Licensing

This section provides information about general concepts related to Kaspersky Security Center 13.1 licensing.

Events of the licensing limit exceeded

Kaspersky Security Center allows you to get information about events when some licensing limits are exceeded by Kaspersky applications installed on client devices.

The importance level of such events when a licensing restriction is exceeded is defined according to the following rules:

• If the currently used units covered by a single license constitute 90% to 100% of the total number of units covered by the license, the event is published with the Info importance level.
• If the currently used units covered by a single license constitute 100% to 110% of the total number of units covered by the license, the event is published with the Warning importance level.
• If the number of currently used units covered by a single license exceeds 110% of the total number of units covered by the license, the event is published with the Critical event importance level.

About licensing

This section contains information about the licensing of Kaspersky applications managed via Kaspersky Security Center.

About the license

A license is a time-limited right to use the application, granted under the terms of the End User License Agreement.

A license entitles you to the following kinds of services:

• Use of the application in accordance with the terms of the End User License Agreement
• Getting technical support

The scope of services and validity period depend on the type of license under which the application was activated.

The following license types are provided:

• Trial. A free license intended for trying out the application.

  A trial license usually has a short term. When the trial license expires, all Kaspersky Security Center features become disabled. To continue using the application, you need to purchase a commercial license.

  You can activate the application under a trial license only once.

• Commercial. A paid license granted upon purchase of the application.

  When the commercial license expires, key features of the application become disabled. To continue using Kaspersky Security Center, you must renew your commercial license. If you are not planning to renew your license, you must remove the application from your computer.

We recommend renewing the license before it expires, to ensure maximum protection against all security threats.

About the End User License Agreement

The End User License Agreement (License Agreement or EULA) is a binding agreement between you and AO Kaspersky Lab stipulating the terms under which you may use the application.

Please carefully read the License Agreement before you start using the application.

Kaspersky Security Center and its components, for example, Network Agent, have their own EULA.

You can view the terms of the End User License Agreement for Kaspersky Security Center using the following methods:

• During installation of Kaspersky Security Center.
• By reading the license.txt document included in the Kaspersky Security Center distribution kit.
• By reading the license.txt document in the Kaspersky Security Center installation folder.
• By downloading the license.txt file from the Kaspersky website.

You can view the terms of the End User License Agreement for Network Agent for Windows, Network Agent for Mac, Network Agent for Linux using the following methods:

• During downloading of Network Agent distribution package from the Kaspersky web servers.
• During installation of Network Agent for Windows, Network Agent for Mac, Network Agent for Linux.

Please note that when you install Network Agent for Linux, the End User License Agreement for Network Agent is displayed in English language. You can check the End User License Agreement for Network Agent in other languages in /opt/kaspersky/klnagent64/share/license folder before accepting the terms of the End User License Agreement during installation.

• By reading the license.txt document included in the Network Agent for Windows, Network Agent for Mac, Network Agent for Linux distribution package.
• By reading the license.txt document in the Network Agent for Windows, Network Agent for Mac, Network Agent for Linux installation folder.
• By downloading the license.txt file from the Kaspersky website.

You accept the terms of the End User License Agreement by confirming that you agree with the End User License Agreement when installing the application. If you do not accept the terms of the License Agreement, cancel the application installation and do not use the application.

About the license certificate

A license certificate is a document that you receive along with a key file or an activation code.

A license certificate contains the following information about the license provided:

• License key or order number
• Information about the user who has been granted the license
• Information about the application that can be activated under the license provided
• Limit of the number of licensing units (e.g., devices on which the application can be used under the license provided)
• License validity start date
• License expiration date or license term
• License type

About the license key

A license key is a sequence of bits that you can apply to activate and then use the application in accordance with the terms of the End User License Agreement. License keys are generated by Kaspersky specialists.

You can add a license key to the application using one of the following methods: by applying a key file or by entering an activation code. The license key is displayed in the application interface as a unique alphanumeric sequence after you add it to the application.

The license key may be blocked by Kaspersky in case the terms of the License Agreement have been violated. If the license key has been blocked, you need to add another one if you want to use the application.

A license key may be active or additional (or reserve).

An active license key is a license key that is currently used by the application. An active license key can be added for a trial or commercial license. The application cannot have more than one active license key.

An additional (or reserve) license key is a license key that entitles the user to use the application, but is not currently in use. The additional license key automatically becomes active when the license associated with the current active license key expires. An additional license key can be added only if an active license key has already been added.

A license key for a trial license can be added as an active license key. A license key for a trial license cannot be added as an additional license key.

About the key file

A key file is a file with the .key extension provided to you by Kaspersky. Key files are designed to activate the application by adding a license key.

You receive a key file at the email address that you provided when you bought Kaspersky Security Center or ordered the trial version of Kaspersky Security Center.

You do not need to connect to Kaspersky activation servers in order to activate the application with a key file.

You can restore a key file if it has been accidentally deleted. You may need a key file to register a Kaspersky CompanyAccount, for example.

To restore your key file, perform any of the following actions:

• Contact the license seller.
• Receive a key file through Kaspersky website by using your available activation code.

About the subscription

Subscription to Kaspersky Security Center is an order for use of the application under the selected settings (subscription expiration date, number of protected devices). You can register your subscription to Kaspersky Security Center with your service provider (for example, your internet provider). A subscription can be renewed manually or in automatic mode; also, you can cancel it.

A subscription can be limited (for example, one-year) or unlimited (with no expiration date). To continue using Kaspersky Security Center after a limited subscription expires, you must renew it. An unlimited subscription is renewed automatically if it has been prepaid to the service provider in due dates.

When a limited subscription expires, you may be provided a grace period for renewal during which the application continues to function. The availability and duration of the grace period is defined by the service provider.

To use Kaspersky Security Center under subscription, you must apply the activation code received from the service provider.

You can apply a different activation code for Kaspersky Security Center only after your subscription expires or when you cancel it.

Depending on the service provider, the set of possible actions for subscription management may vary. The service provider might not provide a grace period for subscription renewal and so the application loses its functionality.

Activation codes purchased under subscription cannot be used for activating earlier versions of Kaspersky Security Center.

When the application is used under subscription, Kaspersky Security Center automatically attempts to access the activation server at specified time intervals until the subscription expires. You can renew your subscription on the service provider's website.

About the activation code

Activation code is a unique sequence of 20 alphanumeric characters. You enter an activation code to add a license key that activates Kaspersky Security Center. You receive the activation code through the email address that you specified after purchasing Kaspersky Security Center or after ordering the trial version of Kaspersky Security Center.

To activate the application with an activation code, you need internet access to establish connection with Kaspersky activation servers.

If the application was activated with an activation code, the application in some cases sends regular requests to Kaspersky activation servers in order to check the current status of the license key. You must provide the application internet access to make it possible to send requests.

If you have lost your activation code after installing the application, contact the Kaspersky partner from whom you purchased the license.

You cannot use key files for activating managed applications; only activation codes are accepted.

Revoking consent with an End User License Agreement

If you decide to stop protection of your client devices, you can uninstall managed Kaspersky applications and revoke your End User License Agreement (EULA) for these applications.

To revoke a EULA for managed Kaspersky applications:

1. In the console tree, select Administration Server → Advanced → Accepted EULAs.

   A list of EULAs—accepted upon creation of installation packages, at the seamless installation of updates, or upon deployment of Kaspersky Security for Mobile—is displayed.

2. In the list, select the EULA that you want to revoke.

   You can view the following properties of the EULA:

   • Date when the EULA was accepted.
   • The name of the user who accepted the EULA.
   • Link to the terms of the EULA.
   • List of the objects that are connected to the EULA: names of installation packages, names of seamless updates, names of mobile apps.
3. Click the Revoke EULA button.

   In the window that opens, you are informed that you must uninstall Kaspersky application corresponding to the EULA.

4. Click the button to confirm revocation.

   Kaspersky Security Center checks whether the installation packages (corresponding to the managed Kaspersky application whose EULA you want to revoke) are deleted.

   You can revoke only the EULA for a managed Kaspersky application, whose installation packages are deleted.

The EULA is revoked. It is not displayed in the list of EULAs in the Administration Server → Advanced → Accepted EULAs section. You cannot protect client devices using a Kaspersky application whose EULA you have revoked.

About data provision

Data transferred to third parties

When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the Android operating system through the push notification mechanism the Google Firebase Cloud Messaging service is used. If the User has configured the usage of the Google Firebase Cloud Messaging service, the User accepts to provide the following information to the Google Firebase Cloud Messaging service in automatic mode: installation IDs of the Kaspersky Endpoint Security for Android applications to which push notifications must be sent.

To block exchange of information with the Google Firebase Cloud Messaging service, the User must roll back the usage settings of the Google Firebase Cloud Messaging service to their factory values.

When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the iOS operating system through the push notification mechanism the Apple Push Notification Service (APNs) is used. If the User has installed an APNs certificate on an iOS MDM Server, created an iOS MDM profile with a collection of settings for connection of iOS mobile devices to the Software, and installed this profile on mobile devices, the User agrees to provide the following information to APNs in automatic mode:

• Token—Push token of the device. The server uses this token when sending push notifications to the device.
• PushMagic—String that must be included in the push notification. The string value is generated by the device.

Data processed locally

Kaspersky Security Center is designed for centralized execution of basic administration and maintenance tasks on an organization's network. Kaspersky Security Center provides the administrator with access to detailed information about the organization's network security level; Kaspersky Security Center lets the administrator configure all the components of protection based on Kaspersky applications. Kaspersky Security Center performs the following main functions:

• Detecting devices and their users on the organization's network
• Creating a hierarchy of administration groups for device management
• Installing Kaspersky applications on devices
• Managing the settings and tasks of installed applications
• Managing the updates for Kaspersky and third-party applications, and finding and fixing vulnerabilities
• Activating Kaspersky applications on devices
• Managing user accounts
• Viewing information about the operation of Kaspersky applications on devices
• Viewing reports

To perform its main functions Kaspersky Security Center can receive, store, and process the following information:

• Information about the devices on the organization's network received as a result of device discovery on the Active Directory network or Windows network, or through scanning of IP intervals. Administration Server gets data independently or receives data from Network Agent.
• Information about the Active Directory organizational units, domains, users, and groups received as a result of device discovery on the Active Directory network. Administration Server gets data independently or receives data from Network Agent.
• Details of managed devices. Network Agent transfers the data listed below from the device to Administration Server. The User enters the display name and description of the device in the Administration Console interface or Kaspersky Security Center 13.1 Web Console interface:
  • Technical specifications of the managed device and its components required for device identification: device display name and description, Windows domain name and type, device name in Windows environment, DNS domain and DNS name, IP address, network location, MAC address, operating system type, whether the device is a virtual machine together with hypervisor type, and whether the device is a dynamic virtual machine as part of VDI.
  • Other specifications of managed devices and their components required for audit of managed devices and for making decisions about whether specific patches and updates are applicable: Windows Update Agent (WUA) status, operating system architecture, operating system vendor, operating system build number, operating system release ID, operating system location folder, if the device is a virtual machine—the virtual machine type; the name of the virtual Administration Server that manages the device; cloud device data (cloud region, VPC, cloud availability zone, cloud subnet, cloud placement zone).
  • Details of actions on managed devices: date and time of the last update, time the device was last visible on the network, restart waiting status, and time the device was turned on.
  • Details of device user accounts and their work sessions.
• Distribution point operation statistics if the device is a distribution point. Network Agent transfers data from the device to Administration Server.
• Distribution point settings entered by the User in the Administration Console or Kaspersky Security Center 13.1 Web Console.
• Details of mobile devices transferred by using the Exchange ActiveSync protocol. The data listed below are transferred from the mobile device to Administration Server:
  • Technical specifications of the mobile device and its components required for device identification: device name, model, operating system name, IMEI number, and phone number.
  • Specifications of the mobile device and its components: device management status, support of SMS, permission to send SMS messages, support of FCM, support of user commands, operating system storage folder, and device name.
  • Details of actions on mobile devices: device location (through the Locate command), time of last synchronization, time of last connection to the Administration Server, and synchronization support details.
• Details of mobile devices transferred by using the iOS MDM protocol. The data listed below are transferred from the mobile device to Administration Server:
  • Technical specifications of the mobile device and its components required for device identification: device name, model, operating system name and build number, device model number, IMEI number, UDID, MEID, serial number, amount of memory, modem firmware version, Bluetooth MAC address, Wi-Fi MAC address, and SIM card details (ICCID as part of the SIM card ID).
  • Details of the mobile network used by the managed device: mobile network type, name of the currently used mobile network, name of the home mobile network, version of the mobile network operator settings, voice roaming and data roaming status, country code of the home network, residence country code, country code of the currently used network, and encryption level.
  • Security settings of the mobile device: use of a password and its compliance with the policy settings, list of configuration profiles and provisioning profiles used for installation of third-party applications.
  • Date of last synchronization with Administration Server and device management status.
• Details of Kaspersky applications installed on the device. The managed application transfers data from the device to Administration Server through Network Agent:
  • Settings of Kaspersky applications installed on the managed device: Kaspersky application name and version, status, real-time protection status, last device scan date and time, number of threats detected, number of objects that failed to be disinfected, availability and status of the application components, time of last update and version of anti-virus databases, details of Kaspersky application settings and tasks, information about the active and reserve license key, application installation date and ID.
  • Application operation statistics: events related to the changes in the status of Kaspersky application components on the managed device and to the performance of tasks initiated by the application components.
  • Device status defined by the Kaspersky application.
  • Tags assigned by the Kaspersky application.
  • Set of installed and applicable updates for the Kaspersky application.
• Data contained in events from Kaspersky Security Center components and Kaspersky managed applications. Network Agent transfers data from the device to Administration Server.
• Data necessary for the integration of Kaspersky Security Center with a SIEM system for event export. The User enters the data in the Administration Console or in Kaspersky Security Center 13.1 Web Console.
• Settings of Kaspersky Security Center components and Kaspersky managed applications presented in policies and policy profiles. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Task settings of Kaspersky Security Center components and Kaspersky managed applications. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Data processed by the Vulnerability and Patch Management feature. Network Agent transfers the data listed below from the device to Administration Server:
  • Details of applications and patches installed on managed devices (Applications registry).
  • Information about the hardware detected on managed devices (Hardware registry).
  • Details of vulnerabilities in third-party software detected on managed devices.
  • Details of updates available for third-party applications installed on managed devices.
  • Details of Microsoft updates found by the WSUS feature.
  • List of Microsoft updates found by the WSUS feature that must be installed on the device.
• Data necessary for work of Kaspersky Security Center with the cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud, Yandex Cloud). The User enters the data in the Administration Console or in Kaspersky Security Center 13.1 Web Console.
• User categories of applications. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Details of executable files detected on managed devices by the Application Control feature. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface. A complete list of data is provided in the Help files of the corresponding application.
• Details of files placed in Backup. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Details of files placed in Quarantine. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Details of files requested by Kaspersky specialists for detailed analysis. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Details of the status and triggering of Adaptive Anomaly Control rules. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Details of external devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Device Control feature. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Information about encrypted devices and the encryption status. The managed application transfers data from the device to Administration Server through Network Agent.
• Details of data encryption errors on devices performed using the Data encryption feature of Kaspersky applications. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• List of managed programmable logic controllers (PLCs). The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Data required for creation of a threat development chain. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
• Data required for Kaspersky Security Center integration with the Kaspersky Managed Detection and Response service (the dedicated plug-in must be installed for Kaspersky Security Center 13.1 Web Console): integration initiation token, integration token, and user session token. The User enters the integration initiation token in the Kaspersky Security Center 13.1 Web Console interface. The Kaspersky MDR service transfers the integration token and the user session token through the dedicated plug-in.
• Details of the entered activation codes or specified key files. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• User accounts: name, description, full name, email address, main phone number, password, secret key generated by Administration Server, and one-time password for two-step verification. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Revision history of management objects. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Registry of deleted management objects. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Installation packages created from the file, as well as installation settings. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Data required for the display of announcements from Kaspersky in Kaspersky Security Center 13.1 Web Console. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Data required for the functioning of plug-ins of managed applications in Kaspersky Security Center 13.1 Web Console and saved by the plug-ins in the Administration Server database during their routine operation. The description and ways of providing the data are provided in the Help files of the corresponding application.
• Kaspersky Security Center 13.1 Web Console user settings: localization language and theme of the interface, Monitoring panel display settings, information about the status of notifications (Already read / Not yet read), status of columns in spreadsheets (Show / Hide), Training mode progress. The User enters data in the Kaspersky Security Center 13.1 Web Console interface.
• Kaspersky Event Log for Kaspersky Security Center components and Kaspersky managed applications. Kaspersky Event Log is stored on each device and is never transferred to Administration Server.
• Certificate for secure connection of managed devices to the Kaspersky Security Center components. The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Data required for the Kaspersky Security Center operation in cloud environments, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Yandex.Cloud. Administration Server receives the data from the virtual machine on which it runs.
• Information about the User's acceptance of the terms and conditions of legal agreements with Kaspersky.
• The Administration Server data that the User enters in the Administration Console or in Kaspersky Security Center 13.1 Web Console.
• Any data that the User enters in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.

The data listed above can be present in Kaspersky Security Center if one of the following methods is applied:

• The User enters data in the Administration Console or Kaspersky Security Center 13.1 Web Console interface.
• Network Agent automatically receives data from the device and transfers it to Administration Server.
• Network Agent receives data retrieved by the Kaspersky managed application and transfers it to Administration Server. The lists of data processed by Kaspersky managed applications are provided in the Help files for the corresponding applications.
• Administration Server and Network Agent assigned a distribution point receive information about the networked devices.
• Data is transferred from the mobile device to Administration Server by using the Exchange ActiveSync or iOS MDM protocol.

The listed data is stored in the Administration Server database. User names and passwords are stored in encrypted form.

All data listed above can be transferred to Kaspersky only through dump files, trace files, or log files of Kaspersky Security Center components, including log files created by installers and utilities.

Dump files, trace files, and log files of Kaspersky Security Center components contain random data of Administration Server, Network Agent, Administration Console, iOS MDM Server, Exchange Mobile Device Server, and Kaspersky Security Center 13.1 Web Console. These files can contain personal and sensitive data. Dump files, trace files, and log files are stored on the device in non-encrypted form. Dump files, trace files, and log files are not transferred to Kaspersky automatically; however, the administrator can transfer data to Kaspersky manually upon request by Technical Support to resolve issues in the Kaspersky Security Center operation.

Kaspersky uses the received data in anonymized form and for general statistics only. Summary statistics are generated automatically from the originally received information and do not contain any personal or confidential data. As soon as new data is accumulated, the previous data is wiped (once a year). Summary statistics are stored indefinitely.

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

Kaspersky Security Center licensing options

In Kaspersky Security Center, the license can apply to different groups of functionality.

When adding a license key in the Administration Server properties window, ensure that you add a license key that lets you use Kaspersky Security Center. You can find this information at the Kaspersky website. Each solution webpage contains the list of applications included in this solution. Administration Server may accept unsupported license keys, for example a license key for Kaspersky Endpoint Security Cloud, but the functionality of Kaspersky Security Center in such cases is not supported.

Basic functionality of Administration Console

The following functions are available:

• Creation of virtual Administration Servers that are used to administer a network of remote offices or client organizations.
• Creation of a hierarchy of administration groups to manage specific devices as a single entity.
• Control of the anti-virus security status of an organization.
• Remote installation of applications.
• Viewing the list of operating system images available for remote installation.
• Centralized configuration of applications installed on client devices.
• Viewing and editing existing licensed applications groups.
• Statistics and reports on the application's operation, as well as notifications about critical events.
• Encryption and data protection management.
• Viewing and manual editing of the list of hardware components detected by polling the network.
• Centralized operations with files that were moved to Quarantine or Backup and files whose processing was postponed.
• Management of user roles.

Kaspersky Security Center with support of the basic functionality of Administration Console is delivered as a part of Kaspersky applications for protection of corporate networks. You can also download it from Kaspersky website.

Before the application is activated or after the commercial license expires, Kaspersky Security Center provides only the basic functionality of Administration Console.

Vulnerability and Patch Management feature

The following functions are available:

• Remote installation of operating systems.
• Remote installation of software updates, scanning and fixing of vulnerabilities.
• Hardware inventory.
• Licensed applications group management.
• Remote permission of connection to client devices through a component of Microsoft Windows named Remote Desktop Connection.
• Remote connection to client devices through Windows Desktop Sharing.

The management unit for Vulnerability and Patch Management is a client device in the Managed devices group.

Detailed information about devices' hardware is available during the inventory process as part of Vulnerability and Patch Management. For a proper functioning of Vulnerability and Patch Management, at least 100 GB free disk space must be available.

Mobile Device Management feature

The Mobile Device Management feature is used to manage Exchange ActiveSync (EAS) and iOS MDM mobile devices.

The following functions are available for Exchange ActiveSync mobile devices:

• Creation and editing of mobile device management profiles, assignment of profiles to users' mailboxes.
• Configuration of mobile devices (email synchronization, apps usage, user password, data encryption, connection of removable drives).
• Installation of certificates on mobile devices.

The following functions are available for iOS MDM devices:

• Creating and editing configuration profiles, and installing configuration profiles on mobile devices.
• Installing applications on mobile devices through App Store or using manifest files (.plist).
• Locking mobile devices, resetting the mobile device password, and deleting all data from the mobile device.

In addition, Mobile Devices Management allows executing commands provided by relevant protocols.

The management unit for Mobile Devices Management is a mobile device. A mobile device is considered to be managed after it is connected to the Mobile Devices Server.

Role-based access control

Kaspersky Security Center provides facilities for role-based access to the features of Kaspersky Security Center and managed Kaspersky applications.

You can configure access rights to application features for Kaspersky Security Center users in one of the following ways:

• By configuring the rights for each user or group of users individually.
• By creating standard user roles with a predefined set of rights and assigning those roles to users depending on their scope of duties.

Installation of operating systems and applications

Kaspersky Security Center allows you to create operating system images and deploy them on client devices on the network, as well as perform remote installation of applications by Kaspersky or other vendors. You can capture operating system images from devices and transfer those images to the Administration Server. Such images of operating systems are stored on the Administration Server in a dedicated folder. The operating system image of a reference device is captured and then created through an installation package creation task. You can use the images received for deployment on new networked devices on which no operating system has been installed yet. A technology named Preboot eXecution Environment (PXE) is used in this case.

Integration with cloud environments

Kaspersky Security Center not only works with on-premises devices, but also provides special features for working in a cloud environment, such as Cloud Environment Configuration Wizard. Kaspersky Security Center works with the following virtual machines:

• Amazon EC2 instances
• Microsoft Azure virtual machines
• Google Cloud virtual machines instances

Exporting events to SIEM systems: QRadar by IBM and ArcSight by Micro Focus

Event export can be used within centralized systems that deal with security issues on an organizational and technical level, provide security monitoring services, and consolidate information from different solutions. These are SIEM systems, which provide real-time analysis of security alerts and events generated by network hardware and applications, or Security Operation Centers (SOCs).

Under a special license, you can use the CEF and LEEF protocols to export to SIEM systems general events, as well as the events transferred by Kaspersky applications to the Administration Server.

LEEF (Log Event Extended Format) is a customized event format for IBM Security QRadar SIEM. QRadar can integrate, identify, and process LEEF events. LEEF events must use UTF-8 character encoding. You can find detailed information on LEEF protocol in IBM Knowledge Center.

CEF (Common Event Format) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF enables you to use a common event log format so that data can easily be integrated and aggregated for analysis by an enterprise management system. ArcSight and Splunk SIEM systems use this protocol.

About restrictions on the main functionality

Before the application is activated or after the commercial license expires, Kaspersky Security Center provides only the basic functionality of Administration Console. The limitations of this basic application operation are described below.

Mobile Device Management

You cannot create a new profile and assign it to a mobile device (iOS MDM) or to a mailbox (Exchange ActiveSync). Changes to existing profiles and assignment of profiles to mailboxes are always available.

Role-based access control

You cannot configure role-based access to the features of Kaspersky Security Center and managed Kaspersky applications.

This feature allows administrators to configure access rights to application features for Kaspersky Security Center users in one of the following ways:

• By configuring the rights for each user or group of users individually.
• By creating standard user roles with a predefined set of rights and assigning those roles to users depending on their scope of duties.

Managing applications

You cannot run the update installation task and the update removal task. All tasks that started before the license expired will be completed, but the latest updates will not be installed. For example, if the critical update installation task was started before the license expired, only critical updates found before the license expiration will be installed.

Launch and editing of the synchronization, vulnerability scan, and vulnerabilities database update tasks are always available. Also, there are no limitations on viewing, searching, or sorting of entries in the list of vulnerabilities and updates.

Installing updates and fixing vulnerabilities in third-party software automatically

You cannot create the Install required updates and fix vulnerabilities task. This task allows you to install updates and fix vulnerabilities in third-party software, including Microsoft software, on the managed devices. You can configure the task to install multiple updates and fixes automatically, according to certain rules.

Remote installation of operating systems and applications

Tasks for capturing and installing an operating system image cannot be run. Tasks that were started before the license expired will be completed.

Hardware inventory

Information about new devices cannot be retrieved through Mobile Device Server. Information about computers and connected devices is kept updated.

Notifications are not sent about changes in the configuration of devices.

The equipment list is available for viewing and editing manually.

Licensed applications group management

You cannot add a new license key.

Notifications are not sent about violations of license key usage restrictions.

Remote connection to client devices

Remote connection to client devices is not available.

Anti-virus security

Anti-Virus uses databases that were installed before the license expired.

Integration with cloud environments

When working in a cloud environment, you cannot use AWS, Azure, or Google API tools for cloud segment polling and installation of applications on devices. Interface elements that display functions specific for working in a cloud environment are also not available.

Licensing features of Kaspersky Security Center and managed applications

Licensing of Administration Server and managed applications involves the following:

• You can add license key or valid activation code to an Administration Server to activate Vulnerability and Patch Management, Mobile Device Management, or Integration with the SIEM systems. Some features of Kaspersky Security Center are only accessible depending on active key files or valid activation codes added to the Administration Server.
• You can add multiple activation codes and key files for managed applications to the Administration Server repository.

About Kaspersky Security Center licensing

If you activated one of the licensed features (for example, Mobile Device Management) using a key file, but you also want to use another licensed feature (for example, Vulnerability and Patch Management), you must purchase from your service provider a key file that activates both these features and you must activate Administration Server by using this key file.

Licensing features of managed applications

For licensing of managed applications, an activation code or key file can be deployed automatically or in any other convenient way. The following methods can be applied to deploy an activation code or key file:

• Automatic deployment

  If you use different managed applications and you have to deploy a specific key file or activation code to devices, opt for other ways of deploying that activation code or key file.

  Kaspersky Security Center allows you to automatically deploy available license keys to devices. For example, three license keys are stored in the Administration Server repository. You have selected the Automatically distribute license key to managed devices check box for all three license keys. A Kaspersky security application—for example, Kaspersky Endpoint Security for Windows—is installed on the organization's devices. A new device is discovered to which a license key must be deployed. The application determines, for instance, that two of the license keys from the repository can be applied to the device: license key named Key_1 and license key named Key_2. One of these license keys is deployed to the device. In this case, it cannot be predicted which of the two license keys will be deployed to the device because automatic deployment of license keys does not provide for any administrator activity.

  When a license key is deployed, the devices are recounted for that license key. You must make sure that the number of devices to which the license key was deployed does not exceed the license limit. If the number of devices exceeds the license limit, all devices that were not covered by the license will be assigned Critical status.

• Adding a key file or activation code to the installation package of a managed application

  If you install a managed application using an installation package, you can specify an activation code or key file in this installation package or in the policy of the application. The license key will be deployed to managed devices at the next synchronization of the device with the Administration Server.

• Deployment through the add license key task for a managed application

  If you opt for using the add license key task for a managed application, you can select the license key that must be deployed to devices and select the devices in any convenient way—for example, by selecting an administration group or a device selection.

• Adding an activation code or a key file manually to the devices