Settings of tasks
This section lists all settings of tasks in Kaspersky Security Center.
Page top
[Topic 173043]
General task settings
Expand all | Collapse all
This section contains the settings that you can view and configure for most of your tasks. The list of settings available depends on the task you are configuring.
Settings specified during task creation
You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.
- Operating system restart settings:
- Do not restart the device
Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
- Restart the device
Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
- Prompt user for action
The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
By default, this option is selected.
- Repeat prompt every (min)
If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
If this option is disabled, the prompt is displayed only once.
- Restart after (min)
After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Force closure of applications in blocked sessions
Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
By default, this option is disabled.
- Task scheduling settings:
- Scheduled start setting:
- Every N hours
The task runs regularly, with the specified interval in hours, starting from the specified date and time.
By default, the task runs every six hours, starting from the current system date and time.
- Every N days
The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.
By default, the task runs every day, starting from the current system date and time.
- Every N weeks
The task runs regularly, with the specified interval in weeks, on the specified day of week and at the specified time.
By default, the task runs every Monday at the current system time.
- Every N minutes
The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.
By default, the task runs every 30 minutes, starting from the current system time.
- Daily (daylight saving time is not supported)
The task runs regularly, with the specified interval in days. This schedule does not support observance of daylight saving time (DST). It means that when clocks jump one hour forward or backward at the beginning or ending of DST, the actual task start time does not change.
We do not recommend that you use this schedule. It is needed for backward compatibility of Kaspersky Security Center.
By default, the task starts every day at the current system time.
- Weekly
The task runs every week on the specified day and at the specified time.
- By days of week
The task runs regularly, on the specified days of week, at the specified time.
By default, the task runs every Friday at 6:00:00 PM.
- Monthly
The task runs regularly, on the specified day of the month, at the specified time.
In months that lack the specified day, the task runs on the last day.
By default, the task runs on the first day of each month, at the current system time.
- Manually
The task does not run automatically. You can only start it manually.
By default, this option is enabled.
- Every month on specified days of selected weeks
The task runs regularly, on the specified days of each month, at the specified time.
By default, no days of month are selected; the default start time is 6:00:00 PM.
- When new updates are downloaded to the repository
The task runs after updates are downloaded to the repository. For example, you may want to use this schedule for the find vulnerabilities and required updates task.
- On virus outbreak
The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:
- Anti-virus for workstations and file servers
- Anti-virus for perimeter defense
- Anti-virus for mail systems
By default, all application types are selected.
You may want to run different tasks depending on the anti-virus application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.
- On completing another task
The current task starts after another task completes. You can select how the previous task must complete (successfully or with error) to trigger the start of the current task. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task.
- Run missed tasks
This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.
If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.
If this option is disabled, only scheduled tasks run on client devices; for Manually, Once and Immediately, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.
By default, this option is enabled.
- Use automatically randomized delay for task starts
If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.
If this option is disabled, the task starts on client devices according to the schedule.
- Use randomized delay for task starts within an interval of (min)
If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.
If this option is disabled, the task starts on client devices according to the schedule.
By default, this option is disabled. The default time interval is one minute.
- Devices to which the task will be assigned:
- Select networked devices detected by Administration Server
The task is assigned to specific devices. The specific devices can include devices in administration groups as well as unassigned devices.
For example, you may want to use this option in a task of installing Network Agent on unassigned devices.
- Specify device addresses manually or import addresses from a list
You can specify NetBIOS names, DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
- Assign task to a device selection
The task is assigned to devices included in a device selection. You can specify one of the existing selections.
For example, you may want to use this option to run a task on devices with a specific operating system version.
- Assign task to an administration group
The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
- Account settings:
- Default account
The task will be run under the same account as the application that performs this task.
By default, this option is selected.
- Specify account
Fill in the Account and Password fields to specify the details of an account under which the task is run. The account must have sufficient rights for this task.
- Account
Account under which the task is run.
- Password
Password of the account under which the task will be run.
Settings specified after task creation
You can specify the following settings only after a task is created.
Page top
[Topic 173072]
Download updates to the Administration Server repository task settings
Expand all | Collapse all
Settings specified during task creation
You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.
- Sources of updates
The following resources can be used as a source of updates for the Administration Server:
- Kaspersky update servers
HTTP(S) servers at Kaspersky from which Kaspersky applications download database and application module updates. By default, the Administration Server communicates with Kaspersky update servers and downloads updates by using the HTTPS protocol. You can configure the Administration Server to use the HTTP protocol instead of HTTPS.
Selected by default.
- Primary Administration Server
This resource applies to tasks created for a secondary or virtual Administration Server.
- Local or network folder
A local or network folder that contains the latest updates. A network folder can be an FTP or HTTP server, or an SMB share. When selecting a local folder, you must specify a folder on the device that has Administration Server installed.
An FTP or HTTP server or a network folder used by an update source must contain a folders structure (with updates) that matches the structure created when using Kaspersky update servers.
- Other settings:
Force update of secondary Administration Servers
If this option is enabled, the Administration Server starts the update tasks on the secondary Administration Servers as soon as new updates are downloaded. Otherwise, the update tasks on the secondary Administration Servers start according to their schedules.
By default, this option is disabled.
Copy downloaded updates to additional folders
After the Administration Server receives updates, it copies them to the specified folders. Use this option if you want to manually manage the distribution of updates on your network.
For example, you may want to use this option in the following situation: the network of your organization consists of several independent subnets, and devices from each of the subnets do not have access to other subnets. However devices in all of the subnets have access to a common network share. In this case, you set Administration Server in one of the subnets to download updates from Kaspersky update servers, enable this option, and then specify this network share. In downloaded updates to the repository tasks for other Administration Servers, specify the same network share as the update source.
By default, this option is disabled.
Do not force updating of devices and secondary Administration Servers unless copying is complete
The tasks of downloading updates to client devices and secondary Administration Servers start only after those updates are copied from the main update folder to additional update folders.
This option must be enabled if client devices and secondary Administration Servers download updates from additional network folders.
By default, this option is disabled.
Update Network Agent modules (for Network Agent versions earlier than 10 Service Pack 2)
If this option is enabled, updates for software modules of Network Agent are installed automatically after the Administration Server completes the download updates to the repository task. Otherwise, updates received for Network Agent modules can be installed manually.
This option is only applicable to Network Agent versions earlier than 10 Service Pack 2. Starting from version 10 Service Pack 2, Network Agents are updated automatically.
By default, this option is enabled.
Settings specified after task creation
You can specify the following settings only after a task is created.
Page top
[Topic 172077]
Download updates to the repositories of distribution points task settings
Expand all | Collapse all
Settings specified during task creation
You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.
- Sources of updates
The following resources can be used as a source of updates for the distribution point:
- Kaspersky update servers
HTTP(S) servers at Kaspersky from which Kaspersky applications download database and application module updates.
This option is selected by default.
- Primary Administration Server
This resource applies to tasks created for a secondary or virtual Administration Server.
- Local or network folder
A local or network folder that contains the latest updates. A network folder can be an FTP or HTTP server, or an SMB share. If a network folder requires authentication, only the SMB protocol is supported. When selecting a local folder, you must specify a folder on the device that has Administration Server installed.
An FTP or HTTP server or a network folder used by an update source must contain a folders structure (with updates) that matches the structure created when using Kaspersky update servers.
If you enable the Do not use proxy server option for the Kaspersky update servers or Local or network folder sources of update, a distribution point does not use a proxy server for downloading updates, even if you enabled the option Use proxy server of the Network Agent policy settings for the distribution point.
- Other settings → Folder for storing updates
The path to the specified folder for storing saved updates. You can copy the specified folder path to a clipboard. You cannot change the path to a specified folder for a group task.
Settings specified after task creation
You can specify the following setting in the Settings section, in the Content of updates block only after a task is created.
Download diff files
Page top
[Topic 172117]
Find vulnerabilities and required updates task settings
Expand all | Collapse all
Settings specified during task creation
You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.
- Search for vulnerabilities and updates listed by Microsoft
When searching for vulnerabilities and updates, Kaspersky Security Center uses the information about applicable Microsoft updates from the source of Microsoft updates, which are available at the present moment.
For example, you may want to disable this option if you have different tasks with different settings for Microsoft updates and updates of third-party applications.
By default, this option is enabled.
- Connect to the update server to update data
Windows Update Agent on a managed device connects to the source of Microsoft updates. The following servers can act as a source of Microsoft updates:
- Kaspersky Security Center Administration Server (see the settings of Network Agent policy)
- Windows Server with Microsoft Windows Server Update Services (WSUS) deployed in your organization's network
- Microsoft Updates servers
If this option is enabled, Windows Update Agent on a managed device connects to the source of Microsoft updates to refresh the information about applicable Microsoft Windows updates.
If this option is disabled, Windows Update Agent on a managed device uses the information about applicable Microsoft Windows updates that was received from the source of Microsoft updates earlier and that is stored in the device's cache.
Connecting to the source of Microsoft updates can be resource-consuming. You might want to disable this option if you set regular connection to this source of updates in another task or in the properties of Network Agent policy, in the section Software updates and vulnerabilities. If you do not want to disable this option, then, to reduce the Server overload, you can configure the task schedule to randomize delay for task starts within 360 minutes.
By default, this option is enabled.
Combination of the following options of the settings of Network Agent policy defines the mode of getting updates:
- Windows Update Agent on a managed device connects to the Update Server to get updates only if the Connect to the update server to update data option is enabled and the Active option, in the Windows Update search mode settings group, is selected.
- Windows Update Agent on a managed device uses the information about applicable Microsoft Windows updates that was received from the source of Microsoft updates earlier and that is stored in the device's cache, if the Connect to the update server to update data option is enabled and the Passive option, in the Windows Update search mode settings group, is selected, or if the Connect to the update server to update data option is disabled and the Active option, in the Windows Update search mode settings group, is selected.
- Irrespective of the Connect to the update server to update data option's status (enabled or disabled), if Disabled option, in the Windows Update search mode settings group is selected, Kaspersky Security Center does not request any information about updates.
- Search for third-party vulnerabilities and updates listed by Kaspersky
If this option is enabled, Kaspersky Security Center searches for vulnerabilities and required updates for third-party applications (applications made by software vendors other than Kaspersky and Microsoft) in Windows Registry and in the folders specified under Specify paths for advanced search of applications in file system. The full list of supported third-party applications is managed by Kaspersky.
If this option is disabled, Kaspersky Security Center does not search for vulnerabilities and required updates for third-party applications. For example, you may want to disable this option if you have different tasks with different settings for Microsoft Windows updates and updates of third-party applications.
By default, this option is enabled.
- Specify paths for advanced search of applications in file system
The folders in which Kaspersky Security Center searches for third-party applications that require vulnerability fix and update installation. You can use system variables.
Specify the folders to which applications are installed. By default, the list contains system folders to which most of the applications are installed.
- Enable advanced diagnostics
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.
If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Remote Diagnostics Utility. No additional traces are written.
When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.
By default, this option is disabled.
- Maximum size, in MB, of advanced diagnostics files
The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.
Page top
[Topic 172011]
Install required updates and fix vulnerabilities task settings
Expand all | Collapse all
Settings specified during task creation
You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.
- Specify rules for installing updates
These rules are applied to installation of updates on client devices. If rules are not specified, the task has nothing to perform. For information about operations with rules, refer to Rules for update installation.
- Start installation at device restart or shutdown
If this option is enabled, updates are installed when the device is restarted or shut down. Otherwise, updates are installed according to a schedule.
Use this option if installing the updates might affect the device performance.
By default, this option is disabled.
- Install required general system components
If this option is enabled, before installing an update the application automatically installs all general system components (prerequisites) that are required to install the update. For example, these prerequisites can be operating system updates
If this option is disabled, you may have to install the prerequisites manually.
By default, this option is disabled.
- Allow installation of new application versions during updates
If this option is enabled, updates are allowed when they result in installation of a new version of a software application.
If this option is disabled, the software is not upgraded. You can then install new versions of the software manually or through another task. For example, you may use this option if your company infrastructure is not supported by a new software version or if you want to check an upgrade in a test infrastructure.
By default, this option is enabled.
Upgrading an application may cause malfunction of dependent applications installed on client devices.
- Download updates to the device without installing them
If this option is enabled, the application downloads updates to the device but does not install them automatically. You can then Install downloaded updates manually.
Microsoft updates are downloaded to the system Windows storage. Updates of third-party applications (applications made by software vendors other than Kaspersky and Microsoft) are downloaded to the folder specified in the Folder for downloading updates field.
If this option is disabled, the updates are installed to the device automatically.
By default, this option is disabled.
- Folder for downloading updates
This folder is used to download updates of third-party applications (applications made by software vendors other than Kaspersky and Microsoft).
- Enable advanced diagnostics
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.
If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Remote Diagnostics Utility. No additional traces are written.
When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.
By default, this option is disabled.
- Maximum size, in MB, of advanced diagnostics files
The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.
Settings specified after task creation
You can specify the following settings only after a task is created.
Page top
[Topic 172841]