• The maximum incoming traffic volume for the Sensor may not exceed 1 Gbps.
• The recommended channel bandwidth between Central Node and Sensor servers must be 15% of the SPAN port traffic.
• The maximum allowed packet loss between Sensor servers and the Central Node is 10% with a packet delay of up to 100 ms.

You can only use the Sensor as a proxy server if the Sensor and Central Node are located on different servers.

If you are using Sensor as a proxy server, make sure to enter the IP address of the Sensor instead of the IP address of the Central Node when configuring the integration of Kaspersky Anti Targeted Attack Platform with the application that acts as the Endpoint Agent component on that application's side.

To use the Sensor as a proxy server, connect the Sensor to the Central Node.