Kaspersky Security Center Web Console

Kaspersky Security Center Web Console
Kaspersky Security Center Web Console
User Guide
Dear User,
Thank you for choosing our product. We hope that this document will help you in your work and will provide answers
regarding this software product.
Attention! This document is the property of Kaspersky Lab: All rights to this document are protected by the copyright laws
of the Russian Federation and by international treaties. Illegal reproduction or distribution of this document or parts
hereof will result in civil, administrative, or criminal liability under applicable law.
Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission
of Kaspersky Lab.
This document, and graphic images related to it, may only be used for informational, non-commercial, and personal
purposes.
This document may be amended without additional notification. The latest version of this document can be found on the
Kaspersky Lab website, at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used herein the rights
to which are owned by third parties, or for any potential damages associated with the use of such documents.
Document revision date: 1/28/2015
© 2015 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com
2
TABLE OF CONTENTS
ABOUT THIS GUIDE .....................................................................................................................................................5
In this document .......................................................................................................................................................5
Document conventions .............................................................................................................................................7
KASPERSKY SECURITY CENTER WEB CONSOLE ...................................................................................................8
SOFTWARE REQUIREMENTS ................................................................................................................................... 10
APPLICATION INTERFACE ........................................................................................................................................ 11
CONNECTING TO ADMINISTRATION SERVER ........................................................................................................ 13
Preparing to connect to Administration Server ....................................................................................................... 13
Connecting to Administration Server ...................................................................................................................... 13
NETWORK PROTECTION STATUS ........................................................................................................................... 15
Viewing information on computer status ................................................................................................................. 15
Viewing information on the protection status on computers.................................................................................... 17
Viewing information on the anti-virus application database state ........................................................................... 18
MANAGING COMPUTERS .......................................................................................................................................... 20
Managed computers and administration groups ..................................................................................................... 20
Viewing a list of computers ..................................................................................................................................... 20
Viewing computer properties .................................................................................................................................. 22
INSTALLING APPLICATIONS TO NETWORKED COMPUTERS ............................................................................... 24
About installing applications ................................................................................................................................... 24
About Update Agent ............................................................................................................................................... 24
About installation packages .................................................................................................................................... 25
Remote installation mode ....................................................................................................................................... 25
Defining an Update Agent ................................................................................................................................. 26
Installing an application remotely ...................................................................................................................... 26
Viewing information about the status of remote installation of an application ................................................... 29
Local installation mode ........................................................................................................................................... 30
Publishing installation packages ....................................................................................................................... 30
Viewing the list of published installation packages............................................................................................ 31
Canceling installation package publishing ........................................................................................................ 31
Installing an application using a published installation package ....................................................................... 32
MANAGING POLICIES ................................................................................................................................................ 33
Viewing a list of policies .......................................................................................................................................... 33
Adding a policy ....................................................................................................................................................... 34
Managing policy profiles ......................................................................................................................................... 35
About policy profiles .......................................................................................................................................... 35
Adding a policy profile ....................................................................................................................................... 36
Modifying a policy profile ................................................................................................................................... 37
Activating a policy ................................................................................................................................................... 38
Modifying a policy ................................................................................................................................................... 38
Applying an out-of-office policy ............................................................................................................................... 38
Deleting a policy ..................................................................................................................................................... 39
Managing mobile devices using an MDM policy ..................................................................................................... 39
3
USER GUIDE
About the MDM policy ....................................................................................................................................... 39
Configuring an MDM policy ............................................................................................................................... 40
MANAGING USER ACCOUNTS .................................................................................................................................. 42
Viewing the list of accounts .................................................................................................................................... 42
Filtering the list of accounts .................................................................................................................................... 43
View account settings ............................................................................................................................................. 44
Viewing the list of a user's mobile devices .............................................................................................................. 45
MANAGING MOBILE DEVICES .................................................................................................................................. 46
Viewing the list of mobile devices ........................................................................................................................... 46
Viewing mobile device settings ............................................................................................................................... 47
Viewing information about the owner of a mobile device ........................................................................................ 47
Commands for mobile device management ........................................................................................................... 48
Sending commands to a mobile device .................................................................................................................. 49
Viewing the commands log ..................................................................................................................................... 49
Removing a mobile device from the list .................................................................................................................. 50
MANAGING TASKS ..................................................................................................................................................... 51
Viewing a list of tasks ............................................................................................................................................. 51
Starting and stopping a task manually .................................................................................................................... 52
Viewing task run results .......................................................................................................................................... 53
Deleting tasks ......................................................................................................................................................... 53
WORKING WITH REPORTS ....................................................................................................................................... 54
About reports .......................................................................................................................................................... 54
Actions on reports................................................................................................................................................... 54
Viewing reports ....................................................................................................................................................... 55
Exporting reports .................................................................................................................................................... 56
Configuring report delivery...................................................................................................................................... 56
CHANGING YOUR ACCOUNT PASSWORD .............................................................................................................. 57
EXITING KASPERSKY SECURITY CENTER WEB CONSOLE .................................................................................. 58
GLOSSARY ................................................................................................................................................................. 59
KASPERSKY LAB ZAO ............................................................................................................................................... 62
INFORMATION ABOUT THIRD-PARTY CODE .......................................................................................................... 63
TRADEMARK NOTICE ................................................................................................................................................ 64
INDEX .......................................................................................................................................................................... 65
4
ABOUT THIS GUIDE
This document provides information about Kaspersky Security Center Web Console and instructions on proper use of the
application.
This document is aimed at technical specialists (administrators) in organizations where a security system built on
Kaspersky Lab solutions is used as a service (provided by a network protection service provider).
If you have any questions on how to use Kaspersky Security Center Web Console, you can find answers in this User
Guide and in the integrated Help system. To use Help for Kaspersky Security Center Web Console, open the main
application window and click the
icon.
IN THIS SECTION:
In this document ................................................................................................................................................................ 5
Document conventions ...................................................................................................................................................... 7
IN THIS DOCUMENT
This document consists of sections with descriptions of features and instructions, glossary and index.
Kaspersky Security Center Web Console (see page 8)
This section contains general information about Kaspersky Security Center Web Console, its purpose, and its
architecture.
Software requirements (see page 10)
This section lists the software that must be installed before you start using the application.
Application interface (see page 11)
This section describes the purpose of tabs and other interface elements located on the pages of the Kaspersky Security
Center Web Console web portal.
Connecting to Administration Server (see page 13)
This section provides instructions on how to get prepared for connection and how to connect to Administration Server
using Kaspersky Security Center Web Console.
Network protection status (see page 15)
This section provides instructions on how to find information on the status of the protection system covering networked
computers managed by Administration Server to which the application is connected.
Managing computers (see page 20)
This section provides information on how to view lists of computers on your network and their respective properties.
5
USER GUIDE
Installing applications to networked computers (see page 24)
This section provides instructions on how to install Kaspersky Lab applications and third-party applications to computers
on your network in remote and local installation modes.
Managing policies (see page 33)
This section provides information about how to manage policies created for computers on your network.
Managing user accounts (see page 42)
This section provides information about how to manage accounts created for users on your network.
Managing mobile devices (see page 46)
This section provides information about how to manage mobile devices connected to Administration Server.
Managing tasks (see page 51)
This section provides information about how to manage tasks created for computers on your network.
Managing reports (see page 54)
This section provides instructions on how to view, print, and send by email reports of Administration Server to which the
application has been connected, and how to save report data to a file.
Changing your account password (see page 57)
This section provides instructions on how to set a new password for your account.
Logging off Kaspersky Security Center Web Console (see page 58)
This section provides instructions on how to exit the application.
Glossary
This section explains terms used in this document.
Kaspersky Lab ZAO (see page 62)
This section provides information about Kaspersky Lab ZAO.
Information about third-party code
This section provides information about the third-party code used in the application.
Trademark notice (see page 64)
This section provides information about trademarks used in the document and their respective owners.
Index
This section helps you find necessary data quickly.
6
ABOUT
THIS
GUIDE
DOCUMENT CONVENTIONS
Document conventions are used herein (see the table below).
Table 1.
Document conventions
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Note that...
Warnings are highlighted with red color and boxed. Warnings contain information
about actions that may lead to some unwanted outcome.
Notes are boxed. Notes contain additional and reference information.
We recommend that you use...
Example:
Examples are given on a yellow background under the heading "Example".
...
Update means...
The following elements are italicized in the text:
The Databases are out of date event
occurs.
 New terms.
Press ENTER.
Names of keyboard keys appear in bold and are capitalized.
Press ALT+F4.
Names of keys that are connected by a + (plus) sign indicate the use of a key
combination. Those keys should be pressed simultaneously.
Click the Enable button.
Names of application interface elements, such as entry fields, menu items, and
buttons, are set off in bold.
To configure task schedule:
 Names of application statuses and events.
Introductory phrases of instructions are italicized and accompanied by the arrow
sign.
Enter help in the command line
The following types of text content are set off with a special font:
The following message then appears:
 text in the command line;
Specify the date in dd:mm:yy  text of messages displayed on the screen by the application;
format.
 data that the user should enter from the keyboard.
<User name>
Variables are enclosed in angle brackets. Instead of a variable, the
corresponding value should be inserted, with angle brackets omitted.
7
KASPERSKY SECURITY CENTER WEB
CONSOLE
Kaspersky Security Center Web Console is a web application designed to manage the status of the security system of an
organization's network protected by Kaspersky Lab applications.
Using the application, you can do the following:

Manage the status of your organization's security system (see page 15);

Install Kaspersky Lab applications to computers on your network and manage installed applications (see page 24);

Manage policies created for computers and mobile devices on your network (see page 33);

Manage user accounts (see page 42);

Manage mobile devices connected to the organization's server (see page 46);

Manage tasks for applications installed on computers on the network (see page 51);

View reports on the security system status (see page 54);

Manage the delivery of reports to concerned employees, system administrators and other IT specialists (see
page 54).
Kaspersky Security Center Web Console runs on the side of the service provider that provides protection to your
network. The protection service provider is responsible for application installation and maintenance. You do not have to
install and run Kaspersky Security Center Web Console on your computer to work with it. All you need is a web browser
(see the section "Software requirements" on page 10).
The figure below shows how Kaspersky Security Center Web Console works.
Figure 1. Operating layout
8
KASPERSKY SECURITY CENTER WEB CONSOLE
Kaspersky Security Center Web Console interacts with Kaspersky Security Center Administration Server, which is
located at the protection service provider. Administration Server is an application designed for managing Kaspersky Lab
applications installed on computers in your network. Administration Server connects to the computers of your network
over channels protected by the Secure Socket Layer (SSL) protocol.
Kaspersky Security Center Web Console provides a web interface that ensures interaction between your computer and
Administration Server over a web browser. When you connect to Kaspersky Security Center Web Console using your
web browser, the latter establishes an encrypted (HTTPS) connection with Kaspersky Security Center Web Console.
Kaspersky Security Center Web Console operates as follows:
1.
Use a web browser to connect to Kaspersky Security Center Web Console, where the pages of the application
web portal are displayed.
2.
Use web portal controls to choose a command that you want to run. Kaspersky Security Center Web Console
performs the following operations:

If you have chosen a command used for reception of information (for example, to view a list of
computers), Kaspersky Security Center Web Console generates a request for information to Administration
Server, receives the required data, and sends them to the web browser in an easy-to-view format.

If you have chosen a command used for management (for example, remote installation of an application),
Kaspersky Security Center Web Console receives the command from the web browser and sends it to
Administration Server. Then the application receives the result from Administration Server and sends it to
the web browser in an easy-to-view format.
9
SOFTWARE REQUIREMENTS
This section lists software requirements for the use of Kaspersky Security Center Web Console.
You can manage Kaspersky Security Center Web Console via a web browser. The following are the types and versions
of web browsers, and the types and versions of operating systems that you can use to work with the application.


Internet Explorer® 9.0 or later running under one of the following operating systems:

Microsoft® Windows XP Professional with Service Pack 2 or later installed.

Microsoft Windows 7.

Microsoft Windows 8.
Firefox™ 35.0 and later, on one of the following operating systems:



Windows® operating system:

Microsoft Windows XP Professional with Service Pack 2 or later installed.

Microsoft Windows 7.

Microsoft Windows 8.
Linux® 32-bit operating systems:

Fedora® 16.

SUSE Linux Enterprise Desktop 11 SP2.

Debian GNU/Linux 6.0.5.

Mandriva Linux 2011.

Ubuntu Desktop 10.04 LTS.

Ubuntu Server 12.04 LTS.
Linux 64 bit operating systems:

Red Hat® Enterprise Linux 6.2 server.

SUSE Linux Enterprise Desktop 11 SP2.

SUSE Linux Enterprise Server 11 SP2.

OpenSUSE Linux 12.2.

Ubuntu Server 12.04 LTS.

Safari 7.0 running under Mac OS X Mavericks.

Safari 8.0 running under Mac OS X Yosemite.

Google Chrome™ 39.0 and later, on one of the following operating systems:

Microsoft Windows XP Professional with Service Pack 2 or later installed (supported until April, 2015).

Microsoft Windows 7.

Microsoft Windows 8.
10
APPLICATION INTERFACE
After you have established a connection to Administration Server, the main window of Kaspersky Security Center Web
Console opens in the web browser (see figure below).
Figure 2. Main application window
The upper part of the main window contains the following interface elements:

Protection Status, Manage, Applications, and Reports tabs — to access the main features of the application.

Icon

Change password link — to change the password of the account.

Exit button — to log off the application.

End User License Agreement—Link to the page with the End User License Agreement (EULA).

Frequently Asked Questions—Link to the page with frequently asked questions (FAQ).

About—Link to the application information page.
— to get context-sensitive help.
Links can be modified by the service provider's administrator. Some links may be missing.
The informational area is the principal part of the main application window. The contents of the informational area vary
according to the tab that is selected:

Protection status. Contains information on the protection status of network computers. In the upper part of the
tab, you can select one of the following sections: Computer status, Real-time protection status, Update
status. After you select a section, a chart appears on the right showing statistics, while the bottom part of the
tab displays a list with information about the statuses of computers.

Manage. Designed for obtaining information about administration groups, computers, and policies and tasks
created for them. The informational area of the tab is divided into two parts. The menu contains administration
groups. The right part of the informational area contains three second-level tabs: Policies, Tasks, and
Computers.
11
USER GUIDE

Applications. Intended for publishing installation packages.

Reports. Designed for viewing reports. The informational area of the tab is divided into two parts. The menu
contains reports. The results pane displays the content of a selected report.
SEE ALSO:
Connecting to Administration Server ............................................................................................................................... 13
Network protection status ................................................................................................................................................ 15
Managing computers ....................................................................................................................................................... 20
Working with reports ....................................................................................................................................................... 54
Exiting Kaspersky Security Center Web Console ............................................................................................................ 58
Changing your account password ................................................................................................................................... 57
12
CONNECTING TO ADMINISTRATION
SERVER
This section provides instructions on how to get prepared for connection and how to connect to Administration Server
using Kaspersky Security Center Web Console.
IN THIS SECTION:
Preparing to connect to Administration Server ................................................................................................................ 13
Connecting to Administration Server ............................................................................................................................... 13
PREPARING TO CONNECT TO ADMINISTRATION SERVER
Before connecting to Administration Server, you need to perform some preliminary operations: Prepare your web
browser for operation and retrieve the data required for connection (the address for connection to Administration Server
and the settings of the user account: user name and password).
Preparing the web browser
Before connecting to the Administration Server, make sure the following components are supported by your web browser:

JavaScript.

Cookies.
If support of these components is disabled, enable it. You can find information in the browser Help about how to enable
support of JavaScript and cookies in your web browser.
Receiving data for the connection
To connect to Administration Server, you must have the following data:

Web portal address in the form https://<Domain_name>:<Port>

User name.

Password.
You can get this information from your service provider.
CONNECTING TO ADMINISTRATION SERVER
To connect to Administration Server:
1.
Start the web browser.
2.
In the Address bar of the web browser, enter the web portal address that you received from the service provider
administrator (see the section "Preparing to connect to Administration Server" on page 13), Open this URL.
If you are connecting to Administration Server for the first time, the License Agreement window opens in the
web browser. If you have connected to Administration Server earlier, a window for entering the user name and
password opens in the web browser.
13
USER GUIDE
3.
If you are connecting to Administration Server for the first time, perform the following operations in the License
Agreement window:
a.
Read through the License Agreement. If you accept all of its terms, select the Accept terms of the
License Agreement check box.
b.
Click the Next button.
In the web browser, a window opens, prompting you to enter your user name and password.
4.
In the User name text box enter your account name.
5.
In the Password text box, enter the password of your account.
6.
In the Administration Server field enter the name of Administration Server to which you want to connect. Click
the Log in button.
The main application window opens (see the section "Application interface" on page 11).
If you have an error returned after attempting to connect to Administration Server, contact the service provider
administrator to solve the issue.
14
NETWORK PROTECTION STATUS
Kaspersky Security Center Web Console allows you to receive information about the status of the protection system
covering computers on the network managed by Administration Server.
You can receive the following information about the state of computers in your network:

Computer status – information about the status of computers on your network.
A computer can have one of three statuses:

OK—The computer is protected.

Warning—The level of computer protection is reduced.

Critical—The level of computer protection is reduced substantially.
The Administration Server assigns a status to the computer based on information about its protection status.
The Warning or Critical status is assigned if there are factors that lower the protection level of the computer
(such as inactivity of the anti-virus application, outdated databases, or a large number of objects remaining
infected). The list of factors for Warning and Critical statuses is created by the service provider's administrator.

Real-time protection status — information on the status of an anti-virus protection component in Kaspersky Lab
applications installed on computers in your network.

Update status — information on the update status of the anti-virus application database on computers in your
network.
IN THIS SECTION:
Viewing information on computer status.......................................................................................................................... 15
Viewing information on the protection status on computers ............................................................................................ 17
Viewing information on the anti-virus application database state .................................................................................... 18
VIEWING INFORMATION ON COMPUTER STATUS
To view information on computers in your network:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Protection status tab.
15
USER GUIDE
The Computer status item in the menu is selected (see the following figure).
Figure 3. Computers status
The results pane displays a pie chart. It shows the numbers and percentages of computers with Critical, Warning and OK
statuses.
The lower part of the window contains a list of computers. The list of computers contains the following information:

Computer name. Network name of the computer.

Status (OK, Warning, Critical). Information about computer status.

Description. Messages that explain the causes of the lowered protection levels on computers that have
Warning and Critical statuses (such as Real-time protection is paused or The update task has not been started
in more than 3 days).
To view information about a specific computer, use the following interface elements to locate the computer in the list:

Critical button – displays computers that have Critical status.

Warning button – displays computers that have Warning status.

OK button – displays computers that have OK status.

Buttons

Icon
– Goes to the next / previous, first / last page of the list of the computers.
— Sorts computer names on the list of computers in ascending or descending order.
The window with information about the properties of a computer can be opened by clicking the line with the computer
name.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Viewing a list of computers.............................................................................................................................................. 20
Viewing computer properties ........................................................................................................................................... 22
16
NETWORK
PROTECTION STATUS
VIEWING INFORMATION ON THE PROTECTION STATUS ON
COMPUTERS
To view information about the protection status of network computers:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Protection status tab.
3.
In the menu, click Real-time protection status (see the following figure).
Figure 4. Real-time protection status
The results pane displays a pie chart. It contains information about the status of the protection component in the
applications installed on computers on your network.
The chart shows the numbers and the percentages of computers where the protection component has the following
statuses:

Unknown.

Stopped.

Paused.

Starting.

Running.

Failure.
The lower part of the window contains a list of computers. The list of computers contains the following information:

Computer name. Network name of the computer.

Status (OK, Warning, Critical). Information about computer status.

Description. Messages that explain the causes of the lowered protection levels on computers that have
Warning and Critical statuses (such as The number of infected objects is too large or License term expired).
17
USER GUIDE
To view information about a specific computer, use the following interface elements to locate the computer in the list:

Unknown button – Displays computers with Unknown protection status.

Stopped button – Displays computers with Stopped protection status.

Paused button – Displays computers with Paused protection status.

Starting button – Displays computers with Starting protection status.

Running button – Displays computers with Running protection status.

Failure button – Displays computers with Failure protection status.

Buttons

Icon
— Sorts computer names on the list of computers in alphabetical order.

Icon
— Refreshes the list of computers.
— Goes to next / previous, first / last page of the list of computers.
The window with information about the properties of a computer can be opened by double-clicking the line with the
computer name.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Viewing computer properties ........................................................................................................................................... 22
VIEWING INFORMATION ON THE ANTI-VIRUS APPLICATION
DATABASE STATE
To view information about the database status of anti-virus application on network computers:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Protection status tab.
3.
In the left part of the window click Update status (see the following figure).
Figure 5. Update status
18
NETWORK
PROTECTION STATUS
The upper part of the section displays a bar chart. The bar chart contains information on the state of the anti-virus
application on your network computers.
The bar chart displays the number of computers on which the anti-virus application databases have the following
statuses:

Up to date—Databases are up to date.

Last 24 hours—Databases were updated during the last 24 hours.

Last 3 days—Databases were updated during the last 3 days.

Last 7 days—Databases were updated during the last 7 days.

More than a week ago—Databases were updated more than a week ago.
The lower part of the window contains a list of computers. The list of computers contains the following information:

Computer name. Network name of the computer.

Status (OK, Warning, Critical). Information about computer status.

Description. Messages that explain the causes of the lowered protection levels on computers that have
Warning and Critical statuses (such as Real-time protection is paused or The update task has not been started
in more than 3 days).
To view information about a specific computer, use the following interface elements to locate the computer in the list:

Up to date button – Displays computers with Up to date status.

Last 24 hours button – Displays computers with Last 24 hours status.

Last 3 days button – Displays computers with Last 3 days status.

Last 7 days button – Displays computers with Last 7 days status.

More than a week ago button – Displays computers with More than a week ago status.

Buttons

Icon
— Sorts computer names on the list of computers in ascending or descending alphabetical order.

Icon
— Refreshes the list of computers.
— Goes to next / previous, first / last page of the list of computers.
The window with information about the properties of a computer can be opened by double-clicking the line with the
computer name.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Viewing computer properties ........................................................................................................................................... 22
19
MANAGING COMPUTERS
This section provides information about computers on your network and administration groups and details on how to view
lists and properties of computers.
IN THIS SECTION:
Managed computers and administration groups ............................................................................................................. 20
Viewing a list of computers.............................................................................................................................................. 20
Viewing computer properties ........................................................................................................................................... 22
MANAGED COMPUTERS AND ADMINISTRATION GROUPS
The security status of computers on your network is managed by Administration Server of your protection service
provider.
The computers in your network that have Kaspersky Lab applications installed are assigned to administration groups.
Administration groups are sets of computers grouped by function and installed Kaspersky Lab applications.
Computers included in an administration group are referred to as managed computers. After Kaspersky Lab applications
are installed on computers on your network, Administration Server automatically adds those computers to the Managed
computers administration group. The service provider's administrator can create other administration groups and assign
computers to these groups. An administration group can contain other administration groups.
Using Kaspersky Security Center Web Console, you can retrieve information about managed computers from
Administration Server: view the list of managed computers and their respective properties.
SEE ALSO:
Installing applications to networked computers ............................................................................................................... 24
VIEWING A LIST OF COMPUTERS
You can view lists of your networked computers managed by Administration Server. You can also view the lists of
managed computers for each of the administration groups separately.
To view a list of computers:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
In the window that opens, select the Computers tab.
4.
In the left part of the window click an administration group for which you want to view a list of computers:

If you want to see a list of all managed computers, click the Managed computers group.

If you want to view a list of managed computers in particular administration subgroup, click an
administration group from the group tree located in subfolder of Managed computers.
20
MANAGING
COMPUTERS
A list of computers from the selected administration group is displayed (see the following figure).
Figure 6. Viewing a list of computers
The list of computers contains the following information:

Computer name. Network name of the computer.

Status. Computer status.

Description. Messages that explain the causes of the lowered protection levels on computers that have
Warning and Critical statuses (such as Real-time protection paused or Update task has not been started in
more than 3 days).
To view information about a specific computer, use the following interface elements to locate the computer in the list:

Critical button – displays computers that have Critical status.

Warning button – displays computers that have Warning status.

OK button – displays computers that have OK status.

Buttons

Icon
– Goes to the next / previous, first / last page of the list of the computers.
— Sorts computer names on the list of computers in ascending or descending order.
The window with information about the properties of a computer can be opened by clicking the line with the computer
name.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Network protection status ................................................................................................................................................ 15
21
USER GUIDE
VIEWING COMPUTER PROPERTIES
To view computer properties:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Computers tab.
3.
In the left part of the window, in the list of administration groups, select the administration group where the
relevant computer is located.
The right part of the window displays the list of computers for the selected administration group.
4.
In the list select a computer for which you want to view the properties, and click the line with the computer name
to open the window with information about the computer properties (see figure below).
Figure 7. Viewing computer properties
22
MANAGING
COMPUTERS
The computer property information appears in two categories.
The top part of the window provides information about the following properties of the computer:

Last update. Date of last update of applications or Kaspersky Lab anti-virus databases on the computer.

Visible. Date and time from which the computer is visible in the network.

Last connection to Server. Date and time of last connection to Administration Server.

IP address. Network address of the computer.

IP connection address. Network address for the connection to Administration Server. For example, if you
connect to Administration Server via a proxy server, the address of the proxy server is displayed.

Domain. Name of the network domain where the computer is registered.

Network name. Network name of the computer. The network name matches the computer name that is
displayed in the left part of the window.

Domain name. Full computer domain name, in the format <Computer_name>.<Domain_name>.

Operating system (OS). Type of operating system installed on the computer.

Group. Name of the administration group to which the computer belongs.

Real-time protection status. Status of real-time protection of the computer.

Warnings that contain information about the causes of decreased computer anti-virus protection, such as out-ofdate anti-virus databases or large number of infected objects on computer. Warnings are displayed if the
computer protection status is Warning or Critical.
The lower part contains the Applications section providing information about Kaspersky Lab applications installed on
the computer.
The Applications section is displayed only if any Kaspersky Lab applications have been installed on the computer.
The Applications section contains the following information:

Application name. Full name of the application.

Application properties, such as the application version or the date of the last update. The list of application
properties is displayed after the application name. Each application has its own set of properties.
To view the properties of an application, you can use the following interface elements:

Icon
– opens the information section that contains the properties of an application.

Icon
— closes the information section that contains the properties of an application.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Viewing a list of computers.............................................................................................................................................. 20
23
INSTALLING APPLICATIONS TO
NETWORKED COMPUTERS
This section provides instructions on how to install Kaspersky Lab applications and third-party applications to computers
on an organization's network in remote installation and local installation modes.
IN THIS SECTION:
About installation of applications ..................................................................................................................................... 24
About Update Agent ........................................................................................................................................................ 24
About installation packages............................................................................................................................................. 25
Remote installation mode ................................................................................................................................................ 25
Local installation mode .................................................................................................................................................... 30
ABOUT INSTALLING APPLICATIONS
Using Kaspersky Security Center Web Console, you can install Kaspersky Lab applications and third-party applications
to computers on your network. The list of applications available for installation is created by your service provider's
administrator.
There are two ways of installing an application:

Remote installation (referred to as remote installation mode). Remote installation allows you to install an
application to several computers on your network at once. You can run and control remote installation through
the application web portal.

Local installation (referred to as local installation mode). Local installation is required, for example, in case
remote installation fails. You can allow enterprise network users to perform unassisted local installation of
applications to their computers.
Applications that are available for installation, are stored on Administration Server as installation packages (see the
section "About installation packages" on page 25).
SEE ALSO:
Local installation mode .................................................................................................................................................... 30
Remote installation mode ................................................................................................................................................ 25
Installing an application remotely .................................................................................................................................... 26
ABOUT UPDATE AGENT
You can assign one of the computers on your network to function as the update agent. Update agent is a computer acting
as an intermediate relay for distribution of application updates and installation packages within an administration group.
24
INSTALLING
APPLICATIONS TO NETWORKED COMPUTERS
An update agent should meet the following requirements:

To remain active permanently or the most part of time.

To have a stable access to the Internet and to the rest of computers within the administration group where it
distributes updates.
SEE ALSO:
Managed computers and administration groups ............................................................................................................. 20
Defining an Update Agent ............................................................................................................................................... 26
ABOUT INSTALLATION PACKAGES
Installation package is a dedicated executable file intended for installation of an application to client computers. An
installation package is created based on files included in the application distribution package; it contains a collection of
settings required to install the application and ensure its proper functioning immediately after the installation. Parameter
values correspond to application defaults.
Installation packages are created and distributed by the service provider administrator.
Installation packages are used for remote installation of Kaspersky Lab applications and third-party applications to client
computers through the remote management system called Kaspersky Security Center Web Console (see the section
"Remote installation mode" on page 25).
You can install Kaspersky Lab applications and third-party applications to computers on your network in local installation
mode (see the section "Local installation mode" on page 30), as well as allow users of your network to perform
unassisted installation of applications to their computers. To do this, you can use Kaspersky Security Center Web
Console to publish installation packages of applications.
SEE ALSO:
Canceling installation package publishing ....................................................................................................................... 31
Viewing the list of published installation packages .......................................................................................................... 31
Publishing installation packages ..................................................................................................................................... 30
REMOTE INSTALLATION MODE
The remote installation mode allows installing Kaspersky Lab applications and third-party applications to several
computers on your network simultaneously.
Kaspersky Security Center Web Console performs remote installation of applications in background mode. During
remote installation you can use other features of the application, as well as view information about the status of remote
installation for each of the computers on which remote installation has been started.
IN THIS SECTION:
Defining an Update Agent ............................................................................................................................................... 26
Installing an application remotely .................................................................................................................................... 26
Viewing information about the status of remote installation of an application.................................................................. 29
25
USER GUIDE
DEFINING AN UPDATE AGENT
Kaspersky Security Center Network Agent must be installed from the distribution package included in Kaspersky Security
Center Web Console on the computer on your network that will be used as the update agent. After you have installed
Network Agent on a computer, the latter becomes the update agent automatically. Using the update agent, you can
manage installation and updates of Kaspersky Lab applications and third-party applications on remote computers on
your network.
To install Network Agent on a computer and assign that computer to be the update agent:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
Click the Add button in the pane on the left to run the Application Setup Wizard.
The Application Setup Wizard opens, showing the Welcome page.
4.
Click the Install to one or more computers in network using installation package button.
The Select installation package window opens.
If the application has detected no published installation packages, you will be prompted to publish installation
packages (see the section "Publishing installation packages" on page 30). After installation packages are
published, the application installation continues.
5.
Download the Network Agent distribution package to your computer. To do this, click the application's name.
6.
In the list, specify computers on which the application must be installed, and click the Next button.
7.
Add accounts that are granted the administrator rights on the computers selected for installation, and click the
Next button.
If Network Agent has already been installed and run on the computers, you can skip this step.
8.
Click the Run button. The Application Setup Wizard closes.
After Network Agent is successfully installed on the computer, this computer will be automatically added to
the Managed computers administration group. Assigning a computer to be the update agent, makes available
installation of Kaspersky Lab applications and third-party software on computers on your network (see the section
"Installing an application remotely" on page 26).
The update agent will be displayed on the list of computers after you log on to Kaspersky Security Center Web
Console web portal or refresh the list of computers.
To install Network Agent on a computer manually, copy (e.g., by means of an external device or via the network) the
Network Agent distribution package to a computer on your network that will be used as the update agent. Install Network
Agent from the distribution package, following the Distribution Package Installation Wizard's instructions.
If an error message is displayed during the installation, contact your service provider's administrator.
INSTALLING AN APPLICATION REMOTELY
To install an application to your networked computers in remote installation mode:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
26
INSTALLING
3.
APPLICATIONS TO NETWORKED COMPUTERS
Click the Add link in the pane on the left to run the Application Setup Wizard.
The Application Setup Wizard opens, showing the Welcome page.
4.
Click the Install to one or more computers in network using installation package button.
The Select installation package window opens.
5.
In the list, select the installation package of an application that you want to install, and click the Next button.
A window opens, showing a list of computers on your network to which you can install the application.
6.
Select the check boxes for computers to which you want to install the application. If you want to install the
application to all computers on the list, select the Computer name check box. Click Next.
The Adding accounts window opens (see the following figure).
Figure 8. Application Setup Wizard. Adding accounts

Create a list of accounts that have administrator privileges on computers that are selected for installation
(see the following figure).

To add accounts, for each account do the following:
a.
In the Account text box, enter the account name.
b.
In the Password text box, enter the password for the account.
c.
Click the Add button.
The added account appears on the list of accounts in the lower part of the window.
27
USER GUIDE

To modify settings of an account:
a.
In the list select an account and click the Edit button.
b.
Edit the account name in the Account text box.
c.
Change the account password in the Password text box.
d.
Click the Save changes button (see the following figure).
Figure 9. Application Setup Wizard. Modifying an account
The new name and password of the selected account will be saved.
7.

To delete an account from the list, in the list of accounts select an account that you want to delete and click
the Remove button.

To modify the order in which the setup wizard applies the accounts when starting remote installation on
computers:

To move the account up in the list, select an account and click the Move up button.

To move the account down in the list, select an account and click the Move down button.
Start remote application installation by clicking the Start button.
The remote installation starts on the computers you selected. The Installing <Application name> to the
following computers window opens, containing a list of tasks of application installation to selected computers
of your network.
You can view the list of installation tasks using the following interface elements:

Icon
– Sorts the list of installation tasks by the selected field in ascending or descending
alphabetical order.
28
INSTALLING
APPLICATIONS TO NETWORKED COMPUTERS

Icon
— Opens the section of information about the selected computer.

Icon
— Closes the section of information about the selected computer.
The section of information about the computer on which remote application installation has been run, contains
the following information:
8.

Computer name. Network name of the computer.

Status. Application installation status. After remote installation is started, the status changes to
Installation in progress.

IP address. Network address of the computer.

Domain. Name of the network domain where the computer is registered.
To exit the Application Setup Wizard, click the Finish button. The installation tasks keep on running.
If the remote installation is successful, such computers are automatically added to the Managed computers
administration group.
Remote application installation may return an error: for example, if another such application has been already
installed to the computer. Installation tasks that have returned an error, are displayed on the list of tasks with the
Installation error status. If remote application installation to one or more computers returns an error, you can install
the application locally.
You can run only one remote installation task at once. If you run one more remote installation task before the current
remote installation completes, the latter will be stopped.
SEE ALSO:
About Update Agent ........................................................................................................................................................ 24
About installation of applications ..................................................................................................................................... 24
Defining an Update Agent ............................................................................................................................................... 26
VIEWING INFORMATION ABOUT THE STATUS OF REMOTE
INSTALLATION OF AN APPLICATION
During remote installation of an application, you can view information about the installation status for each of the
computers on which remote installation has been started.
To view status information about remote installation of an application:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
If at least one remote installation of an application has been started, the panel on the left displays the List of
installations link.
3.
Click the List of installations link to open the List of active installations window. The List of active
installations window contains a list of application installations to computers on your network.
29
USER GUIDE
Computers on the list of installations can have the following statuses:

Installation in progress — remote installation of the application has not yet completed.

Installation error — remote installation of the application has completed with an error. We recommend that you
install the application manually.
SEE ALSO:
Installing an application remotely .................................................................................................................................... 26
LOCAL INSTALLATION MODE
You can install Kaspersky Lab applications and third-party applications to computers on your network in local installation
mode. Local installation of applications can be performed in one of the two following ways:

Manual installation with the distribution package. You can download the application distribution package to a
computer and perform installation manually, following the Distribution Package Installation Wizard's instructions.
Manual installation (hereinafter also referred to as manual installation mode) requires your immediate
participation in application installation on each computer. You can allow users of your network to perform
unassisted manual installation of applications to their computers, by moving distribution packages to a shared
network folder. A user account on a computer or in a network domain should have rights required for installation
of applications to the target computer.

Installation using an installation package. To perform application installation in this way, you should publish the
application installation package. After publishing, Kaspersky Security Center Web Console provides a link to the
published installation package. Then you can use this link to download the published installation package to the
computer and run it. After running the published installation package, the application installation will be
performed automatically. You can allow users of your network to perform unassisted installation of applications
to their computers using published installation packages; to do this, send users links to published installation
packages (for example, by email).
IN THIS SECTION:
Publishing installation packages ..................................................................................................................................... 30
Viewing the list of published installation packages .......................................................................................................... 31
Canceling installation package publishing ....................................................................................................................... 31
Installing an application using a published installation package ...................................................................................... 32
PUBLISHING INSTALLATION PACKAGES
To publish installation packages:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Applications tab.
3.
Click the Add link in the left part of the window to open the Add Packages Wizard window.
A window opens showing a list of published installation packages.
4.
Select the check boxes for installation packages that you want to publish. If you want to publish all of the
installation packages on the list, select the check box next to the Installation package name header.
30
INSTALLING
5.
APPLICATIONS TO NETWORKED COMPUTERS
Click the Publish button.
The statuses of the installation packages that you have selected changes to Publishing. Publishing of the
selected installation packages starts.
6.
Click the Close button to close the Add packages window.
Publishing of installation packages continues in automatic mode. After the publishing completes, the installation
packages are added to the list of published installation packages.
Published installation packages are stored on Administration Server. Kaspersky Security Center Web Console provides
links for downloading published installation packages. You can send those links to users of your network.
SEE ALSO:
About installation packages............................................................................................................................................. 25
Canceling installation package publishing ....................................................................................................................... 31
Viewing the list of published installation packages .......................................................................................................... 31
VIEWING THE LIST OF PUBLISHED INSTALLATION PACKAGES
To view a list of published installation packages:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Applications tab.
A window opens showing a list of published installation packages.
The list contains the following information about published installation packages:

Installation package name. The name of the published installation package.

Installation package URL. A URL used to download the published installation package from the local network.
If a newer version of the installation package is available on Administration Server, you can update the package by
clicking the Update button located next to the installation package.
You can send links to published installation packages to users of your network (for example, by email). Users of your
network can use them for downloading published installation packages to their computers and for installing applications.
SEE ALSO:
About installation packages............................................................................................................................................. 25
CANCELING INSTALLATION PACKAGE PUBLISHING
You can cancel publishing of an installation package (for example, if its version has gone out of date).
To cancel publishing of an installation package:
1.
Open the main application window (see the section "Application interface" on page 11).
31
USER GUIDE
2.
Select the Applications tab.
A window opens showing a list of published installation packages.
3.
On the list, find the installation package for which you want to cancel publishing, and click the Block access
button in the corresponding line.
The text package deleted, access blocked appears in the line. Publishing of the selected installation package
will be canceled. The package becomes unavailable for download.
After publishing is canceled, the installation package is deleted from Administration Server and becomes unavailable
for download. The link to the installation package becomes inactive.
SEE ALSO:
About installation packages............................................................................................................................................. 25
INSTALLING AN APPLICATION USING A PUBLISHED INSTALLATION
PACKAGE
To install an application a published installation package:
1.
Download a published installation package to the computer to which you want the application installed. To do
this, use the link received after publishing of the installation package.
To find the link that you should click to download the published installation package from the local network, open
the list of published packages (see the section "Viewing the list of published installation packages" on page 31).
2.
Run the published installation package. After you have run it, the installation will be performed automatically.
3.
Wait until the application installation completes.
SEE ALSO:
About installation of applications ..................................................................................................................................... 24
Viewing a list of computers.............................................................................................................................................. 20
Connecting to Administration Server ............................................................................................................................... 13
Defining an Update Agent ............................................................................................................................................... 26
32
MANAGING POLICIES
A policy is a collection of application settings that are defined for an administration group. By using policies, you can
specify common values for the application settings in a centralized manner for all the client computers in an
administration group, as well as forbid any changes in the settings to be made locally via the application interface. The
policy does not define all application settings.
Several policies with different values can be defined for a single application. However, there can be only one active
policy for an application at a time. You can activate a disabled policy based on occurrence of a certain event. This means
that you can, for example, enforce stricter anti-virus protection settings during virus outbreaks.
An application can run in different ways for different groups of settings. Each group can have its own policy for an
application.
Also, policies for mobile users can be created. If connection between Administration Server and a client computer is
interrupted, the client computer starts running under the policy for mobile users (if it is defined), or the policy keeps
running under the applied settings until the connection is re-established.
After a policy is deleted or revoked, the application continues working with the settings specified in the policy. Those
settings can be subsequently modified manually.
IN THIS SECTION:
Viewing a list of policies .................................................................................................................................................. 33
Adding a policy ................................................................................................................................................................ 34
Managing policy profiles .................................................................................................................................................. 35
Activating a policy ........................................................................................................................................................... 38
Modifying a policy ............................................................................................................................................................ 38
Applying an out-of-office policy ....................................................................................................................................... 38
Deleting a policy .............................................................................................................................................................. 39
Managing mobile devices using an MDM policy .............................................................................................................. 39
VIEWING A LIST OF POLICIES
You can view a list of policies created for computers on your network that are managed by Administration Server. You
can view the lists of policies for each administration group separately.
To view a list of policies:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
In the window that opens, select the Policies tab.
4.
In the left part of the window select an administration group for which you want to view a list of policies:
33
USER GUIDE
A list of policies for the selected administration group is displayed on the screen (see figure below).
Figure 10. Viewing a list of policies
The list of policies contains the following information:

Policy name.

Policy status (active, inactive, for mobile users).

Name of the application for which the policy has been created.
To view information about a specific policy, use the following interface elements to find it on the list:

Buttons

Icon
in the column header – Sorts entries on the list of policies by column value in ascending or descending
alphabetical order.
– Goes to the next / previous, first / last page of the list of policies.
ADDING A POLICY
To add a policy:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Managed computers section.
4.
In the Managed computers section, select the Policies tab.
5.
In the left part of the window, select the administration group for which you want to add a policy.
6.
Click the Add button.
The New Policy Wizard opens, showing the Welcome page.
7.
Click the Create policy button.
34
MANAGING
8.
POLICIES
In the Select application for group policy creation window of the Wizard, select the application for which you
want to create a policy and click the Next button.
A window opens for entering the name of the new group policy.
9.
In the Policy name field, enter a name for the group policy being created.
10. Click the Run button to close the New Policy Wizard.
The new policy created by the Wizard will be added to the list of policies on the Policies tab (see the section
"Viewing the list of policies" on page 33). By default, the newly created policy is assigned the Inactive status. You
can change the policy's status in the Status column of the list of policies.
You can create several policies for one application from the group, but only one policy can be active at a time. When you
create new active policy, the previous active policy becomes inactive.
When creating a policy, you can specify a minimum set of parameters required for the application to function properly. All
other values are set to the default values applied during the local installation of the application. You can change the
policy after it is created.
Settings of Kaspersky Lab applications changed after policies are applied are described in details in their respective Guides.
After the policy is created, all settings prohibited to modify (marked with the "lock"
regardless of what settings had been defined for the application earlier.
) take effect on client computers
MANAGING POLICY PROFILES
This section provides information about policy profiles that are used for efficient management of groups on client
computers and mobile devices. The advantages of policy profiles are described, as well as ways of applying them.
ABOUT POLICY PROFILES
Policy profile is a named set of variable settings of a policy that is activated on a client computer when specific conditions
are met. Activation of a profile modifies the policy settings that had been active on the computer before the profile was
activated. Those settings take values that have been specified in the profile.
Policy profiles are only supported for Kaspersky Endpoint Security 10 for Windows and Kaspersky Mobile Device
Management 10 Service Pack 1.
Advantages of policy profiles
Policy profiles simplify the management of client computers using policies:

Profiles contain only settings that differ from the basic policy.

You do not have to maintain and manually apply several instances of a single policy that differ only by a few
settings.

You do not have to allocate an individual out-of-office policy.

New policy profiles are easy to create since export and import of profiles are supported, as well as creation of
new profiles based on existing ones by copying.

Several policy profiles can be active on a single client computer simultaneously.

The hierarchy of policies is supported.
35
USER GUIDE
Profile activation rules. Priorities of profiles
A policy profile is activated on a client computer when an activation rule triggers. An activation rule can contain the
following conditions:

The Network Agent on a client computer connects to the Server with a specified set of connection parameters,
such as Server address, port number, etc.

The client computer is running in standalone mode.

The client computer has been assigned specified tags.

The client computer is located in a specific unit of Active Directory®, the computer or its owner is located in a
security group of Active Directory.
Profiles that have been created for a policy are sorted in descending order of priority. If profile X precedes profile Y on
the list of profiles, this means that X has a higher priority than Y. The priorities of profiles are necessary because several
profiles may be active simultaneously on a client computer.
Policies in the hierarchy of administration groups
While policies influence each other in accordance with the hierarchy of administration groups, profiles with identical
names merge. Profiles of a 'higher' policy have a higher priority. For example, in administration group A, policy P(A) has
profiles X1, X2, and X3 (in descending order of priority). In administration group B, which is a subgroup of group A, policy
P(B) has been created with profiles X2, X4, X5. Then policy P(B) will be modified with policy P(A) so that the list of
profiles in policy P(B) will look as: X1, X2, X3, X4, X5 (in descending order of priority). The priority of profile X2 will
depend on the initial state of X2 of policy P(B) and X2 of policy P(A).
The active policy is the sum of the main policy and all active profiles of that policy, i.e., profiles for which the activation
rules trigger. The active policy is recalculated when you start Network Agent, enable and disable the out-of-office mode,
or edit the list of tags assigned for the client computer.
Properties and restrictions of policy profiles
Profiles have the following properties:

Profiles of an inactive policy have no impact on client computers.

If a policy is active in standalone mode, profiles of that policy will also be applied in standalone mode only.

Profiles do not support static analysis of access to executable files.

A policy cannot contain notification settings.

If UDP port 15000 is used for connection of a client computer to Administration Server, you should activate the
corresponding policy profile within one minute when assigning a tag to the client computer.

You can use rules of connection between Network Agent and Administration Server when creating profile
activation rules.
ADDING A POLICY PROFILE
To add a policy profile:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Managed computers section.
4.
In the Managed computers section, select the Policies tab.
36
MANAGING
5.
In the left part of the window, select an administration group.
6.
In the list of policies, select the policy for which you want to add a profile.
7.
Click the Show policy profiles button
POLICIES
The list of policy profiles opens.
8.
Click the Add button.
The New Policy Profile Wizard opens, showing the Welcome page.
9.
Click the Create policy profile button.
A window opens for entering the policy profile settings.
10. In the upper entry field, specify the name of a policy profile. The name of a profile cannot include more than 100
characters.
11. In the Activation rules list, click the Add button to create a rule by which the policy profile will be activated.
12. Select the Enable profile check box to allow client computers or managed devices to use the policy profile.
13. Click the Run button to close the New Policy Profile Wizard.
The new policy profile that has been created by the Wizard will be added to the list of policy profiles. You can view
the list of policy profiles on the Policies tab by clicking the Show policy profiles button. You can define the settings
for the newly created policy profile on the Policies tab by clicking the Edit button (see page 37).
MODIFYING A POLICY PROFILE
You can edit the settings of a policy profile for Kaspersky Lab applications after the policy profile is created.
To modify a policy profile:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
In the left part of the window, select an administration group.
4.
In the list of policies, select the one for which you want to edit the profile settings.
5.
Click the Show policy profiles button
In the lower part of the window, a list of policy profiles opens.
6.
Select the profile of which you want to edit the settings.
7.
Click the Edit button.
The group policy properties window appears on the screen.
8.
Configure the policy profile and the Kaspersky Lab application in the respective sections.
The settings of Kaspersky Lab applications are described in detail in the respective Guides.
9.
Click the OK button to complete the editing of the profile settings.
The settings that have been edited will take effect either after the client computer (or the managed device) is
synchronized with Administration Server (if the policy profile is active), or after an activation rule triggers (if the policy
profile is inactive).
37
USER GUIDE
ACTIVATING A POLICY
To make a policy active for a selected administration group:
1.
In the main application window (see the section "Application interface" on page 11), on the Infrastructure tab
select the Policies tab.
2.
From the list select a policy that you want to activate.
3.
From the dropdown list, in the Status column select the Active value.
As a result, the policy becomes active for the selected administration group.
When a policy is applied to a large number of clients, both the load on the Administration Server and the network traffic
increase significantly for a period of time.
MODIFYING A POLICY
You can edit the settings of group policies for Kaspersky Lab applications after they are created.
To edit a policy:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Managed computers section.
4.
In the Managed computers section, select the Policies tab.
5.
In the left part of the window, select the administration group for which you want to edit the policy.
6.
In the list of policies, select the one of which you want to edit the settings.
7.
Click the Edit button.
The group policy properties window appears on the screen.
8.
Define the settings of the Kaspersky Lab application.
The settings of Kaspersky Lab applications are described in detail in the respective Guides.
9.
Click the OK button to complete the editing of the policy settings. To apply the settings, click the Apply button. To
abort the policy editing, click the Cancel button. In this case, all changes of the policy settings will be discarded.
APPLYING AN OUT-OF-OFFICE POLICY
An out-of-office policy takes effect on a computer in case it is disconnected from the enterprise network.
To apply the selected out-of-office policy,
1.
In the main application window (see the section "Application interface" on page 11), on the Infrastructure tab
select the Policies tab.
2.
From the list select a policy that you want to apply to mobile users.
3.
From the dropdown list, in the Status column select the For mobile users value.
As a result, the policy applies to the computers in case they are disconnected from the enterprise network.
38
MANAGING
POLICIES
DELETING A POLICY
To delete a policy:
1.
In the main application window (see the section "Application interface" on page 11), on the Infrastructure tab
select the Policies tab.
2.
From the list select the policy that you want to delete.
3.
Click the Delete button.
4.
In the window that opens, confirm the operation by clicking the Yes button.
As a result, the policy will be deleted from the list.
MANAGING MOBILE DEVICES USING AN MDM POLICY
This section provides information about how to handle the policy for Kaspersky Mobile Device Management 10 Service
Pack 1.
ABOUT THE MDM POLICY
To manage iOS MDM and EAS devices, you can use the management plug-in of Kaspersky Mobile Device Management
10 Service Pack 1, which is included in the distribution kit of Kaspersky Security Center. Kaspersky Mobile Device
Management lets you create group policies for specifying the configuration settings of iOS MDM and EAS devices. A
group policy that allows viewing and defining the configuration settings of iOS MDM devices and EAS devices, is called
an MDM policy.
An MDM policy provides the administrator with the following options:


For managing EAS devices:

Configuring the device unlocking password.

Configuring the data storage on the device in encrypted form.

Configuring the synchronization of the corporate mail.

Configuring the hardware features of mobile devices, such as the use of removable media, the use of the
camera, or the use of Bluetooth.

Configuring restrictions on the use of mobile applications on the device.
For managing iOS MDM devices:

Configuring device password security settings.

Configuring restrictions on the use of hardware features of the device and restrictions on installation and
removal of mobile apps.

Configuring restrictions on the use of pre-installed mobile apps, such as YouTube™, iTunes Store, Safari.

Configuring restrictions on media content viewed (such as movies and TV shows) by region where the
device is located.

Configuring settings of device connection to the Internet via the proxy server (Global HTTP proxy).
39
USER GUIDE

Configuring the settings of the account using which the user can access corporate apps and services
(Single Sign On technology).

Monitoring Internet usage (visits to websites) on mobile devices.

Configuring settings of wireless networks (Wi-Fi), access points (APN), and virtual private networks (VPN)
that use different authentication mechanisms and network protocols.

Configuring settings of the connection to AirPlay devices for streaming photos, music, and videos.

Configuring settings of the connection to AirPrint printers for wireless printing of documents from the device.

Configuring settings of synchronization with the Microsoft Exchange server and user accounts for using
corporate email on devices.

Configuring user accounts for synchronization with the LDAP directory service.

Configuring user accounts for connecting to CalDAV and CardDAV services that give users access to
corporate calendars and contact lists.

Configuring settings of the iOS interface on the user's device, such as fonts or icons for favorite websites.

Adding new security certificates on devices.

Configuring settings of the SCEP server for automatic retrieval of certificates by the device from the
Certification Center.

Adding custom settings for operation of mobile apps.
The general operating principles of an MDM policy do not differ from the operating principles of policies created for
managing other apps. An MDM policy is special in that it is assigned to an administration group that includes the iOS
MDM Mobile Device Server and the Exchange Active Sync mobile device server (hereinafter "mobile device servers"). All
settings specified in an MDM policy are first applied to mobile device servers and then to mobile devices managed by
those servers. In the case of a hierarchical structure of administration groups, slave mobile device servers receive MDM
policy settings from master mobile device servers and distribute them to mobile devices.
For detailed information about how to use the MDM policy in Administration Console of Kaspersky Security Center
please refer to the Kaspersky Security Mobile Administrator's Guide.
CONFIGURING AN MDM POLICY
Using an MDM policy, you can define the configuration settings of EAS devices and iOS MDM devices. You can define
the settings of EAS devices in the MDM policy properties window, in the Settings of EAS devices section. You can
define the settings of iOS MDM devices by means of third-party utilities, such as iPhone Configuration Utility or Apple
Configurator, and then import the settings to the MDM policy. Using such utilities as iPhone Configuration Utility or Apple
Configurator, you can also export the settings of iOS MDM devices to a file for further viewing and editing.
To import the configuration settings of iOS MDM devices from a file:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Managed computers section.
4.
In the Managed computers section, select the Policies tab.
5.
In the left part of the window, select the administration group for which you want to import an MDM policy.
6.
In the list of policies, select the MDM policy of which you want to import the settings.
40
MANAGING
7.
POLICIES
Click the Edit button.
The MDM policy properties window opens.
8.
In the MDM policy properties window, select the Export / Import settings tab.
9.
Click the Import button.
10. In the window that opens, select the file with the mobileconfig extension.
This results in the configuration settings of iOS MDM devices being imported from the selected file to the MDM
policy.
To export the configuration settings of iOS MDM devices to a file:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Managed computers section.
4.
In the Managed computers section, select the Policies tab.
5.
In the left part of the window, select the administration group for which you want to export an MDM policy.
6.
In the list of policies, select the MDM policy of which you want to export the settings.
7.
Click the Edit button.
The MDM policy properties window opens.
8.
In the MDM policy properties window, select the Export / Import settings tab.
9.
Click the Export button.
This results in the configuration settings of iOS MDM devices being exported to a file with the mobileconfg
extension. You can open that file with iPhone Configuration Utility or Apple Configurator.
41
MANAGING USER ACCOUNTS
Kaspersky Security Center Web Console lets you manage user accounts and user groups. The application supports two
types of accounts:

Accounts of organization employees. Administration Server retrieves data of the accounts of those users when
polling the organization's network.

Internal user accounts. Those are applied when handling virtual Administration Servers. The accounts of
internal users are created and used only within Kaspersky Security Center Web Console.
You can view all user accounts in the Users section (see page 42).
You can perform the following actions on user accounts and user groups:

Filter the list of accounts (see page 43).

View the account details (see page 44).

View the list of the user's mobile devices (see page 45).
IN THIS SECTION:
Viewing the list of accounts ............................................................................................................................................. 42
Filtering the list of accounts ............................................................................................................................................. 43
View account settings...................................................................................................................................................... 44
Viewing the list of a user's mobile devices ...................................................................................................................... 45
VIEWING THE LIST OF ACCOUNTS
When managing accounts, you can view a list of user accounts and user groups created on the Administration Server.
To view the list of accounts:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Users section.
The Users section displays a list of user accounts (see the following figure). By default, the list of accounts
contains the following information about users:

An icon for the account type. The
icon signifies that the account has been created for one user. The
icon signifies that the account has been created for a group of users.

User name. The name of an account or group of accounts.
You can add columns with additional information about an account to the list by clicking the Display button.
4.
View the list of accounts by using the following interface elements:
42
MANAGING

The

the
USER ACCOUNTS
buttons to go to the next / previous, first / last page of the list of accounts.
icon in the column header signifies sorting accounts on the list in alphabetical order.
Figure 11. List of user accounts
FILTERING THE LIST OF ACCOUNTS
For convenient management of the list of accounts, you can filter it based on specified settings.
To filter the list of accounts:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Users section.
A list of user accounts appears on the screen.
4.
Click the link next to the Filter marking in the upper part of the window to open the filter settings window.
5.
In the Filter: Users window that opens, configure filtering of the list of accounts:
6.

By specific text contained in the account data.

By account data, such as name, user type, organization name, email address, etc.
Click the OK button to filter the list of accounts.
You can click the Disable filter link in the upper part of the Users section to cancel filtering of the list of accounts.
43
USER GUIDE
VIEW ACCOUNT SETTINGS
To view the account data:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Management tab, select the Users section.
The Users section displays a list of user accounts.
4.
In the list, select the account of a user or group of users of which you want to view the data.
5.
At the top of the section, click the Information button.
6.
In the User information window that opens, select the User data section.
The account data appears on the screen (see figure below).
Figure 12. User account data
44
MANAGING
USER ACCOUNTS
VIEWING THE LIST OF A USER'S MOBILE DEVICES
To view the list of users' mobile devices:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Users section.
A list of user accounts appears on the screen.
4.
In the list, select the user account whose list of mobile devices you want to view.
5.
At the top of the section, click the Information button.
6.
In the User information window that opens, select the User device section.
A list of the user's mobile devices connected to the Administration Server appears on the screen (see figure below).
Figure 13. List of the user's mobile devices
In the User devices section, you can view information about each device of the user, as well as send a command to a
selected device, track the status of its execution in the command log, or remove the device from the list.
45
MANAGING MOBILE DEVICES
Kaspersky Security Center Web Console allows managing users' mobile devices that have been connected to Kaspersky
Security Center Administration Server. Such mobile devices are called managed mobile devices.
The list of all managed mobile devices is displayed in the Mobile devices section, on the Manage tab of the main
application window.
You can take the following actions on users' mobile devices:

View information about a mobile device (see page 47).

View information about the owner of a mobile device (see page 47).

Send commands to a mobile device (see page 49).

View the commands execution log (see page 49).

Remove mobile devices from the list (see page 50).
IN THIS SECTION:
Viewing the list of mobile devices .................................................................................................................................... 46
Viewing mobile device settings ....................................................................................................................................... 47
Viewing information about the owner of a mobile device ................................................................................................ 47
Commands for mobile device management .................................................................................................................... 48
Sending commands to a mobile device ........................................................................................................................... 49
Viewing the commands log ............................................................................................................................................. 49
Removing a mobile device from the list ........................................................................................................................... 50
VIEWING THE LIST OF MOBILE DEVICES
You can view a list of all mobile devices managed by the Administration Server.
To view the list of mobile devices:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Mobile devices section.
The Mobile devices section displays a list of managed mobile devices (see figure below). By default, the list
contains the following information about devices:

Status: information about the connection and operation of the mobile device.

About the device: general information about the device — name of the mobile device in Kaspersky
Security Center, names of the company and department, name and version of the operating system, phone
number.
46
MANAGING
4.
View the list of mobile devices by using the
page of the list of mobile devices.
MOBILE DEVICES
buttons to jump to the next / previous, first / last
Figure 14. List of managed mobile devices
VIEWING MOBILE DEVICE SETTINGS
To view the settings of a mobile device:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Mobile devices section.
The Mobile devices section displays a list of managed mobile devices
4.
In the list, select a mobile device whose settings you want to view.
5.
At the top of the section, click the Properties button.
6.
In the Device Information window that opens, select the Device data section.
Information about the mobile device (operating system version of the operating system, model, phone number on
the SIM card, etc.) appears on the screen.
To view the settings required for the operation of the device management protocol, select the <Protocol name>
settings section, or Additional <protocol name> settings, or Kaspersky Endpoint Security.
VIEWING INFORMATION ABOUT THE OWNER OF A MOBILE
DEVICE
To view information about the user of a mobile device:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
47
USER GUIDE
3.
On the Manage tab, select the Mobile devices section.
The Mobile devices section displays a list of managed mobile devices
4.
In the list of mobile devices, select the one about which you want to view information.
5.
At the top of the section, click the Properties button.
6.
In the Device information window that opens, select the Owner section.
The details of the user account under which the mobile device has been connected to Administration Server appear
on the screen (full name of the account, organization name, account domain, email address, etc.).
COMMANDS FOR MOBILE DEVICE MANAGEMENT
Kaspersky Security Center Web Console supports commands for mobile device management.
Such commands are used for remote management of mobile devices. For example, in case your mobile device is lost,
you can delete all corporate data from the device by using a command.
You can use commands for the following types of managed mobile devices:

iOS MDM devices.

KES devices.

EAS devices.
Each device type supports a dedicated set of commands. The following table shows sets of commands for each of the
device types.
For all types of devices, if the Delete data command is successfully executed, all data will be deleted from the device,
the device settings will be rolled back to their default values.
After successful execution of the Delete corporate data command on an iOS MDM device, all installed configuration
profiles, provisioning profiles, the iOS MDM profile, and applications for which the Remove together with iOS MDM
profile check box has been selected, are removed from the device.
If the Delete corporate data command is successfully executed on a KES device, all corporate data, entries in Contacts,
the SMS history, the call log, the calendar, the Internet connection settings, and the user's accounts, except for the
Google™ account, will be deleted from the device. For a KES device, all data from the memory card will also be deleted.
Table 2.
List of supported commands
MOBILE DEVICE TYPE
COMMANDS
COMMAND EXECUTION RESULT
iOS MDM device
Lock
Device locked.
Unlock
Device locking with a PIN code is disabled. The previously specified
PIN code has been reset.
Data Wipe
All data deleted from the device, settings rolled back to the default
values.
Delete corporate data
All installed configuration profiles, provisioning profiles, the iOS
MDM profile, and applications for which the Remove together with
iOS MDM profile check box has been selected, are removed from
the device.
48
MANAGING
MOBILE DEVICES
MOBILE DEVICE TYPE
COMMANDS
COMMAND EXECUTION RESULT
KES device
Unlock
Device locking with a PIN code is disabled. The previously specified
PIN code has been reset.
Data Wipe
All data deleted from the device, settings rolled back to the default
values.
Delete corporate data
Corporate data, entries in Contacts, the SMS history, the call log,
the calendar, the Internet connection settings, the user's accounts
(except for the Google account) have been deleted. Memory card
data has been wiped.
Locate
Device locked. Device located and shown on Google Maps™. The
mobile carrier charges a fee for sending the text message and for
providing Internet connection.
Mugshot
Device locked. The photo has been taken by the front camera of the
device and saved on Administration Server. Photos can be viewed
in the command log. The mobile carrier charges a fee for sending
the text message and for providing Internet connection.
Alarm
Device locked. The device emits a sound signal.
Data Wipe
All data deleted from the device, settings rolled back to the default
values.
EAS device
SENDING COMMANDS TO A MOBILE DEVICE
You can send commands to manage mobile devices remotely.
To send a command to a mobile device:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Mobile devices section.
4.
The Mobile devices section displays a list of managed mobile devices
5.
Select the mobile device to which you want to send a command in the list.
6.
At the top of the section, click the Properties button.
7.
In the Device Information window that opens, select the Device management section.
8.
In the list of commands, select the one that you want to be executed on the device, and click the button with its
name.
Depending on the command that you have selected, clicking the button with its name may open an additional
window with a command confirmation prompt. For example, an additional window opens for the Soft Wipe
command, since executing it results in a loss of all device data.
VIEWING THE COMMANDS LOG
To view the log of commands that have been sent to a mobile device:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
49
USER GUIDE
3.
In the window that opens, select the Mobile devices section.
The Mobile devices section displays a list of managed mobile devices
4.
In the list of mobile devices, select the one for which you want to view the command log.
5.
At the top of the section, click the Properties button.
6.
In the Device information window that opens, select the Command execution log section.
A list of commands sent to the device appears on the screen. The command log contains information about
each command that has been sent to the device:

Date Time. The date and time when commands were sent to the device.

Name Status. Command name and status of its execution.
REMOVING A MOBILE DEVICE FROM THE LIST
To remove a mobile device from the list:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
On the Manage tab, select the Mobile devices section.
A list of managed mobile devices appears on the screen.
4.
Select the check box next to the mobile device that you want to remove from the list.
You can select several mobile devices.
5.
Click the Remove button in the upper part of the section.
6.
In the Removal window that opens, confirm removal of the device from the list by clicking the Remove button.
This removes the selected mobile device from the list and disconnects it from Administration Server management.
50
MANAGING TASKS
Administration Server manages applications installed on client computers, by creating and running tasks. Tasks are
required for installing, launching and stopping applications, scanning files, updating databases and software modules,
and taking other actions on applications.
Any number of tasks can be created for each application.
You can start and stop tasks, view run results, and delete tasks.
The run results of tasks are saved both on Administration Server in a centralized manner and locally on each client
computer.
IN THIS SECTION:
Viewing a list of tasks ...................................................................................................................................................... 51
Starting and stopping a task manually ............................................................................................................................ 52
Viewing task run results .................................................................................................................................................. 53
Deleting tasks.................................................................................................................................................................. 53
VIEWING A LIST OF TASKS
You can view lists of tasks created for computers on your network that are managed by Administration Server. You can
view the lists of tasks for each administration group separately.
To view a list of tasks:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Manage tab.
3.
In the window that opens, select the Tasks tab.
4.
In the left part of the window select an administration group for which you want to view a list of tasks:
51
USER GUIDE
A list of tasks for the selected administration group is displayed on the screen (see figure below).
Figure 15. Viewing a list of tasks
The list of tasks contains the following information:

Task name.

The name of the application for which the task has been created.
The bottom part of the window displays the run statistics for the task selected from the list of tasks.
To view information about a specific task, use the following interface elements to find it on the list:

Buttons

Icon
in the column header – Sorts entries on the list of tasks by column value in ascending or descending
alphabetical order.
– Goes to the next / previous, first / last page of the list of tasks.
STARTING AND STOPPING A TASK MANUALLY
To start or stop a task manually:
1.
In the main application window (see the section "Application interface" on page 11), on the Manage tab, select
the Tasks tab.
2.
From the list select a task that you want to start or stop.
3.
Click the Start or Stop button.
As a result, the task will be started or stopped.
52
MANAGING
TASKS
Tasks are launched on a client only if the application for which the task was created is running. When the application is
not running, all running tasks are canceled.
VIEWING TASK RUN RESULTS
To view the run results of a task:
1.
In the main application window (see the section "Application interface" on page 11), on the Manage tab, select
the Tasks tab.
2.
From the list of tasks select one for which you want to view the run results.
3.
Click the View results button.
The run results for the selected task are displayed in the window that opens.
DELETING TASKS
To delete a task, perform the following steps:
1.
In the main application window (see the section "Application interface" on page 11), on the Manage tab, select
the Tasks tab.
2.
From the list of tasks select one that you want to delete.
3.
Click the Delete button.
4.
In the window that opens, confirm the task deletion by clicking the Yes button.
As a result, the task will be deleted from the list.
53
WORKING WITH REPORTS
This section provides instructions on how to perform the following operations on reports from the Administration Server to
which the application is connected: view, print, send by email, save report data to file.
IN THIS SECTION:
About reports................................................................................................................................................................... 54
Actions on reports ........................................................................................................................................................... 54
Viewing reports ............................................................................................................................................................... 55
Exporting reports ............................................................................................................................................................. 56
Configuring report delivery .............................................................................................................................................. 56
ABOUT REPORTS
Kaspersky Security Center Web Console allows you to gain access to reports of Administration Server to which the
application is connected.
Reports provide various information about the status of the protection system covering computers managed by
Administration Server.
The list of available reports is created by your service provider's administrator. The list of reports may vary depending on
the access rights assigned to your account.
ACTIONS ON REPORTS
You can perform the following operations on Administration Server reports:

View reports
You can view reports published for you by the service provider's administrator. The reports are read-only. You
cannot modify them.

Export reports
After viewing a report, you can export it and save it, for example, for later analysis and processing. You can
export a report in any of the three formats: HTML, XML, or PDF.

Configure automatic report delivery by email
Administration Server permits automatic delivery of reports by email. You may need to configure Kaspersky
Security Center Web Console to deliver reports by email to you and other staff members involved in anti-virus
protection of your network (for example, system administrators or other IT specialists).
You can manage the automatic delivery of reports by readjusting the delivery settings: the set of reports to
deliver and the list of recipients' email addresses. All recipients in the list receive the same set of reports.
Administration Server sends reports once a day, at midnight.
54
WORKING
WITH REPORTS
SEE ALSO:
Viewing reports ............................................................................................................................................................... 55
Exporting reports ............................................................................................................................................................. 56
Configuring report delivery .............................................................................................................................................. 56
VIEWING REPORTS
To view a report:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Reports tab.
3.
In the left part of the window, from the list of reports, select a report that you want to view (see figure below).
Figure 16. Viewing reports
In the right part of the window, the report contents are displayed. In the upper-right part of the window, the date and time
of the report creation are displayed.
You can update the report contents to view updated data.
To update report contents:
Click the
button located in the top right corner of the window.
55
USER GUIDE
EXPORTING REPORTS
To export a report:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Reports tab.
3.
In the left part of the window, click a report that you want to export.
In the right part of the window, the report contents are displayed.
4.
In the upper part of the window, click the link for the export format you want:

To export a report in XML format, click XML.

To export a report in PDF format, click PDF.

To export a report in HTML format, click the HTML.
The report in the selected format opens in the web browser window or in the window of a viewing application
associated with the selected format (such as Acrobat® Reader, for .pdf).
5.
Save the report to file by using browser tools or the viewing application.
CONFIGURING REPORT DELIVERY
To configure report delivery by email:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
Select the Reports tab.
3.
Click the link in the upper part of the main window to open the Configuring reports delivery window.
4.
In the list of reports, select the check boxes next to reports that you want to include in the delivery. If you want to
include all reports in the delivery, select the check box next to Report type.
5.
Create a delivery list containing recipient email addresses:

To add an email address to the delivery list:
a.
Enter the email address in the Recipient's address text box.
b.
Push the Enter key.
The new email address is displayed in the delivery list.

To remove an email address from the delivery list, select an address that you want to remove and click the
Remove button.

To modify an email address in the delivery list:
a.
In the delivery list select the email address that you intend to modify.
The selected email address is displayed in the Recipient address field.
b.
Change the email address in the Recipient's address field, and push the Enter key.
The new email address is displayed in the delivery list.
6.
Click the Save button.
The notification delivery settings are applied immediately.
56
CHANGING YOUR ACCOUNT PASSWORD
You can change the password of your account after you log in to Kaspersky Security Center Web Console. You might
have to change your password, for example, if you want to set a password that is easier to remember.
To change the password of your account:
1.
Open the main application window (see the section "Application interface" on page 11).
2.
In the upper-right corner of the screen, click the Change password link and open the Change password
window.
3.
In the New password and Confirm password text boxes enter the new password.
4.
Click the Change password button.
The password of your account is changed.
57
EXITING KASPERSKY SECURITY CENTER
WEB CONSOLE
You can log off Kaspersky Security Center Web Console from any tab of the application interface.
To exit the application, you should first log off Kaspersky Security Center Web Console.
If you exit the web browser without logging off (for example, by closing the window or the web browser tab), the sessions
remains active for the next 24 hours.
To log off Kaspersky Security Center Web Console,
from the main application window (see the section "Application interface" on page 11), click the Log out link in the
top right corner of the window.
You have just logged off Kaspersky Security Center Web Console. In the web browser an entry window for user
name and password opens (see the section "Connecting to Administration Server" on page 13).
58
GLOSSARY
A
ADMINISTRATION SERVER
A component of Kaspersky Security Center that centrally stores information about all Kaspersky Lab applications that are
installed within the corporate network. It can also be used to manage these applications.
ADMINISTRATION GROUP
A set of computers grouped together in accordance with the performed functions and the Kaspersky Lab applications
installed on those machines. Computers are grouped for convenience of management as one single entity. A group can
include other groups. A group can contain group policies for each application installed in it and appropriate group tasks.
ANTI-VIRUS PROTECTION SERVICE PROVIDER
An organization that provides anti-virus protection services based on Kaspersky Lab solutions.
C
CLIENT ADMINISTRATOR
A staff member of a client company who is responsible for the anti-virus protection status.
E
EAS DEVICE
A mobile device connected to Administration Server over Exchange ActiveSync® protocol. Devices on iOS, Android™,
and Windows Phone® operating systems can be connected and managed over Exchange ActiveSync protocol.
H
HTTPS
Secure protocol for data transfer, using encryption, between a web browser and a web server. HTTPS is used to gain
access to restricted information, such as corporate or financial data.
I
INSTALLATION PACKAGE
A set of files created for remote installation of a Kaspersky Lab application by using the Kaspersky Security Center Web
Console remote administration system. An installation package is created based on special files with the .kpd and .kud
extensions that are included in the application distribution package; it contains a set of settings required for application
setup and its configuration for normal functioning immediately after installation. Parameter values correspond to
application defaults.
IOS
MDM DEVICE
A mobile device that is connected to the iOS MDM Mobile Device Server over iOS MDM protocol. Devices running on
iOS operating system can be connected and managed over iOS MDM protocol.
J
JAVASCRIPT
A programming language that expands the performance of web pages. Web pages created using JavaScript can perform
functions (for example, change the view of interface elements or open additional windows) without refreshing the web
page with new data from a web server. To view pages created by using JavaScript, enable the JavaScript support in the
configuration of your web browser.
59
USER GUIDE
K
KES DEVICE
A mobile device that is connected to Administration Server and managed through Kaspersky Endpoint Security for
Android.
L
LOCAL INSTALLATION
Installation of an anti-virus application to a computer on an organization's network that presumes a manual startup of the
installation process from the distribution package of the anti-virus application or a manual startup of a published
installation package that has been downloaded to the computer preliminarily.
M
MANAGED COMPUTERS
Corporate network computers that are included in an administration group.
MANUAL INSTALLATION
Installation of an anti-virus application to a computer on an organization's network from the distribution package of the
anti-virus application. Manual installation requires an immediate participation of an administrator or another IT specialist.
Usually manual installation is done if remote installation has completed with an error.
N
NETWORK ANTI-VIRUS PROTECTION
A set of technical and organizational measures that lower the probability that viruses and spam will penetrate an
enterprise network, and that block network attacks, phishing, and other threats. Network security increases when antivirus applications and services are used and when a corporate information security policy is in place.
NETWORK PROTECTION STATUS
The current protection status, which defines the safety of corporate network computers. The network protection status
includes such factors as installed anti-virus applications, use of keys, and number and types of detected threats.
R
REMOTE INSTALL
Installation of Kaspersky Lab applications by using the services provided by Kaspersky Security Center Web Console.
S
SSL
A data encryption protocol on the Internet and local networks. SSL is used in web applications to create secure
connection between a client and a server.
SERVICE PROVIDER'S ADMINISTRATOR
A staff member at an anti-virus protection service provider. This administrator performs installation and maintenance jobs
for anti-virus protection systems based on Kaspersky Lab anti-virus products and also provides technical support to
customers.
60
GLOSSARY
U
UPDATE AGENT
A computer within an administration group that acts as an intermediary node of communication between the computers
in the same group and the Administration Server.
An Update Agent can perform the following functions:

Manage updates and installation packages received from the Administration Server by distributing them to client
computers in the group (including such method as multicasting via UDP).
This feature accelerates the distribution of updates and allows freeing up Administration Server resources.

Distribute policies and group tasks through multicasting via UDP.

Act as a connection gateway to the Administration Server for computers in the group.
If direct connection between managed computers in the group and the Administration Server cannot be
established, the Update Agent can be used as a connection gateway to the Administration Server for this group.
In this case, managed computers will be connected to the connection gateway, which, in its turn, will be
connected to the Administration Server.
The availability of an Update Agent that operates as the connection gateway does not block the option of direct
connection between managed computers and the Administration Server. If the connection gateway is not
available, but direct connection with the Administration Server is technically possible, managed computers will
be connected to the Server directly.

Poll the computer network in which it is located.

Perform remote installation of the application through Microsoft Windows tools, including installation on client
computers without Network Agent.
This feature allows remotely transfer installation packages of Network Agent to client computers located on
networks to which the Administration Server has no direct access.
You can view the full list of Update Agents for specified administration groups by creating a report on the list of Update
Agents.
The scope of an Update Agent is the administration group to which it has been assigned, as well as its subgroups of all
levels of embedding. If several Update Agents have been assigned in the hierarchy of administration groups, the
Network Agent of the managed computer connects to the hierarchically closest Update Agent.
W
WEB PORTAL
A means of access over a web browser to the features of Kaspersky Security Center Web Console. A web portal
consists of web pages that contain text and graphical information and management add-ins for Kaspersky Security
Center Web Console SPE. Web pages open in the web browser after you log on to the web portal. To log on to a web
portal, you must have the web portal address, account name and password.
61
KASPERSKY LAB ZAO
Kaspersky Lab software is internationally renowned for its protection: against viruses, malware, spam, network and
hacker attacks, and other threats.
In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions
for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of
computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009".
Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in
Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the
Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The
company employs more than 2000 qualified specialists.
PRODUCTS. Kaspersky Lab’s products provide protection for all systems—from home computers to large corporate
networks.
The personal product range includes anti-virus applications for desktop, laptop, and tablet computers, as well as for
smartphones and other mobile devices.
Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and
firewalls. Used in conjunction with Kaspersky Lab’s centralized management system, these solutions ensure effective
automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified
by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are
optimized to run on many hardware platforms.
Kaspersky Lab’s virus analysts work around the clock. Every day they uncover hundreds of new computer threats, create
tools to detect and disinfect them, and include them in the databases used by Kaspersky Lab applications. Kaspersky
Lab anti-virus database is updated hourly, Anti-Spam database – every 5 minutes.
TECHNOLOGIES. Many technologies that are now part and parcel of modern anti-virus tools were originally developed
by Kaspersky Lab. It is no coincidence that many other developers use the Kaspersky Anti-Virus kernel in their products,
including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies
(Israel), Clearswift (UK), CommuniGate Systems (USA), Openwave Messaging (Ireland), D-Link (Taiwan), M86 Security
(USA), GFI Software (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), Netasq+Arkoon
(France), NETGEAR (USA), Parallels (USA), SonicWALL (USA), WatchGuard Technologies (USA), and ZyXEL
Communications (Taiwan). Many of the company’s innovative technologies are patented.
ACHIEVEMENTS. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer
threats. For example, in 2010 Kaspersky Anti-Virus received a few top Advanced+ awards in a test held by AVComparatives, an acknowledged Austrian anti-virus laboratory. But Kaspersky Lab's main achievement is the loyalty of
its users worldwide. The company’s products and technologies protect more than 300 million users, and its corporate
clients number more than 200,000.
Kaspersky Lab official site:
http://www.kaspersky.com
Virus encyclopedia:
http://www.securelist.com
Anti-Virus Lab:
newvirus@kaspersky.com (only for sending probably infected files
in archives)
Kaspersky Lab web forum:
http://forum.kaspersky.com
62
INFORMATION ABOUT THIRD-PARTY CODE
Information about third-party code is contained in the file legal_notices.txt. In Kaspersky Security Center Web Console,
you can view information from the file legal_notices.txt in the About window by clicking the Information about thirdparty code link.
63
TRADEMARK NOTICE
The registered trademarks and service marks are the property of their owners.
Acrobat is either registered trademark or trademark of Adobe Systems Incorporated in the United States and/or
elsewhere.
The Bluetooth word, mark and logos are owned by Bluetooth SIG, Inc.
Debian is a registered trademark of Software in the Public Interest, Inc.
Android, Google, Google Maps, YouTube are trademarks of Google, Inc.
Fedora, Red Hat, Red Hat Enterprise Linux are trademarks of Red Hat Inc. registered in the United States of America
and elsewhere.
Active Directory, ActiveSync, Internet Explorer, Microsoft, Windows, Windows Phone are trademarks of Microsoft
Corporation registered in the United States of America and elsewhere.
Linux is a trademark owned by Linus Torvalds and registered in the U.S. and elsewhere.
AirPlay, AirPrint, Apple, iTunes, Mac OS, Safari, Leopard, Snow Leopard, Tiger are registered trademarks of Apple Inc.
Mozilla and Firefox are trademarks of the Mozilla Foundation.
64
INDEX
A
Account ........................................................................................................................................................................ 13
password .......................................................................................................................................................... 13, 58
settings ................................................................................................................................................................... 13
user name............................................................................................................................................................... 13
Administration groups............................................................................................................................................. 15, 20
Administration Server ............................................................................................................................................... 8, 15
connection .............................................................................................................................................................. 13
Anti-virus application .................................................................................................................................................... 25
Anti-virus protection
Service provider........................................................................................................................................................8
Anti-virus protection service provider .............................................................................................................................8
Anti-virus securityY ........................................................................................................................................................8
Automatic delivery of reports .................................................................................................................................. 55, 57
C
Client ..............................................................................................................................................................................8
Client administrator .................................................................................................................................................... 5, 8
Computer properties .................................................................................................................................................... 22
Computer status ........................................................................................................................................................... 15
Computers.................................................................................................................................................................... 15
IP address .............................................................................................................................................................. 22
list ........................................................................................................................................................................... 20
managed..................................................................................................................................................... 15, 20, 22
properties................................................................................................................................................................ 22
unassigned ................................................................................................................................................. 15, 20, 22
user name......................................................................................................................................................... 15, 22
Connection ................................................................................................................................................................... 13
H
HTTPS ...........................................................................................................................................................................8
I
Informational area ........................................................................................................................................................ 11
Installation
remote .................................................................................................................................................................... 27
Wizard .................................................................................................................................................................... 27
Installation package ..................................................................................................................................................... 25
J
JavaScript .................................................................................................................................................................... 13
K
Kaspersky Anti-virus ......................................................................................................................................................8
Kaspersky Lab ZAO ..................................................................................................................................................... 63
M
Main window ................................................................................................................................................................ 11
65
USER GUIDE
N
Network protection status ............................................................................................................................................. 15
P
Policy profile ................................................................................................................................................................. 36
Protection status .......................................................................................................................................................... 15
R
Real-time protection status........................................................................................................................................... 15
critical ..................................................................................................................................................................... 15
Ok ........................................................................................................................................................................... 15
warning ................................................................................................................................................................... 15
Reports......................................................................................................................................................................... 55
automatic delivery............................................................................................................................................. 55, 57
saving to file...................................................................................................................................................... 55, 57
View .................................................................................................................................................................. 55, 56
S
Security message ......................................................................................................................................................... 15
list ........................................................................................................................................................................... 15
Service provider's administrator ............................................................................................................................... 8, 25
Session ........................................................................................................................................................................ 59
closing .................................................................................................................................................................... 59
Software requirements ................................................................................................................................................. 10
SSL ................................................................................................................................................................................8
W
Web browser ...................................................................................................................................................... 8, 10, 13
Web interface .................................................................................................................................................................8
Web portal ......................................................................................................................................................................8
address ................................................................................................................................................................... 13
66
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising