Kaspersky Security Network (KSN)

This section describes how to use an online service infrastructure named Kaspersky Security Network (KSN). The section provides the details on KSN, as well as instructions on how to enable KSN, configure access to KSN, and view the statistics of the use of KSN proxy server.

About KSN

Kaspersky Security Network (KSN) is an online service infrastructure that provides access to the online Knowledge Base of Kaspersky, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives. KSN allows you to use Kaspersky reputation databases to retrieve information about applications installed on managed devices.

Kaspersky Security Center supports the following KSN infrastructure solutions:

• Global KSN is a solution that allows you to exchange information with Kaspersky Security Network. If you participate in KSN, you agree to send to Kaspersky, in automatic mode, information about the operation of Kaspersky applications installed on client devices that are managed through Kaspersky Security Center. Information is transferred in accordance with the current KSN access settings. Kaspersky analysts additionally analyze received information and include it in the reputation and statistical databases of Kaspersky Security Network. Kaspersky Security Center uses this solution by default.
• Private KSN is a solution that allows users of devices with Kaspersky applications installed to obtain access to reputation databases of Kaspersky Security Network, and other statistical data, without sending data to KSN from their own computers. Kaspersky Private Security Network (Private KSN) is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:
  • User devices are not connected to the internet.
  • Transmission of any data outside the country or outside the corporate LAN is prohibited by law or restricted by corporate security policies.

  You can set up access settings of Kaspersky Private Security Network in the KSN Proxy settings section of the Administration Server properties window.

The application prompts you to join KSN while running the Quick Start Wizard. You can start or stop using KSN at any moment when using the application.

You use KSN in accordance with the KSN Statement that you read and accept when you enable KSN. If the KSN Statement is updated, it is displayed to you when you update or upgrade Administration Server. You can accept the updated KSN Statement or decline it. If you decline it, you keep using KSN in accordance with the previous version of KSN Statement that you accepted before.

Client devices managed by the Administration Server interact with KSN through KSN proxy server. KSN proxy server provides the following features:

• Client devices can send requests to KSN and transfer information to KSN even if they do not have direct access to the internet.
• The KSN proxy server caches processed data, thus reducing the load on the outbound channel and the time period spent for waiting for information requested by a client device.

You can configure the KSN proxy server in the KSN Proxy section of the Administration Server properties window.

Setting up access to Kaspersky Security Network

You can set up access to Kaspersky Security Network (KSN) on the Administration Server and on a distribution point.

To set up Administration Server access to Kaspersky Security Network (KSN):

1. Click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the General tab, select the KSN Proxy settings section.
3. Switch the toggle button to the Enable KSN Proxy on Administration Server ENABLED position.

   Data is sent from client devices to KSN in accordance with the Kaspersky Endpoint Security policy, which is active on those client devices. If this check box is cleared, no data will be sent to KSN from the Administration Server and client devices through Kaspersky Security Center. However, client devices can send data to KSN directly (bypassing Kaspersky Security Center), in accordance with their respective settings. The Kaspersky Endpoint Security for Windows policy, which is active on client devices, determines which data will be sent directly (bypassing Kaspersky Security Center) from those devices to KSN.

4. Switch the toggle button to the Use Kaspersky Security Network ENABLED position.

   If this option is enabled, client devices send patch installation results to Kaspersky. When enabling this option, make sure to read and accept the terms of the KSN Statement.

   If you are using

   Private KSN

   Kaspersky Private Security Network is a solution that gives users of devices with Kaspersky applications installed access to reputation databases of Kaspersky Security Network and other statistical data—without sending data from their devices to Kaspersky Security Network. Kaspersky Private Security Network is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:

   • Devices are not connected to the internet.
   • Transmission of any data outside the country or the corporate LAN is prohibited by law or corporate security policies.

   , switch the toggle button to the Use Kaspersky Private Security Network ENABLED position and click the Select file with KSN Proxy settings button to download the settings of Private KSN (files with the extensions pkcs7 and pem). After the settings are downloaded, the interface displays the provider's name and contacts, as well as the creation date of the file with the settings of Private KSN.

   When you enable Private KSN, pay attention to the distribution points configured to send KSN requests directly to the Cloud KSN. The distribution points that have Network Agent version 11 (or earlier) installed will continue to send KSN requests to the Cloud KSN. To reconfigure the distribution points to send KSN requests to Private KSN, enable the Forward KSN requests to Administration Server option for each distribution point. You can enable this option in the distribution point properties or in the Network Agent policy.

   When you switch the toggle button to the Use Kaspersky Private Security Network ENABLED position, a message appears with details about Private KSN.

   The following Kaspersky applications support Private KSN:

   • Kaspersky Security Center 10 Service Pack 1 or later
   • Kaspersky Endpoint Security 10 Service Pack 1 for Windows or later
   • Kaspersky Security for Virtualization 3.0 Agentless Service Pack 2
   • Kaspersky Security for Virtualization 3.0 Service Pack 1 Light Agent

   If you enable Private KSN in Kaspersky Security Center, these applications receive information about supporting Private KSN. In the settings window of the application, in the Kaspersky Security Network subsection of the Advanced Threat Protection section, KSN provider: Private KSN is displayed. Otherwise, KSN provider: Global KSN is displayed.

   If you use application versions earlier than Kaspersky Security for Virtualization 3.0 Agentless Service Pack 2 or earlier than Kaspersky Security for Virtualization 3.0 Service Pack 1 Light Agent when running Private KSN, we recommend that you use secondary Administration Servers for which the use of Private KSN has not been enabled.

   Kaspersky Security Center does not send any statistical data to Kaspersky Security Network if Private KSN is configured in the KSN Proxy settings section of the Administration Server properties window.

   If you have the proxy server settings configured in the Administration Server properties, but your network architecture requires that you use Private KSN directly, enable the Ignore KSC proxy server settings when connecting to Private KSN option. Otherwise, requests from the managed applications cannot reach Private KSN.

5. Configure the Administration Server connection to the KSN proxy service:
   • Under Connection settings, for the TCP port, specify the number of the TCP port that will be used for connecting to the KSN proxy server. The default port to connect to the KSN proxy server is 13111.
   • If you want the Administration Server to connect to the KSN proxy server through a UDP port, enable the Use UDP port option and specify a port number for the UDP port. By default, this option is disabled, and TCP port is used. If this option is enabled, the default UDP port to connect to the KSN proxy server is 15111.
6. Switch the toggle button to the Connect secondary Administration Servers to KSN through primary Administration Server ENABLED position.

   If this option is enabled, secondary Administration Servers use the primary Administration Server as the KSN proxy server. If this option is disabled, secondary Administration Servers connect to KSN on their own. In this case, managed devices use secondary Administration Servers as KSN proxy servers.

   Secondary Administration Servers use the primary Administration Server as a proxy server if in the right pane of the KSN Proxy settings section, in the properties of secondary Administration Servers the toggle button is switched to the Enable KSN Proxy on Administration Server ENABLED position.

7. Click the Save button.

The KSN access settings will be saved.

You can also set up distribution point access to KSN, for example, if you want to reduce the load on the Administration Server. The distribution point that acts as a KSN proxy server sends KSN requests from managed devices to Kaspersky directly, without using the Administration Server.

To set up distribution point access to Kaspersky Security Network (KSN):

1. Make sure that the distribution point is assigned manually.
2. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

3. On the General tab, select the Distribution points section.
4. Click the name of the distribution point to open its properties window.
5. In the distribution point properties window, in the KSN Proxy section, enable the Enable KSN Proxy on distribution point side option, and then enable the Access KSN Cloud / Private KSN directly over the Internet option.
6. Click OK.

The distribution point will act as a KSN proxy server.

Enabling and disabling KSN

To enable KSN:

1. Click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the General tab, select the KSN Proxy settings section.
3. Switch the toggle button to the Enable KSN Proxy on Administration Server ENABLED position.

   The KSN proxy server is enabled.

4. Switch the toggle button to the Use Kaspersky Security Network ENABLED position.

   KSN will be enabled.

   If the toggle button is enabled, client devices send patch installation results to Kaspersky. When enabling this toggle button, you should read and accept the terms of the KSN Statement.

5. Click the Save button.

To disable KSN:

1. Click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the General tab, select the KSN Proxy settings section.
3. Switch the toggle button to the Enable KSN Proxy on Administration Server DISABLED position to disable the KSN proxy service, or switch the toggle button to the Use Kaspersky Security Network DISABLED position.

   If one of these toggle buttons is disabled, client devices will send no patch installation results to Kaspersky.

   If you are using Private KSN, switch the toggle button to the Use Kaspersky Private Security Network DISABLED position.

   KSN will be disabled.

4. Click the Save button.

Viewing the accepted KSN Statement

When you enable Kaspersky Security Network (KSN), you must read and accept the KSN Statement. You can view the accepted KSN Statement at any time.

To view the accepted KSN Statement:

1. Click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the General tab, select the KSN Proxy settings section.
3. Click the View Kaspersky Security Network Statement link.

In the window that opens, you can view the text of the accepted KSN Statement.

Accepting an updated KSN Statement

You use KSN in accordance with the KSN Statement that you read and accept when you enable KSN. If the KSN Statement is updated, it is displayed to you when you update or upgrade Administration Server. You can accept the updated KSN Statement or decline it. If you decline it, you will continue using KSN in accordance with the version of the KSN Statement that you previously accepted.

After updating or upgrading Administration Server, the updated KSN Statement is displayed automatically. If you decline the updated KSN Statement, you can still view and accept it later.

To view and then accept or decline an updated KSN Statement:

1. Click the Several news and updates of different categories available link in the upper-right corner of the main application window.

   The Notifications window opens.

2. Click the View the updated KSN Statement link.

   The Kaspersky Security Network Statement update window opens.

3. Read the KSN Statement, and then make your decision by clicking one of the following buttons:
   • I accept the updated KSN Statement
   • Use KSN under the old Statement

Depending on your choice, KSN keeps working in accordance with the terms of the current or updated KSN Statement. You can view the text of the accepted KSN Statement in the properties of Administration Server at any time.

Checking whether the distribution point works as KSN proxy server

On a managed device assigned to work as a distribution point, you can enable KSN proxy server. A managed device works as KSN proxy server when the ksnproxy service is running on the device. You can check, turn on, or turn off this service on the device locally.

You can assign a Windows-based or a Linux-based device as a distribution point. The method of distribution point checking depends on the operating system of this distribution point.

To check whether the Windows-based distribution point works as KSN proxy server:

1. On the distribution point device, in Windows, open Services (All Programs → Administrative Tools → Services).
2. In the list of services, check whether the ksnproxy service is running.

   If the ksnproxy service is running, then Network Agent on the device participates in Kaspersky Security Network and works as KSN proxy server for the managed devices included in the scope of the distribution point.

If you want, you may turn off the ksnproxy service. In this case, Network Agent on the distribution point stops participating in Kaspersky Security Network. This requires local administrator rights.

To check whether the Linux-based distribution point works as KSN proxy server:

1. On the distribution point device, display the list of running processes.
2. In the list of running processes, check whether the /opt/kaspersky/ksc64/sbin/ksnproxy process is running.

If /opt/kaspersky/ksc64/sbin/ksnproxy process is running, then Network Agent on the device participates in Kaspersky Security Network and works as the KSN proxy server for the managed devices included in the scope of the distribution point.