How to install and configure the application

Before installing the Kaspersky application you need to make preparations for installation.

The Kaspersky application is distributed as DEB and RPM packages. You need to install the Kaspersky application from the package with the required format.

If the version of the apt package manager is lower than 1.1.X, use the dpkg/rpm package manager (depending on the operating system) for installation.

You need to perform the initial application configuration during installation of the application or after installation is complete. The application needs initial configuration to prepare it for operation and enable the protection of the client device.

The steps required for the installation and initial configuration of the application depend on how you purchase the application.

If you purchase the application on the Kaspersky website or on the website of a Kaspersky partner, installing and configuring the application consists of the following steps:

1. Select a subscription plan and purchase the application on the website

   You are subscribing to use the application. The subscription period starts from the moment you subscribe. To manage your subscription, you must creating an account on the My Kaspersky portal. On the portal you will be able to get an activation code, which you will need to activate the application.

2. Get the files for installing the application

   After completing your purchase, log in to your account on the My Kaspersky portal and click the Download button in the subscription information window to download the application installation files to your device.

3. Install and perform initial configuration of the application

   Install the application and perform its initial configuration.

   To prepare to use the application, you need to activate it using the activation code and update the application databases. You can do this during the initial configuration process or after installation is complete.

   To activate the application during initial configuration, enter the activation code when prompted by the initial configuration script or specify the activation code in the initial configuration file. You can copy the activation code from your My Kaspersky account.

   You can also activate the application and update the databases after installing and performing the initial configuration of the application.

If you purchase the application from a store of a Kaspersky partner, installing and configuring the application consists of the following steps:

1. Select a subscription plan and subscribe

   You register your subscription to use the application, as well as a box with an installation disk and an activation code or an activation card with an activation code. An activation code is required to activate the application.

   To manage your subscription, you must creating an account on the My Kaspersky portal.

2. Get the files for installing the application

   If you purchased an application activation card:

   1. Log in to your account on the My Kaspersky portal.
   2. In the Do you have an activation code? block at the bottom of the page, enter the activation code from the activation card in the input field.
   3. Click Add.

      If the activation code is successfully added, the subscription panel will appear in the Subscriptions section.

   4. Click the Download button in the subscription information window to download the application installation files to your device.

   If you purchased a box with an installation disk, you do not need to download the application installation files. All necessary files are located on the installation disk. You can add the activation code from the box to your account on the My Kaspersky portal. If you lose your activation code, you can recover it from the portal.

3. Install and perform initial configuration of the application

   Install the application and perform its initial configuration.

   To prepare to use the application, you need to activate it using the activation code and update the application databases. You can do this during the initial configuration process or after installation is complete.

   To activate the application during initial configuration, enter the activation code when prompted by the initial configuration script or specify the activation code in the initial configuration file. Your activation code is located on the box with the installation disk or on the activation card.

   You can also activate the application and update the databases after installing and performing the initial configuration of the application.

How to install the application and perform its initial configuration

You can install the application in the following ways:

• install and perform the initial configuration of the application interactively and simultaneously
• install and perform the initial configuration of the application automatically and simultaneously
• install the application and then perform the initial configuration automatically
• install the application and then perform the initial configuration interactively

Initial configuration of the application is performed by running the initial configuration script. The initial configuration script is included in the Kaspersky distribution kit.

If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.

The Kaspersky application protects the device only after the application databases are updated.

To correctly update application modules after the script has finished, you may need to restart the application. You can check the status of updates for the application using the following command: kfl-control --app-info.

Simultaneous interactive installation and initial configuration of the application

To install and set up the Kaspersky application interactively:

1. Allow the configuration file to run by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: chmod +x ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: chmod +x ./kfl_2.0.0-<build number>.x86_64.rpm.setup
2. Start the installation and initial configuration of the application by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: sudo ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: sudo ./kfl_2.0.0-<build number>.x86_64.rpm.setup
3. When prompted by the script that runs after installation is complete, perform the initial configuration of the application interactively.

   The initial configuration script prompts you to enter values of Kaspersky settings step by step.

   To manage application settings and task settings in the graphical interface of the application and on the command line without using the sudo command, you need privileges of the Administrator role.

The script finishing and the console being released indicate that the installation and initial configuration of the application are complete.

Simultaneous automatic installation and initial configuration of the application

To install and set up the Kaspersky application automatically:

1. Allow the configuration file to run by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: chmod +x ./kfl_2.0.0-<build number>_amd64.deb.setup
   • For an OS with the RPM package manager: chmod +x ./kfl_2.0.0-<build number>.x86_64.rpm.setup
2. Start the installation and initial configuration of the application by executing one of the following commands, depending on your operating system:
   • For a Debian-based OS: sudo ./kfl_2.0.0-<build number>_amd64.deb.setup --autoinstall <full path to the configuration file>
   • For an OS with the RPM package manager: sudo ./kfl_2.0.0-<build number>.x86_64.rpm.setup --autoinstall <full path to the configuration file>

The script finishing and the console being released indicate that the installation and initial configuration of the application are complete.

Step-by-step installation and initial configuration of the application

To install the Kaspersky application and then perform initial configuration:

1. Extract one of the following installation packages:
   • For an OS with the RPM package manager: kfl-2.0.0-<build number>.x86_64.rpm.setup.
   • For a Debian-based OS: kfl_2.0.0-<build number>_amd64.deb.setup.
2. Run one of the following sequences of commands to install the Kaspersky application:
   • For an OS with the RPM package manager:
     1. To install the application: # rpm -i kfl_2.0.0-<build number>.x86_64.rpm
     2. To install the application interface: # rpm -i kfl-gui_2.0.0-<build number>.x86_64.rpm
   • For a Debian-based OS:
     1. To install the application: # apt-get install ./kfl_2.0.0-<build number>_amd64.deb
     2. To install the application interface: # apt-get install ./kfl-gui_2.0.0-<build number>_amd64.deb
3. Perform initial configuration of the application automatically or interactively.

Post-installation configuration of the application in interactive mode

This section describes the process of performing the initial configuration of the application interactively.

Selecting the locale

At this step, the application displays the list of supported locale identifiers in RFC 3066 format.

Specify the locale in the format as identified in this list. This locale will be used when displaying the texts of the End User License Agreement, the Privacy Policy and the Kaspersky Security Network Statement.

The locale of the application interface and the command line interface depends on the value of the LANG environment variable. If a locale that is not supported by the Kaspersky application is specified in the LANG environment variable, the application interface and the command line interface are displayed in English.

Viewing the End User License Agreement and the Privacy Policy

At this step, read the End User License Agreement concluded between you and Kaspersky, and the Privacy Policy describing the handling and transmission of data.

Page top

Accepting the End User License Agreement

At this step, you must either accept or decline the terms of the End User License Agreement.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the End User License Agreement.
• no (or n), if you do not accept the terms of the End User License Agreement.

If you do not accept the terms and conditions of the End User License Agreement, the installation process of the Kaspersky application is aborted.

Page top

Accepting the Privacy Policy

At this step, you must either accept or decline the terms of the Privacy Policy.

After exiting viewing mode, enter one of the following values:

• yes (or y), if you accept the terms of the Privacy Policy.
• no (or n), if you do not accept the terms of the Privacy Policy.

If you do not accept the terms and conditions of the Privacy Policy, the installation process of the Kaspersky application is aborted.

Using Kaspersky Security Network

At this step, you must either accept or decline the terms of use of the Kaspersky Security Network Statement. The file ksn_license.<language ID> containing the text of the Kaspersky Security Network Statement is located in the /opt/kaspersky/kfl/doc/ directory.

Enter one of the following values:

• yes (or y), if you accept the terms of the Kaspersky Security Network Statement.

  Use of Kaspersky Security Network will be enabled.

• no (or n), if you do not accept the terms of the Kaspersky Security Network Statement.

  Use of Kaspersky Security Network will be disabled.

We recommend selecting yes (or y).

Refusal to accept the terms and conditions of the Kaspersky Security Network Statement does not abort the initial configuration of the Kaspersky application. You can enable or disable the use of Kaspersky Security Network at any time.

Removing users from the privileged group

This step is displayed only if users are found in the kfladmin group.

At this step, specify whether or not to remove users from the kfladmin privileged group. Users included in the kfladmin group get privileged access to the functionality of the application.

Enter yes to remove all detected users from the kfladmin group. Users whose primary group is kfladmin are moved to the nogroup group. If there is no nogroup group, the installation will fail and you will be prompted to manually remove users from privileged groups.

Enter no if you do not want the application to remove users from the privileged group.

Assigning the Administrator role to a user

At this step, you can grant the administrator (admin) role to the user.

Enter the name of the user to whom you want to grant the administrator role. You need the Administrator role to manage application settings and task settings in the graphical interface of the application and on the command line without using the sudo command.

You can grant the administrator role to the user later at any time.

Page top

Determining the file operation interceptor type

At this step, the file operation interceptor type for the utilized operating system is determined. For operating systems that do not support fanotify technology, kernel module compilation will begin.

If all the required packages are available, the kernel module will be automatically compiled when the File Threat Protection task starts.

If, during the compilation of the kernel module, any dependencies are not found on the device, the Kaspersky application suggests installing the relevant packages. If the package download fails, an error message will be displayed.

Enabling automatic configuration of SELinux

This step is displayed only if SELinux is installed on your operating system.

At this step, you can enable automatic configuration of SELinux for working with the Kaspersky application.

Enter yes to enable automatic configuration of SELinux. If SELinux cannot be configured automatically, the application displays an error message and prompts the user to configure SELinux manually.

Enter no if you do not want the application to automatically configure SELinux.

By default, the application suggests yes.

If necessary, you can manually configure SELinux to work with the application later, after the initial configuration of the Kaspersky application is complete.

Configuring the update source

At this step, specify the update sources for databases and application modules.

Enter one of the following values:

• KLServers: the application receives updates from one of the Kaspersky update servers.
• <URL>: the application downloads updates from a custom source. You can specify the address of the custom source of updates in the local area network or on the Internet.
• <path> – the application receives updates from the specified directory.

Page top

Configuring proxy server settings

At this step, you must specify the proxy server settings if you are using a proxy server to access the Internet. Internet connection is required to download the application databases from the update servers.

To configure proxy server settings, perform one of the following actions:

• If you use a proxy server to connect to the Internet, specify the address of the proxy server using one of the following formats:
  • <IP address of the proxy server>:<port number>, if the proxy server connection does not require authentication;
  • <user name>:<password>@<IP address of the proxy server>:<port number>, if the proxy server connection requires authentication.

    When connecting via an HTTP proxy, we recommend to use a separate account that is not used to sign in to other systems. An HTTP proxy uses an insecure connection, and the account may be compromised.

• If you do not use a proxy server to connect to the Internet, enter no as your answer.

By default, the application suggests no.

You can configure the proxy server settings later, without using the post-installation configuration script.

Starting an application database update

At this step, you can run the application database update task on the device. The application databases contain descriptions of the threat signatures and methods of countering them. The application uses these records when searching and neutralizing threats. Kaspersky virus analysts regularly add new records about threats.

If you do not want to start to download the application databases, enter no.

If you want to start the database update task on the device, enter yes.

By default, the application suggests yes.

If yes is selected, the application will be automatically restarted after the databases are updated.

The Kaspersky application protects the device only after the application databases are updated.

You can start the Update task later without using the initial configuration script.

Enabling automatic application database update

At this step, you can enable automatic update of the application databases.

Enter yes to enable automatic application database update. By default, the application checks for available database updates every 60 minutes. If updates are available, the application downloads the updated databases.

Enter no if you do not want the application to automatically update the databases.

You can enable automatic database update later without using the post-installation configuration by configuring the update task schedule.

Application activation

At this step, you can activate the application.

To activate the application, you need to enter an activation code.

You can copy the activation code from your My Kaspersky account, from the activation card or from the box with the installation disk.

You can activate the application later without using the initial configuration script.

Initial configuration of the application after installation

You can perform the initial configuration of the application after installing the application:

• automatically
• interactively

If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.

Post-installation configuration of the application in automatic mode

You can perform post-installation configuration of the application in automatic mode.

To start the initial configuration of the application in automatic mode, run the following command:

# /opt/kaspersky/kfl/bin/kfl-setup.pl --autoinstall=<initial configuration file>

where <post-installation configuration file> is the path to the configuration file that contains the initial configuration settings. You need to create this file and copy its structure from the /opt/kaspersky/kfl/doc/autoinstall.ini configuration file.

When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.

To check the return code, execute the following command:

echo $?

If the command returns code 0, the initial configuration of the application has finished successfully.

Post-installation configuration of the application in interactive mode

You can perform the initial configuration of the application interactively.

To begin with the interactive initial configuration of the Kaspersky application:

1. Execute the following command:

   # /opt/kaspersky/kfl/bin/kfl-setup.pl

   The initial configuration script starts.

   You must run the initial configuration script as root.

2. Select the values of Kaspersky application settings interactively.

   The initial configuration script prompts you to enter values of Kaspersky settings step by step.

When the post-installation configuration script is finished and releases the console, the post-installation configuration of the application is complete.

To check the return code, execute the following command:

echo $?

If the command returns code 0, the initial configuration of the application has finished successfully.

The Kaspersky application protects the device only after the application databases are updated.

To correctly update application modules after the script has finished, you may need to restart the application. You can check the status of updates for the application using the following command: kfl-control --app-info.

Settings in the configuration file for post-installation configuration

In the post-installation configuration file, you can specify the settings shown in the table below.

Settings in the configuration file for post-installation configuration

If you want to change the settings in the configuration file for initial setup of the application, specify the values of settings in the following format: <setting_name>=<setting_value> (the application does not process spaces between the name of a setting and its value).

Page top

Configuring allowing rules in the SELinux system

Manually configuring SELinux for working with the application

If SELinux could not be configured automatically during the initial configuration of the application, or if you declined automatic configuration, you can manually configure SELinux to work with the Kaspersky application.

To manually configure SELinux to work with the application:

1. Switch SELinux to permissive mode:
   • If SELinux has been activated, run the following command:

     # setenforce Permissive

   • If SELinux was disabled, set the SELINUX=permissive setting in the configuration file / etc / selinux / config and restart the operating system.
2. Make sure the semanage utility is installed on the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
3. If you are using a custom SELinux policy instead of the default targeted policy, assign a label to each source executable file of the Kaspersky application in accordance with the SELinux policy being used; to do so, run the following commands:

   # semanage fcontext -a -t bin_t <executable file>

   # restorecon -v <executable file>

   where <executable file> is:

   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/libexec/kfl
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/bin/kfl-control
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/libexec/kfl-gui
   • /var/opt/kaspersky/kfl/2.0.0.<build number>_<installation timestamp>/opt/kaspersky/kfl/shared/kfl
4. Run the following tasks:
   • File Threat Protection task:

     kfl-control --start-task 1

   • Critical Areas Scan task:

     kfl-control --start-task 4 -W

   We recommend running all the tasks that you plan to run while using the Kaspersky application.

5. Launch the application interface.
6. Ensure that there are no errors in the audit.log file:

   # grep kfl /var/log/audit/audit.log

7. If there are errors in the audit.log file, create and download a new rule module based on blocking records in order to fix the errors, and then re-run all the tasks that you plan to run while using the Kaspersky application; to do so, run the following commands:

   # grep kfl /var/log/audit/audit.log | audit2allow -M kfl

   # semodule -i kfl.pp

   If new audit messages related to the Kaspersky application appear, the rule module file must be updated.

8. Switch SELinux to blocking mode:

   # setenforce Enforcing

If you use a custom SELinux policy, manually assign a label to the original executable files of the Kaspersky application after installing application updates (follow steps 1, 3–8).

For additional information, please refer to the documentation on the relevant operating system.