Kaspersky Secure Mobility Management
4.0
English

Contents

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installing Kaspersky Endpoint Security for Android

This section describes the methods for deploying Kaspersky Endpoint Security for Android on a corporate network.

In this section

Permissions

Installation of Kaspersky Endpoint Security for Android on personal devices

Installation of Kaspersky Endpoint Security for Android in device owner mode

Installation of Kaspersky Endpoint Security for Android in device owner mode in a closed network

Other methods of installation of Kaspersky Endpoint Security for Android

Configuring synchronization settings
Page top
[Topic 141433]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Permissions

For all features of apps, Kaspersky Endpoint Security for Android prompts the user for the required permissions. Kaspersky Endpoint Security for Android prompts for the mandatory permissions while completing the Setup Wizard, as well as after installation prior to using individual features of apps. It is impossible to install Kaspersky Endpoint Security for Android without providing the mandatory permissions.

On certain devices (for example, HUAWEI, Meizu, and Xiaomi), you must manually add Kaspersky Endpoint Security for Android to the list of apps that are started when the operating system starts in the device settings. If the app is not added to the list, Kaspersky Endpoint Security for Android stops performing all of its functions after the mobile device is restarted.

On devices running Android 11 or later or Android 6-10 with Google Play services, you must disable the Remove permissions if app isn't used system setting. Otherwise, after the app is not used for a few months, the system automatically resets the permissions that the user granted to the app.

Permissions requested by Kaspersky Endpoint Security for Android

Permission

App function

Phone (for Android 5.0 – 9)

Connect to Kaspersky Security Center (device ID)

Storage (mandatory)

Anti-Malware

Access to manage all files (for Android 11 or later)

Anti-Malware

Nearby Bluetooth devices (for Android 12 or later)

Restrict use of Bluetooth

On some Xiaomi and HUAWEI devices running Android 12, Kaspersky Endpoint Security for Android does not prompt the user for the Nearby Bluetooth devices permission. This issue is caused by the specific features of MIUI firmware on Xiaomi and EMUI firmware on HUAWEI. Despite the absence of the request for this permission, all features related to using Bluetooth work correctly on these devices.

Ignore battery optimization (for Android 12 or later)

 

App Control

Web Protection

Anti-Theft

Notifications (for Android 13)

Notify the user about security issues and app events

Allow running in the background (for Android 12 or later)

Ensure continuous operation of the app. If permission is not granted, the app may be unloaded from memory and unable to restart.

Device administrator (mandatory)

 

Anti-Theft – lock the device (only for Android 5.0 – 6)

Anti-Theft – take a mugshot with frontal camera

Anti-Theft – sound an alarm

Anti-Theft – full reset

Password protection

App removal protection

Install security certificate

App Control

Manage KNOX (only for Samsung devices)

Configure Wi-Fi

Configure Exchange ActiveSync

Restrict use of the camera, Bluetooth, and Wi-Fi

 

 

Camera

Anti-Theft – take a mugshot with frontal camera

On devices running Android 11 or later, the user must grant the "While using the app" permission when prompted.

Location

Anti-Theft – locate device

On devices running Android 10 or later, the user must grant the "All the time" permission when prompted.

Accessibility

Anti-Theft – lock the device (only for Android 7.0 or later)

Web Protection

App Control

App removal protection (only for Android 7.0 or later)

Display of warnings of Kaspersky Endpoint Security for Android (only for Android 10 or later)

Restrict use of the camera (only for Android 11 or later)

 

 

Display pop-up window (for some Xiaomi devices)

Web Protection

Display pop-up windows while running in the background (for some Xiaomi devices)

Web Protection

Run in the background (for Xiaomi devices with MIUI firmware on Android 11 or earlier)

App Control

Web Protection

Anti-Theft

Page top
[Topic 150051]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installation of Kaspersky Endpoint Security for Android on personal devices

Kaspersky Endpoint Security for Android is installed on the mobile devices of users whose user accounts have been added in Kaspersky Security Center. For more details about user accounts in Kaspersky Security Center, please refer to Kaspersky Security Center Help.

Expand all | Collapse all

You can install the Kaspersky Endpoint Security for Android app on devices through Kaspersky Security Center by using one of the following methods:

  • Download the app from Google Play (recommended method)

    The user will receive a link to Google Play. The app can be installed by following the standard installation procedure on the Android platform. Additional configuration of Kaspersky Endpoint Security for Android after installation is not required.

    Some HUAWEI and Honor devices do not have Google services and therefore an access to apps in Google Play. If some users of HUAWEI and Honor devices cannot install the app from Google Play, they should be instructed to install the app from HUAWEI App Gallery.

    The link contains the following data:

    • Kaspersky Security Center synchronization settings.
    • Mobile certificate.
    • Indicator of acceptance of the Terms and Conditions of the End User License Agreement for Kaspersky Endpoint Security for Android and additional Statements. If the administrator accepts the terms of License Agreement and additional Statements in the Administration Console, Kaspersky Endpoint Security for Android skips the acceptance step during installation of the app.
  • Download the app installation package from Kaspersky Security Center

    The app's installation package will be downloaded from the Kaspersky Security Center server. The app will also be updated through Kaspersky Security Center using policy settings. You can also choose this method if mobile devices in your company have no access to the internet.

    For this method, perform the pre-configuring steps below:

    1. Create and configure an app installation package.
    2. Create a standalone installation package.

    When deploying the app via the installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, the Blocked by Play Protect message may appear on the device. The issue is caused by the installation package signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.

To install Kaspersky Endpoint Security for Android through Kaspersky Security Center on personal devices:

  1. In the console tree, select the Mobile Device ManagementMobile devices folder.
  2. In the workspace of the Mobile devices folder, click the Add mobile device button.

    This starts the New Mobile Device Connection Wizard. Follow the instructions of the Wizard.

  3. In the Operating system section, select Android.
  4. In the Device type section, select Personal device.

    Kaspersky Security Center checks for administration plug-in updates. If Kaspersky Security Center detects updates, you can install the new version of the administration plug-in. When the administration plug-in is updated, you can accept the Terms and Conditions of the End User of the License Agreement (EULA) and additional Statements for Kaspersky Endpoint Security for Android. If the administrator accepts the License Agreement and additional Statements in Administration Console, Kaspersky Endpoint Security for Android skips the acceptance step during installation of the app. This feature is available in Kaspersky Security Center version 12.

  5. At the Method to install Kaspersky Endpoint Security for Android on devices step of the wizard, select one of two options:
    • Download the app from Google Play (recommended default option)
    • Download the app installation package from Kaspersky Security Center if Google Play cannot be used for some reason or you need a specific version of the app (for example, for device owner mode)
  6. At the Select users step of the wizard, select one or more users for installation of Kaspersky Endpoint Security for Android to their mobile devices.

    If a user is not in the list, you can add a new user account without exiting the Mobile Device Connection wizard.

  7. At the Certificate source step of the wizard, select the source of the certificate for protection of data transfer between Kaspersky Endpoint Security for Android and Kaspersky Security Center:
    • Issue certificate through Administration Server tools. In this case, the certificate will be created automatically.
    • Specify certificate file. In this case, your own certificate must be prepared ahead of time and then selected in the window of the wizard. This option cannot be used if you want to install Kaspersky Endpoint Security for Android to several mobile devices. A separate certificate must be created for each user.
  8. At the User notification method step of the wizard, select the method to be used to send the QR code for app installation:
    • Select Show QR code in wizard to scan the QR code with the camera of the mobile device on which you want to install the app.
    • Select Send QR code to user to send the QR code with the corresponding link by email to the selected users in your organization. To install the app, a user must then scan the QR code using the camera of the mobile device or open the link to the installation package.

      If you select this method, specify the following parameters in the By email section:

      1. Select the User emails check box. In the drop-down list, select one of the following options:
        • All emails
        • Main email
        • Alternate email

        These email addresses must be specified in the user account settings in Kaspersky Security Center.

      2. If you want to send the QR code to an email address that is not specified in the user account settings in Kaspersky Security Center, select the Another email check box, and then specify the required email address.
      3. Click the Edit message button to configure the subject and the text of the notification message.

        If you selected the Prompt for password during certificate installation check box in the Issuance of mobile certificates section, add the %PASS% macro to the text of a notification message to send a password to the user. Otherwise, a warning appears and the notification message cannot be sent.

      Click the Next button to send the generated email message.

  9. The Result step of the wizard displays a summary of the entered information. Scan the QR code if you selected the Show QR code in wizard option at the previous step of the wizard.
  10. Click Finish to close the Mobile Device Connection wizard.

After installing Kaspersky Endpoint Security for Android on users' mobile devices, you will be able to configure the settings for devices and apps by using group policies. You will also be able to send commands to mobile devices for data protection in case devices are lost or stolen.

Page top
[Topic 141434]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installation of Kaspersky Endpoint Security for Android in device owner mode

Expand all | Collapse all

Device owner mode is the device operation mode for company-owned Android devices. This mode lets you have full control over the entire device and configure a wide range of device functions.

Kaspersky Security Center lets you install the Kaspersky Endpoint Security for Android app in device owner mode by generating a QR code for app installation on the device.

Kaspersky Endpoint Security for Android is installed on the mobile devices of users whose user accounts have been added in Kaspersky Security Center. For more details about user accounts in Kaspersky Security Center, please refer to Kaspersky Security Center Help.

Ways to install the app

The Kaspersky Endpoint Security for Android app can be installed via a QR code in one of the following ways:

  • Download the app from Kaspersky website

    Choose this method for mobile devices that can access the internet to download the APK installation file from the Kaspersky website. The app will then be updated using Google Play or HUAWEI AppGallery.

  • Download the app installation package from Kaspersky Security Center

    The app's installation package will be downloaded from the Kaspersky Security Center server. The app will also be updated through Kaspersky Security Center using policy settings. You can also choose this method if mobile devices in your company have no access to the internet.

    For this method, follow the steps below before generating a QR-code:

    1. Create and configure an app installation package.
    2. Create a standalone installation package.

      When deploying the app via the installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, the Blocked by Play Protect message may appear on the device. The issue is caused by the installation package signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.

Generating QR code for app installation

To generate a QR code for app installation in device owner mode:

  1. In the console tree, select the Mobile Device ManagementMobile devices folder.
  2. In the workspace of the Mobile devices folder, click the Add mobile device button.

    This starts the New Mobile Device Connection Wizard. Follow the instructions of the Wizard.

  3. In the Operating system section, select Android.
  4. In the Device type section, select Company-owned device (device owner mode).
  5. In the Network for downloading the Kaspersky Endpoint Security app section, select one of the following options:
    • Prompt the user to select a Wi-Fi network on the device

      If you choose this option, the device user will be prompted to connect to any available Wi-Fi network for downloading the app.

      This option is selected by default.

    • Use only the specified Wi-Fi network (Android 9 or later)

      If you choose this option, the device will try to automatically connect to the network that you have specified. This option is supported on Android 9.0 or later.

      Be sure to correctly specify all the network parameters. Otherwise, if any parameter is incorrect or the network is not available, the installation process will be interrupted and the device will be reset to the factory settings.

      To configure the connection for the required Wi-Fi network, click the Specify network button. In the Wi-Fi network for downloading Kaspersky Endpoint Security window, specify the following parameters:

      • Service set identifier (SSID)

        Specifies a name of a wireless network with an access point (SSID). The wireless network name should not be longer than 32 characters.

      • Hidden network

        Specifies whether the selected network broadcasts its SSID.

        The checkbox is cleared by default.

      • Network protection

        Specifies a wireless network security type. Possible values:

        • Open - If selected, the network is not protected (default).
        • WEP (Android 9 or earlier) - If selected, the network is protected using the WEP protocol. This option requires entering a password for accessing the network and applies only to Android 9 and earlier.
        • WPA2 PSK - If selected, the network is protected using the WPA 2 PSK security protocol. This option requires entering a password for accessing the network.
      • Password (will be sent in unencrypted form)

        Specifies a password for accessing a wireless network protected using a WEP or WPA2 PSK protocol. The password will be sent in QR code.

        Do not use a password for a confidential Wi-Fi network. The password is sent to the user in the open way along with other necessary configuration data.

      • Do not use proxy server

        Specifies that proxy server is not used (default).

      • Use proxy server

        Specifies the use of proxy server. If this option is selected, you need to provide proxy server address and port. You can also specify a list of sites for which the proxy will be bypassed.

      • Proxy server address

        Specifies the IP address or the symbol name (web-address) of the proxy server. The maximum number of symbols is 256.

      • Proxy server port

        Specifies the port number of the proxy server. The value should be in the interval between 0 and 65536.

      • Do not use proxy server for addresses

        Specifies addresses of websites for which the proxy server should not be used.

        For example, you can enter the address example.com. In this case, the proxy server will not be used for the addresses pictures.example.com, example.com/movies, etc. The protocol (for example, http://) can be omitted.

      • PAC file URL

        A URL to a proxy auto-configuration (PAC) file for the Wi-Fi network.

    • Try to use mobile data (Android 8.0 or later)

      If you choose this option, the device will try to use mobile data to download the app. If the device does not have a SIM card, or the mobile network is not available, the user will be prompted to select any available Wi-Fi network.

      This option is supported on Android 8.0 or later.

  6. In the Additional section, select the Enable all system apps check box if you want system apps to be active on the device. If the check box is cleared, all system apps are disabled.
  7. Click Next.

    Kaspersky Security Center checks for administration plug-in updates. If Kaspersky Security Center detects updates, you can install the new version of the administration plug-in. When the administration plug-in is updated, you can accept the Terms and Conditions of the End User of the License Agreement (EULA) and additional Statements for Kaspersky Endpoint Security for Android. If the administrator accepts the License Agreement and additional Statements in Administration Console, Kaspersky Endpoint Security for Android skips the acceptance step during installation of the app.

  8. At the Method to install Kaspersky Endpoint Security for Android on devices in device owner mode step, select an installation method:
    • Download the app from Kaspersky website
    • Download the app installation package from Kaspersky Security Center

      If you choose this option, leave the Allow HTTP use for app download in device owner mode check box selected to ensure the app is downloaded. Otherwise, the app will be downloaded via HTTPS only if the Kaspersky Security Center Web Server certificate was issued by a trusted certificate authority.

    For more details about these methods, see the Ways to install the app section above.

  9. At the Select users step of the wizard, select one or more users for installation of Kaspersky Endpoint Security for Android to their mobile devices.

    If a user is not in the list, you can add a new user account without exiting the Mobile Device Connection wizard.

  10. At the Certificate source step of the wizard, select the source of the certificate for protection of data transfer between Kaspersky Endpoint Security for Android and Kaspersky Security Center:
    • Issue certificate through Administration Server tools. In this case, the certificate will be created automatically.
    • Specify certificate file. In this case, your own certificate must be prepared ahead of time and then selected in the window of the wizard. This option cannot be used if you want to install Kaspersky Endpoint Security for Android to several mobile devices. A separate certificate must be created for each user.
  11. At the User notification method step of the wizard, select the method to be used to send the QR code for app installation:
    • Select Show QR code in wizard to scan the QR code with the camera of the mobile device on which you want to install the app.
    • Select Send QR code to user to send the QR code with the corresponding link by email to the selected users in your organization. To install the app, a user must then scan the QR code using the camera of the mobile device or open the link to the installation package.

      If you select this method, specify the following parameters in the By email section:

      1. Select the User emails check box. In the drop-down list, select one of the following options:
        • All emails
        • Main email
        • Alternate email

        These email addresses must be specified in the user account settings in Kaspersky Security Center.

      2. If you want to send the QR code to an email address that is not specified in the user account settings in Kaspersky Security Center, select the Another email check box, and then specify the required email address.
      3. Click the Edit message button to configure the subject and the text of the notification message.

        If you selected the Prompt for password during certificate installation check box in the Issuance of mobile certificates section, add the %PASS% macro to the text of a notification message to send a password to the user. Otherwise, a warning appears and the notification message cannot be sent.

      Click the Next button to send the generated email message.

  12. The Result step of the wizard displays a summary of the entered information. Scan the QR code if you selected the Show QR code in wizard option at the previous step of the wizard.
  13. Click Finish to close the New Mobile Device Connection Wizard.

Additional configuration on the Android device is required to install Kaspersky Endpoint Security for Android in device owner mode.

After installing Kaspersky Endpoint Security for Android on users' mobile devices, you will be able to configure the settings for devices and apps by using group policies. You will also be able to send commands to mobile devices for data protection in case devices are lost or stolen.

Page top
[Topic 241804]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Installation of Kaspersky Endpoint Security for Android in device owner mode in a closed network

When deploying Kaspersky Endpoint Security for Android in device owner mode via QR code on devices with pre-installed Google Mobile Services (GMS), their connectivity to certain Google endpoints via Wi-Fi networks is checked. If a Wi-Fi network has no access to the internet, the connectivity check fails and the deployment finishes with an error.

To avoid the connectivity check, you can deploy the Kaspersky Endpoint Security for Android app in device owner mode in a closed network by using a Proxy Auto-Configuration (PAC) file.

To use a PAC file for Kaspersky Endpoint Security for Android app deployment:

  1. Create a PAC file (for example, proxy.pac) with the following contents:

    function FindProxyForURL(url, host) {
    return "DIRECT";
    }

  2. Publish the created PAC file on a resource which will be available within the closed network (for example, on the IIS Web server).

    Save the link to the PAC file (for example, https://intranet.mycompany.com/files/proxy.pac).

  3. Make sure the APK file of the Kaspersky Endpoint Security for Android app being deployed is available within the closed network. To do this, use one of the methods below:
    • Download the app installation package from the Kaspersky Security Center server. If the server is accessible, the installation packages will be available there.
    • Download the APK installation file from the Kaspersky website and upload it to the closed network.

      Choose the general version of the app as a source.

  4. Generate the QR code for app installation in device owner mode and forward it to the user by following the instructions of the New Mobile Device Connection Wizard.

    When connecting the device to Kaspersky Security Center, you will be asked to specify the network for downloading the Kaspersky Endpoint Security for Android app. At this step, configure the use of the previously created PAC file for network connection by linking it to the Wi-Fi network settings on a device. To do this, use one of the methods below:

    • In the Network for downloading the Kaspersky Endpoint Security for Android section, choose Prompt the user to select a Wi-Fi network on the device. While deploying the app, the user will need to specify the link to the PAC file (step 2) in the network settings while choosing a Wi-Fi network on the device. After the connection is established, the user will be able to continue the device setup and activate the app by following the instructions of the app's Initial Configuration Wizard.
    • In the Network for downloading the Kaspersky Endpoint Security for Android section, choose Use only the specified Wi-Fi network (Android 9.0 or later), click the Specify network button, insert the link to the previously created PAC file (step 2) in the PAC file URL field, and then click OK.

    If the APK installation file has been downloaded from the Kaspersky website (step 3), you need to change the link in the QR code by specifying the closed network link address.

    For more information about configuring the Kaspersky Endpoint Security for Android app in device owner mode, please refer to the Installing the app in device owner mode section.

    When deploying the app via the installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, the Blocked by Play Protect message may appear on the device. The issue is caused by the installation package signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.

The Kaspersky Endpoint Security for Android app is installed on the device in device owner mode in a closed network.

Page top
[Topic 259471]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Other methods of installation of Kaspersky Endpoint Security for Android

You can install Kaspersky Endpoint Security for Android using a link to your own web server or instruct the users to install the app manually.

In this section

Manual installation from Google Play or HUAWEI AppGallery

Creating and configuring an installation package

Creating a standalone installation package
Page top
[Topic 209663]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Manual installation from Google Play or HUAWEI AppGallery

Users can manually install Kaspersky Endpoint Security for Android from Google Play or HUAWEI AppGallery. The app can be installed by following the standard installation procedure of the Android platform. Users use their own Google accounts to install the application.

For details on the procedure of installing Kaspersky Endpoint Security for Android from Google Play, see the Google technical support website.

For details on the procedure of installing Kaspersky Endpoint Security for Android from HUAWEI AppGallery, see the HUAWEI Support website.

Some HUAWEI and Honor devices do not have Google services and therefore an access to apps in Google Play. If some users of HUAWEI and Honor devices cannot install the app from Google Play, they should be instructed to install the app from HUAWEI App Gallery.

After installing Kaspersky Endpoint Security for Android from Google Play or HUAWEI AppGallery, you must prepare the app for use. The process of preparing the app for use includes the following steps:

  1. The administrator sends the settings of mobile device synchronization with the Administration Server (server address and port number) using any available method (for example, by sending an email message).
  2. The user can configure the settings of mobile device synchronization with the Administration Server during operation of the Initial Configuration Wizard or in the Kaspersky Endpoint Security for Android settings.
  3. The administrator creates a mobile certificate for the mobile device user.
  4. The user receives an automatic notification with a prompt to install the mobile certificate. When installation is confirmed, the mobile certificate is installed on the mobile device.

Internet access should be enabled on the mobile device for synchronization with the Administration Server.

See the "Configuring synchronization settings" section for details on how to configure the settings of mobile device synchronization with the Administration Server and receive a mobile certificate.

During the next synchronization of the mobile device with Administration Server, the user's mobile device on which Kaspersky Endpoint Security for Android is installed is moved to the Advanced → Device discovery → Domains folder in the administration group that was specified during installation of the application (the default group is KES10). You can move a mobile device to the administration group that you created in the Managed devices folder either manually or using automatic allocation rules.

This installation method is convenient if you want to install a specific version of Kaspersky Endpoint Security for Android.

To install Kaspersky Endpoint Security for Android by using a link to your own web server:

  1. Create an installation package and configure its settings.

    The installation package is a set of files created for remote installation of the Kaspersky app through Kaspersky Security Center.

  2. Create a standalone installation package.

    A standalone installation package is the installation file of a mobile app that contains the settings of the app connection to the Administration Server and an indicator of acceptance of the Terms and Conditions of the End User License Agreement (EULA) for the Kaspersky Endpoint Security for Android. It is created on the basis of the Kaspersky Endpoint Security for Android installation package. The standalone installation package is a special case of an installation package.

The user will receive a link to the web server hosting the standalone installation package for Kaspersky Endpoint Security for Android. To install the app, the user must run the APK file. Additional configuration of Kaspersky Endpoint Security for Android after installation is not required.

To install Kaspersky Endpoint Security for Android using a link to your own web server, installation of apps from unknown sources must be allowed on the user's mobile device.

Page top
[Topic 209665]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Creating and configuring an installation package

The Kaspersky Endpoint Security for Android installation package is the sc_package.exe self-extracting archive. The archive includes files required for installing mobile app on devices:

  • adb.exe, AdbWinApi.dll, AdbWinUsbApi.dll – Set of files required for installing Kaspersky Endpoint Security for Android.
  • installer.ini – Configuration file that contains the Administration Server connection settings.
  • KES10_xx_xx_xxx.apk – Setup file for Kaspersky Endpoint Security for Android.
  • kmlisten.exe – Utility for delivering the application installation package through a the workstation.
  • kmlisten.ini – Configuration file that contains the settings for the installation package delivery utility.
  • kmlisten.kpd – Application description file.

To create the Kaspersky Endpoint Security for Android installation package:

  1. In the console tree, select the AdvancedRemote installationInstallation packages folder.
  2. In the workspace of the Installation packages  folder, click the Create installation package button.

    The Installation Package Creation wizard starts. Follow the instructions of the wizard.

  3. At the Select installation package type step of the wizard, click the Create installation package for Kaspersky application button.
  4. At the Defining installation package name step of the wizard, enter the installation package name to be displayed in the workspace of the Installation packages folder.
  5. At the Select application installation package for installation step of the wizard, select the sc_package.exe self-extracting archive included in the distribution kit.

    If you have already unpacked the archive, choose the application description file, kmlisten.kpd. The application name and the version number appear in the entry field.

    If you create an installation package with the sc_package.exe archive in the Kaspersky Security Center version earlier than 14.2, the installation of Kaspersky Endpoint Security for Android app will fail on devices running Android 10 or later. To avoid this issue, please upgrade to Kaspersky Security Center 14.2 or contact Technical Support to receive an appropriate version of the archive.

  6. At the Accept EULA step of the wizard, read, understand, and accept the terms and conditions of the End User License Agreement.

    You must accept the terms and conditions of the End User License Agreement for creating the installation package. If you accept the terms of License Agreement in the Administration Console, Kaspersky Endpoint Security for Android skips the acceptance step during installation of the app.

    If you decide to stop the protection of the mobile devices, you can uninstall Kaspersky Endpoint Security for Android app and revoke your End User License Agreement (EULA) for the app. To learn more about revoking EULA, please refer to Kaspersky Security Center Help.

After the wizard finishes, the created installation package appears in the Installation packages folder workspace. The installation packages are stored in the Packages folder, in the public shared folder on the Administration Server.

To configure the installation package settings:

  1. In the console tree, select the AdvancedRemote installationInstallation packages folder.
  2. In the context menu of the Kaspersky Endpoint Security for Android installation package, select Properties.
  3. On the Settings tab, specify the Administration Server connection settings for mobile devices and the name of the administration group to which the mobile devices will be added automatically after the first synchronization with the Administration Server. Follow the steps below:
    • In the Connection to the Administration Server section, in the Server address field, type the name of the Administration Server for mobile devices in the format that was used for installing Mobile devices support during the Administration Server deployment.

      Depending on the Administration Server name format for the Mobile devices support component, specify the DNS name or the IP address of the Administration Server. In the SSL port number field, specify the number of the port open on the Administration Server for connecting mobile devices. Port 13292 is used by default.

    • In the Allocation of computers to groups section, in the Group name field, type the name of the group to which mobile devices will be added after the first synchronization with the Administration Server (KES10 is used by default).

      The specified group will be automatically created in the AdvancedDevice discoveryDomains folder.

    • In the Actions during installation section, select the Request email address check box if you want the app to ask users to provide their corporate email address when the app is started for the first time.

      The user's email address is used to form the name of the mobile device when it is added to the administration group.

  4. To apply the specified settings, click Apply.

Page top
[Topic 89690]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Creating a standalone installation package

To create a standalone installation package, follow the steps below:

  1. In the console tree, select the AdvancedRemote installationInstallation packages folder.
  2. Choose the installation package of Kaspersky Endpoint Security for Android.
  3. In the context menu of the installation package, select Create stand-alone installation package.

    The wizard that creates the standalone installation package will be started. Follow the instructions of the Wizard.

  4. Configure ways in which the standalone installation package is distributed:
    • To distribute the path to the created standalone installation package among users via email, in the Further actions section click the link Email link to stand-alone installation package.

      The message editor window opens, and the text in the window contains the path to the shared folder with the standalone installation package.

    • To post the link to the created standalone installation package on your corporate website, click the link Sample HTML code for link publication on a website.

      A tmp file containing HTML_RJL links opens.

  5. To publish the created standalone installation package on the Kaspersky Security Center Web Server and view the entire list of standalone packages for the selected installation package, in the Stand-alone installation package creation wizard window select the Open the stand-alone packages list check box.

After the wizard closes, the window List of standalone packages for the installation package <Installation package name> opens.

The List of standalone packages for the installation package <Installation package name> window contains the following information:

  • A list of standalone installation packages.
  • The network path to the shared folder in the Path field.
  • The address of the standalone package on the Kaspersky Security Center Web Server in the URL field.

When sending email notifications, you can specify either the address in the URL field or the path in the Path field as a resource from which users can download the setup file of the app. When sending text message notifications to users, you have to specify the download link appearing in the URL field.

You are advised to copy the address of the created standalone package to clipboard and then paste the link to the required installation package into the email or text message notification for users.

Page top
[Topic 89728]

The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Configuring synchronization settings

To manage mobile devices and receive reports or statistics from mobile devices of users, you must configure the synchronization settings. Mobile device synchronization with Kaspersky Security Center may be performed in the following ways:

  • By schedule. Synchronization by schedule is performed by using the HTTP protocol. You can configure the synchronization schedule in the group policy settings. Modifications to group policy settings, commands and tasks will be performed when the device is synchronizing with Kaspersky Security Center according to the schedule, i.e. with a delay. By default, mobile devices are synchronized with the Kaspersky Security Center automatically every 6 hours.
  • Forced. Forced synchronization is performed by using push notifications of the FCM service (Firebase Cloud Messaging). Forced synchronization is primarily intended for timely delivery of commands to a mobile device. It might be useful when a device is in battery saver mode, because in this case the app may perform tasks later than specified. If you want to use forced synchronization, make sure that the FCM settings are configured in Kaspersky Security Center.

To configure the settings of mobile device synchronization with the Kaspersky Security Center:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Synchronization section.
  5. Select the frequency of synchronization in the Synchronize drop-down list.
  6. To disable synchronization of a device with Kaspersky Security Center while roaming, select the Do not synchronize while roaming check box.

    The device user can manually perform synchronization in the app settings (ks4android_settings_buttonSettingsSynchronizationSynchronize).

  7. To hide synchronization settings (server address, port and administration group) from the user in the app settings, clear the Show synchronization settings on device check box. It is impossible to modify hidden settings.
  8. To receive the device's location history, select the Send device location history during synchronization check box in the Device location history block. The location history will be sent to the Administration Server during each synchronization.

    The functionality must be used in accordance with the requirements of local legislation, with the notification or consent (depending on the requirements of the legislation) of the person using the device to enable the location tracking functionality on the device.

    Enabling this setting and specifying the geofence area will result in increased device power consumption.

    This setting works only if the Device location history informational event type is stored in the Administration Server database. The events are configured in the Events section of the policy properties. For more details, please refer to the Kaspersky Security Center Help.

  9. In the How often to get the device location drop-down list, specify the frequency of getting the device location. The default value is Every 15 minutes.

    Due to technical limitations on Android devices, the device location may be retrieved less often than specified.

  10. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center. You can manually synchronize the mobile device by using a special command. To learn more about working with commands for mobile devices, please refer to the "Sending commands" section.

Page top
[Topic 88051]