Advanced features

This section describes a range of additional options of Kaspersky Security Center designed for expanding the functionality of centralized management of applications on devices.

Kaspersky Security Center operation automation. klakaut utility

You can automate the Kaspersky Security Center operation using the klakaut utility. The klakaut utility and a Help system for it are located in the Kaspersky Security Center installation folder.

Custom tools

Kaspersky Security Center allows you to create a list of custom tools (hereinafter also referred to simply as tools), that is, applications activated for a client device in Administration Console, through the Custom tools group of the context menu. Each tool in the list will be associated with a separate menu command, which Administration Console uses to start the application corresponding to that tool.

The applications starts on the administrator's workstation. The application can accept the attributes of a remote client device as command-line arguments (NetBIOS name, DNS name, or IP address). Connection to the remote device can be established through tunneling.

By default, the list of custom tools contains the following service programs for each client device:

• Remote diagnostics is a utility for remote diagnostics of Kaspersky Security Center.
• Remote Desktop is a standard Microsoft Windows component named Remote Desktop Connection.
• Computer Management is a standard Microsoft Windows component.

To add or remove custom tools, or to edit their settings,

In the context menu of the client device, select Custom tools → Configure custom tools.

The Custom tools window opens. In this window, you can add custom tools or edit their settings by using the Add and Modify buttons. To remove a custom tool, click the remove button with the red cross icon ().

Network Agent disk cloning mode

Cloning the hard drive of a reference device is a popular method of software installation on new devices. If Network Agent is running in standard mode on the hard drive of the reference device, the following problem arises:

After the reference disk image with Network Agent is deployed on new devices, they are displayed in Administration Console under a single icon. This problem arises because the cloning procedure causes new devices to keep identical internal data, which allows the Administration Server to associate a device with an icon in Administration Console.

The special Network Agent disk cloning mode allows you to avoid problems with an incorrect display of new devices in Administration Console after cloning. Use this mode when you deploy software (with Network Agent) on new devices by cloning the disk.

In disk cloning mode, Network Agent keeps running but does not connect to the Administration Server. When exiting the cloning mode, Network Agent deletes the internal data, which causes Administration Server to associate multiple devices with a single icon in Administration Console. Upon completing the cloning of the reference device image, new devices are displayed in Administration Console properly (under individual icons).

Network Agent disk cloning mode use scenario

1. The administrator installs Network Agent on the reference device.
2. The administrator checks the Network Agent connection to the Administration Server using the klnagchk utility.
3. The administrator enables the Network Agent disk cloning mode.
4. The administrator installs software and patches on the device, and restarts it as many times as needed.
5. The administrator clones the hard drive of the reference device on any number of devices.
6. Each cloned copy must meet the following conditions:
   1. The device name must be changed.
   2. The device must be restarted.
   3. The disk cloning mode must be disabled.

Enabling and disabling the disk cloning mode using the klmover utility

To enable or disable the Network Agent disk cloning mode:

1. Run the klmover utility on the device with Network Agent installed that you have to clone.

   The klmover utility is located in the Network Agent installation folder.

2. To enable the disk cloning mode, enter the following command at the Windows command prompt: klmover -cloningmode 1.

   Network Agent switches to disk cloning mode.

3. To request the current status of the disk cloning mode, enter the following command at the command prompt: klmover -cloningmode.

   The utility window shows whether the disk cloning mode is enabled or disabled.

4. To disable the disk cloning mode, enter the following command in the utility command line: klmover -cloningmode 0.

Preparing a reference device with Network Agent installed for creating an image of operating system

You may want to create an operating system image of a reference device with Network Agent installed and then to deploy the image on the networked devices. In this case, you create an operating system image of a reference device on which the Network Agent has not yet been started. If you start the Network Agent on a reference device before creating an operating system image, Administration Server's identification of devices deployed from an operating system image of the reference device will be problematic.

To prepare the reference device for creating an image of the operating system:

1. Make sure that the Windows operating system is installed on the reference device and install the other software that you need on that device.
2. On the reference device, in the Windows Network Connections settings, disconnect the reference device from the network where Kaspersky Security Center is installed.
3. On the reference device, start the local installation of Network Agent by using the setup.exe file.

   The Kaspersky Security Center Network Agent Setup Wizard starts. Follow the instructions of the Wizard.

4. On the Administration Server page of the Wizard, specify the Administration Server IP address.

   If you do not know the exact address of the Administration Server, enter localhost. You can change the IP address later by using the klmover utility with the -address key.

5. On the Start application page of the Wizard, disable the Start application during installation option.
6. When the Network Agent installation is complete, do not restart the device before creating an operating system image.

   If you restart the device, you will have to repeat the whole process of preparing a reference device for creation of an operating system image.

7. On the reference device, in the command line, start the sysprep utility and execute the following command: sysprep.exe /generalize /oobe /shutdown.

The reference device is ready for creating an operating system image.

Configuring receipt of messages from File Integrity Monitor

Managed applications such as Kaspersky Security for Windows Server or Kaspersky Security for Virtualization Light Agent send messages from File Integrity Monitor to Kaspersky Security Center. Kaspersky Security Center also allows you to monitor any changes to critically important components of systems (such as web servers and ATMs) and promptly respond to breaches of the integrity of such systems. For these purposes, you can receive messages from the File Integrity Monitor component. The File Integrity Monitor component lets you monitor not only the file system of a device, but also its registry hives, firewall status, and the status of connected hardware.

You must configure Kaspersky Security Center to receive messages from the File Integrity Monitor component without using Kaspersky Security for Windows Server or Kaspersky Security for Virtualization Light Agent.

To configure receipt of messages from File Integrity Monitor:

1. Open the system registry of the device on which Administration Server is installed (for example, locally, using the regedit command in the Start → Run menu).
2. Go to the following hive:
   • For 32-bit systems:

     HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093\1.0.0.0\ServerFlags

   • For 64-bit systems:

     HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1093\1.0.0.0\ServerFlags

3. Create keys:
   • Create the key KLSRV_EVP_FIM_PERIOD_SEC to specify the time period for counting the number of processed events. Specify the following settings:
     1. Specify KLSRV_EVP_FIM_PERIOD_SEC as the key name.
     2. Specify DWORD as the key type.
     3. Specify a range of values for the time interval from 43 200 to 172 800 seconds. By default, the time interval is 86 400 seconds.
   • Create the key KLSRV_EVP_FIM_LIMIT to limit the number of received events for the specified time interval. Specify the following settings:
     1. Specify KLSRV_EVP_FIM_LIMIT as the key name.
     2. Specify DWORD as the key type.
     3. Specify a range of values for received events from 2 000 to 50 000. The default number of events is 20 000.
   • Create the key KLSRV_EVP_FIM_PERIOD_ACCURACY_SEC to count events with accuracy up to a specific time interval. Specify the following settings:
     1. Specify KLSRV_EVP_FIM_PERIOD_ACCURACY_SEC as the key name.
     2. Specify DWORD as the key type.
     3. Specify a range of values from 120 to 600 seconds. The default time interval is 300 seconds.
   • Create the key KLSRV_EVP_FIM_OVERFLOW_LATENCY_SEC so that, after the specified amount of time, the application can check whether the number of events processed over the time interval is turning out to be less than the specified limit. This check is performed upon reaching the limit for receiving events. If this condition is met, the application resumes saving events to the database. Specify the following settings:
     1. Specify KLSRV_EVP_FIM_OVERFLOW_LATENCY_SEC as the key name.
     2. Specify DWORD as the key type.
     3. Specify a range of values from 600 to 3 600 seconds. The default time interval is 1 800 seconds.

   If the keys are not created, the default values are used.

4. Restart the Administration Server service.

The limits on receiving events from the File Integrity Monitor component will be configured. You can view the results of the File Integrity Monitor component in the reports named Top 10 rules of File Integrity Monitor / System Integrity Monitoring that were triggered on devices most frequently and Top 10 devices with File Integrity Monitor / System Integrity Monitoring rules most frequently triggered.

Administration Server maintenance

The Administration Server maintenance allows you to reduce the database volume, and improve the performance and operation reliability of the application. We recommend that you maintain the Administration Server at least every week.

The Administration Server maintenance is performed using the dedicated task. The application performs the following actions when maintaining the Administration Server:

• Checks the database for errors.
• Re-organizes database indexes.
• Updates the database statistics.
• Shrinks the database (if necessary).

The Administration Server maintenance task supports MariaDB versions 10.3 and later. If you use MariaDB versions 10.2 or earlier, administrators have to maintain this DBMS on their own.

To create the Administration Server maintenance task:

1. In the console tree, select the node of the Administration Server for which you want to create the Administration Server maintenance task.
2. Select the Tasks folder.
3. By clicking the New task button in the workspace of the Tasks folder.

   The Add Task Wizard starts.

4. In the Select the task type window of the Wizard, select Administration Server maintenance as the task type and click Next.
5. If you have to shrink the Administration Server database during maintenance, in the Settings window of the Wizard, select the Shrink database check box.
6. Follow the rest of the Wizard instructions.

The newly created task is displayed in the list of tasks in the workspace of the Tasks folder. Only one Administration Server maintenance task can be running for a single Administration Server. If an Administration Server maintenance task has already been created for an Administration Server, no new Administration Server maintenance task can be created.

User notification method window

In the User notification method window, you can configure the user notification about certificate installation on the mobile device:

• Show link in Wizard. If you select this option, a link to the installation package will be shown at the final step of the New Device Connection Wizard.
• Send link to user. If you select this option, you can specify the settings for notifying the user about connection of a device.

In the By email group of settings, you can configure user notification about installation of a new certificate on his or her mobile device using email messages. This notification method is only available if the SMTP Server is enabled.

In the By SMS group of settings, you can configure the user notification about installation of a certificate on his or her mobile device by using SMS. This notification method is only available if SMS notification is enabled.

Click the Edit message link in the By email and By SMS groups of settings to view and edit the notification message, if necessary.

General section

Expand all | Collapse all

In this section, you can adjust the general profile settings for Exchange ActiveSync mobile devices:

• Name

  Profile name.

• Allow non-provisionable devices

  If this option is enabled, devices that cannot access all the Exchange ActiveSync policy settings are allowed to connect to Mobile Device Server. By using the connection, you can manage Exchange ActiveSync mobile devices. For example, you can set passwords, configure sending emails, or view information about the devices, such as the device ID or the policy status.

  If this option is disabled, you cannot connect to the Mobile Device Server and manage Exchange ActiveSync mobile devices.

  By default, this option is enabled. You can disable this option if you are not going to manage Exchange ActiveSync mobile devices and receive information about them.

• Updating frequency (hours)

  If this option is enabled, the application refreshes information about the Exchange ActiveSync policy with the frequency specified in the entry field.

  If the option is disabled, information about the Exchange ActiveSync policy is not refreshed.

  By default, this option is enabled, and the refreshing interval is one hour.

Device selection window

Choose a selection from the Device selection list. The list contains the default selections and the selections created by the user.

You can view the details of device selections in the workspace of the Device selections section.

Define the name of the new object window

In the window, specify the name of the newly created object. A name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).

Application categories section

Expand all | Collapse all

In this section, you can configure the distribution of information about application categories on client devices.

Full data transmission (for Network Agents Service Pack 2 and earlier)

Transmission of modified data only (for Network Agents Service Pack 2 and later)