Quick Start Wizard (Kaspersky Security Center 13.1 Web Console)

This section provides information about the Administration Server Quick Start Wizard.

The Wizard requires internet access. If your Administration Server does not have internet access, we recommend that you perform all the steps of the Wizard manually through the Kaspersky Security Center 13.1 Web Console interface.

Kaspersky Security Center allows you to adjust a minimum selection of settings required to build a centralized management system for protecting your network against security threats. This configuration is performed through the Quick Start Wizard. When the Wizard is running, you can make the following changes to the application:

• Add key files or enter activation codes that can be automatically distributed to devices within administration groups.
• Configure interaction with
  Kaspersky Security Network (KSN)

  An infrastructure of cloud services that provides access to the Kaspersky database with constantly updated information about the reputation of files, web resources, and software. Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.

  . If you have allowed the use of KSN, the Wizard enables the KSN proxy server service, which ensures connection between KSN and devices.
• Set up email delivery of notifications of events that occur during operation of Administration Server and managed applications (successful notification delivery requires that the Messenger service run on the Administration Server and all recipient devices).
• Create a protection policy for workstations and servers, as well as virus scan tasks, update download tasks, and data backup tasks, for the top level of the hierarchy of managed devices.

  The Quick Start Wizard creates policies only for those applications whose Managed devices folder does not contain policies. The Quick Start Wizard does not create tasks if tasks with the same names have already been created for the top level in the hierarchy of managed devices.

The application automatically prompts you to run the Quick Start Wizard after Administration Server installation, at the first connection to it. You can also start the Quick Start Wizard manually at any time.

To start the Quick Start Wizard manually:

1. In the main menu, click the settings icon () next to the name of the Administration Server.

   The Administration Server properties window opens.

2. On the General tab, select the General section.
3. Click Start Quick Start Wizard.

The Wizard prompts you to perform initial configuration of the Administration Server. Follow the instructions of the Wizard. Proceed through the Wizard by using the Next button.

Getting acquainted with Quick Start Wizard

Read information about the actions that Quick Start Wizard performs.

Step 1. Specifying the internet connection settings

Expand all | Collapse all

Specify the internet access settings for Administration Server. You must configure internet access to use Kaspersky Security Network and to download updates of anti-virus databases for Kaspersky Security Center and managed Kaspersky applications.

Enable the Use proxy server option if you want to use a proxy server when connecting to the internet. If this option is enabled, the fields are available for entering settings. Specify the following settings for a proxy server connection:

• Address

  Address of the proxy server used for Kaspersky Security Center connection to the internet.

• Port number

  Number of the port through which Kaspersky Security Center proxy connection will be established.

• Bypass proxy server for local addresses

  No proxy server will be used to connect to devices in the local network.

• Proxy server authentication

  If this check box is selected, in the entry fields you can specify the credentials for proxy server authentication.

  This entry field is available if the Use proxy server check box is selected.

• User name

  User account under which connection to the proxy server is established (this field is available if the Proxy server authentication check box is selected).

• Password

  Password set by the user under whose account the proxy server connection is established (this field is available if the Proxy server authentication check box is selected).

  To see the entered password, click and hold the Show button for as long as you require.

You can configure internet access later, separately from the quick start wizard.

Step 2. Downloading required updates

The required updates are downloaded from the Kaspersky servers automatically.

Step 3. Selecting the assets to secure

Expand all | Collapse all

Select the protection areas and operating systems that are in use on your network. When you select these options, you specify the filters for application management plug-ins and distribution packages on Kaspersky servers that you can download to install on client devices on your network. Select the options:

• Areas

  You can select the following protection areas:

  • Workstations. Select this option if you want to protect workstations in your network. By default, the Workstation option is selected.
  • File Servers and Storage. Select this option if you want to protect file servers in your network.
  • Virtualization. Select this option if you want to protect virtual machines in your network.
  • Embedded Systems. Select this option if you want to protect Windows-based embedded systems, such as Automated Teller Machine (ATM).

• Operating systems

  You can select the following platforms:

  • Microsoft Windows
  • macOS
  • Android
  • Linux
  • Other

  For information about supported operating systems, refer to Hardware and software requirements for Kaspersky Security Center 13.1 Web Console.

You can select the Kaspersky application packages from the list of available packages later, separately from the quick start wizard. To simplify the search for the required packages, you can filter the list of available packages by various criteria.

Step 4. Selecting encryption in solutions

The Encryption in solutions window is displayed only if you have selected Workstations as a protection scope.

Kaspersky Endpoint Security for Windows includes encryption tools for information stored on Windows-based client devices. These encryption tools have the Advanced Encryption Standard (AES) implemented with a 256-bit or 56-bit key length.

Download and usage of the distribution package with a 256-bit key length must be performed in compliance with applicable laws and regulations. To download a distribution package of Kaspersky Endpoint Security for Windows that is valid for the needs of your organization, consult the legislation of the country where the client devices of your organization are located.

In the Encryption in solutions window, select one of the following encryption types:

• Lite encryption. This encryption type uses a 56-bit key length.
• Strong encryption. This encryption type uses a 256-bit key length.

You can select the distribution package for Kaspersky Endpoint Security for Windows with the required encryption type later, separately from the quick start wizard.

Step 5. Configuring installation of plug-ins for managed applications

Expand all | Collapse all

Select plug-ins for managed applications to install. A list of plug-ins located on Kaspersky servers is displayed. The list is filtered according to the options selected on the previous step of the Wizard. By default, a full list includes plug-ins of all languages. To display only plug-in of specific language, use filter. The list of plug-ins includes the following columns:

• Name

  The plug-ins depending of the protection areas and platforms that you have selected on the previous step are selected.

• Version

  The list includes plug-ins of all the versions placed on Kaspersky servers. By default, the plug-ins of the latest versions are selected.

• Language

  By default, the localization language of a plug-in is defined by the Kaspersky Security Center language that you have selected at installation. You can specify other languages in Show the Administration Console localization language or drop-down list.

After the plug-ins are selected, click Next to start installation.

The Quick Start Wizard automatically installs the selected plug-ins. To install some plug-ins, you must accept the terms of the EULA. Read the text of EULA displayed, select the I agree to use Kaspersky Security Network check box and click the Install button. If you do not accept the terms of the EULA, the plug-in is not installed.

When all the selected plug-ins are installed, the Quick Start Wizard automatically takes you to the next step.

Step 6. Downloading distribution packages and creating installation packages

Select the distribution packages to download.

Distributives of managed applications may require a specific minimum version of Kaspersky Security Center to be installed.

After you have selected an encryption type for Kaspersky Endpoint Security for Windows, a list of distribution packages of both encryption types is displayed. A distribution package with the selected encryption type is selected in the list. You can select distribution packages of any encryption type. The distribution package language corresponds to the Kaspersky Security Center language. If a distribution package of Kaspersky Endpoint Security for Windows for the Kaspersky Security Center language does not exist, the English distribution package is selected.

To finish downloading of some distribution packages you must accept EULA. When you click the Accept button, the text of EULA is displayed. To proceed to the next step of the Wizard, you must accept the terms and conditions of the EULA and the terms and conditions of Kaspersky Privacy Policy. If you do not accept the terms and conditions, the downloading of the package is canceled.

After you have accepted the terms and conditions of the EULA and the terms and conditions of Kaspersky Privacy Policy, the downloading of the distribution packages continues. Later, you can use installation packages to deploy Kaspersky applications on client devices.

Page top

Step 7. Configuring Kaspersky Security Network

Expand all | Collapse all

Specify the settings for relaying information about Kaspersky Security Center operations to the Kaspersky Security Network knowledge base. Select one of the following options:

• I agree to use Kaspersky Security Network

  Kaspersky Security Center and managed applications installed on client devices will automatically transfer their operation details to Kaspersky Security Network. Participation in Kaspersky Security Network ensures faster updates of databases containing information about viruses and other threats, which ensures a faster response to emergent security threats.

• I do not agree to use Kaspersky Security Network

  Kaspersky Security Center and managed applications will provide no information to Kaspersky Security Network.

  If you select this option, the use of Kaspersky Security Network will be disabled.

You can set up access to Kaspersky Security Network (KSN) later, separately from the quick start wizard.

Step 8. Selecting the application activation method

Expand all | Collapse all

Select one of the following Kaspersky Security Center activation options:

• By entering your activation code

  Activation code is a unique sequence of 20 alphanumeric characters. You enter an activation code to add a key that activates Kaspersky Security Center. You receive the activation code through the email address that you specified after purchasing Kaspersky Security Center.

  To activate the application with an activation code, you need Internet access to establish connection with Kaspersky activation servers.

  If you have selected this activation option, you can enable the Automatically distribute license key to managed devices option.

  If this option is enabled, the license key will be deployed automatically to managed devices.

  If this option is disabled, you can deploy license key to managed devices later, in the Kaspersky Licenses node of the Administration Console tree.

• By specifying a key file

  Key file is a file with the .key extension provided to you by Kaspersky. A key file is intended for adding a key that activates the application.

  You receive your key file through the email address that you specified after purchasing Kaspersky Security Center.

  To activate the application using a key file, you do not have to connect to Kaspersky activation servers.

  If you have selected this activation option, you can enable the Automatically distribute license key to managed devices option.

  If this option is enabled, the license key will be deployed automatically to managed devices.

  If this option is disabled, you can deploy license key to managed devices later, in the Kaspersky Licenses node of the Administration Console tree.

• By postponing the application activation

  The application will operate with basic functionality, without Mobile Device Management and without Vulnerability and Patch Management.

If you chose to postpone application activation, you can add a license key later at any time by selecting OPERATIONS → LICENSING.

When working with Kaspersky Security Center deployed from a paid AMI or for a Usage-based monthly billed SKU, you cannot specify a key file or enter a code.

Step 9. Specifying the third-party update management settings

Expand all | Collapse all

This step is not displayed if you do not have the Vulnerability and Patch Management license and the Find vulnerabilities and required updates task already exists.

For third-party software updates, select one of the following options:

• Search for required updates

  The Find vulnerabilities and required updates task is created.

  This option is selected by default.

• Find and install required updates

  The Find vulnerabilities and required updates and Install required updates and fix vulnerabilities tasks are created automatically, if you do not have ones.

  This option is only available under the Vulnerability and Patch Management license.

For Windows Update updates, select one of the following options:

• Use the update sources defined in the domain policy

  Client devices will download Windows Update updates according to your domain policy settings. Network Agent policy is created automatically, if you do not have one.

• Use Administration Server as a WSUS server

  Client devices will download Windows Update updates from the Administration Server. The Perform Windows Update synchronization task and Network Agent policy are created automatically, if you do not have ones.

  This option is only available under the Vulnerability and Patch Management license.

Step 10. Creating a basic network protection configuration

You can check a list of policies and tasks that are created.

Wait for the creation of policies and tasks to complete before proceeding to the next step of the Wizard.

Step 11. Configuring email notifications

Expand all | Collapse all

Configure the delivery of notifications about events registered during the operation of Kaspersky applications on client devices. These settings will be used as the default settings for application policies.

To configure the delivery of notifications about events occurring in Kaspersky applications, use the following settings:

• Recipients (email addresses)

  The email addresses of users to whom the application will send notifications. You can enter one or more addresses; if you enter more than one address, separate them with a semicolon.

• SMTP server address

  The address or addresses of your organization's mail servers.

  If you enter more than one address, separate them with a semicolon. You can use the IP address or the Windows network name (NetBIOS name) of a device as the address.

• SMTP server port

  Communication port number of the SMTP server. If you use several SMTP servers, the connection to them is established through the specified communication port. The default port number is 25.

• Use ESMTP authentication

  Enables support of ESMTP authentication. When the check box is selected, in the User name and Password fields you can specify the ESMTP authentication settings. By default, this check box is cleared.

• Use TLS

  You can specify TLS settings of connection with an SMTP server:

  • Do not use TLS

    You can select this option if you want to disable encryption of email messages.

  • Use TLS if supported by server

    You can select this option if you want to use a TLS connection to an SMTP server. If the SMTP server does not support TLS, Administration Server connects the SMTP server without using TLS.

  • Always use TLS, check server certificate validity

    You can select this option if you want to use TLS authentication settings. If the SMTP server does not support TLS, Administration Server cannot connect the SMTP server.

    We recommend that you use this option for better protection of the connection with an SMTP server. If you select this option, you can set authentication settings for a TLS connection.

    If you select Always use TLS, check server certificate validity value, you can specify a certificate for authentication of the SMTP server and choose whether you want to enable communication through any version of TLS or only through TLS 1.2 or later versions. Also, you can specify a certificate for client authentication on the SMTP server.

  You can specify certificates for a TLS connection by clicking the Specify certificate link:

  • Browse for an SMTP server certificate file:

    You can receive a file with the list of certificates from a trusted certification authority and upload the file to Administration Server. Kaspersky Security Center checks whether the certificate of an SMTP server is also signed by a trusted certification authority. Kaspersky Security Center cannot connect to an SMTP server if the certificate of the SMTP server is not received from a trusted certification authority.

  • Browse for a client certificate file:

    You can use a certificate that you received from any source, for example, from any trusted certification authority. You must specify the certificate and its private key by using one of the following certificate types:

    • X-509 certificate:

      You must specify a file with the certificate and a file with the private key. Both files do not depend on each other and the order of loading of the files is not significant. When both files are loaded, you must specify the password for decoding the private key. The password can have an empty value if the private key is not encoded.

    • pkcs12 container:

      You must upload a single file that contains the certificate and its private key. When the file is loaded, you must then specify the password for decoding the private key. The password can have an empty value if the private key is not encoded.

You can test the new email notification settings by clicking the Send test message button.

You can configure event notifications later, separately from the quick start wizard.

Step 12. Performing a network poll

The Administration Server performs an initial poll. During the poll, a progress bar is displayed. When the poll is complete, the View detected devices link becomes available. You can click this link to view network devices detected by Administration Server. To return to the Quick Start Wizard, press the Escape key.

Step 13. Closing the Quick Start Wizard

On the Quick Start Wizard completion page, select the Run Protection Deployment Wizard check box if you want to start automatic installation of anti-virus applications or Network Agent on devices on your network.

To close the Wizard, click the Finish button.