Contents
Other routine work
This section provides recommendations on routine work with Kaspersky Security Center.
Monitoring traffic lights and logged events in Administration Console
Administration Console allows you to quickly assess the current status of Kaspersky Security Center and managed devices by checking traffic lights. The traffic lights are shown in the workspace of the Administration Server node, on the Monitoring tab. The tab provides six information panels with traffic lights and logged events. A traffic light is a colored vertical bar on the left side of a panel. Each panel with a traffic light corresponds to a specific functional scope of Kaspersky Security Center (see the table below).
Scopes covered by traffic lights in Administration Console
Panel name |
Traffic light scope |
|---|---|
Deployment |
Installing Network Agent and security applications on devices on an organization's network |
Management scheme |
Structure of administration groups. Network scanning. Device moving rules |
Protection settings |
Security application functionality: protection status, virus scanning |
Update |
Updates and patches |
Monitoring |
Protection status |
Administration Server |
Administration Server features and properties |
Each traffic light can be any of these five colors (see the table below). The color of a traffic light depends on the current status of Kaspersky Security Center and on events that were logged.
Color codes of traffic lights
Status |
Traffic light color |
Traffic light color meaning |
|---|---|---|
Informational |
Green |
Administrator's intervention is not required. |
Warning |
Yellow |
Administrator's intervention is required. |
Critical |
Red |
Serious problems have been encountered. Administrator's intervention is required to solve them. |
Informational |
Light blue |
Events have been logged that are unrelated to potential or actual threats to the security of managed devices. |
Informational |
Gray |
The details of events are not available or have not yet been retrieved. |
The administrator's goal is to keep traffic lights on all of the information panels on the Monitoring tab green.
The information panels also show logged events that affect traffic lights and the status of Kaspersky Security Center (see the table below).
Name, description, and traffic light colors of logged events
Traffic light color |
Event type display name |
Event type |
Description |
|---|---|---|---|
Red |
License expired on %1 device(s) |
IDS_AK_STATUS_LIC_EXPAIRED |
Events of this type occur when the commercial license has expired. Once a day Kaspersky Security Center checks whether the license has expired on the devices. When the commercial license expires, Kaspersky Security Center provides only basic functionality. To continue using Kaspersky Security Center, renew your commercial license. |
Red |
Security application is not running on: %1 device(s) |
IDS_AK_STATUS_AV_NOT_RUNNING |
Events of this type occur when the security application installed on the device is not running. Make sure that Kaspersky Endpoint Security is running on the device. |
Red |
Protection is disabled on: %1 device(s) |
IDS_AK_STATUS_RTP_NOT_RUNNING |
Events of this type occur when the security application on the device has been disabled for longer than the specified time interval. Check the current status of real-time protection on the device and make sure that all the protection components that you need are enabled. |
Red |
A software vulnerability has been detected on devices |
IDS_AK_STATUS_VULNERABILITIES_FOUND |
Events of this type occur when the Find vulnerabilities and required updates task has detected vulnerabilities with the severity level specified in applications installed on the device. Check the list of available updates in the Software updates subfolder included in the Application management folder. This folder contains a list of updates for Microsoft applications and other software vendors products retrieved by Administration Server, which can be distributed to devices. After viewing information about available updates, install them on the device. |
Red |
Critical events have been registered on the Administration Server |
IDS_AK_STATUS_EVENTS_OCCURED |
Events of this type occur when Administration Server critical events are detected. Check the list of events stored on the Administration Server, and then fix the critical events one by one. |
Red |
Errors have been logged in events on the Administration Server |
IDS_AK_STATUS_ERROR_EVENTS_OCCURED |
Events of this type occur when unexpected errors are logged on the Administration Server side. Check the list of events stored on the Administration Server, and then fix the errors one by one. |
Red |
Lost connection to %1 device(s) |
IDS_AK_STATUS_ADM_LOST_CONTROL1 |
Events of this type occur when the connection between the Administration Server and the device is lost. View the list of disconnected devices and try to reconnect them. |
Red |
%1 device (s) have not connected to the Administration Server in a long time |
IDS_AK_STATUS_ADM_NOT_CONNECTED1 |
Events of this type occur when the device has not connected to the Administration Server within the specified time interval, because the device was turned off. Make sure that the device is turned on and that Network Agent is running. |
Red |
%1 device(s) have a status other than OK |
IDS_AK_STATUS_HOST_NOT_OK |
Events of this type occur when the OK status of the device connected to the Administration Server changes to Critical or Warning. You can troubleshoot the problem by using the Kaspersky Security Center remote diagnostics utility. |
Red |
Databases are outdated on: %1 device(s) |
IDS_AK_STATUS_UPD_HOSTS_NOT_UPDATED |
Events of this type occur when the anti-virus databases have not been updated on the device within the specified time interval. Follow the instructions to update Kaspersky databases. |
Red |
Device(s) where check for Windows Update updates has not been performed in a long time: %1 |
IDS_AK_STATUS_WUA_DATA_OBSOLETE |
Events of this type occur when the Perform Windows Update synchronization task has not been run within the specified time interval. Follow the instructions to synchronize updates from Windows Update with Administration Server. |
Red |
%n plug-in(s) for Kaspersky Security Center 13.1 must be installed |
IDS_AK_STATUS_PLUGINS_REQUIRED |
Events of this type occur when you need to install additional plug-ins for Kaspersky applications. Download and install the required management plug-ins for the Kaspersky application from the Kaspersky Technical Support webpage. |
Remote access to managed devices
This section provides information about remote access to managed devices.
Access to local tasks and statistics, "Do not disconnect from the Administration Server" check box
By default, Kaspersky Security Center does not feature continuous connectivity between managed devices and the Administration Server. Network Agents on managed devices periodically establish connections and synchronize with the Administration Server. The interval between those synchronization sessions (by default, it is 15 minutes) is defined in a policy of Network Agent. If an early synchronization is required (for example, to force the application of a policy), the Administration Server sends Network Agent a signed network packet to port UDP 15000. If no connection through UDP is possible between the Administration Server and a managed device for any reason, synchronization will run at the next regular connection of Network Agent to the Administration Server within the synchronization interval.
Some operations cannot be performed without an early connection between Network Agent and the Administration Server, such as running and stopping local tasks, receiving statistics for a managed application (security application or Network Agent), creating a tunnel, etc. To resolve this issue, in the properties of the managed device (General section), select the Do not disconnect from the Administration Server check box. If the managed device accesses the Administration Server through a distribution point running in gateway mode, not directly, this check box must be selected in the properties of the device, which acts as the distribution point and functions as the gateway. The maximum total number of devices with the Do not disconnect from the Administration Server check box selected is 300.
Page topAbout checking the time of connection between a device and the Administration Server
Upon shutting down a device, Network Agent notifies the Administration Server of this event. In Administration Console that device is displayed as shut down. However, Network Agent cannot notify Administration Server of all such events. The Administration Server, therefore, periodically analyzes the Connected to Administration Server attribute (the value of this attribute is displayed in Administration Console, in the device properties, in the General section) for each device and compares it against the synchronization interval from the current settings of Network Agent. If a device has not responded over more than three successive synchronization intervals, that device is marked as shut down.
Page topAbout forced synchronization
Although Kaspersky Security Center automatically synchronizes the status, settings, tasks, and policies for managed devices, in some cases the administrator needs to know exactly whether synchronization has already been performed for a specified device at the present moment.
In the context menu of managed devices in Administration Console, the All tasks menu item contains the Force synchronization command. When Kaspersky Security Center 13.1 executes this command, the Administration Server attempts to connect to the device. If this attempt is successful, forced synchronization will be performed. Otherwise, synchronization will be forced only after the next scheduled connection between Network Agent and the Administration Server.
About tunneling
Kaspersky Security Center allows tunneling TCP connections from Administration Console via the Administration Server and then via Network Agent to a specified port on a managed device. Tunneling is designed for connecting a client application on a device with Administration Console installed to a TCP port on a managed device—if no direct connection is possible between Administration Console and the target device.
For example, tunneling is used for connections to a remote desktop, both for connecting to an existing session, and for creating a new remote session.
Tunneling can also be enabled by using external tools. For example, the administrator can run the putty utility, the VNC client, and other tools in this way.
Page top