Viewing and modifying the settings of an Administration Server

You can adjust the settings of an Administration Server in the properties window of this Server.

To open the Properties: Administration Server window,

Select Properties in the context menu of the Administration Server node in the console tree.

Adjusting the general settings of Administration Server

You can adjust the general settings of Administration Server in the General, Administration Server connection settings, Events repository, and Security sections of the Administration Server properties window.

The Security section is not displayed in the Administration Server properties window if the display has been disabled in the Administration Console interface.

To enable the display of the Security section in Administration Console:

1. In the console tree, select the Administration Server that you want.
2. In the View menu of the main application window, select Configure interface.
3. In the Configure interface window that opens, select the Display security settings sections check box and click OK.
4. In the window with the application message, click OK.

The Security section will be displayed in the Administration Server properties window.

Administration Console interface settings

You can adjust the interface settings of Administration Console to display or hide the user interface controls related to the following features:

• Vulnerability and Patch Management
• Data encryption and protection
• Endpoint control settings
• Mobile Device Management
• Secondary Administration Servers
• Security Settings sections

To configure the Administration Console interface settings:

1. In the console tree, select the Administration Server that you want.
2. In the View menu of the main application window, select Configure interface.
3. In the Configure interface window that opens, select the check boxes next to the features that you want displayed and click OK.
4. In the window with the application message, click OK.

The selected features will be displayed in the Administration Console interface.

Event processing and storage on the Administration Server

Information about events during the operation of the application and managed devices is saved in the Administration Server database. Each event is attributed to a certain type and level of severity (Critical event, Functional failure, Warning, or Info). Depending on the conditions under which an event occurred, the application can assign different levels of severity to events of the same type.

You can view types and levels of severity assigned to events in the Event configuration section of the Administration Server properties window. In the Event configuration section, you can also configure processing of every event by the Administration Server:

• Registration of events on the Administration Server and in event logs of the operating system on a device and on the Administration Server.
• Method used for notifying the administrator of an event (for example, an SMS or email message).

In the Events repository section of the Administration Server properties window, you can edit the settings of events storage in the Administration Server database by limiting the number of event records and record storage term. When you specify the maximum number of events, the application calculates an approximate amount of storage space required for the specified number. You can use this approximate calculation to evaluate whether you have enough free space on the disk to avoid database overflow. The default capacity of the Administration Server database is 400,000 events. The maximum recommended capacity of the database is 45 million events.

If the number of events in the database reaches the maximum value specified by the administrator, the application deletes the oldest events and rewrites them with new ones. When the Administration Server deletes old events, it cannot save new events to the database. During this period of time, information about events that were rejected is written to the Kaspersky Event Log. The new events are queued and then saved to the database after the deletion operation is complete.

You can change the settings of any task to save events related to the task progress, or save only task execution results. In doing so, you will reduce the number of events in the database, increase the speed of execution of scenarios associated with analysis of the event table in the database, and lower the risk that critical events will be overwritten by a large number of events.

Viewing log of connections to the Administration Server

The history of connections and attempts to connect to the Administration Server during its operation can be saved to a log file. The information in the file allows you to track not only connections on your network infrastructure, but unauthorized attempts to access the Administration Server as well.

To log the events of connection to the Administration Server:

1. In the console tree, select the Administration Server for which you want to enable connection event logging.
2. In the context menu of the Administration Server, select Properties.
3. In the properties window that opens, in the Administration Server connection settings section, select the Connection ports subsection.
4. Enable the Log Administration Server connection events option.
5. Click the OK button to close the Administration Server properties window.

All further events of inbound connections to the Administration Server, authentication results, and SSL errors will be saved to the file %ProgramData%\KasperskyLab\adminkit\logs\sc.syslog.

Page top

Control of virus outbreaks

Kaspersky Security Center allows you to quickly respond to emerging threats of virus outbreaks. Risks of virus outbreaks are assessed by monitoring virus activity on devices.

You can configure assessment rules for threats of virus outbreaks and actions to take in case one emerges; to do this, use the Virus outbreak section of the properties window of Administration Server.

You can specify the notification procedure for the Virus outbreak event in the Event configuration section of the Administration Server properties window, in the Virus outbreak event properties window.

The Virus outbreak event is generated upon detection of Malicious object detected events during the operation of security applications. Therefore, you must save information about all Malicious object detected events on Administration Server in order to recognize virus outbreaks.

You can specify the settings for saving information about any Malicious object detected event in the policies of the security applications.

When Malicious object detected events are counted, only information from the devices of the primary Administration Server is taken into account. The information from secondary Administration Servers is not taken into account. For each secondary Server, the Virus outbreak event is configured individually.

Limiting traffic

Expand all | Collapse all

To reduce traffic volumes within a network, the application provides the option to limit the speed of data transfer to an Administration Server from specified IP ranges and IP subnets.

You can create and configure traffic-limiting rules in the Traffic section of the Administration Server properties window.

To create a traffic-limiting rule:

1. In the console tree, select the node with the name of the Administration Server for which you want to create a traffic-limiting rule.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, select the Traffic section.
4. Click the Add button.
5. In the New rule window, specify the following settings:

   In the IP range to limit traffic section, select the method that will be used to define the subnet or range for which the data transfer rate will be limited, and then enter the values of the settings for the selected method. Select one of the following methods:

   • Specify the range by using address and network mask

     Traffic is limited based on subnet settings. Specify the subnet address and the subnet mask for determining the range in which traffic will be limited.

     You can also click Browse to add subnets from the global list of subnets.

   • Specify the range by using start and end addresses

     Traffic is limited based on a range of IP addresses. Specify the range of IP addresses in the Start and End entry fields.

     This option is selected by default.

   In the Traffic limit section, you can adjust the following restrictive settings for the data transfer rate:

   • Time interval

     Time interval during which the traffic restriction will be in force. You can specify the boundaries of the time interval in the entry fields.

   • Limit (KB/s)

     Maximum total transfer speed of incoming and outgoing data of the Administration Server. Traffic restriction will only be effective within the interval specified in the Time interval field.

   • Limit traffic for the remaining time (KB/s)

     Traffic will be limited not only within the interval specified in the Time interval field, but also at other times.

     By default, this check box is cleared. The value of this field may not match the value of the Limit (KB/s) field.

Primarily, traffic limiting rules affect the transfer of files. These rules do not apply to the traffic generated by synchronization between Administration Server and Network Agent, or between primary and secondary Administration Servers.

Configuring Web Server

Web Server is designed for publishing stand-alone installation packages, iOS MDM profiles, and files from a shared folder.

You can define the settings for Web Server connection to the Administration Server and set the Web Server certificate in the Web Server section of the Administration Server properties window.

Reissuing the Web Server certificate

The Web Server certificate used in Kaspersky Security Center is required for publishing Network Agent installation packages that you subsequently download to managed devices, as well as for publishing iOS MDM profiles, iOS apps, and Kaspersky Endpoint Security for Mobile installation packages. Depending on the current application configuration, various certificates can function as the Web Server certificate (for more detail, see About Kaspersky Security Center certificates).

You may need to reissue the Web Server certificate to meet the specific security requirements of your organization or to maintain continuous connection of your managed devices before starting to upgrade the application. Kaspersky Security Center provides two ways of reissuing the Web Server certificate; the choice between the two methods depends on whether you have mobile devices connected and managed through the mobile protocol (i.e., by using the mobile certificate).

If you have never specified your own custom certificate as the Web Server certificate in the Web Server section of the Administration Server properties window, the mobile certificate acts as the Web Server certificate. In this case, the Web Server certificate reissuance is performed through the reissuance of the mobile protocol itself.

To reissue the Web Server certificate when you have no mobile devices managed through the mobile protocol:

1. In the console tree, right-click the name of the relevant Administration Server and in the context menu select Properties.
2. In the Administration Server properties window that opens, in the left pane select the Administration Server connection settings section.
3. In the list of subsections, select the Certificates subsection.
4. If you plan to continue using the certificate issued by Kaspersky Security Center, do the following:
   1. On the right pane, in the Administration Server authentication by mobile devices group of settings, select the Certificate issued through Administration Server option and click the Reissue button.
   2. In the Reissue certificate window that opens, in the Connection address and Activation term group of settings select the relevant options and click OK.
   3. In the confirmation window, click Yes.

   Alternatively, if you plan to use your own custom certificate, do the following:

   1. Check whether your custom certificate meets the requirements of Kaspersky Security Center and the requirements for trusted certificates by Apple. If necessary, modify the certificate.
   2. Select the Other certificate option and click the Browse button.
   3. In the Certificate window that opens, in the Certificate type field select the type of your certificate and then specify the certificate location and settings:
      • If you have selected PKCS #12 container, click the Browse button next to the Certificate file field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
      • If you have selected X.509 certificate, click the Browse button next to the Private key (.prk, .pem) field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field. Then click the Browse button next to the Public key (.cer) field and specify the private key on your hard drive.
   4. In the Certificate window, click OK.
   5. In the confirmation window, click Yes.

   The mobile certificate is reissued to be used as the Web Server certificate.

To reissue the Web Server certificate when you have any mobile devices managed through the mobile protocol:

1. Generate your custom certificate and prepare it for the usage in Kaspersky Security Center. Check whether your custom certificate meets the requirements of Kaspersky Security Center and the requirements for trusted certificates by Apple. If necessary, modify the certificate.

   You can use the kliossrvcertgen.exe utility for certificate generation.

2. In the console tree, right-click the name of the relevant Administration Server and in the context menu select Properties.
3. In the Administration Server properties window that opens, in the left pane select the Web Server section.
4. In the Over HTTPS menu, select the Specify another certificate option.
5. In the Over HTTPS menu, click the Change button.
6. In the Certificate window that opens, in the Certificate type field select the type of your certificate:
   • If you have selected PKCS #12 container, click the Browse button next to the Certificate file field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
   • If you have selected X.509 certificate, click the Browse button next to the Private key (.prk, .pem) field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field. Then click the Browse button next to the Public key (.cer) field and specify the private key on your hard drive.
7. In the Certificate window, click OK.
8. If necessary, in the Administration Server properties window, in the Web Server HTTPS port field change the number of the HTTPS port for Web Server. Click OK.

   The Web Server certificate is reissued.

Working with internal users

The accounts of internal users are used to work with virtual Administration Servers. Kaspersky Security Center grants the rights of real users to internal users of the application.

The accounts of internal users are created and used only within Kaspersky Security Center. No data on internal users is transferred to the operating system. Kaspersky Security Center authenticates internal users.

You can configure accounts of internal users in the User accounts folder of the console tree.