SlideShare una empresa de Scribd logo

Kaspersky Security center 10 documentation

Descargar como DOCX, PDF
Tarek Amer
Tarek Amer

Kaspersky Security center 10 SP1 MR2 documentation

Tecnología
1 de 71
1 | P a g e Contents Introduction................................................................................................................................2 Licensing and Activation ...........................................................................................................2 Architecture................................................................................................................................3 A. Network Agents...........................................................................................................3 B. Administration Console...............................................................................................3 C. Administration Server .................................................................................................3 D. Database ......................................................................................................................3 Management Tools.....................................................................................................................4 A. Tasks............................................................................................................................4 B. Commands...................................................................................................................4 C. Policies ........................................................................................................................5 D. Groups and selections..................................................................................................5 System Requirements for Administration Server ......................................................................5 Software requirements ...........................................................................................................5 Ports used by Kaspersky Security Centre 10 .........................................................................6 Hardware requirements..........................................................................................................7 Security Center Initial Deployment ...........................................................................................8 Installation process.................................................................................................................8 Remote Deployment of Kaspersky Endpoint Security for Business .......................................24 Phase 1: Creating Groups.....................................................................................................25 Phase 2: Discovering and adding client computers to groups .............................................29 Phase 3: Automatic Installation of KSC Network Agent +KSE..........................................32 Creating Polices .......................................................................................................................36 Creating a Task:........................................................................................................................62 1- Update antivirus definitions.............................................................................................62 2- Virus scanning .................................................................................................................67
2 | P a g e Introduction Kaspersky Security Center 10 Service Pack 1 Maintenance Release 2 offers the ability to manage multiple operating systems and device types in one integrated platform. The security administrator can manage the all Windows Desktops and Servers,OSx, Linux, Novell, VMware,iOS, Android, Symbian and Windows Mobile devices from a single unified console. This document is intended to provide guidance to successfully test Kaspersky Security Center 10 SP1 MR 2 and its managed components successfully in a controlled manner. Licensing and Activation The new licensing scheme offers the following options: A. Kaspersky Endpoint Security for Business Core allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption and control components. It covers the components installed as part of Basic installation on workstations. In Kaspersky Security Center 10, the Core option provides the protection functionality, except for new features - system management and mobile device management. B. Kaspersky Endpoint Security for Business Select allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption. It covers the components installed as part of Standard installation, both on workstations and file servers. Kaspersky Security 10 for Mobile is also supported. In Kaspersky Security Center 10, the Select option provides the standard protection features and mobile device management. C. Kaspersky Endpoint Security for Business Advanced in Kaspersky Endpoint Security 10 for Windows allows using all protection components, including encryption. It covers the components installed as part of Full installation, both on workstations and file servers. KasperskySecurity 10 for Mobile is also supported. In KasperskySecurity Center10 SP1MR2, the Advanced option provides encryption and system management, in addition to features covered by the Select option.
3 | P a g e Architecture A. Network Agents An agent is a link between the central point (Administration Server) and anti-virus installed on a workstation. It receives settings and commands for the anti-virus and is responsible for their execution. It is also responsible for receiving the data necessary for the anti-virus, in particular, for updates. In the opposite direction, from the anti-virus to the central point (Administration Server), the agent relays the current anti-virus status, command execution results and other information that may interest the administrator. B. Administration Console Console is the interface of the management system. The administrator uses the console to examine managed computers’ status,modify their settings, and run commands. The administrator communicates with Kaspersky Security Center via the console. C. Administration Server Server is the core component of the management system that provides data storing and routing. The server stores the settings specified by the administrator for all anti-viruses, receives from the agents’ information on computers’ protection status, and transmits administrator’s commands. The server also processes information. If the administrator needs a report, not just list of events,Administration Server operates data and transfers the report to be displayed in the console. D. Database Administration Server stores some information in the database. In particular, all events received from the computers, and management system events. The database stores not all system information. For example, anti-virus settings are stored asfiles in the Administration Serverfolder of KasperskySecurity Center. E. All together All Kaspersky Security Center components are connected and work via the Administration Server. The Serverimplements all centralized management functions. The administrator usesthese Serverfunctions via the Console. Network Agents perform these functions at network computers.
4 | P a g e Management Tools A. Tasks Tasksare used for performing actions that have a clear startand logical finish. For example, on-demand scanning. It has a list of objects to be scanned; when started,scans these objects one by one and finishes when all objects are scanned. According to the same principle, updating is a task: when started, connection to the update source is established, the list of available updates and the updates are downloaded. The operation finishes when the downloaded updates are deployed. As a tool for managing actions that have a distinct start,a task has a schedule. As a tool for managing computer groups, a task has its scope—the list of computers where it is to be run. B. Commands Unlike a task that is finished sometime after it starts, a command is an action that is performed virtually instantly and whose result is important immediately. Running a command can be delayed for the time
5 | P a g e necessaryfordelivering the command to the computer, but whenthe command is received,it is executed immediately. For example, computer connection check is a command. Immediate result—the connection is either established or not. Running a task manually is also a command. Result—the task is either running or returns an error. As a command’s result is important immediately, commands have no schedule, they are always run manually. As a centralized management tool, a command has a scope just like a task. C. Policies A policy defines permanent anti-virus properties: for example, rules for processing network connections, report storing time, heuristics level. A policy is, in a sense, the main tool for protection management, as it is in policy where permanent computer protection parameters are specified. A policy hasno schedule. Anti-virus properties defined by a policy are valid until the policy is changed.A policy, as a task, has a scope. D. Groupsand selections A group is a permanent set of computers. Groups are mainly used for defining policy scope: a collection of computers sharing a common policy is a group. As only one policy can be applied to a computer, a computer cannot be included in two groups. Not only a policy, but also tasks may be applied to a group. In addition to groups, Kaspersky Security Center features selections—situational sets of computers having common characteristics. For example, computers running Windows XP or computers where threats were detected over the last 24 hours. A selection can be used as a task or command scope. Policies do not apply to selections. System Requirements for AdministrationServer Softwarerequirements The supported operating systems and requirements for them are listed below:  Windows Server 2003  Windows Server 2003 x64  Windows Server 2008  Windows Server 2008 (kernel-mode )  Windows Server 2008 x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows Server 2008 R2  Windows Server 2008 R2 (kernel-mode )  Windows XP Professional Service Pack 2  Windows XP Professional x64  Windows Vista Service Pack 1  Windows Vista x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows 7  Windows 7 x64 In addition to the operating system, the following software is necessary:
6 | P a g e  Microsoft.NET Framework 2.0 (is included in the distribution kit)  Microsoft Data AccessComponents 2.8 (is included in the distribution kit) Ports used by Kaspersky Security Centre10 To ensure that Kaspersky Security Center 10 SP1 MR2 components are functioning correctly, following ports, described in table below, should be open. These are default ports and most of them could be changed.
7 | P a g e Notice: In case of externalSQL server TCP 1433 and UDP 1434 ports will be used. Hardwarerequirements Minimum hardware requirements are as follows:  CPU:Intel Pentium® 1 GHz or higher (1.4 GHz is the minimum for a 64-bit OS)  RAM: 4 GB  Free disk space:10 GB (When using the Systems Management functionality, at least 100 GB of free disk space should be available).
8 | P a g e Security Center Initial Deployment Installation process Installation can be either custom or typical. During the typical installation, the administrator is prompted to:  Accept the license agreement for Kaspersky Security Center  Select installation type (Typical)  Specify network size  Accept the license agreement for Kaspersky Endpoint Security (is necessary to install its plug-in) Four options are represented for the network size:  Less than 100 computers on network  From 100 to 1000 computers in the network  From 1000 to 5000 computers on network  More than 5000 computers on network
9 | P a g e 1- Welcome screen
10 | P a g e 2- Accept the End User License Agreement
11 | P a g e 3- Select the custom installation
12 | P a g e 4- If you plan to manage mobile devices or integrate with Cisco NAC,select the relevant modules:
13 | P a g e 5- Choose the size of your environment:
14 | P a g e 6- Allow Security Center setup to create an administrative account or select an existing administrator from Active Directory:
15 | P a g e 7- Specify an account for Kaspersky Security Center services :
16 | P a g e 8- Select the type of database to be used - We choose SQL database:
17 | P a g e 9- Select SQL authentication mode:
18 | P a g e Kaspersky Security Center will create a networked shared folder for things like standalone installation packages; you can modify the location of that folder here:
19 | P a g e By default, the Kaspersky Network Agent will communicate over ports 13,000 and 14,000 you have the options of changing this default:
20 | P a g e Select how you wish the server to be identified. It is recommended to use a static IP address to avoid DNS resolution issues, handle split domain environments, and deploy Kaspersky Security for Virtualization and Mobile Device Management most effectively:
21 | P a g e 10- Select application plug-ins to manage Kaspersky applications for the operating system you want to protect:
22 | P a g e 11- Begin the installation:
23 | P a g e Wait till the installation complete:
24 | P a g e Finalize the installation: Launch Kaspersky Security Center from the Start Menu, and follow the prompts of the Quick Start Wizard. During this process, the initial virus definition database download will begin and will take severalminutes to complete, depending on your internet connection speed. At this point, the initial installation of the management is considered to be complete. Remote Deployment ofKaspersky Endpoint Security for Business Requirements for Client Computers: Necessary Firewall Ports are open: TCP: 139, 445 UDP: 137, 138 orFirewall is turned off.
25 | P a g e Phase 1: Creating Groups Step 1: Go to the “Tasks” tab in the “Managed Computers” group or to the desired sub-group and create a new task. In our situation, we created nine groups, one for each school: - Yasmina School - Al Bateen,School - Al Mamoura School - Al Mushrif School - Al muna Primary School - PearlPrimary School - West Yas School - Al ain International School - HQ Site And we created desired sub-groups inside each one of them - staffs,student and servers.
26 | P a g e
27 | P a g e
28 | P a g e
29 | P a g e Phase 2: Discovering and adding client computers togroups
30 | P a g e
31 | P a g e
32 | P a g e Phase 3: Automatic Installation of KSC NetworkAgent +KSE
33 | P a g e
34 | P a g e
35 | P a g e
36 | P a g e Creating Polices A policy applies to a group of managed computers. Each group has the Policies node which contains all policies applied to the group.
37 | P a g e Select the application for which you want to create a group policy
38 | P a g e
39 | P a g e 1- Application Startup Control: Application Startup Control allows the administrator to restrict the program start on the client computer. Program start permissions are specified in special rules. When a program starts,the following conditions are checked: 1- The category to which the program belongs 2- The account that starts the program 3- The rules regulating the start of this program category for this account If at least one rule that allows starting the program is met, and there are no matching blocking rules, the start is allowed. If there are no allowing rules, or there are both allowing and blocking rules for this account to start a program of this category, the start is prohibited. The list of rules is specified in the KES policy, in the Application Startup Control section. Initially, the list contains two standard rules that cannot be deleted:
40 | P a g e  Allow all—a rule allowing start of all programs. The rule is enabled by default. Disabling it is dangerous, it can result in operating system failure on the client computers if alternative allowing rules are not configured  Trusted updaters—if this rule is enabled, the applications installed by trusted updaters will not be blocked even if there are no allowing rules for them. It is a special KL category that includes programs that download and install module updates, for example, Adobe Updater. The rule is disabled by default—it is used only in a special mode of Application Startup Control. 2- Application privilege Control This component keeps track of application activities in the system and regulates the activity of applications depending on their status.
41 | P a g e 3- Device control The component allows controlling the connection of removable drives.
42 | P a g e 4- Web Control: The component allows controlling access to web resources depending on their content and location.
43 | P a g e Configuration ofprotection settings:
44 | P a g e 1- General protection settings:
45 | P a g e Trusted zone
46 | P a g e Trusted Applications
47 | P a g e Network ports
48 | P a g e 2- File Antivirus: This component resides in RAM, scanning all opened, saved, and active files to ensure maximum protection at all times
49 | P a g e
50 | P a g e 3- Mail Antivirus This component scans incoming and outgoing messages for dangerous objects. The following protocols are supported: POP3, SMTP, IMAP, MAPI, and NNTP.
51 | P a g e 4- Web Antivirus This component scans inbound traffic on your computer
52 | P a g e
53 | P a g e
54 | P a g e 5- IM Anti-virus This component protects traffic for the following instant messaged: ICQ,MSN, AIM, Mail.Ru Agent, and IRC.
55 | P a g e 6- Network Attack blocker KasperskyEndpoint Security for windows detects anddefends your computer against network activity and attacks that could dangerous.
56 | P a g e 7- System watcher
57 | P a g e
58 | P a g e Kaspersky Security Network (KSN) is a specialsecurity network which allows users to get: additional protection level; applications reputation data; websites reputation data; quick reaction on new threats
59 | P a g e
60 | P a g e
61 | P a g e
62 | P a g e Creating a Task: 1- Updateantivirusdefinitions
63 | P a g e
64 | P a g e
65 | P a g e
66 | P a g e
67 | P a g e 2- Virusscanning
68 | P a g e
69 | P a g e
70 | P a g e
71 | P a g e ------------------------------------------------Endofthe document---------------------------------------------------------

Recomendados

Kaspersky
KasperskyKaspersky
Kaspersky
Kappa Data
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
Andrew Wong
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
Ahmad El Tawil
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Sree Harsha Boyapati
 

Recomendados

Kaspersky
KasperskyKaspersky
Kaspersky
Kappa Data
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
rahul kundu
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
Andrew Wong
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
Ahmad El Tawil
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
Megha Sahu
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Sree Harsha Boyapati
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
Atlassian
 
Darktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfDarktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdf
LeninHernnCortsLlang
 
Nikto
NiktoNikto
Nikto
Sorina Chirilă
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Seqrite
 
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
SAIKAT BISWAS
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
Sam Bowne
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
OlehLevytskyi1
 
McAfee
McAfeeMcAfee
McAfee
Виталий Власенко
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
Kirill Kertsenbaum
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Kirill Kertsenbaum
 

Más contenido relacionado

La actualidad más candente

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
OlehLevytskyi1
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
 

La actualidad más candente (20)

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
 
Darktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdfDarktrace_Threat_Visualizer_User_Guide.pdf
Darktrace_Threat_Visualizer_User_Guide.pdf
 
Nikto
NiktoNikto
Nikto
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
 
Nmap
NmapNmap
Nmap
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
CNIT 140: Perimeter Security
CNIT 140: Perimeter SecurityCNIT 140: Perimeter Security
CNIT 140: Perimeter Security
 
Firewall
Firewall Firewall
Firewall
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
McAfee
McAfeeMcAfee
McAfee
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
 

Destacado

Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
Kirill Kertsenbaum
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Kirill Kertsenbaum
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
GS CHO
 
CURRICULUM VITAE of RITHY
CURRICULUM VITAE of RITHYCURRICULUM VITAE of RITHY
CURRICULUM VITAE of RITHY
rithy99
 
Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015
Onwubiko Emmanuel
 
Marketing plan symantec
Marketing plan symantecMarketing plan symantec
Marketing plan symantec
varuna177
 

Destacado (8)

Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
CURRICULUM VITAE of RITHY
CURRICULUM VITAE of RITHYCURRICULUM VITAE of RITHY
CURRICULUM VITAE of RITHY
 
Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015Emmanuel's Technical Slides 2015
Emmanuel's Technical Slides 2015
 
Marketing plan symantec
Marketing plan symantecMarketing plan symantec
Marketing plan symantec
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
Marketing Mix
Marketing MixMarketing Mix
Marketing Mix
 

Similar a Kaspersky Security center 10 documentation

Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
CARMEN ALCIVAR
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
jack952975
 
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxREAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
danas19
 

Similar a Kaspersky Security center 10 documentation (20)

Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
System Insight Manager on HP Servers
System Insight Manager on HP ServersSystem Insight Manager on HP Servers
System Insight Manager on HP Servers
 
VAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdfVAL-210-Computer-Validati-Plan-sample.pdf
VAL-210-Computer-Validati-Plan-sample.pdf
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
 
E Com Security solutions hand book on Firewall security management in PCI Com...
E Com Security solutions hand book on Firewall security management in PCI Com...E Com Security solutions hand book on Firewall security management in PCI Com...
E Com Security solutions hand book on Firewall security management in PCI Com...
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
 
Configuration Monitoring Standard Content Guide
Configuration Monitoring Standard Content GuideConfiguration Monitoring Standard Content Guide
Configuration Monitoring Standard Content Guide
 
Esm scg configuration
Esm scg configurationEsm scg configuration
Esm scg configuration
 
Release Management Plan
Release Management PlanRelease Management Plan
Release Management Plan
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
 
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzManaging and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
 
Esm5.5 scg configuration
Esm5.5 scg configurationEsm5.5 scg configuration
Esm5.5 scg configuration
 
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxREAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
 
The Remote Manage App for Configuration Manager Webinar!
The Remote Manage App for Configuration Manager Webinar!The Remote Manage App for Configuration Manager Webinar!
The Remote Manage App for Configuration Manager Webinar!
 
Trank and branches for configuration management
Trank and branches for configuration managementTrank and branches for configuration management
Trank and branches for configuration management
 
Esm scg workflow_6.0c
Esm scg workflow_6.0cEsm scg workflow_6.0c
Esm scg workflow_6.0c
 
Workflow Standard Content Guide
Workflow Standard Content GuideWorkflow Standard Content Guide
Workflow Standard Content Guide
 
Esm scg network_6.0c
Esm scg network_6.0cEsm scg network_6.0c
Esm scg network_6.0c
 
Cisco Monitoring Standard Content Guide for ESM 6.5c
Cisco Monitoring Standard Content Guide for ESM 6.5c Cisco Monitoring Standard Content Guide for ESM 6.5c
Cisco Monitoring Standard Content Guide for ESM 6.5c
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Kaspersky Security center 10 documentation

  • 1. 1 | P a g e Contents Introduction................................................................................................................................2 Licensing and Activation ...........................................................................................................2 Architecture................................................................................................................................3 A. Network Agents...........................................................................................................3 B. Administration Console...............................................................................................3 C. Administration Server .................................................................................................3 D. Database ......................................................................................................................3 Management Tools.....................................................................................................................4 A. Tasks............................................................................................................................4 B. Commands...................................................................................................................4 C. Policies ........................................................................................................................5 D. Groups and selections..................................................................................................5 System Requirements for Administration Server ......................................................................5 Software requirements ...........................................................................................................5 Ports used by Kaspersky Security Centre 10 .........................................................................6 Hardware requirements..........................................................................................................7 Security Center Initial Deployment ...........................................................................................8 Installation process.................................................................................................................8 Remote Deployment of Kaspersky Endpoint Security for Business .......................................24 Phase 1: Creating Groups.....................................................................................................25 Phase 2: Discovering and adding client computers to groups .............................................29 Phase 3: Automatic Installation of KSC Network Agent +KSE..........................................32 Creating Polices .......................................................................................................................36 Creating a Task:........................................................................................................................62 1- Update antivirus definitions.............................................................................................62 2- Virus scanning .................................................................................................................67
  • 2. 2 | P a g e Introduction Kaspersky Security Center 10 Service Pack 1 Maintenance Release 2 offers the ability to manage multiple operating systems and device types in one integrated platform. The security administrator can manage the all Windows Desktops and Servers,OSx, Linux, Novell, VMware,iOS, Android, Symbian and Windows Mobile devices from a single unified console. This document is intended to provide guidance to successfully test Kaspersky Security Center 10 SP1 MR 2 and its managed components successfully in a controlled manner. Licensing and Activation The new licensing scheme offers the following options: A. Kaspersky Endpoint Security for Business Core allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption and control components. It covers the components installed as part of Basic installation on workstations. In Kaspersky Security Center 10, the Core option provides the protection functionality, except for new features - system management and mobile device management. B. Kaspersky Endpoint Security for Business Select allows using all protection components of Kaspersky Endpoint Security 10 for Windows, except for encryption. It covers the components installed as part of Standard installation, both on workstations and file servers. Kaspersky Security 10 for Mobile is also supported. In Kaspersky Security Center 10, the Select option provides the standard protection features and mobile device management. C. Kaspersky Endpoint Security for Business Advanced in Kaspersky Endpoint Security 10 for Windows allows using all protection components, including encryption. It covers the components installed as part of Full installation, both on workstations and file servers. KasperskySecurity 10 for Mobile is also supported. In KasperskySecurity Center10 SP1MR2, the Advanced option provides encryption and system management, in addition to features covered by the Select option.
  • 3. 3 | P a g e Architecture A. Network Agents An agent is a link between the central point (Administration Server) and anti-virus installed on a workstation. It receives settings and commands for the anti-virus and is responsible for their execution. It is also responsible for receiving the data necessary for the anti-virus, in particular, for updates. In the opposite direction, from the anti-virus to the central point (Administration Server), the agent relays the current anti-virus status, command execution results and other information that may interest the administrator. B. Administration Console Console is the interface of the management system. The administrator uses the console to examine managed computers’ status,modify their settings, and run commands. The administrator communicates with Kaspersky Security Center via the console. C. Administration Server Server is the core component of the management system that provides data storing and routing. The server stores the settings specified by the administrator for all anti-viruses, receives from the agents’ information on computers’ protection status, and transmits administrator’s commands. The server also processes information. If the administrator needs a report, not just list of events,Administration Server operates data and transfers the report to be displayed in the console. D. Database Administration Server stores some information in the database. In particular, all events received from the computers, and management system events. The database stores not all system information. For example, anti-virus settings are stored asfiles in the Administration Serverfolder of KasperskySecurity Center. E. All together All Kaspersky Security Center components are connected and work via the Administration Server. The Serverimplements all centralized management functions. The administrator usesthese Serverfunctions via the Console. Network Agents perform these functions at network computers.
  • 4. 4 | P a g e Management Tools A. Tasks Tasksare used for performing actions that have a clear startand logical finish. For example, on-demand scanning. It has a list of objects to be scanned; when started,scans these objects one by one and finishes when all objects are scanned. According to the same principle, updating is a task: when started, connection to the update source is established, the list of available updates and the updates are downloaded. The operation finishes when the downloaded updates are deployed. As a tool for managing actions that have a distinct start,a task has a schedule. As a tool for managing computer groups, a task has its scope—the list of computers where it is to be run. B. Commands Unlike a task that is finished sometime after it starts, a command is an action that is performed virtually instantly and whose result is important immediately. Running a command can be delayed for the time
  • 5. 5 | P a g e necessaryfordelivering the command to the computer, but whenthe command is received,it is executed immediately. For example, computer connection check is a command. Immediate result—the connection is either established or not. Running a task manually is also a command. Result—the task is either running or returns an error. As a command’s result is important immediately, commands have no schedule, they are always run manually. As a centralized management tool, a command has a scope just like a task. C. Policies A policy defines permanent anti-virus properties: for example, rules for processing network connections, report storing time, heuristics level. A policy is, in a sense, the main tool for protection management, as it is in policy where permanent computer protection parameters are specified. A policy hasno schedule. Anti-virus properties defined by a policy are valid until the policy is changed.A policy, as a task, has a scope. D. Groupsand selections A group is a permanent set of computers. Groups are mainly used for defining policy scope: a collection of computers sharing a common policy is a group. As only one policy can be applied to a computer, a computer cannot be included in two groups. Not only a policy, but also tasks may be applied to a group. In addition to groups, Kaspersky Security Center features selections—situational sets of computers having common characteristics. For example, computers running Windows XP or computers where threats were detected over the last 24 hours. A selection can be used as a task or command scope. Policies do not apply to selections. System Requirements for AdministrationServer Softwarerequirements The supported operating systems and requirements for them are listed below:  Windows Server 2003  Windows Server 2003 x64  Windows Server 2008  Windows Server 2008 (kernel-mode )  Windows Server 2008 x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows Server 2008 R2  Windows Server 2008 R2 (kernel-mode )  Windows XP Professional Service Pack 2  Windows XP Professional x64  Windows Vista Service Pack 1  Windows Vista x64 Service Pack 1 (Windows Installer 4.5 is necessary)  Windows 7  Windows 7 x64 In addition to the operating system, the following software is necessary:
  • 6. 6 | P a g e  Microsoft.NET Framework 2.0 (is included in the distribution kit)  Microsoft Data AccessComponents 2.8 (is included in the distribution kit) Ports used by Kaspersky Security Centre10 To ensure that Kaspersky Security Center 10 SP1 MR2 components are functioning correctly, following ports, described in table below, should be open. These are default ports and most of them could be changed.
  • 7. 7 | P a g e Notice: In case of externalSQL server TCP 1433 and UDP 1434 ports will be used. Hardwarerequirements Minimum hardware requirements are as follows:  CPU:Intel Pentium® 1 GHz or higher (1.4 GHz is the minimum for a 64-bit OS)  RAM: 4 GB  Free disk space:10 GB (When using the Systems Management functionality, at least 100 GB of free disk space should be available).
  • 8. 8 | P a g e Security Center Initial Deployment Installation process Installation can be either custom or typical. During the typical installation, the administrator is prompted to:  Accept the license agreement for Kaspersky Security Center  Select installation type (Typical)  Specify network size  Accept the license agreement for Kaspersky Endpoint Security (is necessary to install its plug-in) Four options are represented for the network size:  Less than 100 computers on network  From 100 to 1000 computers in the network  From 1000 to 5000 computers on network  More than 5000 computers on network
  • 9. 9 | P a g e 1- Welcome screen
  • 10. 10 | P a g e 2- Accept the End User License Agreement
  • 11. 11 | P a g e 3- Select the custom installation
  • 12. 12 | P a g e 4- If you plan to manage mobile devices or integrate with Cisco NAC,select the relevant modules:
  • 13. 13 | P a g e 5- Choose the size of your environment:
  • 14. 14 | P a g e 6- Allow Security Center setup to create an administrative account or select an existing administrator from Active Directory:
  • 15. 15 | P a g e 7- Specify an account for Kaspersky Security Center services :
  • 16. 16 | P a g e 8- Select the type of database to be used - We choose SQL database:
  • 17. 17 | P a g e 9- Select SQL authentication mode:
  • 18. 18 | P a g e Kaspersky Security Center will create a networked shared folder for things like standalone installation packages; you can modify the location of that folder here:
  • 19. 19 | P a g e By default, the Kaspersky Network Agent will communicate over ports 13,000 and 14,000 you have the options of changing this default:
  • 20. 20 | P a g e Select how you wish the server to be identified. It is recommended to use a static IP address to avoid DNS resolution issues, handle split domain environments, and deploy Kaspersky Security for Virtualization and Mobile Device Management most effectively:
  • 21. 21 | P a g e 10- Select application plug-ins to manage Kaspersky applications for the operating system you want to protect:
  • 22. 22 | P a g e 11- Begin the installation:
  • 23. 23 | P a g e Wait till the installation complete:
  • 24. 24 | P a g e Finalize the installation: Launch Kaspersky Security Center from the Start Menu, and follow the prompts of the Quick Start Wizard. During this process, the initial virus definition database download will begin and will take severalminutes to complete, depending on your internet connection speed. At this point, the initial installation of the management is considered to be complete. Remote Deployment ofKaspersky Endpoint Security for Business Requirements for Client Computers: Necessary Firewall Ports are open: TCP: 139, 445 UDP: 137, 138 orFirewall is turned off.
  • 25. 25 | P a g e Phase 1: Creating Groups Step 1: Go to the “Tasks” tab in the “Managed Computers” group or to the desired sub-group and create a new task. In our situation, we created nine groups, one for each school: - Yasmina School - Al Bateen,School - Al Mamoura School - Al Mushrif School - Al muna Primary School - PearlPrimary School - West Yas School - Al ain International School - HQ Site And we created desired sub-groups inside each one of them - staffs,student and servers.
  • 26. 26 | P a g e
  • 27. 27 | P a g e
  • 28. 28 | P a g e
  • 29. 29 | P a g e Phase 2: Discovering and adding client computers togroups
  • 30. 30 | P a g e
  • 31. 31 | P a g e
  • 32. 32 | P a g e Phase 3: Automatic Installation of KSC NetworkAgent +KSE
  • 33. 33 | P a g e
  • 34. 34 | P a g e
  • 35. 35 | P a g e
  • 36. 36 | P a g e Creating Polices A policy applies to a group of managed computers. Each group has the Policies node which contains all policies applied to the group.
  • 37. 37 | P a g e Select the application for which you want to create a group policy
  • 38. 38 | P a g e
  • 39. 39 | P a g e 1- Application Startup Control: Application Startup Control allows the administrator to restrict the program start on the client computer. Program start permissions are specified in special rules. When a program starts,the following conditions are checked: 1- The category to which the program belongs 2- The account that starts the program 3- The rules regulating the start of this program category for this account If at least one rule that allows starting the program is met, and there are no matching blocking rules, the start is allowed. If there are no allowing rules, or there are both allowing and blocking rules for this account to start a program of this category, the start is prohibited. The list of rules is specified in the KES policy, in the Application Startup Control section. Initially, the list contains two standard rules that cannot be deleted:
  • 40. 40 | P a g e  Allow all—a rule allowing start of all programs. The rule is enabled by default. Disabling it is dangerous, it can result in operating system failure on the client computers if alternative allowing rules are not configured  Trusted updaters—if this rule is enabled, the applications installed by trusted updaters will not be blocked even if there are no allowing rules for them. It is a special KL category that includes programs that download and install module updates, for example, Adobe Updater. The rule is disabled by default—it is used only in a special mode of Application Startup Control. 2- Application privilege Control This component keeps track of application activities in the system and regulates the activity of applications depending on their status.
  • 41. 41 | P a g e 3- Device control The component allows controlling the connection of removable drives.
  • 42. 42 | P a g e 4- Web Control: The component allows controlling access to web resources depending on their content and location.
  • 43. 43 | P a g e Configuration ofprotection settings:
  • 44. 44 | P a g e 1- General protection settings:
  • 45. 45 | P a g e Trusted zone
  • 46. 46 | P a g e Trusted Applications
  • 47. 47 | P a g e Network ports
  • 48. 48 | P a g e 2- File Antivirus: This component resides in RAM, scanning all opened, saved, and active files to ensure maximum protection at all times
  • 49. 49 | P a g e
  • 50. 50 | P a g e 3- Mail Antivirus This component scans incoming and outgoing messages for dangerous objects. The following protocols are supported: POP3, SMTP, IMAP, MAPI, and NNTP.
  • 51. 51 | P a g e 4- Web Antivirus This component scans inbound traffic on your computer
  • 52. 52 | P a g e
  • 53. 53 | P a g e
  • 54. 54 | P a g e 5- IM Anti-virus This component protects traffic for the following instant messaged: ICQ,MSN, AIM, Mail.Ru Agent, and IRC.
  • 55. 55 | P a g e 6- Network Attack blocker KasperskyEndpoint Security for windows detects anddefends your computer against network activity and attacks that could dangerous.
  • 56. 56 | P a g e 7- System watcher
  • 57. 57 | P a g e
  • 58. 58 | P a g e Kaspersky Security Network (KSN) is a specialsecurity network which allows users to get: additional protection level; applications reputation data; websites reputation data; quick reaction on new threats
  • 59. 59 | P a g e
  • 60. 60 | P a g e
  • 61. 61 | P a g e
  • 62. 62 | P a g e Creating a Task: 1- Updateantivirusdefinitions
  • 63. 63 | P a g e
  • 64. 64 | P a g e
  • 65. 65 | P a g e
  • 66. 66 | P a g e
  • 67. 67 | P a g e 2- Virusscanning
  • 68. 68 | P a g e
  • 69. 69 | P a g e
  • 70. 70 | P a g e
  • 71. 71 | P a g e ------------------------------------------------Endofthe document---------------------------------------------------------