Contents
Data repositories
This section provides information about data stored on the Administration Server and used for tracking the condition of client devices and for servicing them.
The Repositories folder of the console tree displays the data used for tracking the statuses of client devices.
The Repositories folder contains the following objects:
- Updates downloaded by the Administration Server that are distributed to client devices
- List of equipment detected on the network
- License keys detected on client devices
- Files placed in Quarantine folders on devices by security applications
- Files placed in Backup on client devices
- Files postponed for a later scan by security applications
Exporting a list of repository objects to a text file
You can export the list of objects from the repository to a text file.
To export the list of objects from the repository to a text file:
- In the console tree, in the Repositories folder select the subfolder of the relevant repository.
- In the repository subfolder, select Export list in the context menu.
This will open the Export list window, in which you can specify the name of text file and path to the folder where it was placed.
Installation packages
Kaspersky Security Center places the installation packages for applications of Kaspersky and third-party vendors in data repositories.
An installation package is a set of files required to install an application. An installation package contains the setup settings and initial configuration of the application being installed.
If you want to install an application on a client device, create an installation package for that application, or use an existing one. The list of created installation packages is stored in the Remote installation folder of the console tree, the Installation packages subfolder.
Main statuses of files in the repository
Security applications scan files on devices for known viruses and other programs that may pose a threat, assign statuses to files, and place some of them in the repository.
For example, security applications can do the following:
- Save a copy of a file to the repository before deletion
- Isolate probably infected files in the repository
The main statuses of files are presented in the table below. You can obtain more detailed information about actions to take on files in respective Help systems of security applications.
Statuses of files in the repository
Status name |
Status description |
|---|---|
Infected |
The file has a section of code of a known virus or other malware whose information is found in Kaspersky anti-virus databases. |
Not infected |
No known viruses or other malware were detected in the file. |
Warning |
The file contains a fragment of code that partially matches a snippet of code of a known threat. |
Probably infected |
The file contains either modified code of a known virus or code resembling a virus that is not yet known to Kaspersky. |
Placed to folder by user |
The user manually placed the file in the repository because the file's behavior gave rise to suspicion that it contains some threats. The user can scan the file for threats by using up-to-date databases. |
False positive |
A Kaspersky application assigned Infected status to a non-infected file because its code is similar to that of a virus. After a scan with up-to-date databases, the file is identified as non-infected. |
Disinfected |
The file was successfully disinfected. |
Deleted |
The file was deleted during processing. |
Password-protected |
The file cannot be processed because it is protected with a password. |
Triggering of rules in Smart Training mode
This section provides information about the detections performed by the Adaptive Anomaly Control rules in Kaspersky Endpoint Security for Windows on client devices.
The rules detect anomalous behavior on client devices and may block it. If the rules work in Smart Training mode, they detect anomalous behavior and send reports about every such occurrence to Kaspersky Security Center Administration Server. This information is stored as a list in the Triggering of rules in Smart Training state subfolder of the Repositories folder. You can confirm detections as correct or add them as exclusions, so that this type of behavior is not considered anomalous anymore.
Information about detections is stored in the event log on the Administration Server (along with other events) and in the Adaptive Anomaly Control report.
For more information about Adaptive Anomaly Control, the rules, their modes and statuses, refer to Kaspersky Endpoint Security for Windows Help.
Viewing the list of detections performed using Adaptive Anomaly Control rules
To view the list of detections performed by Adaptive Anomaly Control rules:
- In the console tree, select the node of the Administration Server that you require.
- Select the Triggering of rules in Smart Training state subfolder (by default, this is a subfolder of Advanced → Repositories).
The list displays the following information about detections performed using Adaptive Anomaly Control rules:
To view properties of each information element:
- In the console tree, select the node of the Administration Server that you require.
- Select the Triggering of rules in Smart Training state subfolder (by default, this is a subfolder of Advanced → Repositories).
- In the Triggering of rules in Smart Training state workspace, select the object that you want.
- Do one of the following:
- Click the Properties link in the information box that appears on the right side of the screen.
- Right-click and in the context menu select Properties.
The properties window of the object opens, displaying information about the selected element.
You can confirm or add to exclusions any element in the list of detections of Adaptive Anomaly Control rules.
To confirm an element,
Select an element (or several elements) in the list of detections and click the Confirm button.
The status of the element(s) will be changed to Confirming.
Your confirmation will contribute to the statistics used by the rules (for more information, refer to Kaspersky Endpoint Security 11 for Windows Help).
To add an element as an exclusion,
Right-click an element (or several elements) in the list of detections and select Add to exclusions in the context menu.
The Add Exclusion Wizard starts. Follow the Wizard instructions.
If you reject or confirm an element, it will be excluded from the list of detections after the next synchronization of the client device with the Administration Server, and will no longer appear in the list.
Page topAdding exclusions from the Adaptive Anomaly Control rules
The Add Exclusion Wizard allows you to add exclusions from the Adaptive Anomaly Control rules for Kaspersky Endpoint Security.
You can start the Wizard through one of the three procedures below.
To start the Add Exclusion Wizard through the Adaptive Anomaly Control node:
- In the console tree, select the node of the required Administration Server.
- Select Triggering of rules in Smart Training state (by default, this is a subfolder of Advanced → Repositories).
- In the workspace, right-click an element (or several elements) in the list of detections and select Add to exclusions.
You can add up to 1000 exclusions at a time. If you select more elements and try to add them to exclusions, an error message is displayed.
The Add Exclusion Wizard starts.
You can start the Add Exclusion Wizard from other nodes in the console tree:
- Events tab of the main window of the Administration Server (then the User requests option or Recent events option).
- Report on Adaptive Anomaly Control rules state, Detections count column.
Step 1. Selecting the application
This step can be skipped if you have only one Kaspersky Endpoint Security for Windows version and do not have other applications that support the Adaptive Anomaly Control rules.
The Add Exclusion Wizard shows the list of Kaspersky applications whose management plug-ins allow you to add exclusions to the policies for these applications. Select an application from this list and click Next to proceed to selecting the policy to which the exclusion will be added.
Page topStep 2. Selecting the policy (policies)
The Wizard shows the list of policies (with policy profiles) for Kaspersky Endpoint Security.
Select all the policies and profiles to which you want to add exclusions and click Next.
Page topStep 3. Processing of the policy (policies)
The Wizard displays a progress bar as the policies are processed. You can interrupt the processing of policies by clicking Cancel.
Inherited policies cannot be updated. If you do not have the rights to modify a policy, this policy will not be updated either.
When all the policies are processed (or if you interrupt the processing), a report appears. It shows which policies were updated successfully (green icon) and which policies were not updated (red icon).
This is the last step of the Wizard. Click Finish to close the Wizard.
Page topQuarantine and Backup
Kaspersky anti-virus applications installed on client devices may place files in Quarantine or Backup during device scan.
Quarantine is a special repository for storing files that are probably infected with viruses and files that cannot be disinfected at the time when they are detected.
Backup is designed for storing backup copies of files that have been deleted or modified during the disinfection process.
Kaspersky Security Center creates a summarized list of files placed in Quarantine or Backup by Kaspersky applications on the devices. Network Agents on client devices transmit information about the files in Quarantine and Backup to the Administration Server. You can use Administration Console to view the properties of files stored in repositories on devices, run virus scans of those repositories, and delete files from them. The icons of the file statuses are described in the appendix.
Operations with Quarantine and Backup are supported for versions 6.0 or later of Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus for Windows Servers, as well as for Kaspersky Endpoint Security 10 for Windows, or later versions.
Kaspersky Security Center does not copy files from repositories to Administration Server. All files are stored in repositories on the devices. You can restore a file only on the device with the anti-virus application, which placed that file in the repository.
Enabling remote management for files in the repositories
By default, you cannot manage files placed in repositories on client devices.
To enable remote management of files stored in repositories on client devices:
- In the console tree, select an administration group, for which you want to enable remote management for files in the repository.
- In the group workspace, open the Policies tab.
- On the Policies tab, select the policy of the security application that has placed the files in the repositories on the devices.
- In the policy settings window in the Data transfer to Administration Server group of settings, select the check boxes corresponding to the repositories for which you want to enable the remote management.
The location of the Data transfer to Administration Server settings group in the policy properties window and the names of check boxes depend on the currently used security application.
Viewing properties of a file placed in repository
To view properties of a file in Quarantine or Backup:
- In the console tree, select the Repositories folder, the Quarantine or Backup subfolder.
- In the workspace of the Quarantine (Backup) folder, select a file whose properties you want to view.
- By selecting Properties in the context menu of the file.
Deleting files from repositories
To delete a file from Quarantine or Backup:
- In the console tree, in the Repositories folder, select the Quarantine or Backup subfolder.
- In the workspace of the Quarantine (or Backup) folder select the files that you want to delete by using the Shift and Ctrl keys.
- Delete the files in one of the following ways:
- By selecting Delete in the context menu of the files.
- By clicking the Delete objects (Delete object) if you want to delete one file) link in the information box for the selected files.
The security applications that placed files in repositories on client devices will delete the same files from those repositories.
Page topRestoring files from repositories
To restore a file from Quarantine or Backup:
- In the console tree, select the Repositories folder, the Quarantine or Backup subfolder.
- In the workspace of the Quarantine (Backup) folder select the files that you want to restore by using the Shift and Ctrl keys.
- Start restoration of the files in one of the following ways:
- By selecting Restore in the context menu of the files.
- By clicking the Restore link in the information box for the selected files.
The security applications that placed files in repositories on client devices will restore the same files to their original folders.
Page topSaving a file from repositories to disk
Kaspersky Security Center allows you to save on a disk copies of files that a security application placed in Quarantine or Backup on a client device. Files are copied to the device with Kaspersky Security Center installed, to the specified folder.
To save a copy of file from Quarantine or Backup to a hard drive:
- In the console tree, select the Repositories folder, the Quarantine or Backup subfolder.
- In the workspace of the Quarantine (Backup) folder, select a file that you want to copy to the hard drive.
- Start copying in one of the following ways:
- By selecting Save to Disk in the context menu of the file.
- By clicking the Save to Disk link in the information box for the selected file.
The security application that placed the file in Quarantine on the client device will save a copy of that file to the specified folder.
Page topScanning files in Quarantine
To scan quarantined files:
- In the console tree, select the Repositories folder, the Quarantine subfolder.
- In the workspace of the Quarantine folder, select the files that you want to scan by using the Shift and Ctrl keys.
- Start the file scan in one of the following ways:
- By selecting Scan in the context menu of the file.
- By clicking the Scan link in the information box for the selected files.
The application runs the on-demand scan task for security applications that have placed the selected files in Quarantine on the devices where those files are stored.
Page topActive threats
Information about unprocessed files that have been detected on client devices is stored in the Repositories folder, Active threats subfolder.
Postponed processing and disinfection are performed by the security application upon request or after a specified event occurs. You can configure the postponed processing.
Disinfecting an unprocessed file
To start disinfection of an unprocessed file:
- In the console tree, in the Repositories folder select the Active threats subfolder.
- In the workspace of the Active threats folder, select the file that you have to disinfect.
- Start disinfection of the file in one of the following ways:
- By selecting Disinfect in the context menu of the file.
- By clicking the Disinfect link in the information box for the selected file.
The attempt to disinfect this file is then performed.
If the file is disinfected, the security application installed on the client device restores it to its original folder. The record of the file is removed from the list in the Active threats folder. If the file cannot be disinfected, the security application installed on the device deletes it from that device. The record of the file is removed from the list in the Active threats folder.
Page topSaving an unprocessed file to disk
Kaspersky Security Center allows you to save to disk copies of unprocessed files found on client devices. Files are copied to the device with Kaspersky Security Center installed, to the specified folder. You can download a file only if the file is stored in the backup storage of the managed device.
To save a copy of an unprocessed file to disk:
- In the console tree, in the Repositories folder select the Active threats subfolder.
- In the workspace of the Active threats folder, select the files that you have to copy to disk.
- Start copying in one of the following ways:
- By selecting Save to Disk in the context menu of the file.
- By clicking the Save to Disk link in the information box for the selected file.
The security application installed on the client device on which the unprocessed file has been found saves a copy of that file to the specified folder.
Page topDeleting files from the "Active threats" folder
To delete a file from the Active threats folder:
- In the console tree, in the Repositories folder select the Active threats subfolder.
- In the workspace of the Active threats folder, select the files that you have to delete by using the Shift and Ctrl keys.
- Delete the files in one of the following ways:
- By selecting Delete in the context menu of the files.
- By clicking the Delete objects (Delete object if you want to delete one file) link in the information box for the selected files.
The security applications that placed the files in repositories on client devices, will delete the same files from those repositories. The records of the files are removed from the list in the Active threats folder.
Page top