Kaspersky Endpoint Security 10 for Mac Administrator's Guide APPLICATION VERSION: 10.0
Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers regarding this software product. Attention! This document is the property of Kaspersky Lab AO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by applicable law. Any type of reproduction and distribution of any materials, including translation thereof, is allowed only with the written permission of Kaspersky Lab. This document and graphic images related to it can be used exclusively for information, non-commercial or personal purposes. Kaspersky Lab reserves the right to change the document at any time without notice. You can find the latest version of this document at the Kaspersky Lab website, at http://www.kaspersky.com/docs. Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in this document for which the rights are held by third parties, or for any potential damages associated with the use of such documents. Document revision date: 7/15/2015 2015 Kaspersky Lab AO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com 2
CONTENT ABOUT THIS DOCUMENT... 8 In this document... 8 Document conventions... 10 SOURCES OF INFORMATION ABOUT THE APPLICATION... 11 Sources of information to research on your own... 11 Discussing Kaspersky Lab applications on the Forum... 12 KASPERSKY ENDPOINT SECURITY... 13 About Kaspersky Endpoint Security... 13 Distribution kit... 14 Hardware and software requirements... 14 INSTALLING AND UNINSTALLING THE APPLICATION... 16 Preparing for installation... 16 Ways to install the application... 16 Kaspersky Endpoint Security default installation... 17 Kaspersky Endpoint Security custom installation... 18 Preparing the application for use... 19 Uninstalling the application... 20 APPLICATION INTERFACE... 21 Kaspersky Endpoint Security icon... 21 Hiding the application icon in the menu bar... 22 Main application window... 22 Application preferences window... 23 Notification windows and pop-up messages... 24 About notification windows... 24 About event types... 24 About pop-up messages... 24 Disabling notifications... 25 APPLICATION LICENSING... 26 About the End User License Agreement... 26 About the license... 26 About the license certificate... 27 About the key... 27 About the activation code... 28 Viewing license information... 28 Purchasing a license... 28 Renewing a license... 29 Activating Kaspersky Endpoint Security... 29 Activating the trial version of the application... 30 Activating the application with an activation code... 30 STARTING AND STOPPING THE APPLICATION... 32 COMPUTER PROTECTION STATUS... 33 Assessing the status of computer protection... 33 Disabling computer protection... 33 3
A D M I N I S T R A T O R ' S G U I D E Resuming computer protection... 34 Using Protection Center... 35 PERFORMING COMMON TASKS... 36 Performing a full scan of the computer for viruses... 36 Performing a quick scan of the computer... 37 Scanning a file, folder or disk for viruses... 37 Configuring the automatic launch of a scheduled virus scan... 38 Updating application databases... 38 What to do if file access is blocked... 39 What to do if the application has quarantined a file... 39 What to do if you suspect that a file is infected with a virus... 40 Restoring a file that has been deleted or disinfected by the application... 40 Viewing the application operation report... 41 What to do if notification windows or pop-up messages appear... 41 ADVANCED APPLICATION PREFERENCES... 42 Computer protection scope... 42 Selecting the categories of objects to detect... 42 Creating a trusted zone... 43 File Anti-Virus... 44 Disabling File Anti-Virus... 45 Enabling File Anti-Virus... 45 Creating a protection scope... 46 Selecting the File Anti-Virus action to take on objects... 46 Viewing File Anti-Virus report... 47 Web Anti-Virus... 48 Disabling Web Anti-Virus... 48 Enabling Web Anti-Virus... 49 Selecting the action to take on dangerous objects from web traffic... 49 Scanning website URLs for phishing threats... 49 Viewing Web Anti-Virus report... 49 Network Attack Blocker... 50 Disabling Network Attack Blocker... 51 Enabling Network Attack Blocker... 51 Creating a list of trusted computers... 52 Viewing and editing the list of blocked computers... 52 Viewing the Network Attack Blocker report... 53 Virus Scan... 54 Starting and stopping virus scan tasks... 55 Creating a scan scope... 55 Configuring the virus scan task preferences... 56 Selecting the security level... 57 Selecting action to take on objects during scanning... 58 Configuring the virus scan task startup schedule preferences... 58 Restoring default scan preferences... 59 Viewing virus scan task report... 59 Updating the application... 60 Starting application database updates... 61 Rolling back the last update... 61 4
C O N T E N T Updating from a local source... 62 Configuring update preferences... 62 Selecting the Kaspersky Endpoint Security update startup mode... 63 Configuring the Kaspersky Endpoint Security update schedule... 64 Disabling automatic download and installation of application module updates on the computer... 64 Selecting an update source... 64 Configuring the connection to a proxy server... 65 Viewing the update task report... 66 Reports and Storages... 66 Quarantine... 67 Viewing the contents of Quarantine... 67 Actions on probably infected files... 68 Enabling automatic scanning of Quarantine contents after anti-virus database updates... 68 Backup... 68 Viewing the contents of Backup... 69 Managing backup copies of files... 69 Viewing reports... 70 Exporting reports... 70 Logging informational events in the report... 71 Configuring the storage term for files in Quarantine and file copies in Backup... 71 Participating in Kaspersky Security Network... 71 MANAGING THE APPLICATION FROM THE COMMAND LINE... 73 Viewing Help... 74 Virus Scan... 74 Updating the application... 76 Rolling back the last update... 76 Starting / stopping a protection component or task... 77 Component or task status and statistics... 78 Exporting protection preferences... 78 Importing protection preferences... 78 Application activation... 79 Closing the application... 79 Return codes of the command line... 79 MANAGEMENT OF THE APPLICATION VIA KASPERSKY SECURITY CENTER... 80 Common Kaspersky Endpoint Security deployment model... 80 Installing the Kaspersky Endpoint Security administration plug-in... 81 Preparing to install Kaspersky Endpoint Security... 81 Local installation of Network Agent... 82 Installation of Network Agent using the SSH protocol... 83 Managing Network Agent from the command line... 84 Starting / stopping Network Agent on a remote computer... 84 Connecting a remote computer to Administration Server manually. Klmover utility... 85 Checking the connection between a client computer and Administration Server manually. Klnagchk utility... 86 Installing and removing Kaspersky Endpoint Security... 86 Installing the application using the SSH protocol... 87 Installing the application using Kaspersky Security Center... 88 Step 1. Specifying the task name... 89 Step 2. Selecting the task type... 89 5
A D M I N I S T R A T O R ' S G U I D E Step 3. Creating an installation package... 89 Step 4. Installing additional applications... 90 Step 5. Configuring the installation preferences... 90 Step 6. Defining the method of selecting client computers for which a task will be created... 90 Step 7. Selecting the client computers... 91 Step 8. Configuring the task launch schedule... 91 Step 9. Finishing task creation... 91 Uninstalling the application using Kaspersky Security Center... 91 Step 1. Specifying the task name... 92 Step 2. Selecting the task type. Remote uninstallation of the application... 92 Step 3. Selecting the application to uninstall... 92 Step 4. Selecting the uninstallation preferences... 93 Step 5. Selecting the operating system restart option... 93 Step 6. Defining the method of selecting client computers for which a task will be created... 93 Step 7. Selecting the client computers... 93 Step 8. Specifying the user account for running tasks... 93 Step 9. Configuring the task launch schedule... 93 Step 10. Finishing task creation... 94 Starting and stopping the application... 94 Managing policies... 94 Creating a policy... 95 Step 1. Entering general data on the policy... 96 Step 2. Selecting application... 96 Step 3. Configuring protection preferences... 96 Step 4. Configuring File Anti-Virus preferences... 97 Step 5. Configuring Web Anti-Virus preferences... 97 Step 6. Configuring Network Attack Blocker... 97 Step 7. Configuring update preferences... 97 Step 8. Configuring KSN usage preferences... 98 Step 9. Configuring user interaction preferences... 98 Step 10. Configuring network connection preferences... 98 Step 11. Configuring reports, Quarantine and Backup settings... 98 Step 12. Select the policy state... 98 Step 13. Completing creation of a policy... 99 Configuring policy preferences... 99 Changing the policy state... 101 Importing a policy from file... 102 Opening the list of policies... 102 Exporting a policy to file... 102 Managing tasks... 103 Creating a task... 104 Creating a local task for a separate client computer... 104 Creating a task for client computers that belong to an administration group... 105 Creating a task for sets of client computers outside administration groups... 106 Step 1. Entering general data on the task... 106 Step 2. Selecting an application and defining the task type... 107 Step 3. Configuring preferences for the selected task type... 107 Step 4. Defining the method of selecting client computers for which a task will be created... 108 Step 5. Selecting the client computers... 108 6
C O N T E N T Step 6. Configuring a schedule... 109 Step 7. Finishing task creation... 109 Starting and stopping tasks manually... 109 Viewing task preferences... 110 Viewing the list of tasks for computers belonging to the administration group... 111 Viewing the list of tasks for sets of computers outside administration groups... 111 Viewing the list of local tasks... 111 Viewing and editing Quick Scan task preferences... 112 Viewing and editing Full Scan task preferences... 113 Viewing and editing Web Anti-Virus task preferences... 114 Viewing and editing preferences of a key addition task... 114 Viewing and editing preferences of a Network Attack Blocker task... 115 Viewing and editing update task preferences... 116 Viewing and editing custom virus scan task preferences... 117 Viewing and editing File Anti-Virus task preferences... 118 GENERATING A REPORT ON OBJECTS DETECTED BY THE APPLICATION ON THE CLIENT COMPUTER... 120 CONTACTING TECHNICAL SUPPORT... 121 About technical support... 121 Technical support by phone... 121 Technical Support via Kaspersky CompanyAccount... 122 Using a trace file... 122 Creating a trace file... 122 Collecting information for Technical Support... 123 APPENDICES... 124 List of objects scanned by extension... 124 Masks in paths to files and folders... 129 GLOSSARY... 130 AO KASPERSKY LAB... 134 INFORMATION ABOUT THIRD-PARTY CODE... 135 TRADEMARK NOTICES... 136 INDEX... 137 7
ABOUT THIS DOCUMENT The Administrator's Guide for Kaspersky Endpoint Security 10 for Mac (hereinafter "Kaspersky Endpoint Security") is intended for professionals who install and administer Kaspersky Endpoint Security, as well as for those who provide technical support to organizations that use Kaspersky Endpoint Security. You can use this guide to: Preparing Kaspersky Endpoint Security for installation, installing and activating the application Configuring and using Kaspersky Endpoint Security This Guide also lists sources of information about the application and ways to get technical support. IN THIS SECTION: In this document...8 Document conventions... 10 IN THIS DOCUMENT The Kaspersky Endpoint Security Administrator's guide is comprised of the following sections: Sources of information about the application (see page 11) This section lists the sources of information about the application. Kaspersky Endpoint Security (see page 13) This section describes the functions, components, and distribution kit of Kaspersky Endpoint Security, and provides a list of hardware and software requirements of Kaspersky Endpoint Security. Installing and uninstalling the application (see page 16) This section provides step-by-step instructions on how to install and uninstall Kaspersky Endpoint Security. Application interface (see page 21) This section describes the basic GUI components of Kaspersky Endpoint Security: application icon and context menu of the application icon, main application window and application preferences window. This section also describes notification windows and pop-up messages of the application. Application licensing (see page 26) This section covers the main aspects of application licensing. Starting and stopping the application (see page 32) This section provides you with information on how to start the application and quit it. 8
A B O U T T H I S D O C U M E N T Computer protection status (see page 33) This section provides information on how to determine whether or not computer security threats or problems exist and how to configure the security level. Read this section to learn more about how to enable and disable protection when using the application. Solving typical tasks (see page 36) This section contains step-by-step instructions for performing common user tasks with the application. Advanced application preferences (see page 42) This section contains detailed information on how to adjust the preferences of all application components. Working with the application from the command line (see page 73) This section describes how to manage Kaspersky Endpoint Security from the command line. Management of the application via Kaspersky Security Center (see page 80) This section describes how you can remotely manage Kaspersky Endpoint Security through Kaspersky Security Center. Contacting Technical Support (see page 121) This section describes the ways to get technical support and the terms on which it is available. Annexes (see page 124) This section provides information that complements the document text. Glossary (see page 130) This section contains a list of terms mentioned in the document and their respective definitions. Kaspersky Lab AO (see page 134) This section provides information about Kaspersky Lab AO. Information about third-party code (see page 135) This section provides information about the third-party code used in the application. Trademark notices (see page 136) This section lists trademarks of third-party right holders used in this document. Index This section allows you to quickly find required information within the document. 9
A D M I N I S T R A T O R ' S G U I D E DOCUMENT CONVENTIONS This document uses the following conventions (see table below). Table 1. Document conventions SAMPLE TEXT DOCUMENT CONVENTIONS DESCRIPTION Please note that... Warnings are highlighted with red color and boxed. Warnings show information about actions that may have unwanted consequences. It is recommended to use... Example: Notes are boxed. Notes provide additional and reference information. Examples are set out on a yellow background under the heading "Example".... Update means... The Databases are out of date event occurs. Command-A. Click the Enable button. To configure a task schedule: kav update The following elements are italicized in the text: new terms; names of application statuses and events. The names of keys appear in a bold typeface. Key names joined by a - (minus) sign represent key combinations. Names of application interface elements, such as entry fields, menu items, and buttons, are set off in bold. Introductory phrases of instructions are italicized and accompanied by the arrow sign. The following types of text content are set off with a special font: text in the command line; text of messages displayed on the screen by the application; Data to be entered using the keyboard. <IP address of your computer> Variables are enclosed in angle brackets. Instead of a variable, the corresponding value should be inserted, with angle brackets omitted. 10
SOURCES OF INFORMATION ABOUT THE APPLICATION This section lists the sources of information about the application. You can select the most suitable information source, depending on the issue's level of importance and urgency. IN THIS SECTION: Sources of information to research on your own... 11 Discussing Kaspersky Lab applications on the Forum... 12 SOURCES OF INFORMATION TO RESEARCH ON YOUR OWN You can use the following sources to search for information about Kaspersky Endpoint Security on your own: Kaspersky Endpoint Security page on the Kaspersky Lab website Kaspersky Endpoint Security page on the Technical Support website (Knowledge Base); Online help; Manuals If you cannot find a solution to an issue on your own, contact Kaspersky Lab Technical Support. An Internet connection is required to use online information sources. Kaspersky Endpoint Security page on the Kaspersky Lab website On the Kaspersky Endpoint Security page (http://www.kaspersky.com/business-security/endpoint-mac), you can view general information about the application, its functions and features. The Kaspersky Endpoint Security page contains a link to estore. Here you can purchase the application or renew your license. Kaspersky Endpoint Security page in the Knowledge Base Knowledge Base is a section on the Technical Support website. On the Kaspersky Endpoint Security page in the Knowledge Base (http://support.kaspersky.com/kes10mac), you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application. Knowledge Base articles can answer questions relating to not only to Kaspersky Endpoint Security but also to other Kaspersky Lab applications. Knowledge Base articles can also include Technical Support news. 11
A D M I N I S T R A T O R ' S G U I D E To go to the Knowledge Base: 2. In the main application window click the button. 3. In the window that opens, click the Knowledge Base button. Online help Online help of the application consists of help files. Context help provides information about Kaspersky Endpoint Security windows: descriptions of Kaspersky Endpoint Security preferences and links to descriptions of tasks that use such preferences. Full help provides information on how to configure and use Kaspersky Endpoint Security. Documentation The administrator guide provides instructions on: Preparing Kaspersky Endpoint Security for installation, installing and activating the application Configuring and using Kaspersky Endpoint Security. Remote management of Kaspersky Endpoint Security via Kaspersky Security Center. DISCUSSING KASPERSKY LAB APPLICATIONS ON THE FORUM If your question does not require an immediate answer, you can discuss it with Kaspersky Lab experts and other users on our forum (http://forum.kaspersky.com). In this forum you can view existing topics, leave your comments, and create new discussion topics. To go to the forum: 2. In the main application window click the button. 3. In the window that opens, click the Forum button. 12
KASPERSKY ENDPOINT SECURITY This section describes the functions, components, and distribution kit of Kaspersky Endpoint Security, and provides a list of hardware and software requirements of Kaspersky Endpoint Security. IN THIS SECTION: About Kaspersky Endpoint Security... 13 Distribution kit... 14 Hardware and software requirements... 14 ABOUT KASPERSKY ENDPOINT SECURITY Kaspersky Endpoint Security for Mac is intended for use on computers that run on the OS X operating system, to protect your Mac against viruses and other computer security threats. The application includes the following components: File Anti-Virus The File Anti-Virus component protects the file system of the computer in real time: intercepts and analyzes attempts to access files. You can configure the actions to be performed by the application on infected and probably infected files. Web Anti-Virus The Web Anti-Virus component protects information that is sent and received by the computer over the HTTP and HTTPS protocols in Safari, Google Chrome or Firefox browsers. Network Attack Blocker The Network Attack Blocker component protects the computer operating systems against intrusions. This component provides protection against malicious activity of criminals themselves (such as port scanning and brute force attacks) and activity of malware installed by criminals on the computer under attack (such as transmission of sensitive information to criminals). The following functions are implemented in the application: Virus Scan Kaspersky Endpoint Security detects and neutralizes viruses and other computer security threats on demand in the specified scan scope. You can configure the actions to be performed by the application on infected and probably infected files. Kaspersky Endpoint Security runs a full scan of the computer, a quick scan of critical areas of the computer, and a scan of the specified scope. Update Kaspersky Endpoint Security updates anti-virus databases and application modules from Kaspersky Lab update servers or from Kaspersky Security Center and creates backup copies of all updated files to allow a rollback of the last update. Kaspersky Endpoint Security lets you copy downloaded updates to a local source to be accessed by other computers on the corporate network as a way to reduce the amount of Internet traffic. 13
A D M I N I S T R A T O R ' S G U I D E Quarantine Kaspersky Endpoint Security moves probably infected files to Quarantine. You can scan them using the updated anti-virus databases and restore them from Quarantine. Backup Kaspersky Endpoint Security creates a copy of the infected file in Backup prior to attempting to disinfect or delete the file, so you can restore it. Reports Kaspersky Endpoint Security generates a report on the operation of the application. Notifications Kaspersky Endpoint Security notifies the user about certain events in the operation of Kaspersky Endpoint Security using notification windows and pop-up messages. Notification windows can be accompanied by sound alerts. Protection Center Kaspersky Endpoint Security displays protection status messages in the Protection Center window during its operation. Protection Center shows information on the current status of computer protection and lets you proceed to eliminating computer security problems and threats. Remote management of the application via Kaspersky Security Center Kaspersky Security Center lets you remotely manage protection of computers with Kaspersky Total Security installed: receive information on the current status of computer protection and remotely fix issues and respond to computer security threats, enable or disable protection components (File Anti-Virus, Web Anti-Virus, Network Attack Blocker), run virus scan tasks, update application databases, and manage Kaspersky Endpoint Security licenses. DISTRIBUTION KIT The distribution kit includes the Kaspersky Endpoint Security installation package containing the following files: Files that are required to install the application in any of the available ways. The file ksn.rtf, in which you can read through the terms of participation in Kaspersky Security Network (see section "Participating in Kaspersky Security Network" on page 71). The file license.rtf, in which you can view the End User License Agreement (see section "About the End User License Agreement" on page 26). The License Agreement specifies the terms of use of the application. Unpack the installation package in ZIP format to access its files. HARDWARE AND SOFTWARE REQUIREMENTS Kaspersky Endpoint Security has the following hardware and software requirements for a physical or virtual machine: OS X 10.7, OS X 10.8, 10.9, 10.10 operating system. 550 MB free disk space (depending on the anti-virus databases size). 14
K A S P E R S K Y E N D P O I N T S E C U R I T Y Kaspersky Endpoint Security is compatible with the following virtualization tools: Parallels Desktop 9 for Mac Standard Edition; Parallels Desktop 9 for Mac Enterprise Edition; Parallels Desktop 10 for Mac Standard Edition; Parallels Desktop 10 for Mac Enterprise Edition; VMware Fusion 6; VMware Fusion 6 Professional; VMware Fusion 7; VMware Fusion 7 Professional. You can manage Kaspersky Endpoint Security remotely via Kaspersky Security Center. The following software requirements apply to the plug-in for managing Kaspersky Endpoint Security via Kaspersky Security Center: Kaspersky Security Center 10; Kaspersky Security Center 10 Service Pack 1. 15
INSTALLING AND UNINSTALLING THE APPLICATION This section provides step-by-step instructions on how to install and uninstall Kaspersky Endpoint Security. The Kaspersky Endpoint Security distribution package includes the Installer and the Uninstaller. IN THIS SECTION: Preparing for installation... 16 Ways to install the application... 16 Preparing the application for use... 19 Uninstalling the application... 20 PREPARING FOR INSTALLATION Before installing Kaspersky Endpoint Security on the computer, you are recommended to do the following: Make sure that your computer meets the hardware and software requirements (see section "Hardware and software requirements" on page 14). Remove any other anti-virus applications to avoid system conflicts and maximize system performance. WAYS TO INSTALL THE APPLICATION Kaspersky Lab experts recommend installing Kaspersky Endpoint Security only in ways described in this guide. You can install the application in one of the following ways: Locally, using the Kaspersky Endpoint Security installation package (see section "Kaspersky Endpoint Security default installation" on page 17). Remotely via Kaspersky Security Center (see section "Installing the application via Kaspersky Security Center" on page 88). IN THIS SECTION: Kaspersky Endpoint Security default installation... 17 Kaspersky Endpoint Security custom installation... 18 16
I N S T A L L I N G A N D U N I N S T A L L I N G T H E A P P L I C A T I O N KASPERSKY ENDPOINT SECURITY DEFAULT INSTALLATION The End User License Agreement and Participation in Kaspersky Security Network windows of the Installation Assistant are shown only for German- and Russian-language versions of Kaspersky Endpoint Security. In other cases, you can view the text of the License Agreement and information about participation in Kaspersky Security Network by clicking the corresponding links in the window of the Kaspersky Endpoint Security Installation Assistant. To perform default installation of Kaspersky Endpoint Security: 1. Then start the Kaspersky Endpoint Security Installation Wizard in one of the following ways: Run the ISO file. Unpack the ZIP archive and run the DMG file. 2. Start the application installation process by double-clicking the Kaspersky Endpoint Security icon. A window opens in which you are asked to confirm the launch of the Installation Wizard. 3. Click the Continue button to confirm the launch of the Installation Wizard. The Introduction with information about Kaspersky Endpoint Security opens. 4. In the Introduction window, click Continue. 5. In the License window, you can read the text of the Kaspersky Endpoint Security End User License Agreement between you and Kaspersky Lab AO. 6. After reading the text of the End User License Agreement, click the Continue button. The To continue installation, you have to accept the terms of the End User License Agreement window opens. 7. In the To continue installation, you have to accept the terms of the End User License Agreement window, do one of the following: If you accept the terms of the End User License Agreement, click the Accept button. Installation of Kaspersky Endpoint Security will continue. If you do not accept the terms of the End User License Agreement, click the Do not accept button. Installation of Kaspersky Endpoint Security is canceled. To return to the window with the text of the End User License Agreement, click the Read license button. 8. In the Participation in Kaspersky Security Network window, read information about participation in Kaspersky Security Network. When you participate in Kaspersky Security Network, the statistics based on protection of your computer by Kaspersky Endpoint Security are sent to Kaspersky Lab automatically. No personal data is collected, processed, or stored. 9. After reading about participation in Kaspersky Security Network, do one of the following: If you want to participate in Kaspersky Security Network, select the I agree to participate in Kaspersky Security Network check box. If you do not want to participate in Kaspersky Security Network, clear the I agree to participate in Kaspersky Security Network check box. As you use Kaspersky Endpoint Security subsequently, you can join Kaspersky Security Network at any time or opt out of participation in Kaspersky Security Network. 17
A D M I N I S T R A T O R ' S G U I D E 10. In the Participation in Kaspersky Security Network window, click the Continue button. 11. In the Type of installation window, click the Install button. 12. In the application installation confirmation window, enter the credentials of the computer administrator and click the Install software button. Kaspersky Endpoint Security starts installing on the computer. 13. When installation finishes, click the Close button to exit the Installation Wizard. Kaspersky Endpoint Security starts automatically. You do not have to restart the computer. KASPERSKY ENDPOINT SECURITY CUSTOM INSTALLATION The End User License Agreement and Participation in Kaspersky Security Network windows of the Installation Assistant are shown only for German- and Russian-language versions of Kaspersky Endpoint Security. In other cases, you can view the text of the License Agreement and information about participation in Kaspersky Security Network by clicking the corresponding links in the window of the Kaspersky Endpoint Security Installation Assistant. To perform custom installation of Kaspersky Endpoint Security: 1. Then start the Kaspersky Endpoint Security Installation Wizard in one of the following ways: Run the ISO file. Unpack the ZIP archive and run the DMG file. 2. Start the application installation process by double-clicking the Kaspersky Endpoint Security icon. A window opens in which you are asked to confirm the launch of the Installation Wizard. 3. Click the Continue button to confirm the launch of the Installation Wizard. The Introduction with information about Kaspersky Endpoint Security opens. 4. In the Introduction window, click Continue. 5. In the License window, you can read the text of the Kaspersky Endpoint Security End User License Agreement between you and Kaspersky Lab AO. 6. After reading the text of the End User License Agreement, click the Continue button. The To continue installation, you have to accept the terms of the End User License Agreement window opens. 7. In the To continue installation, you have to accept the terms of the End User License Agreement window, do one of the following: If you accept the terms of the End User License Agreement, click the Accept button. Installation of Kaspersky Endpoint Security will continue. If you do not accept the terms of the End User License Agreement, click the Do not accept button. Installation of Kaspersky Endpoint Security is canceled. To return to the window with the text of the End User License Agreement, click the Read license button. 18
I N S T A L L I N G A N D U N I N S T A L L I N G T H E A P P L I C A T I O N 8. In the Participation in Kaspersky Security Network window, read information about participation in Kaspersky Security Network. When you participate in Kaspersky Security Network, the statistics based on protection of your computer by Kaspersky Endpoint Security are sent to Kaspersky Lab automatically. No personal data is collected, processed, or stored. 9. After reading about participation in Kaspersky Security Network, do one of the following: If you want to participate in Kaspersky Security Network, select the I agree to participate in Kaspersky Security Network check box. If you do not want to participate in Kaspersky Security Network, clear the I agree to participate in Kaspersky Security Network check box. As you use Kaspersky Endpoint Security subsequently, you can join Kaspersky Security Network at any time or opt out of participation in Kaspersky Security Network. 10. In the Participation in Kaspersky Security Network window, click the Continue button. 11. In the Type of installation window, click the Configure button. A window opens, in which you can select the components to install. 12. Clear the check boxes next to the names of the components that you want to skip during installation. If you skip installation of the Graphical User Interface (GUI) component, you will not be able to activate Kaspersky Endpoint Security and manage the application via the local GUI. Nor will you be able to configure the application preferences and Kaspersky Security Network usage preferences via the local GUI. 13. Press the Install button. 14. In the application installation confirmation window, enter the credentials of the computer administrator and click the Install software button. Kaspersky Endpoint Security starts installing on the computer. 15. When installation finishes, click the Close button to exit the Installation Wizard. Kaspersky Endpoint Security starts automatically. You do not have to restart the computer. PREPARING THE APPLICATION FOR USE After Kaspersky Endpoint Security is installed, you are recommended to do the following: Activate Kaspersky Endpoint Security (see section "Kaspersky Endpoint Security activation" on page 29). Activating the application allows you to update the Anti-Virus databases and software modules regularly and provides access to Technical Support. Assess the current status of computer protection (see section "Assessing status of computer protection" on page 33). Update Kaspersky Endpoint Security (see section "Updating application databases" on page 38). Start a full scan of the computer for viruses and other computer security threats (see section "Performing a full scan of the computer for viruses" on page 36). 19
A D M I N I S T R A T O R ' S G U I D E UNINSTALLING THE APPLICATION Removing Kaspersky Endpoint Security will expose your computer and data to security threats. To uninstall Kaspersky Endpoint Security: 1. Open the contents of the Kaspersky Endpoint Security distribution package. If you have purchased Kaspersky Endpoint Security at an online store and downloaded the application distribution package in DMG format on the Kaspersky Lab website, open the DMG file. 2. Double-click Uninstall Kaspersky Endpoint Security in the window with the contents of the distribution kit. The Kaspersky Endpoint Security Uninstaller starts. Follow the steps to uninstall Kaspersky Endpoint Security. 3. In the Introduction window, click Uninstall. 4. Confirm uninstallation of Kaspersky Internet Security in the window prompting you for administrator account credentials. The process of uninstalling Kaspersky Endpoint Security from the computer starts. 5. In the Completion window, read the information about the completion of the uninstallation process termination. Click the Finish button to quit the Uninstall Assistant. No restart of the computer is necessary after Kaspersky Endpoint Security is uninstalled. 20
APPLICATION INTERFACE This section describes the basic GUI components of Kaspersky Endpoint Security: application icon and context menu of the application icon, main application window and application preferences window. This section also describes notification windows and pop-up messages of the application. IN THIS SECTION: Kaspersky Endpoint Security icon... 21 Hiding the application icon in the menu bar... 22 Main application window... 22 Application preferences window... 23 Notification windows and pop-up messages... 24 KASPERSKY ENDPOINT SECURITY ICON As soon as Kaspersky Endpoint Security has been installed, the application icon appears in the menu bar. The application icon is an indicator of the application's operation. If the application icon is active, this means that realtime protection against viruses and other computer security threats is enabled. The inactive application icon indicates that protection is disabled. By default, the Kaspersky Endpoint Security icon is located in the Menu Bar. You can hide the application icon in the menu bar (see section "Hiding the application icon in the menu bar" on page 22). If any Kaspersky Endpoint Security window is open, the application icon also appears on the Dock quick launch panel. The context menu of the application icon provides access to the main commands of Kaspersky Endpoint Security: Go to the main application window Pause and resume real-time protection of the computer switching to Protection Center; Start a Quick Scan of the computer for viruses and other malware Start a database and application modules update task switching to the application preferences window. To open the context menu of the Kaspersky Endpoint Security icon, click the application icon in the menu bar. 21
A D M I N I S T R A T O R ' S G U I D E HIDING THE APPLICATION ICON IN THE MENU BAR To hide the application icon in the menu bar: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Appearance tab of the application preferences window, in the Application icon section, clear the Show in menu bar check box. MAIN APPLICATION WINDOW To open the main application window: 1. Click the Kaspersky Endpoint Security icon in the menu bar. The context menu of the application icon opens. 2. Select Kaspersky Endpoint Security. Purpose of the main application window The main window of Kaspersky Endpoint Security lets you view information about the status of computer protection, the operation of File Anti-Virus and Web Anti-Virus, and progress of virus scan and update tasks. In the main application window you can also proceed to the following tasks: Manage virus scan tasks and update tasks Manage application keys Protection Center Application preferences View application operation reports Controls of the main application window The main application window includes the following controls: protection status indicator shaped as a computer; buttons in the lower part of the main application window; navigation panel in the upper part of the main application window; The protection status indicator reflects the current status of computer protection (see section "Assessing status of computer protection" on page 33). green indicates that computer protection is at an optimal level; Yellow and red warn of the presence of various problems related to Kaspersky Endpoint Security configuration or operation. 22
A P P L I C A T I O N I N T E R F A C E In addition to the computer protection status indicator, the right part of the main application window contains a block of text that describes the computer protection status. The right part of the main application window can also list problems and computer security threats that can be eliminated using the Protection Center (see section "Using Protection Center" on page 35). If a virus scan or update task is running, information on their progress (percentage complete) is also displayed in the right part of the main application window. You can perform the following actions by using the buttons in the lower part of the main application window: Switch to virus scan tasks: Custom Scan, Full Scan, and Quick Scan. Open the Update window. Open the Licensing window (see section "Viewing license information" on page 28). The top part of the main application window contains a navigation panel. You can use the navigation panel to perform the following actions: Open the reports window (see section "Viewing reports" on page 70) of Kaspersky Endpoint Security. Open the application preferences window (on page 23). Open the window with information on ways to receive technical support (see section "Contacting Technical Support" on page 121). Open the Kaspersky Endpoint Security help system. APPLICATION PREFERENCES WINDOW To open the Kaspersky Endpoint Security preferences window, do one of the following: Click the button in the main application window (see section "Main application window" on page 22). Select Preferences in the context menu of the Kaspersky Endpoint Security icon (see section "Kaspersky Endpoint Security icon" on page 21). Application preferences can be accessed quickly using the following tabs in the upper part of the preferences window: Protection. You can configure File Anti-Virus, Web Anti-Virus, and Network Attack Blocker preferences on this tab. Virus scan. This tab lets you configure the preferences of virus scan tasks and scheduled startup of virus scan tasks. KSN. On this tab you can join Kaspersky Security Network or opt out of participating in Kaspersky Security Network, and also configure Kaspersky Security Network usage preferences. Threats. You can select the categories of objects to be detected and form the trusted zone on this tab. Update. This tab lets you configure the preferences of application updates or roll back to the previous version of anti-virus databases. Reports. This tab lets you configure Kaspersky Endpoint Security report, Quarantine, and Backup preferences, enable or disable the logging of debugging information in the trace file. Appearance. On this tab, you can configure the way notification windows of Kaspersky Endpoint Security and the application icon are displayed. 23
A D M I N I S T R A T O R ' S G U I D E By clicking the button, you can prohibit users without administrator rights from editing the preferences of Kaspersky Endpoint Security. This button is located in the lower part of the application preferences window. To edit preferences, you have to enter the account credentials of the computer administrator. Clicking the button opens the Kaspersky Endpoint Security help describing all preferences of the current application window. You can also open Help for the currently active application window by selecting Open Help for This Window in the Help menu. NOTIFICATION WINDOWS AND POP-UP MESSAGES Events having different levels of importance occur during the operation of Kaspersky Endpoint Security. The application informs you about events via notification windows and pop-up messages. Notification windows can be accompanied by sound alerts. IN THIS SECTION: About notification windows... 24 About event types... 24 About pop-up messages... 24 Disabling notifications... 25 ABOUT NOTIFICATION WINDOWS Kaspersky Endpoint Security displays notifications when the user needs to be prompted to choose an action in response to an event. For example, when the application detects a malicious object, it prompts you to delete or disinfect the object. A notification window disappears from the screen only after you select one of the actions. ABOUT EVENT TYPES Kaspersky Endpoint Security events are divided into three types in terms of their importance: Critical events posing a dangerous threat to computer security (detection of malicious objects, vulnerabilities, Kaspersky Endpoint Security problems). Critical events require the immediate attention of the user. It is recommended not to disable critical event notifications. Important events that do not require the immediate attention of the user, but may pose a threat to computer security in the future. Information events events designed to inform the user. ABOUT POP-UP MESSAGES Kaspersky Endpoint Security displays pop-up messages to inform you of events that do not prompt you to select an action. Depending on the version of the operating system installed on the computer, pop-up messages appear under the application icon in the menu bar or in the Notification Center of the OS X operating system (for operating system of the OS X 10.8 version or later versions). 24
A P P L I C A T I O N I N T E R F A C E DISABLING NOTIFICATIONS By default, Kaspersky Endpoint Security notifies (see section "Notification windows and pop-up messages" on page 24) you about critical events only. You can disable notifications or select types of events about which you want to be notified, as well as disable sound notifications. Regardless of whether notification delivery is enabled or disabled, information about events that occur during the operation of Kaspersky Internet Security is logged in an application operation report (see section "Viewing reports" on page 70). To disable notifications: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Appearance tab of the application preferences window, in the Notifications section clear the Enable notifications check box to stop receiving notifications in the form of notification windows. To select types of events that you do not want to be notified of: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Appearance tab of the application preferences window, in the Notifications section clear the check boxes opposite the types of events (see section "About event types" on page 24) about which you do not want to be notified. To disable sound notifications that accompany notification windows: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Appearance tab of the application preferences window, in the Notifications section, clear the Enable notification sound check box. 25
APPLICATION LICENSING This section covers the main aspects of application licensing. IN THIS SECTION: About the End User License Agreement... 26 About the license... 26 About the license certificate... 27 About the key... 27 About the activation code... 28 Viewing license information... 28 Purchasing a license... 28 Renewing a license... 29 Activating Kaspersky Endpoint Security... 29 ABOUT THE END USER LICENSE AGREEMENT The End User License Agreement is a binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application. Read through the terms of the End User License Agreement carefully before you start using the application. You can review the terms of the End User License Agreement in the following ways: During installation of Kaspersky Endpoint Security. By reading the license.txt file. This file is included in the application's distribution kit. By confirming that you agree with the End User License Agreement when installing the application, you signify your acceptance of the terms of the End User License Agreement. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application. ABOUT THE LICENSE A license is a time-limited right to use the application, granted under the End User License Agreement. A valid license entitles you to the following kinds of services: Use of the application in accordance with the terms of the End User License Agreement Technical Support 26
A P P L I C A T I O N L I C E N S I N G The scope of services and application usage term depend on the type of license under which the application was activated. The following license types are provided: Trial a free license intended for trying out the application. A trial license is of limited duration. When the trial license expires, all Kaspersky Endpoint Security features become disabled. To continue using the application, you need to purchase a commercial license. You can activate the application under a trial license only once. Commercial a pay-for license that is provided when you buy the application. When the commercial license expires, the application continues running with limited functionality (for example, Kaspersky Endpoint Security database updates are not available). To continue using Kaspersky Endpoint Security in fully functional mode, you must renew your commercial license. We recommend renewing the license before its expiration to ensure maximum protection of your computer against security threats. ABOUT THE LICENSE CERTIFICATE The License Certificate is a document provided with the key file or activation code. The License Certificate contains the following license information: Order number Details of the license holder Information about the application that can be activated using the license Limitation on the number of licensing units (devices on which the application can be used under the license) License start date License expiration date or license validity period License type ABOUT THE KEY A key is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement. A key is generated by Kaspersky Lab. You can add a key to the application in one of the following ways: apply a key file or enter an activation code. After you add a key to the application, the key is displayed in the application interface as a unique alphanumeric sequence. Kaspersky Lab can black-list a key over violations of the End User License Agreement. If the key has been black-listed, you have to add a different key to continue using the application. There are two types of keys: active and reserve. An active key is the key that is currently used by the application. A trial or commercial license key can be added as the active key. The application cannot have more than one active key. 27
A D M I N I S T R A T O R ' S G U I D E A reserve key is a key that entitles the user to use the application, but is not currently in use. A reserve key automatically becomes active when the license associated with the current active key expires. A reserve key can be added only if the active key is available. A key for a trial license can be added only as the active key. A key for a trial license cannot be installed as a reserve key. ABOUT THE ACTIVATION CODE An activation code is a unique sequence of twenty Latin letters and numerals. You have to enter an activation code in order to add a key that activates Kaspersky Endpoint Security. You receive the activation code at the email address that you provided when you bought Kaspersky Endpoint Security or ordered the trial version of Kaspersky Endpoint Security. To activate the application using the activation code, Internet access is required to connect to Kaspersky Lab's activation servers. If the activation code has been lost after activation of the application, you can restore the activation code. You may need the activation code to register a Kaspersky CompanyAccount, for example. To restore the activation code, contact Kaspersky Lab Technical Support (https://companyaccount.kaspersky.com). VIEWING LICENSE INFORMATION To view license information: 2. In the lower right part of the main application window, click the button. The Licensing window opens. The Licensing window contains the following information: Active key Reserve key (if any) Key status The number of computers on which you can use the application under the current license License expiry date and time Number of days until license expiry If the application is not activated, the relevant information is displayed in the Licensing window. You can activate the application (see section "Activating Kaspersky Endpoint Security" on page 29). If you are using the trial version of the application, you can purchase a license (see section "Purchasing a license" on page 28). If no reserve key has been added and the license linked to the active key is about to expire, you can renew it (see section "Renewing a license" on page 29). PURCHASING A LICENSE If you do not have a license for Kaspersky Endpoint Security or you are using a trial version of the application, you can purchase a license. 28
A P P L I C A T I O N L I C E N S I N G To purchase a license: 2. In the lower right part of the main application window, click the button. The Licensing window opens. 3. In the Licensing window, click the Buy button. This opens a webpage with information on the terms of license purchases through the Kaspersky Lab estore or Kaspersky partners. RENEWING A LICENSE You have to renew the license if the license associated with the active key has expired and no reserve key has been added. When the license expires, the application continues to operate with limited functionality (for example, updates and Kaspersky Security Network are unavailable). You can still use all application components and run virus scans, but only with anti-virus databases that were installed before the license expired. When anti-virus databases are outdated, your computer is exposed to the risk of infection. To renew a license: 2. In the lower right part of the main application window, click the button. The Licensing window opens. 3. In the Licensing window, click the Renew button. This opens a webpage with information on the terms of license renewal through the Kaspersky Lab estore or Kaspersky partners. ACTIVATING KASPERSKY ENDPOINT SECURITY Before activating Kaspersky Endpoint Security, make sure that the current system date value on your computer matches the actual date and time. Activating the application involves adding a key to the application. If the application has not been activated, all options of Kaspersky Endpoint Security are available, except update downloads. Anti-Virus databases can be updated only once after the application is installed. IN THIS SECTION: Activating the trial version of the application... 30 Activating the application with an activation code... 30 29
A D M I N I S T R A T O R ' S G U I D E ACTIVATING THE TRIAL VERSION OF THE APPLICATION A trial version of Kaspersky Endpoint Security can be activated only if the application has not been previously activated on this computer. You are advised to activate the trial version of the application if you want to test run the application before deciding whether to purchase a license. The trial version of Kaspersky Endpoint Security remains functional for a short trial period. When the trial period expires, all Kaspersky Endpoint Security features are disabled. You will be provided with a free key to for activating the trial version of the application. An Internet connection is required to activate the application. To activate the trial version: 2. In the lower right part of the main application window, click the button. The Licensing window opens. 3. In the Licensing window, click the Try button. 4. In the Activate Trial Version window click the Activate Trial Version button. Kaspersky Endpoint Security connects to Kaspersky Lab activation servers and sends data for verification. If verification succeeds, the application receives and adds a free key. 5. Click the Finish button to finish activating the application. After successful activation of the trial version of the application, you can view the following information in the Licensing window: Key status Limitation on the number of computers on which the application can be used License expiry date and time Number of days until license expiry When the trial license for Kaspersky Endpoint Security expires, a corresponding notification appears on the screen. To continue using the application, you have to purchase a license (see section "Purchasing a license" on page 28). ACTIVATING THE APPLICATION WITH AN ACTIVATION CODE Using the activation code, the application obtains and automatically adds a key that unlocks Kaspersky Endpoint Security functionality for the duration of the license validity period. An Internet connection is required to activate the application. To activate the application with your activation code: 2. In the lower right part of the main application window, click the button. The Licensing window opens. 30
A P P L I C A T I O N L I C E N S I N G 3. In the Licensing window, click the Activate button. 4. In the Application Activation window, enter the activation code that you received when purchasing Kaspersky Endpoint Security. An activation code is a unique combination of 20 Latin alphanumeric characters in the form xxxxx-xxxxx-xxxxxххххх. Kaspersky Endpoint Security connects to Kaspersky Lab activation servers and sends the activation code to verify its authenticity. If activation code verification succeeds, the application automatically receives and adds the key. 5. Click the Finish button to finish activating the application. The main application window opens (see page 22). If activation code verification fails, a corresponding notification is displayed on the screen. In this case, contact the software vendor that supplied you with this activation code. After the application has been activated successfully using the activation code, in the Licensing window you can view the following information: Key Key status Limitation on the number of computers on which the application can be used License expiry date and time Number of days until license expiry 31
STARTING AND STOPPING THE APPLICATION The application starts up immediately after the installation, and the Kaspersky Endpoint Security icon (on page 21) appears in the Menu Bar. To exit Kaspersky Endpoint Security: 1. Click the Kaspersky Endpoint Security icon in the menu bar (see page 21). 2. In the context menu that opens, select Quit. The application stops running, and the process is unloaded from the computer RAM. After Kaspersky Endpoint Security quits, the computer keeps running in unprotected mode and may become infected, thus putting your data at risk of loss. 32
COMPUTER PROTECTION STATUS This section provides information on how to determine whether or not computer security threats or problems exist and how to configure the security level. Read this section to learn more about how to enable and disable protection when using the application. Your computer's protection status indicates the presence or absence of threats, giving you a summary of your computer's overall security level. These threats include detected malicious programs, outdated anti-virus databases, instances of File Anti-Virus or Web Anti-Virus being disabled, and an expiring license. The Protection Center (see section "Using Protection Center" on page 35) helps you review all the current threats and start neutralizing them. IN THIS SECTION: Assessing the status of computer protection... 33 Disabling computer protection... 33 Resuming computer protection... 34 Using Protection Center... 35 ASSESSING THE STATUS OF COMPUTER PROTECTION The computer protection status indicator shaped as a computer and located in the main application window informs you about computer protection problems (see section "Main application window" on page 22). Depending on the condition of computer protection, the color of the indicator may change. If any security threats are detected, the change of the indicator color is supplemented with a message about threats. The indicator can take the following values: Green. Your computer's protection is at an appropriate level. A green indicator signifies that the anti-virus application databases are up to date and all application components have been configured as recommended by Kaspersky Lab. No malicious objects have been detected, or detected malicious objects have been neutralized. Yellow. The level of computer protection is reduced. A yellow indicator signifies a problem with Kaspersky Endpoint Security. Such problems include, for example: slight deviations from the recommended operation preferences or that the application databases have not been updated for several days. Red. Your computer is at risk of infection. A red indicator signifies that there are dangerous problems that may lead to the infection of your computer and loss of data. For example, the anti-virus application databases are obsolete, the application is not activated, or malicious objects have been detected. You are advised to fix the problems and security threats. DISABLING COMPUTER PROTECTION By default, Kaspersky Endpoint Security is stated when the operating system loads, and protects the computer until it is turned off. All real-time protection components (File Anti-Virus, Web Anti-Virus, and Network Attack Blocker) are enabled and running. 33
A D M I N I S T R A T O R ' S G U I D E You can fully or partly disable protection provided by Kaspersky Endpoint Security. Kaspersky Lab strongly advises against disabling real-time protection as this may lead to infection of your computer and data loss. The following indicates that real-time protection of the computer is disabled: An inactive application icon (see section "Kaspersky Endpoint Security icon" on page 21) in the menu bar if the display of the application icon in the menu bar has been disabled; red color of the computer protection status indicator in the main application window. Real-time protection of the computer is provided by the File Anti-Virus (see page 44), Web Anti-Virus (see page 48), and Network Attack Blocker (see page 50) components. Disabling or pausing these components does not affect the execution of virus scan tasks (see section "Virus Scan" on page 54) or update tasks (see section "Updating the application" on page 60). The following methods can be used to disable real-time protection of the computer: In the menu bar, click the Kaspersky Endpoint Security icon (see page 21). In the context menu that opens, select Turn Protection Off. Open the application preferences window (on page 23), select the Protection tab and clear the Enable protection check box in the General section. If you have disabled real-time protection of the computer, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again. You have to enable real-time protection of the computer manually (see section "Resuming computer protection" on page 34). To disable the real-time protection component: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the <component name> section, clear the Enable <component name> check box. If you have disabled the real-time protection component, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again. You have to enable the real-time protection components manually (see section "Resuming computer protection" on page 34). RESUMING COMPUTER PROTECTION If real-time protection of the computer or a real-time protection component (File Anti-Virus, Web Anti-Virus, or Network Attack Blocker) has been disabled, it can be re-enabled only manually. Real-time protection of the computer or a realtime protection component will not be re-enabled automatically when Kaspersky Endpoint Security is started again. The following methods can be used to enable real-time protection of the computer: In the menu bar, click the Kaspersky Endpoint Security icon (see page 21). In the context menu that opens, select Turn Protection On. Open the application preferences window (on page 23), select the Protection tab, and select the Enable protection check box in the General section. 34
C O M P U T E R P R O T E C T I O N S T A T U S To enable a real-time protection component: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the <component name> section, select the Enable <component name> check box. Also, to enable real-time protection of the computer or the real-time protection components, you can use the Protection Center (see section "Using Protection Center" on page 35). Disabling computer protection or disabling protection components dramatically increases the risk of computer infection. Therefore, information about instances of disabled protection is stored in Protection Center. USING PROTECTION CENTER Protection Center is a Kaspersky Endpoint Security feature that lets you analyze and fix unresolved problems and computer security threats. To open Protection Center, Click the Learn More button in the main application window (see section "Main application window" on page 22). In the Protection Center window you can view a list of existing problems and security threats. For each problem or threat, actions are suggested that you can perform to resolve the problem or threat. You can fix a problem or neutralize a threat immediately or postpone doing so. To fix a problem or neutralize a threat immediately, click the button with the name of the recommended action to fix the problem or neutralize the threat. For example, if infected files have been detected on the computer, you should click the Disinfect button. If the anti-virus databases used by the application are out of date, you should click the Update button. The application performs the chosen operation. To fix the problem or neutralize the threat later, click the Hide button. The problem or threat notification will be hidden in the list. You can return to neutralizing this problem or threat later. You cannot postpone neutralizing dangerous computer security threats. Examples of dangerous threats include unprocessed malicious objects, protection component faults, or corrupted databases of Kaspersky Endpoint Security. If you close Protection Center without neutralizing dangerous threats, the color of the computer protection status indicator in the main application window continues to indicate their presence. In the Protection Center window, you can also view information about the running update task and stop the task, if necessary. 35
PERFORMING COMMON TASKS This section contains step-by-step instructions for performing common user tasks with the application. IN THIS SECTION: Performing a full scan of the computer for viruses... 36 Performing a quick scan of the computer... 37 Scanning a file, folder or disk for viruses... 37 Configuring the automatic launch of a scheduled virus scan... 38 Updating application databases... 38 What to do if file access is blocked... 39 What to do if the application has quarantined a file... 39 What to do if you suspect that a file is infected with a virus... 40 Restoring a file that has been deleted or disinfected by the application... 40 Viewing the application operation report... 41 What to do if notification windows or pop-up messages appear... 41 PERFORMING A FULL SCAN OF THE COMPUTER FOR VIRUSES The full scan task created by default is included in Kaspersky Endpoint Security. While running this task, the application scans all the internal drives of the computer for viruses and other threats. To launch a full computer scan: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, select the Full Scan task. A Full Scan of the computer starts. You can view the task results in the window of application operation reports (see section "Viewing virus scan task report" on page 59). 36
P E R F O R M I N G C O M M O N T A S K S PERFORMING A QUICK SCAN OF THE COMPUTER The quick scan task created by default is included in Kaspersky Endpoint Security. While running this task, the application performs scanning for viruses and other types of malware in critical areas of your computer, such as folders that contain operating system files and system libraries, which may, when infected with malware, cause corruption of your operating system. To launch a quick scan of your computer: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, select the Quick Scan task. A quick scan of the computer starts. You can view the task results in the window of application operation reports (see section "Viewing virus scan task report" on page 59). SCANNING A FILE, FOLDER OR DISK FOR VIRUSES If you want to scan an individual object (such as an internal drive, folder, file, or external device) for viruses and other types of malware, you can use the integrated Custom Scan task. To scan a file, folder or drive for viruses and other malware: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, select the Custom Scan task. A list that lets you select a scan scope opens. 5. In the drop-down list, select Files and folders and specify a file or folder or drag the files or folders you want to scan for malware into the window. A virus scan of the specified scope is started. Another way to start a scan is by dragging a file or folder to the application icon on the Dock quick launch panel or into the main application window(on page 22). You can view the virus scan task results in the window of application operation reports (see section "Viewing virus scan task report" on page 59). 37
A D M I N I S T R A T O R ' S G U I D E CONFIGURING THE AUTOMATIC LAUNCH OF A SCHEDULED VIRUS SCAN You can create a schedule for starting the Quick Scan and Full Scan tasks. In accordance with the configured schedule, Kaspersky Endpoint Security automatically performs starts a scan task and scans the entire computer or critical areas of the computer. To configure the startup schedule of the Quick Scan and Full Scan tasks: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 4. In the Schedule section, select a check box corresponding to the startup frequency and time for the selected virus scan task. 5. To change the virus scan task startup schedule, click the Schedule button. A window opens, in which you can configure the virus scan task startup schedule. 6. Configure the virus scan task startup frequency and time. 7. Click the Save button to save changes made to the virus scan task startup schedule. You can view the virus scan task results in the window of application operation reports (see section "Viewing virus scan task report" on page 59). UPDATING APPLICATION DATABASES By default, Kaspersky Endpoint Security downloads updates from Kaspersky Lab update servers. Kaspersky Lab update servers are HTTP and FTP servers of Kaspersky Lab from which Kaspersky Lab applications download database and module updates. An Internet connection is required to download updates from Kaspersky Lab update servers. By default, Kaspersky Endpoint Security periodically checks for updates on Kaspersky Lab's servers. If the latest updates are available on a server, Kaspersky Endpoint Security downloads them in background mode and installs them to your computer. To start an update of Kaspersky Endpoint Security manually: 2. Click the button. 3. The Update window opens. 4. In the Update window that opens, click the Update button. You can view the update task results in the window of application operation reports (see section "Viewing the update task report" on page 66). 38
P E R F O R M I N G C O M M O N T A S K S WHAT TO DO IF FILE ACCESS IS BLOCKED Kaspersky Endpoint Security blocks access to infected and probably infected files and applications (see section "File Anti-Virus" on page 44). If a file is infected, it must be disinfected before it can be accessed. To disinfect detected objects: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. Select Detected objects in the left part of the reports window. The Active group in the right part of the window displays a list of detected objects with their respective statuses. You can expand the list of objects by clicking the button. 4. Disinfect all or one of the infected objects detected: To disinfect all detected objects, click the Disinfect all button. The application starts disinfecting detected objects. While object disinfection is in progress, the application shows a notification window where you can choose the action to be taken on the object. If you select the Apply to all check box in the notification window after choosing the action to be taken on the object, the application applies this action to all files of this type. To disinfect one of the infected objects detected, select this object in the list and click the Disinfect button. The application starts disinfecting the selected object. While object disinfection is in progress, the application shows a notification window where you can choose the action to be taken on the object. If you know for sure that the files being blocked by File Anti-Virus are safe, you can include them in a trusted zone (see section "Creating a trusted zone" on page 43). WHAT TO DO IF THE APPLICATION HAS QUARANTINED A FILE To scan, restore, or remove probably infected files that have been moved to Quarantine: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the left part of the reports window, select Quarantine. A list of probably infected files moved to Quarantine with their status labels is displayed in the right part of the window. 4. Perform the required actions on all probably infected files or one of them: To scan all probably infected quarantined objects using the current version of anti-virus databases, click the Scan All button. After the scan, the status of the quarantined file can change to false positive. 39
A D M I N I S T R A T O R ' S G U I D E To restore one probably infected file, select his file in the list and click the Restore button. A window opens where you have to specify the name of the file and the folder to which it will be restored. We recommend that you only restore files with false positive status since restoring probably infected files with other status labels can pose a threat to your computer. To remove one of the probably infected files from Quarantine, select this file in the list and click the Delete button. To remove all probably infected files from Quarantine, click the Delete All button. If you know for sure that the files being blocked by File Anti-Virus are safe, you can include them in a trusted zone (see section "Creating a trusted zone" on page 43). WHAT TO DO IF YOU SUSPECT THAT A FILE IS INFECTED WITH A VIRUS If you suspect that a file may be infected, scan it for viruses and other computer security threats (see section "Scanning a file, folder or disk for viruses" on page 37). If the scan performed by Kaspersky Endpoint Security reveals that the file is not infected, but you suspect the opposite, move this file to Quarantine. Files moved in Quarantine are stored as archives and do not pose a risk to your computer. With the updated anti-virus databases, Kaspersky Endpoint Security may be able to determine the type of malware that has infected the file and disinfect it. To quarantine a file, perform the following steps: 2. Click the button on the navigation panel in the upper part of the main application window. 3. The Kaspersky Endpoint Security reports window opens. 4. In the left part of the reports window, select Quarantine. A list of probably infected files moved to Quarantine with their status labels is displayed in the right part of the window. 5. Click the Add Object button. The Finder window opens. 6. In the Finder window, select the file that you want to move to Quarantine. The file appears in the list of probably infected files that have been moved to Quarantine with added by user status. RESTORING A FILE THAT HAS BEEN DELETED OR DISINFECTED BY THE APPLICATION We do not recommend that you restore backup copies of files unless absolutely necessary. This could lead to an infection of your computer. 40
P E R F O R M I N G C O M M O N T A S K S Sometimes it is not possible to save files in their entirety during the disinfection process. If a disinfected file contained important information that is partly or completely inaccessible following disinfection, you can attempt to restore the original file from its backup copy. To restore a file that has been deleted or modified by the application during disinfection: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. Select Backup in the left part of the application reports window. 4. The contents of Backup are displayed in the right part of the window. 5. Select the backup copies of the files you want to restore in the list of backup copies and click the Restore button. A window opens where you have to specify the name of the file and the folder to which it will be restored. The name and location of the original file are specified by default. 6. Specify the file name and the folder to which it will be restored. 7. Click the Save button. The application restores the file to the specified location with the specified name. You are advised to scan the file for viruses and malware as soon as it has been restored. It is possible that the object can be disinfected by using the updated databases, without losing its integrity. VIEWING THE APPLICATION OPERATION REPORT Information about events that have occurred in the operation of File Anti-Virus (see section "File Anti-Virus" on page 44), Web Anti-Virus (see section "Web Anti-Virus" on page 48), Network Attack Blocker (see section "Network Attack Blocker" on page 50), or while running the virus scan (see section "Virus Scan" on page 54) or update tasks (see section "Updating the application" on page 60) is displayed in the reports window (see section "Viewing reports" on page 70). To open the reports window: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. WHAT TO DO IF NOTIFICATION WINDOWS OR POP-UP MESSAGES APPEAR Application notifications (see section "Notification windows and pop-up messages" on page 24) appearing as notification windows inform you of events that occur during the operation of the application and require your attention. If such a notification is displayed on the screen, select one of the suggested options. The optimal option is the one recommended as the default option by Kaspersky Lab experts. 41
ADVANCED APPLICATION PREFERENCES This section contains detailed information on how to adjust the preferences of all application components. IN THIS SECTION: Computer protection scope... 42 File Anti-Virus... 44 Web Anti-Virus... 48 Network Attack Blocker... 50 Virus Scan... 54 Updating the application... 60 Reports and Storages... 66 Participating in Kaspersky Security Network... 71 COMPUTER PROTECTION SCOPE The computer protection scope depends on the list of categories of objects detected by the application, and the trusted zone objects excluded from protection. To form the protection scope, select the categories of objects to be detected by the application, and the trusted zone objects to be excluded from protection. IN THIS SECTION: Selecting the categories of objects to detect... 42 Creating a trusted zone... 43 SELECTING THE CATEGORIES OF OBJECTS TO DETECT Objects detected by Kaspersky Endpoint Security are divided into categories based on various attributes. The application always searches for viruses, worms, Trojans, and malicious utility tools. These programs may cause significant damage to your computer. To ensure more reliable protection for your computer, you can extend the list of detectable objects by enabling the monitoring of the activity of adware and legitimate applications that an intruder can exploit to harm the computer or user data. The objects against which Kaspersky Endpoint Security provides protection are grouped as follows: Viruses, worms, Trojans, malicious tools. This category includes all types of malware. Protection against them ensures the minimum necessary security level. In accordance with the recommendations of Kaspersky Lab experts, Kaspersky Endpoint Security always monitors these categories of malware. Adware. This category includes software that can inconvenience the user. Auto-dialers. This category includes applications that establish phone connections through a modem in hidden mode. Other programs. This category includes legitimate programs that may be used by intruders to harm the user's computer or data. 42
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S To select categories of objects to detect: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Threats tab of the application preferences window, in the Categories of objects to detect section, select the check boxes next to the categories of objects to detect against which you want Kaspersky Endpoint Security protection. Kaspersky Endpoint Security always protects your computer against viruses, worms, Trojans, and malicious utility tools. Therefore, it is not possible to clear the check box for this category. Depending on the selected categories of objects to detect, Kaspersky Endpoint Security uses some or all of its anti-virus databases when running File Anti-Virus (see section "File Anti-Virus" on page 44), Web Anti-Virus (see section "Web Anti-Virus" on page 48), and virus scan tasks (see section "Virus Scan" on page 54). If all categories of objects to detect are selected, Kaspersky Endpoint Security provides the most comprehensive protection for the computer. If only protection against viruses, worms, Trojans, and malicious utility tools is selected, Kaspersky Endpoint Security does not monitor adware and other programs that may be installed on your computer and used by intruders to harm the computer or user data. Kaspersky Lab specialists do not recommend that you disable the control of adware and auto-dialers. If Kaspersky Endpoint Security classifies a program, which you do not consider to be dangerous, as malicious, you are advised to add it to the trusted zone (see section "Creating a trusted zone" on page 43). CREATING A TRUSTED ZONE Trusted Zone is a user-created list of objects that Kaspersky Endpoint Security does not control when running. In other words, it is a set of exclusions from the scope of Kaspersky Endpoint Security protection. A trusted zone is created based on the list of trusted files and folders, as well as the list of web addresses that the user considers to be safe. When creating a trusted zone, take into account the properties of objects with which you work and the applications that are installed on the computer. Including objects in the trusted zone may be required if, for example, Kaspersky Endpoint Security blocks access to an object, application, or website, even though you are certain that this object / application / website is absolutely harmless. When an application is added to the trusted list, its file and network activities (including suspicious ones) are no longer controlled. At the same time, Kaspersky Endpoint Security scans the executable file and process of the trusted application. To view or edit the list of trusted files and folders: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Threats tab of the application preferences window, in the Exclusions section, click the Trusted zone button. A window opens with the Trusted files and folders tab listing the objects that Kaspersky Endpoint Security does not monitor. 43
A D M I N I S T R A T O R ' S G U I D E You can edit the list of trusted files and folders: Add a file or folder to the list. Click the button, and in the window that opens, select an object that you do not want Kaspersky Endpoint Security to monitor. Remove a file or a folder from the list. Select an object in the list and click the button. To view or edit the list of trusted web addresses: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Threats tab of the application preferences window, in the Exclusions section, click the Trusted zone button. A window opens with the Trusted web addresses tab listing web addresses that Kaspersky Endpoint Security does not monitor. You can edit the list of trusted web addresses: Add a web address to the list. Click the button and fill in the field by entering the web address of a website that you do not want Kaspersky Endpoint Security to monitor. Remove a web address from the list. Select the web address of a website in the list and click the button. FILE ANTI-VIRUS File Anti-Virus prevents infection of the computer's file system. By default, this component starts at the startup of the operating system, remains in the RAM of the computer, and scans all files that are opened, saved, or run on your computer and on all connected drives for viruses and other malware. If you disable File Anti-Virus, it will not start at operating system startup. You will have to enable File Anti-Virus manually. You can create the protection scope (see section "Creating the protection scope" on page 46) and select the action that Kaspersky Endpoint Security will perform on detecting a virus or a different computer security threat (see section "Selecting the File Anti-Virus action to take on objects" on page 46). When the user or an application attempts to access a file included in the protection scope, File Anti-Virus scans this file for viruses and other computer security threats. Kaspersky Endpoint Security uses iswift technology to increase the speed of the virus scan. Kaspersky Endpoint Security detects malicious objects by means of signature analysis a process of scanning the computer for viruses and other security threats with the use of signatures in anti-virus databases of the application. In addition to signature analysis, File Anti-Virus uses heuristic analysis and other virus scan technologies. On detecting a virus or a different computer security threat, Kaspersky Endpoint Security assigns one of the following status labels to the object detected: Infected status if the file contains malware. Probably infected status if the file contains an object whose code contains a modified segment of code of known malware or an object resembling a threat in the way it behaves. 44
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S Kaspersky Endpoint Security displays a notification about the object detected (see section "About notification windows" on page 24) and takes the action that is specified in the File Anti-Virus preferences on the object (see section "Selecting the File Anti-Virus action to take on objects" on page 46). Before disinfecting or deleting an infected file, Kaspersky Endpoint Security saves a copy of it in Backup (see section "Backup" on page 68) so you can restore the original file, if necessary. Kaspersky Endpoint Security moves probably infected files to Quarantine (see page 67). An attempt can be made later to disinfect those files by using updated antivirus databases. Information about File Anti-Virus operation and all detected objects is logged in the File Anti-Virus report (see section "Viewing File Anti-Virus report" on page 47). IN THIS SECTION: Disabling File Anti-Virus... 45 Enabling File Anti-Virus... 45 Creating a protection scope... 46 Selecting the File Anti-Virus action to take on objects... 46 Viewing File Anti-Virus report... 47 DISABLING FILE ANTI-VIRUS By default, File Anti-Virus is enabled and running in the mode that is recommended by Kaspersky Lab's experts. You can disable File Anti-Virus, if necessary. To disable File Anti-Virus: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the File Anti-Virus section, clear the Enable File Anti-Virus check box. If you have disabled File Anti-Virus, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or after the operating system restarts. You have to enable File Anti-Virus manually (see section "Enabling File Anti-Virus" on page 45). ENABLING FILE ANTI-VIRUS To enable File Anti-Virus: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the File Anti-Virus section, select the Enable File Anti-Virus check box. 45
A D M I N I S T R A T O R ' S G U I D E You can also enable File Anti-Virus in Protection Center (see section "Using Protection Center" on page 35). Disabling computer protection or disabling protection components dramatically increases the risk of computer infection. Therefore, information about instances of disabled protection is stored in Protection Center. CREATING A PROTECTION SCOPE By default, File Anti-Virus scans all files at the moment when they are accessed, regardless of the media on which they are stored: internal drive, CD/DVD-ROM, or memory card. To create a protection scope: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the File Anti-Virus section, click the Protection scope button. A window opens showing a list of objects that File Anti-Virus will scan. By default, all objects that are located on internal, removable, and network drives connected to your computer are scanned. You can change the protection scope: Add an object to the protection scope. Click the button and select a folder or file in the window that opens. Temporarily disable scanning of the object. Select an object and clear the check box next to it. File Anti-Virus will not control this object until the check box is selected again. Remove an object from the protection scope (only available for user-added objects). Select an object and drag it from the window, or click the button. You can limit the protection scope of File Anti-Virus in one of the following ways: specify only the folders, disk drives, or files that you want to scan; Create a list of objects that do not need to be scanned (see section "Creating a trusted zone" on page 43); combine the first and second methods: that is, create a protection scope and exclude a number of objects from it. SELECTING THE FILE ANTI-VIRUS ACTION TO TAKE ON OBJECTS If File Anti-Virus detects an infected or probably infected file, it performs the action that depends on the status of the object. If a threat is detected in a file, Kaspersky Endpoint Security assigns one of the following status labels to the file: Infected status if the file contains malware. Probably infected status if the file contains an object whose code contains a modified segment of code of known malware or an object resembling a threat in the way it behaves. 46
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S You can configure the actions to be performed by the application on infected and probably infected files. By default, Kaspersky Endpoint Security displays a notification window prompting you to select an action to take on the object detected. To select the action that File Anti-Virus performs on detecting an infected or probably infected file: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the File Anti-Virus section, select the File Anti- Virus actions to be taken on the malicious object detected. Before disinfecting or deleting an infected file, Kaspersky Endpoint Security saves a copy of it in Backup (see section "Backup" on page 68) so you can restore the original file, if necessary. Kaspersky Endpoint Security moves probably infected files to Quarantine (see page 67). An attempt can be made later to disinfect those files by using updated antivirus databases. VIEWING FILE ANTI-VIRUS REPORT Summary statistics on File Anti-Virus operation (number of objects scanned since last startup of the component, number of malicious objects detected and disinfected) can be viewed in Protection Center by clicking the Learn More button in the right part of the main application window (see section "Main application window" on page 22). Kaspersky Endpoint Security also provides a detailed report on the operation of File Anti-Virus in the reports window. To view the File Anti-Virus report: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the Tasks section of the reports window that opens, select File Anti-Virus. If File Anti-Virus returns an error when closing, view the File Anti-Virus report and try to start the component again. If you cannot solve the problem on your own, please contact Kaspersky Lab Technical Support Service (see section "Contacting Technical Support" on page 121). The right part of the reports window contains the following information about the operation of File Anti-Virus: All operation periods of File Anti-Virus are listed, including the date and time when the component was enabled and disabled, and the component status. All objects detected by File Anti-Virus are listed, including their respective statuses. Objects are grouped by date and time of component startup. You can expand the list of objects by clicking the icon next to the date and time of component startup. The lower part of the reports window displays the name and the path to the storage folder for each one of the objects detected; the statuses assigned to the files by File Anti-Virus are also shown. If the malicious program that has infected the file can be determined conclusively, the file is assigned infected status. If the type of malicious program cannot be determined conclusively, the file is assigned probably infected status. The lower part of the reports window also displays summary statistics about File Anti-Virus operation. The statistics include information about the number of objects scanned. In addition, the virus scan start time and the scan duration are displayed. 47
A D M I N I S T R A T O R ' S G U I D E WEB ANTI-VIRUS Each time you use the Internet, you expose the information stored on your computer to risk of infection by viruses and other computer security threats. They may penetrate your computer when you download free programs or view information on websites that were compromised by hackers before you visited them. Moreover, network worms may penetrate into your computer even before you open a web page or download a file, as soon as your computer establishes an Internet connection. The Web Anti-Virus component protects information that is sent and received by your computer over the HTTP and HTTPS protocols in Safari, Google Chrome or Firefox browsers. Web Anti-Virus monitors web traffic transferred via ports that are most frequently used for data transfer over HTTP and HTTPS. Web Anti-Virus scans web traffic in accordance with a collection of preferences recommended by Kaspersky Lab. If Web Anti-Virus detects a threat, it performs the specified action (see section "Selecting the action to take on dangerous objects from web traffic" on page 49). Malicious objects are recognized using signature analysis, heuristic analysis, and data from Kaspersky Security Network (see section "Participation in Kaspersky Security Network" on page 71). Web traffic scan algorithm Each web page or file that is accessed by the user or an application via the HTTP and HTTPS protocols is intercepted and scanned for malicious code by Web Anti-Virus: If a web page or file contains malicious code, access to it is blocked. A notification is displayed that the requested file or web page is infected. If the file or web page does not contain malicious code, they become available immediately. Information about Web Anti-Virus operation and all detected dangerous web traffic objects is logged in the Web Anti- Virus report (see section "Viewing Web Anti-Virus report" on page 49). IN THIS SECTION: Disabling Web Anti-Virus... 48 Enabling Web Anti-Virus... 49 Selecting the action to take on dangerous objects from web traffic... 49 Scanning website URLs for phishing threats... 49 Viewing Web Anti-Virus report... 49 DISABLING WEB ANTI-VIRUS By default, Web Anti-Virus is enabled, running in a mode that is recommended by Kaspersky Lab experts. You can disable Web Anti-Virus, if necessary. To disable Web Anti-Virus: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Web Anti-Virus section, clear the Enable Web Anti-Virus check box. 48
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S If you have disabled Web Anti-Virus, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or when the operating system restarts. You have to enable Web Anti-Virus manually (see section "Enabling Web Anti-Virus" on page 49). ENABLING WEB ANTI-VIRUS To enable Web Anti-Virus: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Web Anti-Virus section, select the Enable Web Anti-Virus check box. You can also enable Web Anti-Virus via Protection Center (see section "Using Protection Center" on page. 35). Disabling computer protection or disabling protection components dramatically increases the risk of computer infection. Therefore, information about instances of disabled protection is stored in Protection Center. SELECTING THE ACTION TO TAKE ON DANGEROUS OBJECTS FROM WEB TRAFFIC If infected objects are detected in web traffic, the application performs the specified action. To change the action to take on detected malicious web traffic objects: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Web Anti-Virus section, select the Web Anti-Virus actions to be taken on objects. SCANNING WEBSITE URLS FOR PHISHING THREATS Checking links on web pages for phishing and for malicious web addresses makes it possible to avoid phishing attacks. Phishing attacks normally happen in the form of email messages sent by impostors on behalf of financial institutions (such as banks) with URLs to spoofed websites. In such emails, the impostors urge you to follow the link to the spoofed website and enter your confidential information (such as the bank card number or the name and password for your online banking account). A phishing attack can be disguised, for example, as an email message from your bank with a link to its official website. The link takes you to an exact copy of the bank's official website created by impostors. Web Anti-Virus monitors attempts to visit a phishing website while scanning web traffic and blocks access to such websites. To check links on web pages for phishing and dangerous web addresses, Kaspersky Endpoint Security uses the application databases, heuristic analysis, and data from Kaspersky Security Network (see section "Participating in Kaspersky Security Network" on page 71). VIEWING WEB ANTI-VIRUS REPORT Kaspersky Endpoint Security provides a detailed report on the operation of Web Anti-Virus. 49
A D M I N I S T R A T O R ' S G U I D E To view the Web Anti-Virus report: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the reports window that opens, in the Tasks section, select Web Anti-Virus. If Web Anti-Virus displays an error when closing, view the Web Anti-Virus report and try to restart the component. If you cannot solve the problem on your own, please contact Kaspersky Lab Technical Support Service (see section "Contacting Technical Support" on page 121). The right part of the reports window contains the following information about Web Anti-Virus operation: All operation periods of Web Anti-Virus are listed, including date and time of scan start and scan completion, and the component operation status. All dangerous web traffic objects detected by Web Anti-Virus are listed, including their respective statuses. Objects are grouped by date and time of scan start. You can expand the list of dangerous web traffic objects by clicking the icon next to the date and time of scan start. The lower part of the reports window provides the following information about each dangerous web traffic object detected: the web address of the page where it is detected, and the status assigned to the object by Web Anti-Virus. The lower part of the reports window also displays the summary statistics of Web Anti-Virus operation. The statistics include information about the number of objects scanned. In addition, the scan start time and the scan length are displayed. NETWORK ATTACK BLOCKER Kaspersky Endpoint Security protects your computer against network attacks. A network attack is an attempt to break into the operating system of a remote computer. Criminals attempt network attacks to establish control over the operating system, cause operating system denial of service, or access sensitive information. The term "network attacks" applies to malicious activity of criminals themselves (such as port scanning and brute force attacks) and activity of malware installed on the computer under attack (such as transmission of sensitive information to criminals). Malware involved in network attacks includes some Trojans, DoS attack applications, malicious scripts, and varieties of network worms. Known network attacks can be divided into the following types: Port scanning. This type of network attack is usually performed in preparation for a more dangerous network attack. An intruder scans UDP / TCP ports that use network services on the target computer and determines the degree of vulnerability of the target computer before performing more dangerous types of network attacks. Port scanning also enables the intruder to determine the type of operating system on the target computer and select appropriate network attacks for this type of operating system. DoS attacks, or network attacks causing a denial of service. Such network attacks render the target operating system unstable or completely inoperable. The following major types of DoS attacks exist: Transmission to the remote computer of specially prepared network packets that are not expected by this computer and which cause malfunctions in the operation of the operating system or cause it to crash. 50
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S Sending a large number of network packets to the remote computer per unit time. All resources of the target computer are devoted to processing network packets sent by the intruder, as a result of which the computer stops performing its functions. Network intrusion attacks. Such network attacks are designed to "hijack" the operating system of the target computer. This is the most dangerous type of network attacks because, if they are successful, the intruder gains total control over the operating system. This type of network attacks is used when the intruder needs to obtain confidential information from a remote computer (such as bank card numbers, passwords) or use the remote computer for own purposes (such as for staging attacks against other computers from this computer). On detecting a network attack, Kaspersky Endpoint Security logs information about the attack in the report (see section "Viewing the Network Attack Blocker report" on page 53). IN THIS SECTION: Disabling Network Attack Blocker... 51 Enabling Network Attack Blocker... 51 Creating a list of trusted computers... 52 Viewing and editing the list of blocked computers... 52 Viewing the Network Attack Blocker report... 53 DISABLING NETWORK ATTACK BLOCKER By default, Network Attack Blocker is enabled and running in the mode that is recommended by Kaspersky Lab experts. You can disable Network Attack Blocker, if necessary. To disable Network Attack Blocker: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Network Attack Blocker section clear the Enable Network Attack Blocker check box. If you have disabled Network Attack Blocker, it will not be re-enabled automatically when Kaspersky Endpoint Security starts again or after the operating system restarts. You have to enable Network Attack Blocker manually (see section "Enabling Network Attack Blocker" on page 51). ENABLING NETWORK ATTACK BLOCKER To enable Network Attack Blocker: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Network Attack Blocker section select the Enable Network Attack Blocker check box. 51
A D M I N I S T R A T O R ' S G U I D E You can also enable Network Attack Blocker in Protection Center (see section "Using Protection Center" on page 35). Disabling computer protection or disabling protection components dramatically increases the risk of computer infection. Therefore, information about instances of disabled protection is stored in Protection Center. CREATING A LIST OF TRUSTED COMPUTERS You can create a list of trusted computers. IP addresses of these computers are not blocked automatically when dangerous network activity originating from these computers is detected. To create a list of trusted computers: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Network Attack Blocker section click the Exclusions button. If Network Attack Blocker is disabled, you have to enable it (see section "Enabling Network Attack Blocker" on page 51). A window with a list of trusted computers and a list of blocked computers opens. 4. In the window that opens, select the Exclusions tab. You can perform the following actions: Add the IP address of a trusted computer to the list. Click the button and enter the IP address of the computer that you trust to be safe in the field. Edit the IP address of a trusted computer. Select an IP address in the list and click the Edit button. Remove an IP address from the list. Select an IP address in the list and click the button. 5. Click the Save button to save changes made to the list of trusted computers. VIEWING AND EDITING THE LIST OF BLOCKED COMPUTERS When the application detects dangerous network activity, the IP address of the attacking computer is automatically added to the list of blocked computers, if this computer has not been added to the list of trusted computers (see section "Creating a list of trusted computers" on page 52). To view or edit the list of blocked computers: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Protection tab of the application preferences window, in the Network Attack Blocker section click the Exclusions button. If Network Attack Blocker is disabled, you have to enable it (see section "Enabling Network Attack Blocker" on page 51). A window with a list of trusted computers and a list of blocked computers opens. 52
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S 4. Select the Blocked computers tab in the window that opens. This tab lets you view the list of IP addresses of blocked computers and the time when dangerous network activity of these computers was detected. 5. If you are certain that the computer is safe, select the computer's IP address in the list and click the Unblock button. 6. Do one of the following in the confirmation window: To unblock the computer, click the Unblock button. Kaspersky Endpoint Security unblocks the IP address. If you want Kaspersky Endpoint Security to never block this IP address, click the Unblock and Exclude button. Kaspersky Endpoint Security unblocks the IP address and adds it to the list of trusted computers (see section "Creating a list of trusted computers" on page 52). 7. Click the Save button to save changes made to the list of blocked computers. VIEWING THE NETWORK ATTACK BLOCKER REPORT You can view consolidated statistics on current protection against network attacks (number of blocked computers, number of registered events since the last launch of the Network Attack Blocker component) in Protection Center by clicking the Learn More button in the right part of the main application window (see section "Main application window" on page 22). Kaspersky Endpoint Security also provides a detailed Network Attack Blocker report in the reports window. To view the Network Attack Blocker report: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the Tasks section of the reports window that opens, select Network Attack Blocker. If the Network Attack Blocker component shuts down after encountering an error, view the report and try to restart the component. If you cannot solve the problem on your own, please contact Kaspersky Lab Technical Support Service (see section "Contacting Technical Support" on page 121). The right part of the reports window contains the following information about Network Attack Blocker: IP address of the computer whose dangerous network activity has been detected by Kaspersky Endpoint Security. The action performed by Kaspersky Endpoint Security on detecting dangerous network activity of the computer. If the computer's IP address is blocked and added to the list of blocked computers, the value in the Action column is Blocked. If the computer's IP address is added to exclusions, the value in the Action column is Skipped. Type of network attack detected (see section "Network Attack Blocker" on page 50). Number of the local port through which an intrusion attempt was made. Date and time when dangerous network activity was detected on the computer. 53
A D M I N I S T R A T O R ' S G U I D E VIRUS SCAN In addition to computer protection provided by File Anti-Virus (see section "File Anti-Virus" on page 44) and Web Anti- Virus (see section "Web Anti-Virus" on page 48) in real time, Kaspersky Lab recommends regularly scanning the computer for viruses and other malware. A virus scan detects malware that was not detected by protection components, for example because real-time protection was disabled. Kaspersky Endpoint Security contains the following virus scan tasks: Full Scan. A virus scan of the computer memory, startup objects, and all internal drives of the computer. Quick Scan. A virus scan of only critical areas of the computer: folders with operating system files and system libraries. Custom Scan. A virus scan of the specified object (file, folder, drive, external device). When the virus scan task is started, Kaspersky Endpoint Security scans the specified scope (see section "Creating a scan scope" on page 55) for viruses and other malware. You can start virus scan tasks manually (see section "Starting and stopping virus scan tasks" on page 55). You can also configure automatic startup of the Full Scan and Quick Scan tasks according to the specified schedule (see section "Configuring the virus scan task startup schedule preferences" on page 58). By default, virus scan tasks are performed with the preferences recommended by Kaspersky Lab. You can edit the virus scan task preferences (see section "Configuring the virus scan task preferences" on page 56). Kaspersky Endpoint Security detects malware objects by means of signature analysis. In addition to signature analysis, Kaspersky Endpoint Security uses heuristic analysis and other scanning technologies. If a threat is detected in a file, Kaspersky Endpoint Security assigns one of the following status labels to the file: Infected status if the file contains malware. Probably infected status if the file contains an object whose code contains a modified segment of code of known malware or an object resembling a threat in the way it behaves. On detecting an infected or probably infected object, the application displays a notification prompting the user to select the action to be taken on this object (see section "About notification windows" on page 24). You can change the performed when an object is detected (see section "Selecting action to take on objects during scanning" on page 58). Before disinfecting or deleting an infected file, Kaspersky Endpoint Security saves a copy of it in Backup (see section "Backup" on page 68) so you can restore the original file, if necessary. Kaspersky Endpoint Security moves probably infected files to Quarantine (see page 67). An attempt can be made later to disinfect those files by using updated anti-virus databases. By default, Kaspersky Endpoint Security scans files in Quarantine after each update of anti-virus databases. Information about the results of virus scan tasks and all detected objects is logged in a virus scan task report (see section "Viewing virus scan task report" on page 59). IN THIS SECTION: Starting and stopping virus scan tasks... 55 Creating a scan scope... 55 Configuring the virus scan task preferences... 56 Viewing virus scan task report... 59 54
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S STARTING AND STOPPING VIRUS SCAN TASKS To start a virus scan task: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, select the virus scan task that you want to start: Full Scan, Quick Scan, or Custom Scan. 5. Choosing the Custom Scan task opens a drop-down list that lets you create a scan scope. Create a scan scope using a list (see section "Creating a scan scope" on page 55)or drag a file or folder into the window. The virus scan task starts. Information about currently running virus scan tasks is displayed in the Virus Scan window and in the right part of the main application window, and also in the Tasks section of the reports window (see section "Viewing virus scan task report" on page 59). Information on completed virus scan tasks is displayed in the Virus Scan window and in the Tasks section of the reports window. To pause a virus scan task: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, point the mouse pointer at the icon next to the virus scan task and click the button. 5. Click Stop in the confirmation window. The virus scan task is stopped. CREATING A SCAN SCOPE The preset Full Scan and Quick Scan virus scan tasks of Kaspersky Endpoint Security already contain scan scopes. While performing the Full Scan task, Kaspersky Endpoint Security scans all files on all computer internal drives, computer memory, and autorun objects. While performing the Quick Scan task, Kaspersky Endpoint Security scans computer memory, autorun objects, and system folders, files, and libraries. To view or edit the scan scope during the Full Scan and Quick Scan tasks: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab of the application preferences window, in the list on the left select the task name: Full Scan or Quick Scan. 55
A D M I N I S T R A T O R ' S G U I D E 4. On the right, in the Scan scope section, click the Edit button. A window opens in which you can form the scan scope. 5. Edit the scan scope, if necessary. You can perform the following actions: Add an object to scan scope. Drag an object to the window or click the button, and select the most appropriate option from the dropdown list (Files or Folders, All Drives, etc.). Temporarily disable scanning of the object. Select an object and clear the check box next to it. The virus scan task will not be executed for this object until the check box is selected again. Delete an object (only available for user-added objects). Select an object and drag it from the window, or click the button. 6. Click the OK button. To run the Custom Scan task, you have to form a scan scope (files, folders, internal drives, external devices). To create a scan scope for the Custom Scan task: 2. Click the button. 3. The Virus Scan window opens. 4. In the Virus Scan window that opens, select the Custom Scan task. This opens a drop-down list that lets you select a scan scope. 5. In the drop-down list, select Files and folders and specify a file or folder or drag the files or folders you want to scan for malware into the window. CONFIGURING THE VIRUS SCAN TASK PREFERENCES You can configure the following virus scan task preferences: Security level The security level is a set of preferences that define the balance between the thoroughness and speed of scanning of objects for viruses and other computer security threats. You can select one of the three preset security levels or configure security level preferences (see section "Selecting the security level" on page 57). Action to take on objects during scanning This is the action that Kaspersky Endpoint Security performs on detecting an infected or probably infected object (see section "Selecting action to take on objects during scanning" on page 58). This is the schedule according to which Kaspersky Endpoint Security automatically starts Full Scan and Quick Scan tasks. Automatic startup of virus scan tasks according to the configured schedule ensures timely scanning of the computer for viruses and other computer security threats. You can configure the schedule for starting the Quick Scan and Full Scan tasks (see section "Configuring the virus scan task startup schedule preferences" on page 58). 56
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S IN THIS SECTION: Selecting the security level... 57 Selecting action to take on objects during scanning... 58 Configuring the virus scan task startup schedule preferences... 58 Restoring default scan preferences... 59 SELECTING THE SECURITY LEVEL Each scan task ensures that objects are scanned at one of the following security levels: Maximum protection - a security level ensuring a full scan of the entire computer or individual disks, folders, or files. This security level is recommended when you suspect that the computer is infected. Recommended - a security level with the preferences recommended by Kaspersky Lab. Maximum speed - this security level enables you to use other applications that require significant system resources, since the scope of files scanned at this security level is smaller. By default, virus scan tasks are performed at the Recommended security level. You can increase or decrease the thoroughness of the scan by selecting Maximum protection or Maximum speed, accordingly. You can also edit the preferences of the current security level. This will change the name of the security level to Custom. To change the security level of a virus scan task: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 4. In the Security level section, move the slider bar to the required position. Changing the security level changes the balance between the scan speed and the total number of files scanned: the fewer files scanned for viruses, the higher the scan speed. To edit the preferences of the current security level: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 4. In the Security level section, click the Preferences button. A window opens in which you can edit the preferences of the current security level. 5. In the window that opens, edit the security level preferences: In the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security when running the virus scan task. 57
A D M I N I S T R A T O R ' S G U I D E In the Optimization section, select or clear check boxes and specify the relevant values in the entry fields to configure the preferences of scan performance and usage of iswift technology. In the Compound files section, select or clear check boxes next to the types of compound files to be scanned. In the Heuristic analyzer section, select or clear the Use Heuristic Analyzer check box. If the check box is selected, move the slider up or down the scale to select the level of heuristic analysis during virus scan tasks. 6. Click OK to save changes made to the security level preferences. SELECTING ACTION TO TAKE ON OBJECTS DURING SCANNING If Kaspersky Endpoint Security detects an infected or probably infected file, the application performs the selected action that depends on the status of the object. If a threat is detected in a file, Kaspersky Endpoint Security assigns one of the following status labels to the file: Infected status if the file contains malware. Probably infected status if the file contains an object whose code contains a modified segment of code of known malware or an object resembling a threat in the way it behaves. You can configure the actions to be performed by the application on infected and probably infected files. By default, Kaspersky Endpoint Security displays a notification window prompting you to select an action to take on the object detected. To select the action that Kaspersky Endpoint Security takes on detecting infected or probably infected files: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 4. In the Action section, select an action to be taken by Kaspersky Endpoint Security on the malicious object detected. Before disinfecting or deleting an infected file, Kaspersky Endpoint Security saves a copy of it in Backup (see section "Backup" on page 68) so you can restore the original file, if necessary. Kaspersky Endpoint Security moves probably infected files to Quarantine (see page 67). An attempt can be made later to disinfect those files by using updated antivirus databases. CONFIGURING THE VIRUS SCAN TASK STARTUP SCHEDULE PREFERENCES All preset virus scan tasks on the computer can be run manually (see section "Starting and stopping virus scan tasks" on page 55). In addition, the Quick Scan and Full Scan tasks can be started by Kaspersky Endpoint Security automatically according to a preset schedule. To configure the startup schedule of the Quick Scan and Full Scan tasks: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 58
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S 4. In the Schedule section, select a check box corresponding to a configured startup schedule for the selected virus scan task. To change the virus scan task startup schedule, click the Schedule button. A window opens, in which you can configure the virus scan task startup schedule. 5. Specify the virus scan task startup frequency and time. 6. Click the Save button to save changes made to the virus scan task startup schedule. RESTORING DEFAULT SCAN PREFERENCES You can restore the default virus scan preferences at any time. They are recommended by Kaspersky Lab experts and combined into the Recommended security level. To restore the default scan preferences: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Virus Scan tab in the application preferences window, select the name of the virus scan task in the task list on the left. 4. In the Security level section, click the Default button. This restores the recommended virus scan task preferences. The name of the security level changes to Recommended. VIEWING VIRUS SCAN TASK REPORT Information about the progress of each running virus scan task (percent complete) is displayed in the Virus Scan window and in the main application window (see section "Main application window" on page 22). Kaspersky Endpoint Security also provides a detailed report on the results of virus scan tasks in the Reports window. To view the virus scan task report: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the reports window that opens, in the Tasks section, select Virus Scan. If any errors occur while running a virus scan task, start the task again. If the attempt to re-run the task also results in an error, contact Kaspersky Lab Technical Support (see section "Contacting Technical Support" on page 121). The right part of the reports window displays the following information about virus scan tasks run by Kaspersky Endpoint Security: All currently running and all completed virus scan tasks, including task names, time of task start and completion, and the current statuses of tasks. All objects detected while running virus scan tasks, including their respective statuses. Objects are grouped by virus scan task name. You can expand the list of objects by clicking the icon next to the name of a virus scan task. 59
A D M I N I S T R A T O R ' S G U I D E The lower part of the reports window displays the name and the path to the folder that contains each one of the objects detected. The statuses assigned to the files by Kaspersky Endpoint Security are also shown. If the malicious program that has infected the file can be determined conclusively, the file is assigned infected status. If the type of malicious program cannot be determined conclusively, the file is assigned probably infected status. Information about the progress of the current virus scan task or summary statistics on the results of the completed virus scan task are displayed in the lower part of the reports window. The statistics include information about the number of objects scanned. In addition, the scan start time and the scan length are displayed. UPDATING THE APPLICATION Timely updates of application databases ensure that your computer remains protected. File Anti-Virus (see page 44), Web Anti-Virus (see page 48), and virus scan (see section "Virus Scan" on page 54) tasks use anti-virus databases for detecting and neutralizing viruses and other threats. Anti-virus databases are updated hourly with new threats and ways to neutralize them, so it is important that you update them regularly. During the update process, Kaspersky Endpoint Security downloads anti-virus databases and application module updates from Kaspersky Lab update servers and installs them on your computer. Dedicated Kaspersky Lab update servers are the main source of updates for Kaspersky Endpoint Security. You can also use Kaspersky Security Center servers as an update source. An Internet connection is required to download an update package from update servers. If the Internet connection is established via a proxy server, you may need to configure the network preferences (see section "Configuring the connection to a proxy server" on page 65). Anti-virus database updates can be downloaded in one of the following modes: Automatically. Kaspersky Endpoint Security periodically checks for updates on Kaspersky Lab's update servers. During a virus outbreak the frequency of the checks may increase and decrease afterwards. If a set of the latest updates is stored on a server, Kaspersky Endpoint Security downloads them in background mode and installs them to your computer. This is the default update mode. Manually. In this case, you start the Kaspersky Endpoint Security update manually. By schedule. Kaspersky Endpoint Security is automatically updated according to a schedule. By default, Kaspersky Endpoint Security module updates are downloaded and installed on the computer automatically. During an update the application modules and anti-virus databases are compared with the ones currently available at the update source. If the latest version of databases is installed on your computer, the main application window (see section "Main application window" on page 22) displays a message that the anti-virus databases are up-to-date. If the application modules and anti-virus databases differ from those currently available from the update source, only the missing components of the update will be installed on your computer. Anti-virus databases are not copied in their entirety, which allows increasing update speed and reducing Internet traffic. Before updating the anti-virus databases, Kaspersky Endpoint Security creates backup copies of them so that a rollback can be performed, if necessary. Update rollback feature (see section "Rolling back the last update" on page 61) may be useful if a new version of the anti-virus databases contains an invalid signature that makes Kaspersky Endpoint Security block a safe application. If the databases of Kaspersky Endpoint Security are corrupted, you are advised to start an update (see section "Updating application databases" on page 38) to download and install the latest version of application databases. At the same time as updating Kaspersky Endpoint Security, you can copy the downloaded updates to a local source (see section "Updating from a local source" on page 62). You can use a local copy of downloaded updates to update antivirus databases and application modules of Kaspersky Endpoint Security on other computers on the corporate network in order to reduce the amount of Internet traffic. 60
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S IN THIS SECTION: Starting application database updates... 61 Rolling back the last update... 61 Updating from a local source... 62 Configuring update preferences... 62 Viewing the update task report... 66 STARTING APPLICATION DATABASE UPDATES Updating Kaspersky Endpoint Security in a timely manner keeps your computer properly protected. When using Kaspersky Endpoint Security, you can start an application update at any time. To start an update of Kaspersky Endpoint Security databases: 2. Click the button. 3. The Update window opens. 4. In the Update window that opens, click the Update button. Information about the progress of the current update task (percent complete) is shown in the lower part of the Update window and also in the main application window (see section "Main application window" on page 22) and in Protection Center (see section "Using Protection Center" on page 35). Detailed information about the results of the update task is logged in the update task report (see section "Viewing the update task report" on page 66). ROLLING BACK THE LAST UPDATE Before updating the anti-virus databases, Kaspersky Endpoint Security creates backup copies of them so that a rollback can be performed, if necessary. The rollback feature is useful if a new version of the anti-virus databases contains an incorrect signature that makes Kaspersky Endpoint Security block a safe application. If the databases of Kaspersky Endpoint Security are corrupted, you are advised to start an update (see section "Updating application databases" on page 38) to download and install the latest version of application databases. To roll back the last update of Kaspersky Endpoint Security anti-virus databases: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the Rollback section, click the Roll Back Update button. 61
A D M I N I S T R A T O R ' S G U I D E The results of rollback of the last update can be viewed in the application reports window (see section "Viewing the update task report" on page 66). UPDATING FROM A LOCAL SOURCE If several computers are combined into a corporate local area network, there is no need to download Kaspersky Endpoint Security updates for each one of them individually since this would significantly increase the amount of Internet traffic. You can copy the updates into a folder and update Kaspersky Endpoint Security anti-virus databases and application modules on other computers locally, thereby reducing the amount of Internet traffic. To do so, set up update distribution as follows: 1. One of the computers on the network receives a package of Kaspersky Endpoint Security updates from Kaspersky Lab update servers or a different update source. The updates retrieved are placed in a shared folder. Shared folder should be created in advance. 2. Other computers on the network refer to the shared folder as the update source. To enable copying of updates to a local folder: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the New versions section, click the Preferences button. A window opens, in which you can enable copying of updates to a local folder. 5. On the Advanced tab, select the Copy update files to folder check box and click the Select button. The Finder window opens. 6. In the Finder window, select a shared folder to which Kaspersky Endpoint Security will save the updates. 7. Click the Save button to save the changes made to the update preferences. CONFIGURING UPDATE PREFERENCES You can configure the following Kaspersky Endpoint Security update preferences: Anti-virus database update It lets you select the update startup mode: automatic (recommended by Kaspersky Lab), manual, or according to the specified schedule (see section "Configuring the Kaspersky Endpoint Security update schedule" on page 64). New versions It lets you enable automatic download and installation of application module updates on the computer. Updates sources An update source is a resource that contains the current files of anti-virus databases and modules of Kaspersky Endpoint Security. Update sources can be HTTP servers, local or network folders. 62
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S Proxy If the Internet connection is established via a proxy server, you may need to configure the proxy server connection preferences (see section "Configuring the connection to a proxy server" on page 65). Kaspersky Endpoint Security uses these preferences for updating anti-virus databases and application modules. Action after update It lets you enable automatic scanning of files in Quarantine after each update of the application anti-virus databases. IN THIS SECTION: Selecting the Kaspersky Endpoint Security update startup mode... 63 Configuring the Kaspersky Endpoint Security update schedule... 64 Disabling automatic download and installation of application module updates on the computer... 64 Selecting an update source... 64 Configuring the connection to a proxy server... 65 SELECTING THE KASPERSKY ENDPOINT SECURITY UPDATE STARTUP MODE By default, anti-virus databases and application modules are downloaded from Kaspersky Lab update servers automatically. Kaspersky Endpoint Security regularly checks the update servers for updates. If a set of the latest updates is stored on a server, Kaspersky Endpoint Security downloads them in background mode and installs them to your computer. You can select the mode for receiving the update package from Kaspersky Lab servers: automatic, manual, or according to the specified schedule (see section "Configuring the Kaspersky Endpoint Security update schedule" on page 64). To select the Kaspersky Endpoint Security update run mode: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the Anti-virus database update section, select one of the options: If you want anti-virus databases and application modules to be downloaded from Kaspersky Lab update servers and installed automatically, select the Download updates automatically option. To start the application update process manually, select the Download updates manually option. If you want the application update to start automatically according to the schedule you specified, select the option corresponding to the configured update startup schedule. You can change the application update startup schedule (see section "Configuring the Kaspersky Endpoint Security update schedule" on page 64). 63
A D M I N I S T R A T O R ' S G U I D E CONFIGURING THE KASPERSKY ENDPOINT SECURITY UPDATE SCHEDULE To configure Kaspersky Endpoint Security update startup schedule preferences: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the Anti-virus database update section, select the option corresponding to a configured application update startup schedule. To change the application update startup schedule, click the Schedule button. A window opens, in which you can configure the update startup schedule. 5. Specify the application update startup frequency and time. 6. Click the Save button to save changes made to the application update startup schedule. DISABLING AUTOMATIC DOWNLOAD AND INSTALLATION OF APPLICATION MODULE UPDATES ON THE COMPUTER To disable automatic download and installation of application module updates on the computer: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the New versions section, clear the Update application modules check box. If at the time of the update both anti-virus database updates and application module updates are available in the update source, Kaspersky Endpoint Security downloads the application module updates and installs them after the computer is restarted. The downloaded application module updates will not be installed until the computer restarts. If the next application update becomes available on Kaspersky Lab servers before the computer is restarted and before the application module updates downloaded earlier are installed, Kaspersky Endpoint Security updates only the anti-virus databases. SELECTING AN UPDATE SOURCE The update source is a resource containing updates for Kaspersky Endpoint Security anti-virus databases and modules. Update sources can be HTTP servers, local or network folders. Dedicated Kaspersky Lab update servers are the main source of updates for Kaspersky Endpoint Security. You can also use Kaspersky Security Center servers as an update source. To select an update source for Kaspersky Endpoint Security: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 64
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S 3. Select the Update tab. 4. In the New versions section, click the Preferences button. A window opens, in which you can select the update sources. 5. On the Update sources tab, select the check boxes next to the update sources that you want to use. By default, the list of update sources contains only Kaspersky Lab update servers and Kaspersky Security Center servers. When running an update, Kaspersky Endpoint Security refers to the list of update sources for the address of the first server on it and attempts to download the updates from this server. If the updates cannot be downloaded from the selected server, the application tries to connect and retrieve the updates from the next server. This continues until a connection is successfully established, or until all the available update servers have been tried. For subsequent updates the application first tries to access the server from which the most recent update was successfully made. You can perform the following actions: Add a new update source to the list. Click the button and select the most suitable option from the drop-down list: To add a local or network folder as an update source, select Add folder. Select the required folder in the Finder window that opens. To add a web resource as an update source, select Add web address. In the window that opens, enter the server web address in the Web address of update source field. Change the update source. Select an update source in the list by double-clicking and make changes. Kaspersky Lab update servers and Kaspersky Security Center servers are update sources that cannot be edited or deleted. Temporarily disable retrieval of updates from the source. Select the update source in the list and clear the check box next to it. Kaspersky Endpoint Security will not be updated from this source until the check box is selected again. Delete an update source (available only for update sources added by the user). Select the update source in the list and click the button. 6. Click the Save button to save the changes made to the update preferences. CONFIGURING THE CONNECTION TO A PROXY SERVER If you connect to the Internet via a proxy server, you can configure the proxy server connection preferences. Kaspersky Endpoint Security uses these preferences to update anti-virus databases and download application module updates. To configure a connection to a proxy server: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 65
A D M I N I S T R A T O R ' S G U I D E 3. Select the Update tab. 4. In the Proxy section, select the Use proxy server check box and click the Preferences button. A window opens in which you can configure the proxy server connection preferences. 5. Configure the connection to a proxy server. 6. Click the Save button to save the changes made to the proxy server connection preferences. VIEWING THE UPDATE TASK REPORT Brief statistics on the current status of the update feature (release date of the anti-virus databases, information about the status of the databases uses) can be viewed in Protection Center by clicking the Learn More button in the right part of the main application window (see section "Main application window" on page 22) and in the Update window. If you have not previously updated Kaspersky Endpoint Security, there will be no information about the most recent update. Information about the progress of the current update task (percent complete) is shown in the Update window and also in the main application window (see section "Main application window" on page 22) and in Protection Center (see section "Using Protection Center" on page 35). Kaspersky Endpoint Security also provides a detailed report on the results of update tasks in the reports window. To view an update task report: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the window that opens, in the Tasks section, select the Update task. If the update task fails, check the proxy server connection preferences (see section "Configuring the connection to a proxy server" on page 65) and retry the update. If you cannot solve the problem on your own, please contact Kaspersky Lab Technical Support Service (see section "Contacting Technical Support" on page 121). The right part of the reports window displays the following information about update tasks that are run by Kaspersky Endpoint Security: All currently running and completed update tasks, including start time and completion time of each update task, size of downloaded and installed files, and update speed. All operations performed during the update process, including the names of the updated objects, the paths to the storage folders, and the access timestamps. Operations are grouped by update task startup time. You can expand the list of operations by clicking the icon next to the update task start time. REPORTS AND STORAGES Kaspersky Endpoint Security creates copies of infected files in Backup before disinfecting or removing them, and moves the probably infected files to Quarantine. Kaspersky Endpoint Security also generates a detailed report on the operation of each application component. 66
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S IN THIS SECTION: Quarantine... 67 Backup... 68 Viewing reports... 70 Exporting reports... 70 Logging informational events in the report... 71 Configuring the storage term for files in Quarantine and file copies in Backup... 71 QUARANTINE Quarantine is a folder to which Kaspersky Endpoint Security moves probably infected objects that have been detected. Quarantined objects are stored in encrypted form to prevent them from harming the computer. Probably infected object is an object whose code contains a modified segment of code of known malware, or an object resembling malware in the way it behaves. Probably infected status may be assigned to a file in the following cases: The code of the object being analyzed resembles the code of a known malicious program, but is partly altered. Kaspersky Endpoint Security anti-virus databases contain information about threats that have been already analyzed by Kaspersky Lab specialists. If the anti-virus databases do not yet contain any information about a modification of a threat, Kaspersky Endpoint Security classifies objects infected with a modification as probably infected ones and indicates the threat that most resembles this type of infection. The code of the detected object resembles a malicious program in terms of its structure, but Kaspersky Endpoint Security does not contain any records similar to it. A probably infected file can be detected and placed in Quarantine by File Anti-Virus (see section "File Anti-Virus" on page 44) or during a virus scan task (see section "Virus Scan" on page 54). You can also move a file to Quarantine manually (see section "What to do if you suspect that a file is infected with a virus" on page 40). VIEWING THE CONTENTS OF QUARANTINE To view the contents of Quarantine: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. In the left part of the reports window, select Quarantine. The contents of Quarantine are displayed in the right part of the window. 67
A D M I N I S T R A T O R ' S G U I D E ACTIONS ON PROBABLY INFECTED FILES You can manage quarantined files as follows: Manually quarantine files if you suspect that the file is infected with a virus or other malware that has not been detected by Kaspersky Endpoint Security (see section "What to do if you suspect that a file is infected with a virus" on page 40). Scan all probably infected quarantined objects using the current version of anti-virus databases (see section "What to do if the application has quarantined a file" on page 39). You can enable automatic scanning of probably infected files in Quarantine after each update of anti-virus databases (see section "Enabling automatic scanning of Quarantine contents after anti-virus database updates" on page 68). Restore files to the specified folder or the folder from which they were moved to Quarantine (see section "What to do if the application has quarantined a file" on page 39). Remove probably infected files from Quarantine (see section "What to do if the application has quarantined a file" on page 39). You can also configure automatic deletion of the oldest objects in Quarantine (see section "Configuring the storage term for files in Quarantine and file copies in Backup" on page 71) after the specified number of days. ENABLING AUTOMATIC SCANNING OF QUARANTINE CONTENTS AFTER ANTI- VIRUS DATABASE UPDATES Each update of anti-virus databases contains new signatures that help protect the computer against new viruses and other threats. Kaspersky Lab recommends scanning files placed in Quarantine (see page 67) after every update of antivirus databases. Kaspersky Endpoint Security does not scan the Quarantine contents as soon as databases have been updated if the Quarantine section of the Kaspersky Endpoint Security reports window is open at the time. To enable automatic scanning of Quarantine contents after an update of anti-virus databases: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. Select the Update tab. 4. In the Action after update section, select the Rescan Quarantine check box. BACKUP Sometimes the integrity of infected files cannot be preserved during the disinfection process. If a disinfected file contained important information that is partly or completely inaccessible following disinfection, you can restore the original file from Backup. A backup copy is a copy of a dangerous file that is created when this file is disinfected or deleted. It is stored in Backup. Backup is a special storage area that contains backup copies of files that have been deleted or modified during disinfection. The main function of Backup is enabling the user to restore an original file at any time. Files in Backup are saved in a special format and are not dangerous for the computer. 68
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S VIEWING THE CONTENTS OF BACKUP You can view the contents of Backup in the Backup section of the application reports window. To view the contents of Backup: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. Select Backup in the left part of the application reports window. The contents of Backup are displayed in the right part of the window. MANAGING BACKUP COPIES OF FILES You can restore or remove backup copies of files from Backup. To restore a backup copy of a file from Backup: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. Select Backup in the left part of the application reports window. The contents of Backup are displayed in the right part of the window. 4. Select the backup copies of the files you want to restore in the list of backup copies and click the Restore button. A window opens where you have to specify the name of the file and the folder to which it will be restored. The name and location of the original file are specified by default. 5. Specify the file name and the folder to which it will be restored. 6. Click the Save button. The application restores the file to the specified location with the specified name. You are advised to scan the file for viruses and malware as soon as it has been restored. It is possible that the object can be disinfected by using the updated databases, without losing its integrity. We do not recommend that you restore backup copies of files unless absolutely necessary. This could lead to an infection of your computer. To remove backup copies of files from Backup: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 69
A D M I N I S T R A T O R ' S G U I D E 3. Select Backup in the left part of the application reports window. The contents of Backup are displayed in the right part of the window. 4. Select the backup copies of files you want to delete in the list of backup copies: To delete one or several backup copies of files, select the backup copies of files that you want to delete and click the Delete button. To delete all backup copies of files, click the Clear all button. VIEWING REPORTS You can view the Kaspersky Endpoint Security operation report listing all detected objects. You can also view reports on the operation of the following application components and features: File Anti-Virus (see section "Viewing File Anti-Virus report" on page 47), Web Anti-Virus (see section "Viewing Web Anti-Virus report" on page 49), Network Attack Blocker (see section "Viewing the Network Attack Blocker report" on page 53), virus scan (see section "Viewing virus scan task report" on page 59), and update (see section "Viewing the update task report" on page 66). To open the reports window: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. The reports window contains the following sections: Reports. Contains information about all detected objects and files moved to Quarantine or saved in Backup. The Reports section contains the following subsections: Detected objects. A list of all infected and probably infected files detected by File Anti-Virus and virus scan tasks, and also all dangerous web traffic objects detected by Web Anti-Virus. Quarantine. List of files moved to Quarantine. Backup. List of files placed in Backup. Tasks. Contains reports on the operation of Kaspersky Endpoint Security components and features. The Tasks section contains the following subsections: Update. Update task report. Virus Scan. Virus scan task report. File Anti-Virus. File Anti-Virus report. Web Anti-Virus. Web Anti-Virus report. Network Attack Blocker. Network Attack Blocker report. EXPORTING REPORTS Kaspersky Endpoint Security can save a report on its operation in text format. This may be required if File Anti-Virus, Web Anti-Virus, or a virus scan task or update task returned an error that cannot be resolved by the user, and the assistance of Kaspersky Lab Technical Support is needed (see section "Contacting Technical Support" on page 121). In this case, send a text report to Technical Support so that our specialists can study the problem in detail and fix it as quickly as possible. 70
A D V A N C E D A P P L I C A T I O N P R E F E R E N C E S To export the operation report on a component of Kaspersky Endpoint Security or a task to a text file: 2. Click the button on the navigation panel in the upper part of the main application window. The Kaspersky Endpoint Security reports window opens. 3. Select the required report in the Tasks section in the left part of the reports window. 4. Click the Export button in the lower part of the reports window. 5. In the window that opens, specify the file name and destination folder for the report and click the Save button. LOGGING INFORMATIONAL EVENTS IN THE REPORT You can allow the logging of information events in the report (see section "About event types" on page 24). To log informational events in the report: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Reports tab of the application preferences window, in the Reports section, select the Log non-critical events check box. CONFIGURING THE STORAGE TERM FOR FILES IN QUARANTINE AND FILE COPIES IN BACKUP By default, the storage term for files in Quarantine and Backup is 30 days; when it expires, files are deleted. You can change the maximum Quarantine and Backup storage period for files or remove the limit on the storage period. To configure the maximum storage term for files in Quarantine or Backup: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Reports tab of the application preferences window, in the Quarantine and Backup section, select the Delete objects after check box and specify the time period after which files stored in Quarantine and Backup are automatically deleted. PARTICIPATING IN KASPERSKY SECURITY NETWORK To protect your computer more effectively, Kaspersky Endpoint Security uses data that is gathered from users around the globe. A network named Kaspersky Security Network is designed to analyze such data. Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Kaspersky Lab Knowledge Base, which contains information about the reputation of files, web resources, and software. Use of data from the Kaspersky Security Network ensures a faster response time for Kaspersky Endpoint Security when encountering new types of threats, improves performance of some protection components, and reduces the risk of false alarms. 71
A D M I N I S T R A T O R ' S G U I D E Users participating in Kaspersky Security Network provide Kaspersky Lab with information about the types and sources of new threats, which helps Kaspersky Lab to find new ways of neutralizing them, and minimize the number of false positives. In addition, participation in Kaspersky Security Network provides you with access to information about the reputation of various applications and websites. When you participate in Kaspersky Security Network, the statistics based on protection of your computer by Kaspersky Endpoint Security are sent to Kaspersky Lab automatically. No personal data is collected, processed, or stored. Participation in Kaspersky Security Network is voluntary. The decision on whether or not to participate is made when you install Kaspersky Endpoint Security. However, you can change your decision later at any time. To enable Kaspersky Security Network: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the KSN tab of the application preferences window, in the General section, click the Read Full Text of the Statement button to view the Kaspersky Security Network Statement. 4. If you accept all of the provisions of the Statement, select the I agree to participate in Kaspersky Security Network check box. 5. If you want data received from Kaspersky Security Network to be used for file scanning and categorization, select the Use to scan and categorize files check box. 6. If you want data received from Kaspersky Security Network to be used for checking web addresses against the list of malicious web addresses, select the Use to check web addresses check box. 72
MANAGING THE APPLICATION FROM THE COMMAND LINE You can manage Kaspersky Endpoint Security from the command line. After the updates of Kaspersky Endpoint Security modules have been installed, the version of the application client in the command line may differ from the installed version of the application. Command line syntax: kav <command> <parameters> The following commands can be inserted as <command>: help helps with command syntax, displays the list of commands; scan scans objects for malware; update starts the application update; rollback rolls back the latest update to Kaspersky Endpoint Security (administrator rights are required to run this command); start starts a component or task; stop stops a component or task (administrator rights are required to run this command); status displays the current status of a component or task on the screen; statistics displays operational statistics of a component or task; export exports the parameters of a component or task; import imports the parameters of a component or task (administrator rights are required to run this command); addkey activates the application by using a key file (administrator rights are required to run this command); exit quits the application (administrator rights are required to run this command). Each command has its own range of parameters. IN THIS SECTION: Viewing Help... 74 Virus Scan... 74 Updating the application... 76 Rolling back the last update... 76 Starting / stopping a protection component or task... 77 Component or task status and statistics... 78 Exporting protection preferences... 78 73
A D M I N I S T R A T O R ' S G U I D E Importing protection preferences... 78 Application activation... 79 Closing the application... 79 Return codes of the command line... 79 VIEWING HELP Use this command to view the application command line syntax: kav -? help To get help on the syntax of a specific command, you can use one of the following commands: kav <command> -? kav help <command> VIRUS SCAN The text of the command to start a virus scan of a specific area has the following general format: kav scan [<scan scope>] [<action>] [<file types>] [<exclusions>] [<report parameters>] [<advanced parameters>] To scan for viruses, you can also use the tasks created in the application by starting the one you need from the command line (see section "Starting / stopping a protection component or a task" on page 77). The task is started with the parameters that are specified in the Kaspersky Endpoint Security interface. Parameter description <scan scope> this parameter specifies a list of objects that are to be scanned for malicious code. The parameter may include several values (separated by a blank space) from the following list: <files> list of paths to files and / or folders to be scanned for viruses. You can enter an absolute or relative path. Items in the list are separated by a blank space. Comments: if the name of an object or the path to it includes a blank space or special characters (such as $, &, @), it should be put in single quotes, or the character being excluded should be separated with the backslash on its left side; if reference is made to a specific folder, all files and folders in this folder are scanned. -all full scan of your computer; -remdrives all removable drives; -fixdrives all local drives; -netdrives all network drives; -quarantine Quarantine; -@:<filelist.lst> path to the file with a list of objects and folders within the scan scope. The file must be in text format and each scan object must be listed in a separate line. Only an absolute path to the file may be entered. 74
M A N A G I N G T H E A P P L I C A T I O N F R O M T H E C O M M A N D L I N E If no scan scope is specified, Kaspersky Endpoint Security starts the Custom Scan task with the preferences that are selected in the application interface. <action> this parameter determines the action to take on malicious objects that are detected during the scan. If this parameter has not been defined, the default action is the one corresponding to the value -i8. The following values are possible: -i0 take no actions on the object, only save information about the object in a report; -i1 disinfect infected objects, skip them if they cannot be disinfected; -i2 disinfect infected objects, delete them if they cannot be disinfected; do not delete containers, except for those with executable headers (sfx archives); -i3 disinfect infected objects, delete them if they cannot be disinfected; delete containers completely if infected files inside them cannot be deleted; -i4 delete infected objects; delete containers completely if infected files inside them cannot be deleted; -i8 prompt the user for action if an infected object is detected (used by default); -i9 prompt the user for action when the scan is completed. <file types> this parameter defines the file types that are subject to anti-virus scanning. By default, if this parameter is not defined, and only infected files by contents are scanned. The following values are possible: -fe scan applications and documents (by extension); -fi scan applications and documents (by content); -fa scan all files. <exclusions> this parameter defines objects that are to be excluded from scanning. You can include several parameters from the list below, separating them with a blank space: -e:a do not scan archives; -e:b do not scan mail databases; -e:m do not scan email messages in text format; -e:<mask> do not scan objects by mask (see section "Masks in paths to files and folders" on page 129); -e:<seconds> skip objects that are scanned for longer than the specified time value (in seconds); -es:<size> skip objects with size larger than the specified value (in megabytes). <report parameters> these parameters define the format of the report on the scan results. You can use an absolute or relative path to the file for saving the report. If the parameter is not defined, scan results are displayed and all events are shown. -r:<report file> log only important events to the specified report file; -ra:<report file> log all events to the specified report file. <advanced parameters> parameters that define the use of anti-virus scanning technologies and the configuration file: -iswift=<on off> enable / disable the use of iswift technology; -c:<configuration file> defines the path to the configuration file that contains the application preferences applied when running virus scan tasks. You can enter an absolute or relative path to the file. If the parameter is not specified, the values set in the application interface are used together with the values that are already specified in the command line. 75
A D M I N I S T R A T O R ' S G U I D E Example: Start scan of the folders ~/Documents, /Applications, and the file named my test.exe: kav scan ~/Documents /Applications 'my test.exe' Scan the objects listed in the objects2scan.txt file. Use the scan_preferences.txt configuration file. When the scan is complete, create a report to log all events: kav scan -@:objects2scan.txt -c:scan_preferences.txt -ra:scan.log A sample configuration file: -netdrives -@:objects2scan.txt -ra:scan.log UPDATING THE APPLICATION The command for updating the application has the following syntax: kav update <update_source> -app=<on off> <report_parameters> <advanced_parameters> Parameter description <update_source> an HTTP server or a network or local folder for downloading updates. If a path is not selected, the update source will be taken from the application update preferences. -app=<on off> enable / disable application module updates. <report parameters> these parameters define the format of the report on the scan results. You can use an absolute or relative path to the file. If the parameter is not defined, scan results are displayed and all events are shown. The following values are possible: -r:<report file> log only important events to the specified report file; -ra:<report file> log all events to the specified report file. <advanced parameters> a parameter that defines the use of the configuration file. -c:<configuration file> defines the path to the configuration file that contains the application preferences applied when updating the application. You can enter an absolute or relative path to the file. If this parameter is not defined, the values set in the application interface are used. Example: Update the application databases from the default source, logging all events in the report: kav update -ra:avbases_upd.txt Update the Kaspersky Endpoint Security modules using the parameters of the updateapp.ini configuration file: kav update -app=on -c:updateapp.ini ROLLING BACK THE LAST UPDATE Command syntax: kav rollback <report_parameters> Administrator rights are required to run this command. 76
M A N A G I N G T H E A P P L I C A T I O N F R O M T H E C O M M A N D L I N E Parameter description <report parameters> this parameter defines the format of the report on update rollback results. You can use an absolute and relative path to the file. If the parameter is not defined, scan results are displayed and all events are shown. -r:<report file> log only important events to the specified report file; -ra:<report file> log all events to the specified report file. Example: kav rollback -ra:rollback.txt STARTING / STOPPING A PROTECTION COMPONENT OR TASK The command for launching a component or task has the following syntax: kav start <task or component name> <report parameters> The command for stopping a component or task has the following syntax: kav stop <name of task or component> Administrator rights are required to run this command. Parameter description <task or component name> specify one of the following values: fm or file_monitoring File Anti-Virus; wm or web_monitoring Web Anti-Virus; full or scan_my_computer Full Scan task; scan_objects virus scan of the specified scan scope; quick or scan_critical_areas Quick Scan task; updater update task; rollback update rollback task; <task name> custom task. <report parameters> this parameter lets you save a task report or component operation report to the specified file. You can specify either the absolute or relative path to the log file. If this parameter is not specified, Kaspersky Endpoint Security displays the component operation results or task results on the screen according to the preferences specified in the graphical user interface of the application. You can specify the following report preferences: -r:<report file> Kaspersky Endpoint Security logs only important events to the specified report file; -ra:<report file> Kaspersky Endpoint Security logs all events to the specified report file. Components and tasks started from the command line are run with the preferences configured in the graphical user interface of the application. 77
A D M I N I S T R A T O R ' S G U I D E Example: To enable the File Anti-Virus component, type the following in the command line: kav start fm To stop the full scan task from the command line, enter the following: kav stop scan_my_computer COMPONENT OR TASK STATUS AND STATISTICS The status command syntax: kav status <name of task or component> The statistics command syntax: kav statistics <name of task or component> Parameter description <task or component name> one of the values listed for the start / stop command is specified (see section "Starting / stopping a protection component or a task" on page 77). If the status command is run without specifying a value for the <task or component name> parameter, the current status of all tasks and components of the application is displayed on the screen. The value of the <task or component name> parameter is required for the statistics command. EXPORTING PROTECTION PREFERENCES Command syntax: kav export <name of task or component> <export file> Parameter description <task or component name> one of the values listed for the start / stop command is specified (see section "Starting / stopping a protection component or a task" on page 77). <export file> path to the file to which the application preferences are exported. An absolute or relative path may be specified. Example: kav export fm settings.txt text format IMPORTING PROTECTION PREFERENCES Command syntax: kav import <import file> Administrator rights are required to run this command. 78
M A N A G I N G T H E A P P L I C A T I O N F R O M T H E C O M M A N D L I N E Parameter description <import file> path to the file from which the application preferences are imported. An absolute or relative path may be specified. Example: kav import preferences.dat APPLICATION ACTIVATION Kaspersky Endpoint Security can be activated using a key file. Command syntax: kav addkey <key file> Administrator rights are required to run this command. Parameter description <key file> application key file with the.key extension. Example: kav addkey 1AA111A1.key CLOSING THE APPLICATION Command syntax: kav exit Administrator rights are required to run this command. RETURN CODES OF THE COMMAND LINE The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a certain task. Syntax of the command for receiving the return code: echo $? General return codes: 0 operation completed successfully; 1 invalid parameter value; 2 unknown error; 3 task completion error; 4 task canceled. Virus scan task return codes: 101 all malicious objects processed; 102 malicious objects detected. 79
MANAGEMENT OF THE APPLICATION VIA KASPERSKY SECURITY CENTER This section describes Kaspersky Endpoint Security administration through Kaspersky Security Center. Kaspersky Security Center is designed for centralized management of basic tasks of corporate network security system administration. For detailed information about the Kaspersky Security Center application, see the Kaspersky Security Center Administrator's Guide You can also manage Kaspersky Endpoint Security via the graphical user interface of the application (see section "Application interface" on page 21) and the command line (see section "Managing the application from the command line" on page 73). IN THIS SECTION: Common Kaspersky Endpoint Security deployment model... 80 Installing the Kaspersky Endpoint Security administration plug-in... 81 Preparing to install Kaspersky Endpoint Security... 81 Managing Network Agent from the command line... 84 Installing and removing Kaspersky Endpoint Security... 86 Starting and stopping the application... 94 Managing policies... 94 Managing tasks... 103 COMMON KASPERSKY ENDPOINT SECURITY DEPLOYMENT MODEL To deploy Kaspersky Endpoint Security on a corporate network: 1. Deploy Administration Server on the network. Administration Server is a component of Kaspersky Security Center that centrally stores information about all Kaspersky Lab applications that are installed within the corporate network. It can also be used to manage these applications. 2. Install Administration Console on the workstation of the Kaspersky Security Center administrator. Administration Console is a component of Kaspersky Security Center that provides a user interface for the administrative services of Administration Server and Network Agent. 3. Install the Kaspersky Endpoint Security administration plug-in (see section "Installing the Kaspersky Endpoint Security administration plug-in" on page 81) on the workstation of the Kaspersky Security Center administrator. The Kaspersky Endpoint Security administration plug-in is a dedicated component that provides the interface for managing Kaspersky Lab applications through Administration Console. Each application has its own administration plug-in. The administration plug-in is included in all Kaspersky Lab applications that can be managed by using Kaspersky Security Center. 80
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER 4. Install Network Agent on remote Mac computers in one of the following ways: locally (see section "Local installation of Network Agent" on page 82); Remotely, using the SSH protocol (see section "Installation of Network Agent using the SSH protocol" on page 83). 5. Install Kaspersky Endpoint Security on remote Mac computers in one of the following ways: Locally (see section "Kaspersky Endpoint Security default installation" on page 17); Remotely, using the SSH protocol (see section "Installing the application using the SSH protocol" on page 87); Remotely via Kaspersky Security Center (see section "Installing the application via Kaspersky Security Center" on page 88). If anti-virus applications are already installed on remote computers, you have to uninstall them before installing Kaspersky Endpoint Security. For detailed information on deployment of Administration Server and installation of the Administration Console, see the Kaspersky Security Center Deployment Guide. INSTALLING THE KASPERSKY ENDPOINT SECURITY ADMINISTRATION PLUG-IN To install the Kaspersky Endpoint Security administration plug-in on the administrator's workstation: 1. Unpack the archive with files of the Kaspersky Endpoint Security installation package. 2. Open the folder with files of the Kaspersky Endpoint Security installation package. 3. In the window with the contents of the installation package, open the Security Center Console Plugin folder. 4. Open the folder with the application version in the localization language that you need. 5. Open the executable file klcfginst.exe. After the installation is complete, the Kaspersky Endpoint Security administration plug-in is added to the list of plugins installed for managing applications. Before installing the Kaspersky Endpoint Security administration plug-in, you should close Administration Console on the Kaspersky Security Center administrator's workstation. PREPARING TO INSTALL KASPERSKY ENDPOINT SECURITY This section describes the ways to install Network Agent on a remote computer. To install Kaspersky Endpoint Security on a remote computer via Kaspersky Security Center, you have to install Network Agent on the remote computer. 81
A D M I N I S T R A T O R ' S G U I D E IN THIS SECTION: Local installation of Network Agent... 82 Installation of Network Agent using the SSH protocol... 83 LOCAL INSTALLATION OF NETWORK AGENT To install Network Agent on a user's computer locally: 1. Open the contents of the Network Agent installation package on the user's computer. 2. In the window with the contents of the installation package or dmg file, start the application installation process by double-clicking the Kaspersky Network Agent icon. 3. Confirm that you want to begin installing the application in the confirmation window. 4. In the Introduction window, click Continue. 5. In the Read Me window, read the information about the application. Make sure that the remote computer meets the minimum system requirements. To print the information, click the Print button. To save the information as a text file, click the Save button. To proceed with the installation, click Continue. 6. In the License window, read through the text of the Kaspersky Endpoint Security License Agreement concluded by you and Kaspersky Lab AO. The text of the agreement is available in several languages. To print the text of the agreement, click the Print button. To save the agreement as a text file, click the Save button. If you agree with all the clauses in the agreement, click Continue. A window opens to request confirmation of your consent to the conditions of the licensing agreement. You can perform the following actions: Proceed with the installation of Network Agent by clicking the Agree button; return to the license agreement text by clicking the Read license button; Stop the installation by clicking the Disagree button. 7. In the Preferences window, in the Server field, specify the IP address or DNS name of the server on which Kaspersky Security Center is installed, then fill in the Port field to specify the number of the port for nonencrypted connection to the server, and then fill in the SSL port field to specify the number of the port for SSL connection to the server. If you do not want to use the SSL for connection with the server, clear the Use SSL check box. To proceed with the installation, click Continue. 8. In the Installation Type window, read the information about the drive on which the application will be installed. To install the application using the recommended preferences, click the Install button and enter the administrator's password to confirm your choice. Wait until the Kaspersky Endpoint Security Installation Assistant installs the application components. 9. Click the Finish button to finish activating the application. 82
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER INSTALLATION OF NETWORK AGENT USING THE SSH PROTOCOL Before installing Network Agent on a remote computer using the SSH protocol, make sure that the following requirements are met: Administration Server of Kaspersky Security Center is deployed on the corporate network. Administration Console is installed on the Kaspersky Security Center administrator's workstation. The Network Agent installation package is created and stored in a shared folder of Administration Server. For detailed information about installation packages, see the Kaspersky Security Center Administrator's Guide. To install Network Agent on a remote computer using the SSH protocol: 1. Enable the Remote enter service on your Mac. 2. Start the SSH client on the administrator's workstation. 3. Connect to the remote Mac computer. 4. Connect the shared folder of Administration Server as a network drive on the remote computer. To do this, enter the following commands in the SSH terminal of the client: mkdir /Volumes/KLSHARE mount_smbfs //<administrator account>:<password>@<ip address of Administration Server>/KLSHARE /Volumes/KLSHARE Parameter description: <administrator account> name of the administrator account on Administration Server; <password> password of the administrator on Administration Server; <Administration Server IP address> the IP address of the server hosting Kaspersky Security Center. 5. Run the installation script. To do this, enter the following commands in the SSH terminal of the client: cd /Volumes/KLSHARE/Packages/<klnagent_package_folder> where <klnagent_package_folder> is the folder in which the Network Agent installation package is stored. sudo./install.sh - r <server> [-s <action>] [-p <port number>] [-l <SSL port number>] Parameter description: <action> a parameter that defines whether or not encryption will be used when establishing the connection between Network Agent and Administration Server. If the value is "0", a non-encrypted connection is used. If the value is "1", the connection is established via the SSL protocol (default value); <server> IP address or DNS name of the server on which Kaspersky Security Center is installed; <port number> number of the port via which the non-encrypted connection to Administration Server will be established. The port 14000 is used by default; <SSL port number> number of the port via which the encrypted connection to Administration Server will be established using the SSL protocol. By default, port 13000 will be used. Administrator rights are required for executing this command. 83
A D M I N I S T R A T O R ' S G U I D E 6. Disconnect the network drive on the remote computer. To do this, enter the following command in the SSH terminal of the client: umount /Volumes/KLSHARE 7. Check if Network Agent is operable on the remote computer. To do this, enter the following commands in the SSH terminal of the client: cd /Library/Application\ Support/Kaspersky\ Lab/klnagent/Binaries/ sudo./klnagchk If the check is successful, Network Agent functions properly. MANAGING NETWORK AGENT FROM THE COMMAND LINE This section provides information on how to control Network Agent using the command line on the user's computer. You can pause the operation of Network Agent and then resume it. You can also connect a remote computer to Administration Server manually using the klmover utility tool and check the connection between the remote computer and Administration Server using the klnagchk utility. IN THIS SECTION: Starting / stopping Network Agent on a remote computer... 84 Connecting a remote computer to Administration Server manually. Klmover utility... 85 Checking the connection between a client computer and Administration Server manually. Klnagchk utility... 86 STARTING / STOPPING NETWORK AGENT ON A REMOTE COMPUTER You can stop and start Network Agent again on a remote computer by using the command line. To stop Network Agent, On the remote computer, launch the launchctl utility with the unload command from the command line. Command syntax sudo launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist To start Network Agent, On the remote computer, launch the launchctl utility with the load command from the command line. Command syntax sudo launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist Administrator rights are required to stop and start Network Agent. 84
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER CONNECTING A REMOTE COMPUTER TO ADMINISTRATION SERVER MANUALLY. KLMOVER UTILITY To connect a remote computer to Administration Server, On the remote computer, launch the klmover utility from the command line. This utility is included in the Network Agent installation package. When Network Agent is installed, this utility tool is stored in a folder named /Library/Application Support/Kaspersky Lab/klnagent/Binaries. Depending on the current preferences, it performs the following actions when run from the command line: connects Network Agent to Administration Server with the specified preferences; logs the results of the operation into the specified file or displays them on the screen. Before running the utility tool, open the folder named /Library/Application Support/Kaspersky Lab/klnagent/Binaries. Utility command line syntax: sudo./klmover [-logfile <file name>] [-address <server address>] [-pn <port number>] [-ps <SSL port number>] [-nossl] [-cert <path to certificate file>] [-silent] [-dupfix] The administrator rights are required to run the utility. Parameter description: -logfile <file name> log the results of the utility run into the specified file; if the parameter is not specified, results and error messages are displayed on the screen. -address <server address> address of Administration Server for connection; you can specify the IP address or DNS name of the server as this address. -pn <port number> number of the port that will be used for an unsecured connection to Administration Server. The default value is 14000. -ps <SSL port number> number of the port via which encrypted connection to Administration Server will be established using the SSL protocol. The port 13000 is used by default. -nossl use non-encrypted connection to Administration Server; if no key is specified, connection between Network Agent and Administration Server will be established using the encrypted SSL protocol. -cert <path to certificate file> use the specified certificate file for authentication on a new Administration Server. If this parameter is not specified, Network Agent will receive a certificate at the first connection to Administration Server. -silent run the utility in silent mode. -dupfix this parameter is used if Network Agent has been installed on computers in a way that differs from that suggested in the Administrator's Guide, for example by recovering it from the image of a drive of Network Agent installed. If automatic self-identification of Network Agent causes the duplication of icons of the original computer and other computers in the Administration Console, you can reconnected the duplicated computers. You are advised to run the utility, specifying the values of all of the preferences. Example: sudo./klmover -logfile klmover.log -address 192.0.2.12 -ps 13001 The remote computer that is connected to Administration Server via Network Agent is called a client computer. 85
A D M I N I S T R A T O R ' S G U I D E CHECKING THE CONNECTION BETWEEN A CLIENT COMPUTER AND ADMINISTRATION SERVER MANUALLY. KLNAGCHK UTILITY To check the connection between a remote computer and Administration Server, On the remote computer, launch the klnagchk utility from the command line. This utility is included in the Network Agent installation package. After Network Agent has been installed, this utility is located in the /Library/Application Support/Kaspersky Lab/klnagent/Binaries folder. When launched from the command line, this utility performs the following operations depending on the parameters specified: displays the values of the preferences that are selected for the connection established between Network Agent installed on the remote computer and Administration Server, or log them into the specified file; logs the operational statistics of Network Agent (since the last startup of the component) and the results of the utility run into the specified file, or displays the information on the screen; makes an attempt to establish connection between Network Agent and Administration Server; if no connection can be established, sends an ICMP packet to check the status of the computer on which Administration Server is installed. Before running the utility tool, open the folder named /Library/Application Support/Kaspersky Lab/klnagent/Binaries. Utility command line syntax: sudo./klnagchk [-logfile <file name>] [-sp] [-savecert <path to certificate file>] [-restart] The administrator rights are required to run the utility. Parameter description -logfile <file name> log the values of the preferences of connection between Network Agent and Administration Server and the results of utility execution into the specified report file; if this parameter is not specified, the preferences of the connection to the server, results and error messages are displayed on the screen. -sp display the password, which is used to authenticate the user on the proxy server, on the screen, or log it in the report file; this parameter is used if the connection to Administration Server is established via a proxy server. By default, this parameter is not used. -savecert <file name> save the certificate for authentication on Administration Server in the specified file. -restart restart Network Agent after the utility stops running. Example: sudo./klnagchk -logfile klnagchk.log -sp INSTALLING AND REMOVING KASPERSKY ENDPOINT SECURITY This section describes the ways to perform remote installation of Kaspersky Endpoint Security on a client computer and remote uninstallation of Kaspersky Endpoint Security from a client computer. You can also install or uninstall Kaspersky Endpoint Security locally (see page 16). 86
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER IN THIS SECTION: Installing the application using the SSH protocol... 87 Installing the application using Kaspersky Security Center... 88 Uninstalling the application using Kaspersky Security Center... 91 INSTALLING THE APPLICATION USING THE SSH PROTOCOL Before installing Kaspersky Endpoint Security on a remote computer, make sure that the following conditions are met: Administration Server of Kaspersky Security Center is deployed on the corporate network. Administration Console is installed on the Kaspersky Security Center administrator's workstation. An installation package for Kaspersky Endpoint Security is created and stored in a shared folder of Administration Server. A key file for Kaspersky Endpoint Security is stored in the shared folder of Administration Server (optional). To install Kaspersky Endpoint Security on a remote computer using the SSH protocol: 1. Enable the Remote enter service on your Mac. 2. Start the SSH client on the administrator's workstation. 3. Establish a connection to the remote Mac computer. 4. Connect the shared folder of Administration Server as a network drive on the remote computer. To do this, enter the following commands in the SSH terminal of the client: mkdir /Volumes/KLSHARE mount_smbfs //<administrator account>:<password>@<ip address of Administration Server>/KLSHARE /Volumes/KLSHARE Parameter description: <administrator account> name of the administrator account on Administration Server; <password> password of the administrator on Administration Server; <Administration Server IP address> the IP address of the server hosting Kaspersky Security Center. 5. Run the installation script. To do this, enter the following commands in the SSH terminal of the client: cd /Volumes/KLSHARE/Packages/<kes_package_folder> sudo./install.sh where <kes_package_folder> is the folder in which the installation package for Kaspersky Endpoint Security is stored. Administrator rights are required for executing this command. 6. Disconnect the network drive on the remote computer. To do this, enter the following command in the SSH terminal of the client: umount /Volumes/KLSHARE 87
A D M I N I S T R A T O R ' S G U I D E INSTALLING THE APPLICATION USING KASPERSKY SECURITY CENTER Before installing Kaspersky Endpoint Security on a client computer, make sure that the following conditions are met: Administration Server of Kaspersky Security Center is deployed on the corporate network. Administration Console is installed on the Kaspersky Security Center administrator's workstation. Network Agent is installed on the Mac. An installation package for Kaspersky Endpoint Security is created and stored in a shared folder of Administration Server. A key file for Kaspersky Endpoint Security is stored in the shared folder of Administration Server (optional). The Mac computer is added to the Managed computers group of Administration Server (optional). For detailed information about Administration Server groups, see the Kaspersky Security Center Administrator's Guide Installation of Kaspersky Endpoint Security on a client computer via Kaspersky Security Center involves creating and then running a remote application installation task. To create a task of Kaspersky Endpoint Security remote installation on a client computer via Kaspersky Security Center: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server <Server name> node. 3. Select the Tasks for sets of computers folder. 4. In the workspace, start the New Task Wizard by clicking the Create a task link. 5. Follow the steps of the New Task Wizard to create the task of remote Kaspersky Endpoint Security installation on the client computer. To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. IN THIS SECTION: Step 1. Specifying the task name... 89 Step 2. Selecting the task type... 89 Step 3. Creating an installation package... 89 Step 4. Installing additional applications... 90 Step 5. Configuring the installation preferences... 90 Step 6. Defining the method of selecting client computers for which a task will be created... 90 Step 7. Selecting the client computers... 91 Step 8. Configuring the task launch schedule... 91 Step 9. Finishing task creation... 91 88
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER STEP 1. SPECIFYING THE TASK NAME 1. In the Specify task name window, in the User name field, type the name of the task being created. 2. Click the Next button to proceed to the next step of the wizard. STEP 2. SELECTING THE TASK TYPE 1. In the Select task type window, maximize the Kaspersky Security Center Administration Server node. 2. Select the Remote application installation task. 3. Click the Next button to proceed to the next step of the wizard. STEP 3. CREATING AN INSTALLATION PACKAGE If the Kaspersky Endpoint Security installation package with the required preferences has been created previously, select it in the list of installation packages in the upper part of the Select installation package window and proceed to Step 13. If the required installation package has not been created yet, do the following in the Select installation package window: 1. Click the New button. The Installation Package Creation Wizard starts. 2. In the Select installation package type window, click the Create installation package for a Kaspersky Lab application. The Specify installation package name window opens. 3. In the Specify installation package name window, type the name of the new installation package in the User name field and click Next. The Select application installation package for installation window opens. 4. In the Select application installation package for installation window, click the Select button. The window for selecting a file for creating the installation package opens. 5. Open the folder with the contents of the Kaspersky Endpoint Security installation package and select the kesmac.kud file. The Select application installation package for installation window shows the name and version of the application to be installed remotely using the file that has been added. 6. To copy application updates from the Kaspersky Security Center storage into the installation package, in the Select application installation package for installation window select the Copy updates from storage to installation package check box. 7. In the Select application installation package for installation window, click Next. The End User License Agreement window opens. 8. In the End User License Agreement window, select the I accept the terms of the End User License Agreement check box and click Next. The installation package will start uploading to Administration Server. When the download finishes, the Type of installation window opens. 89
A D M I N I S T R A T O R ' S G U I D E 9. In the Type of installation window, do the following: In the Installation packages section, clear the check boxes next to the names of the components that you want to skip during installation on the client computer. If you skip installation of the Graphical User Interface (GUI) component, the user of the client computer will not be able to activate Kaspersky Endpoint Security and manage the application via the local graphical user interface or configure the application preferences and Kaspersky Security Network usage preferences via the local GUI. If you want to participate in Kaspersky Security Network, in the Kaspersky Security Network Terms of Use section select the I agree to participate in Kaspersky Security Network check box. To view the text of the Kaspersky Security Network Statement, click the KSN Statement button. As you use Kaspersky Endpoint Security subsequently, you can join Kaspersky Security Network at any time or opt out of participation in Kaspersky Security Network. 10. In the Type of installation window, click Next. The Kaspersky Endpoint Security installation package is created with the specified preferences. 11. In the last window of the wizard, click the Finish button to exit the installation package creation wizard and return to the remote application installation task creation wizard. 12. In the Select installation package window, select the installation package you have created. 13. Click the Next button to proceed to the next step of the wizard. STEP 4. INSTALLING ADDITIONAL APPLICATIONS 1. In the Advanced window, select the Install Network Agent along with this application check box if you want to install Network Agent on the client computer. 2. Click the Next button to proceed to the next step of the wizard. STEP 5. CONFIGURING THE INSTALLATION PREFERENCES 1. In the Preferences window, configure remote installation of the application. 2. Click the Next button to proceed to the next step of the wizard. STEP 6. DEFINING THE METHOD OF SELECTING CLIENT COMPUTERS FOR WHICH A TASK WILL BE CREATED In the Define the method of selecting client computers for which a task will be created window, select the method by which you want to specify the client computers: To select from among computers detected on the network by Administration Server, select the Select network computers detected by Administration Server option. To specify the IP addresses of computers manually or import the IP addresses of computers from file, select the Specify computer addresses manually or import from list option. To create a task for a selection of computers based on a preset criterion, select the Computers from a selection of computers option. 90
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER STEP 7. SELECTING THE CLIENT COMPUTERS 1. In the Select client computers window, select the client computers or specify the IP addresses of computers on which you want to install the application. 2. Click the Next button to proceed to the next step of the wizard. STEP 8. CONFIGURING THE TASK LAUNCH SCHEDULE 1. In the Configure the task launch schedule window, select the launch mode in the Scheduled startup dropdown list. 2. If necessary, configure the preferences of automatic startup of a scheduled task (such as task startup date and time). 3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run skipped tasks check box. Kaspersky Endpoint Security starts the task once the obstacle preventing the task startup is eliminated. 4. Click the Next button to proceed to the next step of the wizard. STEP 9. FINISHING TASK CREATION 1. If you want the task to start as soon as the wizard finishes, select the Run task when the wizard is complete check box. 2. In the Finishing task creation window, click the Finish button to exit the wizard. The task that you have created appears in the workspace of the Tasks for specific computers folder. UNINSTALLING THE APPLICATION USING KASPERSKY SECURITY CENTER Removing Kaspersky Endpoint Security from a client computer may lead to a risk of infection. Before removing Kaspersky Endpoint Security from a client computer via Kaspersky Security Center, make sure the following conditions are met: Administration Server of Kaspersky Security Center is deployed on the corporate network. Administration Console is installed on the Kaspersky Security Center administrator's workstation. Network Agent is installed on the client computer. To uninstall Kaspersky Endpoint Security from the client computer via Kaspersky Security Center, you have to create and run a remote application uninstallation task. To create the task of remote uninstallation of Kaspersky Endpoint Security from a client computer: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server <Server name> node. 3. Select the Tasks for sets of computers folder. 91
A D M I N I S T R A T O R ' S G U I D E 4. In the workspace, start the New Task Wizard by clicking the Create a task link. 5. Follow the steps of the New Task Wizard to create the task of remote Kaspersky Endpoint Security uninstallation from the client computer. To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. IN THIS SECTION: Step 1. Specifying the task name... 92 Step 2. Selecting the task type. Remote uninstallation of the application... 92 Step 3. Selecting the application to uninstall... 92 Step 4. Selecting the uninstallation preferences... 93 Step 5. Selecting the operating system restart option... 93 Step 6. Defining the method of selecting client computers for which a task will be created... 93 Step 7. Selecting the client computers... 93 Step 8. Specifying the user account for running tasks... 93 Step 9. Configuring the task launch schedule... 93 Step 10. Finishing task creation... 94 STEP 1. SPECIFYING THE TASK NAME 1. In the Specify task name window, in the User name field, type the name of the task being created. 2. Click the Next button to proceed to the next step of the wizard. STEP 2. SELECTING THE TASK TYPE. REMOTE UNINSTALLATION OF THE APPLICATION 1. In the Select task type window, maximize the Kaspersky Security Center Administration Server node. 2. Maximize the Advanced folder. 3. Select the Remote application uninstallation task. 4. Click the Next button to proceed to the next step of the wizard. STEP 3. SELECTING THE APPLICATION TO UNINSTALL In the Select application to uninstall window, select Uninstall application supported by Kaspersky Security Center. 92
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER STEP 4. SELECTING THE UNINSTALLATION PREFERENCES 1. In the Preferences window, in the Application to uninstall drop-down list select Kaspersky Endpoint Security 10 for Mac. 2. Click the Next button to proceed to the next step of the wizard. STEP 5. SELECTING THE OPERATING SYSTEM RESTART OPTION 1. In the Select the operating system restart option window, select the Do not restart computer option. 2. Click the Next button to proceed to the next step of the wizard. STEP 6. DEFINING THE METHOD OF SELECTING CLIENT COMPUTERS FOR WHICH A TASK WILL BE CREATED In the Define the method of selecting client computers for which a task will be created window, select the method by which you want to specify the client computers: To select from among computers detected on the network by Administration Server, select the Select network computers detected by Administration Server option. To specify the IP addresses of computers manually or import the IP addresses of computers from file, select the Specify computer addresses manually or import from list option. STEP 7. SELECTING THE CLIENT COMPUTERS 1. In the Select client computers window, specify the client computers from which you want to uninstall Kaspersky Endpoint Security. 2. Click the Next button to proceed to the next step of the wizard. STEP 8. SPECIFYING THE USER ACCOUNT FOR RUNNING TASKS All Kaspersky Security Center tasks on OS X computers are started with the privileges of the root account. You have to skip this step. Click the Next button to proceed to the next step of the wizard. STEP 9. CONFIGURING THE TASK LAUNCH SCHEDULE 1. In the Configure the task launch schedule window, select the launch mode in the Scheduled startup dropdown list. 2. If necessary, configure the task startup preferences (such as task startup date and time). 3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run skipped tasks check box. Kaspersky Endpoint Security starts the task once the obstacle preventing the task startup is eliminated. 4. Click the Next button to proceed to the next step of the wizard. 93
A D M I N I S T R A T O R ' S G U I D E STEP 10. FINISHING TASK CREATION 1. If you want the task to start as soon as the wizard finishes, select the Run task when the wizard is complete check box. 2. In the Finishing task creation window, click the Finish button to exit the wizard. The task that you have created appears in the workspace of the Tasks for specific computers folder. STARTING AND STOPPING THE APPLICATION To start or stop Kaspersky Endpoint Security: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. Select the Computers tab. 5. Select the computer that you need in the list of client computers. 6. Open the Properties: <Computer name> window in one of the following ways: Double-click the name of the client computer; Right-click to display the context menu of the client computer and select Properties; Click the Computer properties link in the section where you are managing the selected object. 7. Select the Applications section. 8. In the Kaspersky Lab applications installed on client computer list, right-click to open the context menu of the Kaspersky Endpoint Security 10 for Mac item and do one of the following: To start the application, select the Start item. To stop the application, select the Stop item. After Kaspersky Endpoint Security is stopped, the client computer keeps running in unprotected mode, which may lead to a risk of infection. MANAGING POLICIES This section discusses the creation and configuration of policies for Kaspersky Endpoint Security. A policy defines the application preferences and access to the preferences of the application installed on computers belonging to an administration group. A separate policy has to be created for each application. You can create an unlimited number of different policies for applications installed on computers in each administration group. However, within each administration group only one policy can be applied to every single application at any one time. When creating and configuring a policy, you can prohibit or allow changes to every group of preferences in policies of subgroups using the and buttons. 94
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER You can carry out the following actions on policies: Create policies. configure policies; copy and move policies from one group to another as well as remove policies using the context menu; Change the state of policies Importing policies from file Export policies to file For detailed information about the Kaspersky Security Center policies, see the Kaspersky Security Center Administrator's Guide IN THIS SECTION: Creating a policy... 95 Configuring policy preferences... 99 Changing the policy state... 101 Importing a policy from file... 102 Opening the list of policies... 102 Exporting a policy to file... 102 CREATING A POLICY This section provides instructions on starting the Policy Wizard and a description of the Policy Wizard steps. To create a policy: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Policies tab. 6. In the workspace, start the Policy Wizard by clicking the Create a policy link. 7. Follow the steps of the Policy Wizard to create a policy. To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. 95
A D M I N I S T R A T O R ' S G U I D E IN THIS SECTION: Step 1. Entering general data on the policy... 96 Step 2. Selecting application... 96 Step 3. Configuring protection preferences... 96 Step 4. Configuring File Anti-Virus preferences... 97 Step 5. Configuring Web Anti-Virus preferences... 97 Step 6. Configuring Network Attack Blocker... 97 Step 7. Configuring update preferences... 97 Step 8. Configuring KSN usage preferences... 98 Step 9. Configuring user interaction preferences... 98 Step 10. Configuring network connection preferences... 98 Step 11. Configuring reports, Quarantine and Backup settings... 98 Step 12. Select the policy state... 98 Step 13. Completing creation of a policy... 99 STEP 1. ENTERING GENERAL DATA ON THE POLICY 1. In the Choose a group policy name for the application window, in the User name field, specify the name of the policy to be created. The name cannot contain the following symbols: " * < : >? \. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 2. SELECTING APPLICATION 1. In the Choose an application for creating a group policy window, in the Application name list select Kaspersky Endpoint Security 10 for Mac. 2. Select the Inherit preferences from existing policy of previous application version check box if you want to import the preferences of an existing Kaspersky Endpoint Security 8.0 policy into a new policy. 3. Click the Next button to proceed to the next step of the Policy Wizard. STEP 3. CONFIGURING PROTECTION PREFERENCES 1. If necessary, do the following in the Protection window: Configure the preferences of protection of the client computer's operating system; Create a trusted zone; Select categories of objects to detect; Configure the task run mode when the computer is running on battery power. 2. Click the Next button to proceed to the next step of the Policy Wizard. 96
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER SEE ALSO Viewing and editing File Anti-Virus task preferences... 118 STEP 4. CONFIGURING FILE ANTI-VIRUS PREFERENCES 1. If necessary, do the following in the File Anti-Virus window: Enable or disable File Anti-Virus. By default, File Anti-Virus is enabled. Select a security level. The security level recommended by Kaspersky Lab is selected by default. Select actions on detection of a malicious object. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 5. CONFIGURING WEB ANTI-VIRUS PREFERENCES 1. If necessary, do the following in the Web Anti-Virus window: Enable or disable Web Anti-Virus. By default, Web Anti-Virus is enabled. Select a security level. The security level recommended by Kaspersky Lab is selected by default. Select the action to be performed when a malicious object is detected in web traffic. Enable or disable scanning of inbound and outbound HTTPS traffic. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 6. CONFIGURING NETWORK ATTACK BLOCKER 1. If necessary, do the following in the Network Attack Blocker window: Enable or disable Network Attack Blocker. By default, Network Attack Blocker is enabled. Configure Network Attack Blocker preferences. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 7. CONFIGURING UPDATE PREFERENCES 1. If necessary, configure the preferences for update tasks in the Update window. 2. Click the Next button to proceed to the next step of the Policy Wizard. 97
A D M I N I S T R A T O R ' S G U I D E SEE ALSO Viewing and editing update task preferences... 116 STEP 8. CONFIGURING KSN USAGE PREFERENCES 1. If necessary, in the KSN window configure the preferences of Kaspersky Security Network usage and KSN proxy preferences. When you participate in Kaspersky Security Network, the statistics based on protection of your computer by Kaspersky Endpoint Security are sent to Kaspersky Lab automatically. No personal data is collected, processed, or stored. 2. To view the full text of the Kaspersky Security Network Statement, click the KSN Statement button. 3. Click the Next button to proceed to the next step of the Policy Wizard. SEE ALSO Step 9. Configuring user interaction preferences... 98 STEP 9. CONFIGURING USER INTERACTION PREFERENCES 1. If necessary, in the User interaction window configure the preferences of Kaspersky Endpoint Security interaction with the user of the client computer. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 10. CONFIGURING NETWORK CONNECTION PREFERENCES 1. If necessary, in the Network window configure the connection to a proxy server. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 11. CONFIGURING REPORTS, QUARANTINE AND BACKUP SETTINGS 1. If necessary, do the following in the Reports window: Configure the report generation and storage preferences; Configure the preferences for storing objects in Quarantine and Backup. 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 12. SELECT THE POLICY STATE 1. In the Create a group policy for application window, select a state of the policy that will be assigned to it after creation. You can assign the following status labels to a policy: Active policy the policy is applied to the selected administration group; Inactive policy the policy is not applied; 98
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER Offline user policy the policy is applied to the selected administration group when it is disconnected from the corporate network. Several policies can be created for a single application in an administration group, but only one of them can be the active policy. For detailed information about policy states, see the Kaspersky Security Center Administrator's Guide 2. Click the Next button to proceed to the next step of the Policy Wizard. STEP 13. COMPLETING CREATION OF A POLICY The last window in the wizard will inform you that you have successfully created a policy. Click the Finish button to close the Assistant. The policy that has been created appears on the Policies tab in the workspace of the relevant administration group. You can edit the preferences of the policy you have created. You can also prohibit or allow changes to each group of preferences from a client computer using the and buttons for each group of preferences. The button next to a group of preferences signifies that the user of a client computer is not allowed to edit these preferences on the user's computer. The button next to a group of preferences signifies that the user of a client computer is allowed to edit these preferences on the user's computer. The policy is applied to client computers after the first synchronization of the client computers with Administration Server. CONFIGURING POLICY PREFERENCES You can make changes to the policy you have created in Kaspersky Security Center and block any changes to its preferences in the policies of subgroups and task preferences. The policy preferences can be edited in the policy properties window, on the Preferences tab. The preferences of a Kaspersky Endpoint Security policy include application preferences and task preferences (see section "Viewing task preferences" on page 110). To view and edit policies, carry out the following steps: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. Select the administration group to which the client computer belongs. 5. In the workspace, select the Policies tab. 6. Right-click to open the context menu of the policy you want to configure and select the Properties item. 7. Configure required policy preferences in the Properties: <Policy name> window: If necessary, configure the following protection preferences in the Protection section: Enable or disable real-time protection of the client computer. Enable or disable the launch of Kaspersky Endpoint Security at startup of the client computer. Configure trusted zone preferences. Select categories of objects to detect. Enable or disable automatic launch of scheduled tasks when the computer is running on battery power. 99
A D M I N I S T R A T O R ' S G U I D E If necessary, configure the following preferences in the File Anti-Virus section: Enable or disable File Anti-Virus. Select one of the preset security levels or configure security preferences manually. Select the types of files to be scanned by File Anti-Virus. Configure virus scan performance. Select the types of compound files to be scanned by File Anti-Virus. Specify the protection scope. Select the virus scan mode. Enable or disable pausing of scheduled tasks. Enable or disable Heuristic Analyzer. Select the action that is performed by File Anti-Virus on detection of a malicious object. If necessary, configure the following preferences in the Web Anti-Virus section: Enable or disable Web Anti-Virus. Select one of the preset security levels or configure security preferences manually. Enable or disable checking of web addresses against the database of malicious web addresses. Configure Anti-Phishing preferences. Specify trusted addresses the traffic from which is not scanned by Web Anti-Virus. Select action to be performed by the application on detection of a malicious object. Enable or disable scanning of inbound and outbound HTTPS traffic. If necessary, configure the following preferences in the Network Attack Blocker section: Enable or disable Network Attack Blocker. Configure Network Attack Blocker preferences. Specify the IP addresses of computers whose network activity will not be blocked. If necessary, configure the following preferences in the Update section: Enable or disable updates of application modules. Enable or disable the copying of update files to the specified folder. Specify the folder to which Kaspersky Endpoint Security will copy update files. Specify update sources. Select the action after database update. If necessary, configure the following preferences in the KSN section: Enable or disable usage of KSN. Enable or disable usage of KSN for scanning and categorizing files. Enable or disable usage of KSN for checking web addresses. Configure KSN proxy usage preferences. 100
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER If necessary, configure the following preferences in the User interaction section: Enable or disable event notifications. Select the way in which Kaspersky Endpoint Security will notify the user about events. Show or hide the Kaspersky Endpoint Security icon in the menu bar. Show or hide the Quit command in the context menu of the Kaspersky Endpoint Security icon on the client computer. Select the language in which Kaspersky Security Center events will be displayed. Set restrictions on Kaspersky Endpoint Security management options available to the client computer user. If necessary, configure the following preferences in the Network section: Select the proxy server usage mode. Specify the proxy server address. Enable or disable usage of the proxy server for local addresses. Specify the user name and password for proxy server authentication. If necessary, configure the following preferences in the Reports section: Enable or disable the logging of non-critical events in the report. Enable or disable removal of events after the specified period of time elapses. Specify the event storage period. Enable or disable removal of objects from Quarantine and Backup after the specified period of time elapses. Specify the period for storing objects in Quarantine and Backup. 8. Click OK to save changes and close the policy properties window. CHANGING THE POLICY STATE You can change the state of an existing policy. To change the policy state: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Policies tab. 6. Right-click to open the context menu of the policy whose state you want to change and select the Properties item. 7. In the Properties: <Policy name> window, select the General section. 8. In the Policy state section, choose one of the following policy states: Active policy. The policy is applied to the selected administration group. 101
A D M I N I S T R A T O R ' S G U I D E Offline user policy. The policy is applied to the selected administration group when it is disconnected from the corporate network. Inactive policy. The policy is not applied. 9. Click OK to save changes and close the Properties: <Policy name> window. IMPORTING A POLICY FROM FILE You can import an existing policy from a KLP file To import a policy from file: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Policies tab. 6. Open the file selection window in one of the following ways: by clicking the Import policy from file link; Right-click to display the context menu of the workspace and select Import. 7. Select a file with a policy. The imported policy appears in the list of policies in the workspace. OPENING THE LIST OF POLICIES To open the list of policies created for Kaspersky Endpoint Security: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Policies tab. EXPORTING A POLICY TO FILE You can export an existing policy for Kaspersky Endpoint Security to a KLP file. To export an existing policy: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 102
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Policies tab. 6. Right-click to display the context menu of the policy and select Export. A window for saving the file opens. 7. Specify the file name. 8. Save the file to the selected folder. MANAGING TASKS This section provides information on creating and configuring tasks for Kaspersky Endpoint Security on a client computer or a group of client computers. A task is a set of configurable actions which Kaspersky Endpoint Security performs on a client computer. You can start a task manually or configure a scheduled task startup. After being installed on a client computer, Kaspersky Endpoint Security creates a set of system tasks. This list includes protection tasks, virus scan tasks, update tasks, and update rollback tasks. You can manage the schedule for system tasks and configure the preferences for them. System tasks cannot be deleted. You can also create custom tasks, such as the virus scan task, application update task, or key file addition task. You can perform the following operations on custom tasks: adjust the preferences of a task; track the execution of a task; Copy and move tasks from one group to another; Delete tasks; import and export tasks. For detailed information about tasks, see the Kaspersky Security Center Administrator's Guide. IN THIS SECTION: Creating a task... 104 Starting and stopping tasks manually... 109 Viewing task preferences... 110 Viewing the list of tasks for computers belonging to the administration group... 111 Viewing the list of tasks for sets of computers outside administration groups... 111 Viewing the list of local tasks... 111 Viewing and editing Quick Scan task preferences... 112 Viewing and editing Full Scan task preferences... 113 103
A D M I N I S T R A T O R ' S G U I D E Viewing and editing Web Anti-Virus task preferences... 114 Viewing and editing preferences of a key addition task... 114 Viewing and editing preferences of a Network Attack Blocker task... 115 Viewing and editing update task preferences... 116 Viewing and editing custom virus scan task preferences... 117 Viewing and editing File Anti-Virus task preferences... 118 CREATING A TASK This section provides instructions on starting the New Task Wizard and a description of the New Task Wizard steps. You can create the following types of tasks when managing Kaspersky Endpoint Security through Kaspersky Security Center: Local tasks for a separate client computer; Tasks for client computers that belong to administration groups; Tasks for sets of client computers outside administration groups. IN THIS SECTION: Creating a local task for a separate client computer... 104 Creating a task for client computers that belong to an administration group... 105 Creating a task for sets of client computers outside administration groups... 106 Step 1. Entering general data on the task... 106 Step 2. Selecting an application and defining the task type... 107 Step 3. Configuring preferences for the selected task type... 107 Step 4. Defining the method of selecting client computers for which a task will be created... 108 Step 5. Selecting the client computers... 108 Step 6. Configuring a schedule... 109 Step 7. Finishing task creation... 109 CREATING A LOCAL TASK FOR A SEPARATE CLIENT COMPUTER To create a local task for a separate client computer: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 104
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Computers tab. 6. Select the computer that you need in the list of client computers. 7. Open the Properties: <Computer name> window in one of the following ways: Double-click the name of the client computer; Right-click to display the context menu of the client computer and select Properties; Click the Computer properties link in the section where you are managing the selected object. 8. In the Properties:<Computer name> window, select the Tasks section. The list of system and custom tasks created for the given client computer is displayed in the workspace on the right. 9. Click the Add button in the lower part of the workspace. The Task Wizard starts. 10. Follow the steps of the New Task Wizard to create a local task for a separate client computer. To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. SEE ALSO Creating a task for client computers that belong to an administration group... 105 Creating a task for sets of client computers outside administration groups... 106 CREATING A TASK FOR CLIENT COMPUTERS THAT BELONG TO AN ADMINISTRATION GROUP To create a task for client computers belonging to an administration group: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Tasks tab. 6. In the workspace, start the New Task Wizard by clicking the Create a task link. 7. Follow the steps of the New Task Wizard to create a task for client computers included in the administration group. 105
A D M I N I S T R A T O R ' S G U I D E To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. For detailed information on how to create group tasks, see the Kaspersky Security Center Administrator's Guide SEE ALSO Creating a local task for a separate client computer... 104 Creating a task for sets of client computers outside administration groups... 106 CREATING A TASK FOR SETS OF CLIENT COMPUTERS OUTSIDE ADMINISTRATION GROUPS To create a task for sets of client computers outside administration groups: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Select the Tasks for sets of computers folder. 4. In the workspace, start the New Task Wizard by clicking the Create a task link. 5. Follow the steps of the New Task Wizard to create a task for sets of client computers outside administration groups. To proceed to the next step of the wizard, click the Next button. To return to the previous step of the wizard, click the button. To exit the wizard at any step, click the Cancel button. The appearance of buttons may vary depending on the version of the Windows operating system. For information on the specifics of creating tasks for sets of client computers outside administration groups, see the Kaspersky Security Center Administrator's Guide. SEE ALSO Creating a local task for a separate client computer... 104 Creating a task for client computers that belong to an administration group... 105 STEP 1. ENTERING GENERAL DATA ON THE TASK 1. In the Specify task name window, in the User name field, specify the name of the task being created. 2. Click the Next button to proceed to the next step of the wizard. 106
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER STEP 2. SELECTING AN APPLICATION AND DEFINING THE TASK TYPE 1. In the Select task type window, maximize the Kaspersky Endpoint Security 10 for Mac node. 2. Select the type of the task being created: To create a key addition task, select Add key. To create an update task, select Update. To create an update rollback task, select Roll Back Update. To create a virus scan task, select Virus scan. 3. Click the Next button to proceed to the next step of the wizard. STEP 3. CONFIGURING PREFERENCES FOR THE SELECTED TASK TYPE Depending on the task type selected during the previous step, the contents of the preferences window may vary. This window is not displayed for the update rollback task. Application activation In the Application activation window, do the following: 1. Select an activation code or add a key file. 2. To add the specified key as a reserve key, select the Add as reserve key check box. The reserve key becomes active when the current active key expires. Information about the specified key (key, its type, and date of expiration) is displayed in the Application activation window. Update By default, Kaspersky Endpoint Security updates databases and application modules and uses Kaspersky Security Center Administration Server and Kaspersky Lab update servers as updates sources. If necessary, edit the update task preferences in the Update window: 1. To disable updates of application modules, clear the Update application modules check box. 2. If you want Kaspersky Endpoint Security to copy the downloaded update files to the specified folder, select the Copy update files to folder check box and enter the path to the folder. 3. To change the update sources: a. Click the Preferences button. The Preferences: Update window opens. b. Select the check boxes next to the update sources that you want to use. c. To specify a different update source, click the Add button. This opens the Update source window. 107
A D M I N I S T R A T O R ' S G U I D E d. Specify the web address of the update source or the path to a local or network folder that is an update source. e. Click OK to save changes and close the Preferences: Update window. Virus Scan By default, Kaspersky Endpoint Security uses the Recommended security level, prompts the user to choose an action on detecting an infected or probably infected object after the scan, and scans the following objects: All removable drives All internal drives All network drives If necessary, edit the virus scan task preferences in the Virus scan window: 1. Select one of the preset security levels or configure security level preferences manually. 2. Specify the action that Kaspersky Endpoint Security performs on detecting an infected or probably infected object. The options Prompt for action when the scan is complete and Prompt for action during scan are unavailable in tasks for client computers that belong to an administration group and in tasks for sets of client computers outside administration groups. 3. Create a scan scope. Click the Next button to proceed to the next step of the wizard. STEP 4. DEFINING THE METHOD OF SELECTING CLIENT COMPUTERS FOR WHICH A TASK WILL BE CREATED This step is not displayed when you are creating a task for a separate client computer or for client computers belonging to an administration group. In the Define the method of selecting client computers for which a task will be created window, select the method by which you want to specify the client computers: To select from among computers detected on the network by Administration Server, select the Select network computers detected by Administration Server option. To specify the IP addresses of computers manually or import the IP addresses of computers from file, select the Specify computer addresses manually or import from list option. STEP 5. SELECTING THE CLIENT COMPUTERS This step is not displayed when you are creating a task for a separate client computer or for client computers belonging to an administration group. 1. In the Select client computers window, select the client computers or specify the IP addresses of computers to which the task applies. 2. Click the Next button to proceed to the next step of the wizard. 108
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER STEP 6. CONFIGURING A SCHEDULE 1. In the Configure the task launch schedule window, select the task launch mode in the Scheduled startup drop-down list. 2. If necessary, configure the task startup preferences (such as task startup date and time). 3. If you want to run tasks that the application was unable to start according to schedule (for example, because the computer was turned off at the scheduled time), select the Run skipped tasks check box. Kaspersky Endpoint Security starts the task once the obstacle preventing the task startup is eliminated. 4. If you want Kaspersky Security Center to automatically define the interval between task launches on different computers, select the Define task launch delay automatically check box. This functionality helps to reduce the load on Administration Server of Kaspersky Security Center. 5. To specify the interval between task launches on different computers manually, select the Randomize the task start with interval (min) check box and specify the number of minutes. This functionality helps to reduce the load on Administration Server of Kaspersky Security Center. 6. Click the Next button to proceed to the next step of the wizard. STEP 7. FINISHING TASK CREATION In the Finishing task creation window, do the following: 1. If you want the task to start as soon as the wizard finishes, select the Run task when the wizard is complete check box. 2. Click the Finish button to close the Assistant. STARTING AND STOPPING TASKS MANUALLY Tasks are started on a client computer only if Network Agent is running. If Network Agent stops running, run of all active tasks is interrupted. Tasks are started and stopped automatically, according to a schedule, or manually using the context menu commands and buttons and also from the task properties window. To start or stop a task manually: 1. Open the list that includes the task: To start or stop a local task, open the list of local tasks (see section "Viewing the list of local tasks" on page 111). To start or stop a task for computers belonging to an administration group, open the list of tasks for computers belonging to the administration group (see section "Viewing the list of tasks for computers belonging to the administration group" on page 111). To start or stop a task for sets of computers outside administration group, open the list of tasks for sets of computers outside administration groups (see section "Viewing the list of tasks for sets of computers outside administration groups" on page 111). 2. Select the task that you want to start or stop. 109
A D M I N I S T R A T O R ' S G U I D E 3. Start or stop the task in one of the following ways: Right-click to display the context menu of the task and select Start or Stop. In workspace, click the Start or Stop button. Right-click to display the context menu of the task and select Properties. In the window that opens, click the Start or Stop button. VIEWING TASK PREFERENCES To view preferences of a local task: 1. Open the list of local tasks for a separate client computer (see section "Viewing the list of local tasks" on page 111). 2. Select a task in the list and open the task properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. To view the properties of a task for client computers belonging to the administration group: 1. Open the list of tasks for computers belonging to an administration group (see section "Viewing the list of tasks for computers belonging to the administration group" on page 111). 2. Select a task and open the task properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; By clicking the Edit preferences link in the workspace. To view the properties of a task for sets of computers outside administration groups: 1. Open the list of tasks for sets of computers outside administration groups (see section "Viewing the list of tasks for sets of computers outside administration groups" on page 111). 2. Select a task and open the task properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; By clicking the Edit preferences link in the workspace. For information on the specifics of tasks for sets of client computers, see the Kaspersky Security Center Administrator's Guide. 110
M A NA G E M E N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER VIEWING THE LIST OF TASKS FOR COMPUTERS BELONGING TO THE ADMINISTRATION GROUP To view the list of tasks for computers belonging to the administration group: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Tasks tab. The list of tasks for computers belonging to the administration group is displayed in the workspace. VIEWING THE LIST OF TASKS FOR SETS OF COMPUTERS OUTSIDE ADMINISTRATION GROUPS To view the list of tasks for sets of computers outside administration groups: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Select the Tasks for sets of computers folder. The list of tasks for sets of computers outside administration groups is displayed in the workspace. VIEWING THE LIST OF LOCAL TASKS To view the list of local tasks created for a client computer: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. In the workspace, select the Computers tab. 6. Select the computer that you need in the list of client computers. 7. Open the Properties: <Computer name> window in one of the following ways: Double-click the name of the client computer; Right-click to display the context menu of the client computer and select Properties; Click the Computer properties link in the section where you are managing the selected object. 8. In the Properties:<Computer name> window, select the Tasks section. The list of system and custom tasks created for the given client computer is displayed in the workspace on the right. 111
A D M I N I S T R A T O R ' S G U I D E VIEWING AND EDITING QUICK SCAN TASK PREFERENCES To view and edit the Quick Scan task preferences: 1. Open the list of local tasks for a client computer (see section "Viewing the list of local tasks" on page 111). 2. Open the properties of Quick Scan task in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. 3. Select the Virus Scan section. 4. If necessary, configure the following preferences in the Virus Scan section in the workspace: To select one of the preset security levels, use the slider in the Security level section. To configure the security preferences manually, click the Preferences button and do the following: a. On the General tab in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security. b. On the General tab in the Optimization section, configure the scan performance. c. On the General tab in the Compound files section, select which compound files you want Kaspersky Endpoint Security to scan. d. On the Advanced tab in the Advanced preferences section, configure the use of iswift technology, resumption of paused tasks, and recording of information about malicious objects detected in the application statistics. e. On the Advanced tab in the Heuristic Analyzer section, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer. In the Action section, select the action that Kaspersky Endpoint Security should perform when an infected or probably infected object is detected. To specify a scan scope, do the following in the Scan scope section: a. Click the Preferences button. The Scan scope window opens. a. If you want Kaspersky Endpoint Security to scan objects in the default list, select the check box next to the relevant object. a. If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or mask of a file or folder name. 5. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: Quick Scan window after saving changes. Click the OK button to close the Properties: Quick Scan window after saving changes. 112
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER VIEWING AND EDITING FULL SCAN TASK PREFERENCES To view and edit the Full Scan task preferences: 1. Open the list of local tasks for a client computer (see section "Viewing the list of local tasks" on page 111). 2. Open the properties of Full Scan task in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. 3. Select the Virus Scan section. 4. If necessary, configure the following preferences in the Virus Scan section in the workspace: To select one of the preset security levels, use the slider in the Security level section. To configure the security preferences manually, click the Preferences button and do the following: a. On the General tab in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security. b. On the General tab in the Optimization section, configure the scan performance. c. On the General tab in the Compound files section, select which compound files you want Kaspersky Endpoint Security to scan. d. On the Advanced tab in the Advanced preferences section, configure the use of iswift technology, resumption of paused tasks, and recording of information about malicious objects detected in the application statistics. e. On the Advanced tab in the Heuristic Analyzer section, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer. In the Action section, select the action that Kaspersky Endpoint Security should perform when an infected or probably infected object is detected. To specify a scan scope, do the following in the Scan scope section: a. Click the Preferences button. The Scan scope window opens. a. If you want Kaspersky Endpoint Security to scan objects in the default list, select the check box next to the relevant object. b. If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or mask of a file or folder name. 5. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: Full Scan window after saving changes. Click the OK button to close the Properties: Full Scan window after saving changes. 113
A D M I N I S T R A T O R ' S G U I D E VIEWING AND EDITING WEB ANTI-VIRUS TASK PREFERENCES To view or edit preferences of the Web Anti-Virus task: 1. Open the list of local tasks for a client computer (see section "Viewing the list of local tasks" on page 111). 2. In the list of local tasks, select the Web Anti-Virus task and open its properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. 3. Select the Web Anti-Virus section. 4. If necessary, configure the following preferences in the Web Anti-Virus section in the workspace: Enable or disable Web Anti-Virus on the client computer. To select one of the preset security levels, use the slider in the Security level section. To configure the security preferences manually, click the Preferences button and do the following: a. In the Scan mode section, enable or disable checking of web addresses against the database of malicious web addresses. b. In the Anti-Phishing preferences section, enable or disable checking of web addresses against the database of phishing web addresses. c. In the Anti-Phishing preferences section, enable or disable the use of Heuristic Analyzer for detecting phishing links. 5. In the If a malicious object is detected section, select the action that Web Anti-Virus performs on detecting a dangerous object in web traffic. 6. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: Web Anti-Virus window after saving changes. Click the OK button to close the Properties: Web Anti-Virus window after saving changes. VIEWING AND EDITING PREFERENCES OF A KEY ADDITION TASK You can view and edit preferences of a key addition task for the following types of tasks: Local tasks on separate client computers; Tasks for computers that belong to administration groups; Tasks for sets of computers outside administration groups. To view and edit the key addition task preferences: 1. Open the window with the preferences of the key addition task (see section "Viewing task preferences" on page 110). 2. Select the Application activation section. 114
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER 3. If necessary, add another key in one of the following ways: To select an activation code from among the activation codes added to the Kaspersky Security Center storage: a. Select the Activation code option. b. Click the Select button. The List of activation codes in Kaspersky Security Center storage window opens. c. Select an activation code. d. Click the OK button. To add a key file: a. Select the Key file option. b. Click the Add button. The file selection window opens. c. Select a key file. d. Click the Open button. The current key is deleted when a different key is added. 4. To add the specified key as a reserve key, select the Add as reserve key check box. The reserve key becomes active when the current key expires. 5. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: <Task name> window after saving changes. Click the OK button to close the Properties: <Task name> window after saving changes. VIEWING AND EDITING PREFERENCES OF A NETWORK ATTACK BLOCKER TASK To view and edit Network Attack Blocker task preferences: 1. Open the list of local tasks for a client computer (see section "Viewing the list of local tasks" on page 111). 2. In the list of local tasks, select the Network Attack Blocker task and open its properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. 3. Select the Network Attack Blocker section. 115
A D M I N I S T R A T O R ' S G U I D E 4. If necessary, configure the following preferences in the Network Attack Blocker section in the workspace: Enable or disable Network Attack Blocker on the client computer. In the Network Attack Blocker preferences, select or clear the Add attacking computers to the list of blocked computers for <value> minutes check box and specify the value. You can also specify the IP addresses of computers whose network activity will not be blocked. To do this, perform the following steps: Click the Exclusions button. The Exclusions window opens. Click the Add button. The IP address window opens. Specify the IP address of the computer whose network activity will not be blocked. 5. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: Network Attack Blocker window after saving changes. Click the OK button to close the Properties: Network Attack Blocker window after saving changes. VIEWING AND EDITING UPDATE TASK PREFERENCES You can view and edit preferences of an update task for the following types of tasks: Local tasks on separate client computers; Tasks for computers that belong to administration groups; Tasks for sets of computers outside administration groups. To view and edit the update task preferences: 1. Open the window with the update task preferences (see section "Viewing task preferences" on page 110). 2. Select the Update section. 3. If you want Kaspersky Endpoint Security to update application modules along with application databases, select the Update application modules check box. 4. If you want Kaspersky Endpoint Security to copy the update files to a local or network folder, select the Copy update files to folder check box and enter the path to the relevant folder. 5. To choose an update source: a. Click the Preferences button. The Preferences: Update window opens. b. Specify the update source in one of the following ways: If you want the application to download updates from Administration Server, select the Kaspersky Security Center check box. If you want the application to download updates from Kaspersky Lab update servers, select the Kaspersky Lab update servers check box. To add a different update source, click the Add button and in the window that opens type the path to the update source. 116
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER By default, Kaspersky Endpoint Security downloads updates from Administration Server and Kaspersky Lab update servers. 6. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: <Task name> window after saving changes. Click the OK button to close the Properties: <Task name> window after saving changes. VIEWING AND EDITING CUSTOM VIRUS SCAN TASK PREFERENCES You configure virus scan task preferences for the following types of tasks: Local tasks for a separate computer that belongs to an administration group; Tasks for sets of computers outside administration groups; Tasks for client computers. To view and edit the preferences of a virus scan task: 1. Open the window with the virus scan task preferences (see section "Viewing task preferences" on page 110). 2. Select the Virus Scan section. 3. To change the level of security on which Kaspersky Endpoint Security runs the virus scan task, do one of the following in the Security level section: Select a preset security level by moving the slider up or down the scale. You can select one of the following security levels: Maximum Protection. Kaspersky Endpoint Security performs the fullest possible monitoring of files that are opened, saved, or executed. Recommended. Kaspersky Endpoint Security monitors files with the preferences recommended by Kaspersky Lab. This is the default security level. Maximum Speed. Kaspersky Endpoint Security monitors a minimum set of files. You can choose this security level if you want to use other applications that require significant RAM resources comfortably. Configure security preferences manually: a. Click the Preferences button. The Preferences: Virus Scan window opens. b. On the General tab in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security when running the virus scan task. c. On the General tab in the Optimization section, configure the scan performance. d. On the General tab in the Compound files section, select which compound files you want Kaspersky Endpoint Security to analyze for detectable objects. e. On the Advanced tab in the Advanced preferences section, configure the use of iswift technology, resumption of paused tasks, and recording of information about malicious objects detected in the application statistics. 117
A D M I N I S T R A T O R ' S G U I D E f. On the Advanced tab in the Heuristic Analyzer, configure the use of Heuristic Analyzer and select the protection level to be applied by Heuristic Analyzer during virus scan tasks. g. Click OK to save changes and close the Preferences: Virus Scan window. The security level changes to Custom. To restore the default preferences, click the Default button. The security level changes to Recommended. 4. If necessary, in the Action section select the action that Kaspersky Endpoint Security should perform when an infected or probably infected object is detected. The options Prompt for action when the scan is complete and Prompt for action during scan are unavailable in tasks for client computers that belong to an administration group and in tasks for sets of client computers outside administration groups. 5. To specify a scan scope, do the following in the Scan scope section: a. Click the Preferences button. The Scan scope window opens. b. If you want Kaspersky Endpoint Security to scan RAM, select the RAM check box. c. If you want Kaspersky Endpoint Security to scan startup objects, select the Startup Objects check box. d. If you want Kaspersky Endpoint Security to all internal drives, select the All Internal Drives check box. e. If you want Kaspersky Endpoint Security to scan other files or folders, click the Add button and specify a file, folder, or mask of a file or folder name. 6. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: <Task name> window after saving changes. Click the OK button to close the Properties: <Task name> window after saving changes. VIEWING AND EDITING FILE ANTI-VIRUS TASK PREFERENCES To view and edit File Anti-Virus task preferences: 1. Open the list of local tasks for a client computer (see section "Viewing the list of local tasks" on page 111). 2. In the list of local tasks, select the File Anti-Virus task and open its properties in one of the following ways: Double-click the task name; Right-click to display the context menu of the task and select Properties; Click the Properties button. 3. Select the File Anti-Virus section. 4. If necessary, configure the following preferences in the File Anti-Virus section in the workspace: Enable or disable File Anti-Virus on the client computer. To select one of the preset security levels, use the slider in the Security level section. 118
M A NA G E ME N T O F T H E A PP L I C AT I O N V I A K A SP E RSK Y SEC UR I T Y C E N T ER To configure the security preferences manually, click the Preferences button and do the following: a. On the General tab in the File types section, select the types of files that should be scanned by Kaspersky Endpoint Security when they are opened, executed, or saved. b. On the General tab in the Optimization section, configure the scan performance and select the scan technology. c. On the General tab in the Compound files section, select which compound files should be scanned for objects to be detected, and set a restriction on scanning of large-sized objects. d. On the Protection scope tab, specify files or folders that should be scanned by File Anti-Virus. By default, scanning of all objects located on removable, internal, and network drives connected to the client computer is enabled. You can add an object to the protection scope, modify an object on the list, temporarily disable scanning of an object on the list, or remove an object from the list. e. Select File Anti-Virus operation mode on the Advanced tab in the Scan mode section. f. On the Advanced tab in the Pause task section, enable or disable scheduled pausing of File Anti- Virus and configure preferences of automatic pausing of tasks according to schedule. g. On the Advanced tab in the Heuristic Analyzer section, configure the use of Heuristic Analyzer by File Anti-Virus. In the If a malicious object is detected section, select the action that File Anti-Virus performs on detecting an infected or probably infected object. 5. Save the changes in one of the following ways: Click the Apply button to remain in the Properties: File Anti-Virus window after saving changes. Click the OK button to close the Properties: File Anti-Virus window after saving changes. 119
GENERATING A REPORT ON OBJECTS DETECTED BY THE APPLICATION ON THE CLIENT COMPUTER To generate a report on objects detected on the client computer: 1. Start Administration Console of Kaspersky Security Center. 2. Maximize the Administration Server - <Server name> node. 3. Open the Managed computers folder. 4. In the Managed computers folder, select the administration group that includes the required client computer. 5. Select the Computers tab. 6. Select the computer that you need in the list of client computers. 7. Open the Properties: <Computer name> window in one of the following ways: Double-click the name of the client computer; Right-click to display the context menu of the client computer and select Properties; Click the Computer properties link in the section where you are managing the selected object. 8. Select the Protection section. 9. Generate a report by clicking the View report on detected viruses link in the workspace. The generated report opens in the browser window. You can find information about other ways to generate a report on objects detected by the application on the client computer in the Kaspersky Security Center Administrator's Guide. 120
CONTACTING TECHNICAL SUPPORT This section describes the ways to get technical support and the terms on which it is available. IN THIS SECTION: About technical support... 121 Technical support by phone... 121 Technical Support via Kaspersky CompanyAccount... 122 Using a trace file... 122 Creating a trace file... 122 Collecting information for Technical Support... 123 ABOUT TECHNICAL SUPPORT If you could not find a solution to your problem in the documentation or in one of the sources of information about the application (see the section "Sources of information about the application" on page 11), we recommend that you contact Kaspersky Lab Technical Support. Technical Support specialists will answer your questions about installing and using the application. Technical support is available only to users who have acquired a commercial license. Users who have received a trial license are not entitled to technical support. Before contacting Technical Support, please read the technical support rules (http://support.kaspersky.com/support/rules). You can contact Technical Support specialists in one of the following ways: By calling Kaspersky Lab Technical Support. By sending a request to Technical Support through the Kaspersky CompanyAccount web service. TECHNICAL SUPPORT BY PHONE In most regions you can call Kaspersky Lab's Technical Support. You can find information on ways to receive technical support and contacts for Technical Support on the website of Kaspersky Lab Technical Support" (http://support.kaspersky.com/b2b). Before contacting Technical Support, please read the technical support rules (http://support.kaspersky.com/support/rules). These rules contain information about the working hours of Kaspersky Lab Technical Support and about the information that you must provide so that Kaspersky Lab Technical Support specialists can help you. 121
A D M I N I S T R A T O R ' S G U I D E TECHNICAL SUPPORT VIA KASPERSKY COMPANYACCOUNT Kaspersky CompanyAccount (https://companyaccount.kaspersky.com) is a web service for companies that use Kaspersky Lab applications. The Kaspersky CompanyAccount web service is designed to facilitate interaction between users and Kaspersky Lab specialists via online requests. The Kaspersky CompanyAccount web service lets you monitor the progress of electronic request processing by Kaspersky Lab specialists and store a history of electronic requests. You can register all of your organization's employees under a single account on Kaspersky CompanyAccount. A single account lets you centrally manage electronic requests from registered employees to Kaspersky Lab and also manage the privileges of these employees via Kaspersky CompanyAccount. The Kaspersky CompanyAccount web service is available in the following languages: English Spanish Italian German Polish Portuguese Russian French Japanese To learn more about Kaspersky CompanyAccount, visit the Technical Support website (http://support.kaspersky.com/faq/companyaccount_help). USING A TRACE FILE After you report a problem to Kaspersky Lab Technical Support specialists, they may ask you to generate a report with information about the operation of Kaspersky Security and send it to Kaspersky Lab Technical Support. Kaspersky Lab Technical Support specialists may also ask you to generate a trace file. Trace files allow tracking the step-by-step process of command execution and finding out at which step an error occurs. CREATING A TRACE FILE To create a trace file: 2. Click the button on the navigation panel in the upper part of the main application window. The application preferences window opens. 3. On the Reports tab of the application preferences window, in the Traces section, select the Enable trace logs check box. 4. Restart Kaspersky Endpoint Security to start the tracing process. 122
C O N T A C T I N G T E C H N I C A L S U P P O R T It is recommended to enable tracing only when instructed to do so by a Kaspersky Lab Technical Support specialist. Trace files can occupy a significant amount of space on your hard drive. After finishing with trace files, it is recommended that you disable creation of such files by clearing the Enable trace logs check box on the Reports tab of the application preferences window. You have to restart Kaspersky Endpoint Security afterwards. COLLECTING INFORMATION FOR TECHNICAL SUPPORT For more effective support and troubleshooting of application problems, Technical Support specialists may ask you to change application preferences temporarily for purposes of debugging during diagnostics. This may require doing the following: Activating the functionality that gathers extended diagnostic information. Fine-tuning the preferences of individual application components, which are not available via standard user interface elements. Changing the preferences of transmission of diagnostic information that is gathered. Technical Support representatives will provide you will all the information needed to perform the listed operations and inform you about the scope of data to be gathered for debugging purposes. After the extended diagnostic information is collected, it is saved on the user's computer. The collected data is not sent to Kaspersky Lab automatically. 123
APPENDICES This section provides information that complements the document text. IN THIS SECTION: List of objects scanned by extension... 124 Masks in paths to files and folders... 129 LIST OF OBJECTS SCANNED BY EXTENSION If in the virus scan task preferences (see section "Selecting the security level" on page 57) you selected the Scan applications and documents (by extension) option, Kaspersky Endpoint Security scans objects without extensions and objects with the following extensions for viruses: General formats txt; csv; htm; html. Multimedia (audio/video) files flv; f4v; avi; 3gp; 3g2; 3gp2; 3p2; divx; mp4; mkv; mov; qt; asf; 124
A P P E N D I C E S wmv; rm; rmvb; vob; dat; mpg; mpeg; bik; fcs; mp3; mpeg3; flac; ape; ogg; aac; m4a; wma; ac3; wav; mka; rm; ra; ravb; mid; midi; cda. Image files jpg; jpe; jpeg; 125
A D M I N I S T R A T O R ' S G U I D E jff; gif; png; bmp; tif; tiff; emf; wmf; eps; psd; cdr; swf. Executable and system files exe; dll; scr; ocx; com; sys; class; o; so; elf; prx; vb; vbs; js; bat; cmd; msi; 126
A P P E N D I C E S deb; rpm; sh; pl; dylib. Documents and templates doc; dot; docx; dotx; docm; dotm; xsl; xls; xlsx; xltx; xlsm; xltm; xlam; xlsb; ppt; pot; pps; pptx; potx; pptm; potm; ppsx; ppsm; rtf; 127
A D M I N I S T R A T O R ' S G U I D E pdf; msg; eml; vsd; vss; vst; vdx; vsx; vtx; xps; oxps; one; onepkg; xsn; odt; ods; odp; sxw; pub; mdb; accdb; accde; accdr; accdc; chm; mht. Packed files zip; 7z*; 7-z; 128
A P P E N D I C E S rar; iso; cab; jar; bz; bz2; tbz; tbz2; gz; tgz; arj; dmg; smi; img; xar. The actual format of a file may not match its file name extension. MASKS IN PATHS TO FILES AND FOLDERS You can use the tilde symbol (~) when specifying the protection scope, scan scope, and trusted zone. The ~ symbol in the path to a file or folder replaced /Users/<user name>. For example, the path ~/Desktop means that Desktop folders of all users on computers for which you are creating the protection scope are added to the protection scope. 129
GLOSSARY A A C T I V E K E Y A key that is currently in use for application operation. A D M I N I S T R A T I O N G R O U P A set of computers that share common functions and a set of Kaspersky Lab applications that is installed on them. Computers are grouped so that they can be managed conveniently as a single unit. A group may include other groups. It is possible to create group policies and group tasks for each installed application in the group. A D M I N I S T R A T I O N S E R V E R A component of Kaspersky Security Center that centrally stores information about all Kaspersky Lab applications that are installed within the corporate network. It can also be used to manage these applications. A D M I N I S T R A T I O N S E R V E R C L I E N T (CL I E N T C O M P U T E R ) A computer, server, or workstation on which Network Agent and managed Kaspersky Lab applications are running. A P P L I C A T I O N A C T I V A T I O N Conversion of the application into full-function mode. Activation is performed by the user during or after the application installation. To activate the application, the user needs an activation code or a key file. A R C H I V E One or several file(s) packaged into a single file through compression. A dedicated application, called an archiver, is required for packing and unpacking data. B B A C K U P A special storage for backup copies of files that are created before disinfection or deletion is attempted. B L O C K I N G T H E O B J E C T Denying access to an object from external applications. A blocked object cannot be read, executed or changed. D D A T A B A S E S Databases that contain information about computer security threats that are known to Kaspersky Lab at the time when such databases are issued. Records in the databases allow detecting malicious code in objects being scanned. The databases are compiled by Kaspersky Lab specialists and updated hourly. E E X C L U S I O N An Exclusion is an object excluded from the scan by a Kaspersky Lab application. You can exclude files of certain formats, file masks, a certain area (for example, a folder or a program), application processes, or objects by name, according to the Virus Encyclopedia classification from the scan. Each task can be assigned a set of exclusions. 130
G L O S S A R Y F F A L S E A L A R M Situation when Kaspersky Lab's application considers a non-infected object as infected due to its code similar to that of a virus. F I L E M A S K Representation of a file name using wildcards. The standard wildcards used in file masks are * and?, where * represents any number of any characters and? stands for any single character. G G R O U P P O L I C Y see Policy. G R O U P T A S K A task configured for an administration group and performed on all client computers belonging to this administration group. H H E U R I S T I C A N A L Y Z E R A technology designed to detect threats that have not yet been added to databases of Kaspersky Lab. The heuristic analyzer allows detecting objects behaving in a way that can pose a security threat to the operating system. Objects detected using the heuristic analyzer are considered to be potentially infected. For example, an object can be considered to be potentially infected if it contains combinations of commands that are typical of malicious objects (open file, write to file). I I N F E C T E D O B J E C T An object a segment of whose code fully matches a code segment of a known threat. Kaspersky Lab specialists recommend that you avoid handling such objects. K K A S P E R S K Y L A B U P D A T E S E R V E R S HTTP servers at Kaspersky Lab from which the applications retrieve updates for the application databases and modules. K A S P E R S K Y S E C U R I T Y C E N T E R A D M I N I S T R A T O R The person managing the application operations through the Kaspersky Security Center system of remote centralized administration. M M A X I M U M P R O T E C T I O N Security level for your computer corresponding to the most complete protection that the application can provide. At this protection level, all files on the computer, removable storage media, and network drives are scanned for viruses if connected to the computer. 131
A D M I N I S T R A T O R ' S G U I D E N N E T W O R K A G E N T A Kaspersky Security Center component that enables interaction between the Administration Server and Kaspersky Lab applications that are installed on a specific network node (workstation or server). This component is the one and the same for all Kaspersky Lab applications for Windows. Separate versions of the Network Agent component exist for Kaspersky Lab applications for Novell, Unix, and Mac. N E T W O R K P O R T A TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other. Each application processes data received via a certain port (this is sometimes referred to as the program "listening" to that port). For some common network protocols, there are usually standard port numbers (for example, web servers usually receive HTTP requests on TCP port 80); however, generally, a program can use any protocol on any port. Possible values: 1 to 65535. O O B J E C T D I S I N F E C T I O N A method of processing infected objects that results in full or partial data recovery. Not all infected objects can be disinfected. OLE O B J E C T An object attached to another file or embedded into another file through the use of the Object Linking and Embedding (OLE) technology. An example of an OLE object is a Microsoft Office Excel spreadsheet embedded into a Microsoft Office Word document. P P O L I C Y A policy defines the application preferences and access to the preferences of the application installed on computers belonging to an administration group. A separate policy has to be created for each application. You can create an unlimited number of different policies for applications installed on computers in each administration group. However, within each administration group only one policy can be applied to every single application at any one time. P O T E N T I A L L Y I N F E C T E D O B J E C T An object whose code contains a modified segment of code of a known threat, or an object resembling a threat in the way it behaves. P R O T E C T I O N The application's operating mode under which objects are scanned for the presence of malicious code in real time. The application intercepts all attempts to open any object (read, write, or execute) and scans the object for threats. Uninfected objects are passed on; objects containing threats or probably infected objects are processed according to the task preferences (disinfected, deleted or quarantined). P R O T E C T I O N S T A T U S The current status of protection, summarizing the degree of a computer's security. 132
G L O S S A R Y Q Q U A R A N T I N E The folder to which the Kaspersky Lab application moves probably infected objects that have been detected. Quarantined objects are stored in encrypted form to prevent them from harming the computer. R R E C O M M E N D E D L E V E L A security level based on application preferences recommended by Kaspersky Lab experts and providing an optimal level of protection for your computer. This level is set to be used by default. R E S E R V E K EY A key that confirms the right to use the application although it is not currently in use. R E S T O R A T I O N Relocation of the original object from Quarantine or Backup to its original folder where the object had been stored before it was quarantined, disinfected or deleted, or to a user-defined folder. T T A S K F O R S P E C I F I C C O M P U T E R S A task assigned for a set of client computers from arbitrary administration groups and performed on those hosts. U U P D A T E A feature of the Kaspersky Lab application that allows maintaining computer protection in up-to-date condition. While being updated, the application copies updates for application databases and modules from Kaspersky Lab servers to the computer and then installs and applies them automatically. U P D A T E P A C K A G E A file package for updating application modules. A Kaspersky Lab's application copies update packages from Kaspersky Lab's update servers and automatically installs and applies them. 133
AO KASPERSKY LAB Kaspersky Lab software is internationally renowned for its protection against viruses, malware, spam, network and hacker attacks, and other threats. In 2008, Kaspersky Lab was rated among the world s top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009". Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The company employs more than 2000 qualified specialists. PRODUCTS. Kaspersky Lab products provide protection for all systems from home computers to large corporate networks. The personal product range includes anti-virus applications for desktop, laptop, and tablet computers, and for smartphones and other mobile devices. Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and firewalls. Used in conjunction with Kaspersky Lab s centralized management system, these solutions ensure effective automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are optimized to run on many hardware platforms. Kaspersky Lab s virus analysts work around the clock. Every day they uncover hundreds of new computer threats, create tools to detect and disinfect them, and include them in databases used by Kaspersky Lab applications. Kaspersky Lab's Anti-Virus database is updated hourly; and the Anti-Spam database - every 5 minutes. TECHNOLOGIES. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by Kaspersky Lab. This is one of the reasons why many third-party software developers have chosen to use the Kaspersky Anti-Virus engine in their own applications. Those companies include SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies (Israel), Clearswift (UK), CommuniGate Systems (USA), Openwave Messaging (Ireland), D-Link (Taiwan), M86 Security (USA), GFI Software (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), Netasq+Arkoon (France), NETGEAR (USA), Parallels (USA), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan). Many of the company s innovative technologies are patented. ACHIEVEMENTS. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. For example, in 2010 Kaspersky Anti-Virus received several top Advanced+ awards in a test administered by AV-Comparatives, a reputed Austrian anti-virus laboratory. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The company s products and technologies protect more than 300 million users, and its corporate clients number more than 200 thousand. Kaspersky Lab s website: Virus encyclopedia: Virus Lab: Kaspersky Lab s web forum: http://www.kaspersky.com http://www.securelist.com http://newvirus.kaspersky.com (for analyzing suspicious files and websites) http://forum.kaspersky.com 134
INFORMATION ABOUT THIRD-PARTY CODE Information about third-party code is contained in the file legal_notices.txt, in the application installation folder. 135
TRADEMARK NOTICES Registered trademarks and service marks are the property of their respective owners. Finder, Mac, OS X, and Safari are trademarks of Apple Inc., registered in the USA and elsewhere. Google Chrome is a trademark owned by Google, Inc. Excel, Microsoft, and Windows are registered trademarks of Microsoft Corporation in the United States and other countries. Firefox is a trademark of the Mozilla Foundation. Novell is a trademark of Novell Inc. registered in the USA and elsewhere. VMware Fusion is a trademark of VMware, Inc., or trademark of VMware, Inc. registered in the USA or in other jurisdictions. UNIX is a trademark registered in the USA and elsewhere and used under license granted by X/Open Company Limited. 136
INDEX A Actions to perform on objects... 70 Activating the application trial version... 30 Activating the application with an activation code... 31 Administration Plug-in installing... 83 AO Kaspersky Lab... 136 Application activation... 29 Application databases... 39 AVZ script... 124 B Backup... 71 C Custom installation... 18 D Databases... 63, 64 automatic update... 66 manual update... 66 Deployment... 82 H Hardware and software requirements... 14 I Installation remote... 89 L Launch virus scan tasks... 37, 38 License... 26 activation code... 28 End User License Agreement... 26 information... 28 purchasing... 29 renewal... 29 M Main application window... 22 N Network Agent installation... 84, 85 Notifications... 24, 43 137
A D M I N I S T R A T O R ' S G U I D E P Policy... 97, 101 Protection... 34 Protection Center... 33, 35 Q Quarantine... 42 R Remote installation... 89 Reports... 42 Restoring an object... 42, 70 S Scan scope... 119 Security level virus scan... 59 Source of updates... 64, 67 Starting Application... 32 Storages Backup... 71 T Task... 105 Tracing trace file... 124 U Uninstalling the application... 20 Update rolling back the last update... 63 scanning files in Quarantine... 70 scheduled run... 66 update object... 66 Update task start... 39 Updates update source... 67 Updating the application... 39 V Virus Scan... 37, 38 restoring default preferences... 61 scheduled run... 60 security level... 59 138