- About this Help Guide
- About Kaspersky Security for Virtualization 6.1 Agentless
- What’s new
- Application architecture
- Managing the application via Kaspersky Security Center
- Preparing for application installation
- Installing the application
- Installation of the Kaspersky Security main administration plug-in and Integration Server
- Installation of the Kaspersky Security administration plug-in for tenants
- Result of installation of the Kaspersky Security administration plug-ins and Integration Server
- Configuring the Integration Server
- Registration of Kaspersky Security services
- Connecting to VMware NSX Manager
- Selecting an SVM image for the file system protection service
- Selecting an SVM image for the network protection service
- Selecting the traffic processing mode for the Network Threat Protection component
- Configuring the connection settings for an SVM
- Creating passwords for accounts on SVMs
- Selecting the time zone for SVMs
- Configuring the settings for connecting to network data storage
- Confirming Kaspersky Security settings
- Registration of Kaspersky Security services
- Exiting the wizard
- Viewing registered services
- Deploying SVMs and configuring protection settings in the infrastructure managed by VMware NSX-T Manager
- Deploying SVMs with the File Threat Protection component in the infrastructure managed by VMware NSX-T Manager
- Deploying SVMs with the Network Threat Protection component in the infrastructure managed by VMware NSX-T Manager
- Configuring NSX Groups in the infrastructure managed by VMware NSX-T Manager
- Configuring and applying NSX Policy for File Threat Protection in the Infrastructure managed by VMware NSX-T Manager
- Configuring and applying NSX Policy for Network Threat Protection in the Infrastructure managed by VMware NSX-T Manager
- Deploying SVMs and configuring protection settings in the infrastructure managed by VMware NSX-V Manager
- Preparing the application for operation and initial configuration
- Configuring protection of tenant organizations
- Creating a virtual Administration Server for a tenant
- Connecting the Integration Server to the Kaspersky Security Center Administration Server
- Configuring a list of mappings between Cloud Director organizations and virtual Administration Servers
- Working with the tenant virtual machine protection report
- Upgrading from a previous version of the application
- Application upgrade when migrating to VMware NSX-T platform
- Application upgrade in the infrastructure managed by VMware NSX-V Manager
- Upgrade of administration plug-in for Kaspersky Security, Integration Server, and Integration Server Console
- Updating SVM in the infrastructure managed by VMware NSX-V Manager
- Changing settings of Kaspersky Security
- Changing the connection settings for interaction between the Integration Server and VMware NSX Manager
- Changing the SVM image for the file system protection service
- Changing the SVM image for the network protection service
- Viewing information about the traffic processing mode for the Network Threat Protection component
- Changing the connection settings for an SVM
- Changing passwords for accounts on SVMs
- Changing the time zone for SVMs
- Changing settings for connecting to network data storage
- Starting Kaspersky Security reconfiguration
- Kaspersky Security reconfiguration process
- Exiting the wizard
- Removing the application
- Removing Kaspersky Security components in the virtual infrastructure managed by VMware NSX-T Manager
- Removing Kaspersky Security components in the virtual infrastructure managed by VMware NSX-V Manager
- Unregistering Kaspersky Security services and the Integration Server
- Removing the Kaspersky Security main administration plug-in and Integration Server
- Removing the Kaspersky Security administration plug-in for tenants
- Application licensing
- About the End User License Agreement
- About data provision
- About the license
- About the License Certificate
- About the license key
- About the key file
- About the activation code
- About subscription
- About application activation
- Application activation procedure
- Renewing a license
- Renewing subscription
- Viewing information about keys in use
- Starting and stopping the application
- Protection status
- Virtual machine file threat protection
- Conditions for protection of virtual machines against file threats
- Configuring main protection profile settings
- Managing additional protection profiles
- Creating an additional protection profile
- Viewing the protected infrastructure in a policy
- Information about the assignment of file protection settings using the virtual infrastructure tree
- Information about assigning the file protection settings using NSX Vendor Template (in infrastructure managed by VMware NSX-T Manager)
- Information about assigning the file protection settings using NSX Profile Configuration (in infrastructure managed by VMware NSX-V Manager)
- Assigning protection profiles to virtual infrastructure objects
- Assigning protection profile using NSX Vendor Templates / NSX Profile Configurations
- Changing the protected infrastructure for a policy
- Disabling file threat protection for virtual infrastructure objects
- Scanning virtual machines
- Conditions for anti-virus scan of virtual machines
- Creating a full scan task
- Creating a custom scan task by using the main plug-in
- Creating a custom scan task by using the tenant plug-in
- Configuring virtual machine scan settings in a scan task
- Configuring the scan scope in a scan task
- Configuring the Custom Scan task scope
- Configuring the scan task run schedule
- Network Threat Protection
- Application database update
- Backup
- Events, notifications, and reports
- Participating in Kaspersky Security Network
- SNMP Monitoring of SVM status
- Automatic installation of application patches
- Instructions on managing the application for a tenant organization administrator
- About Kaspersky Security for Virtualization 6.1 Agentless
- Deploying protection of the virtual infrastructure of a tenant organization
- Managing File Threat Protection
- Scanning virtual machines
- Participating in Kaspersky Security Network
- Obtaining protection status information
- Removing the Kaspersky Security administration plug-in for tenants
- Contact Technical Support
- Sources of information about the application
- Appendix. Brief instructions on installing the application
- Glossary
- Activating an application
- Activation code
- Active key
- Administration group
- Administration Server
- Application activation task
- Application database update task
- Backup
- Backup copy of a file
- Compound file
- Custom Scan task
- Database of malicious web addresses
- Database of phishing web addresses
- Desktop key
- End User License Agreement
- Full Scan task
- Kaspersky CompanyAccount
- Kaspersky Security Network (KSN)
- Key file
- Key with a limitation on the number of processor cores
- Key with a limitation on the number of processors
- KSC cluster
- KSC cluster protected infrastructure
- License
- License certificate
- License key (key)
- Main protection profile
- Multitenancy mode
- Network Agent
- OLE object
- Policy
- Protection profile
- Reserve key
- Server key
- SVM
- Update rollback task
- Updates source
- Information about third-party code
- Trademark notices
Configuring Network Attack Blocker settings
To configure the Network Attack Blocker settings:
- In the Kaspersky Security Center Administration Console, open the properties of the policy whose scope includes the relevant virtual machines:
- In the console tree, select the folder or administration group in which the policy was created.
- In the workspace, select the Policies tab.
- Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
- In the policy properties window, in the Network threat protection section, select the Intrusion Prevention subsection.
- Select the Detect network attacks check box if the network attack detection function is disabled.
- Select an action in the drop-down list Action on detection of a network attack, if network protection is operating in standard mode.
This drop-down list contains the actions that Kaspersky Security can perform when it detects a network attack on a protected virtual machine, if network protection is enabled in standard mode. You can select one of the following options:
- Ignore. Kaspersky Security does not perform any actions to prevent the network attack.
- Terminate connection. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated.
- Terminate connection and block traffic from sender's IP address. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated, and also blocks traffic from this IP address. Traffic is blocked in the specific VLAN in which the attempted network attack was detected. The duration for blocking traffic is configured in the On threat detection, block traffic for N minutes field.
This action is selected by default.
Information about detected network attacks and the actions taken is sent to Kaspersky Security Center.
You can select an action if the Detect network attacks check box is selected.
If network protection works in the monitoring mode, when Kaspersky Security detects a network attack it performs the Ignore action.
- If necessary, change the value of the setting On threat detection, block traffic for N minutes.
The duration for blocking the traffic from IP address from which the network attack or suspicious network activity originated. When determining the source of a network attack or suspicious network activity, the application takes into account whether or not the traffic is from a virtual LAN (VLAN). Kaspersky Security blocks traffic from an IP address only in the VLAN in which a network attack or suspicious network activity was detected.
The default blocking duration is 60 minutes.
- If necessary, configure network threat protection exclusion rules that Kaspersky Security will use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.
- In the Properties: <Policy name> window, click OK.