The larger the network, the more the system administrator (or IT department) tries to automate the management of software products. Antivirus software is no exception in this regard.

Many antivirus manufacturers have in their arsenal tools remote administration, today we will talk about a similar solution from Kaspersky Lab.

In general, Kaspersky Security Center is a rather serious application, which definitely cannot be described in one article. Therefore, in this article we will analyze only its deployment.

You can download Kaspersky Security Center. The product itself consists of a server that will need to be deployed, an administration console that can be installed on another computer for remote administration of the server, a web console as an alternative to the usual one, and an administration agent that is installed on client computers and is responsible for communicating anti-virus software with the server.

The server itself must be deployed only on Windows operating systems. Moreover, the presence of a server edition is not necessary. Systems from XP and higher are supported, but only in the Professional/Enterprise/Ultimate editions. WITH full list Supported systems can be found on the website.

In addition, the server requires MS SQL or MySQL (remote is possible) to operate. If ready server There are no databases at hand, the Kaspersky Security Center installer will install MS SQL Express itself, which is quite enough for most organizations.

So, to deploy the server, download and run installation file(I recommend downloading the full distribution). As test bench we have selected a computer with an operating system Windows system Server 2012 R2.

You will see a convenient menu in which we are now interested in the “Install Kaspersky Security Center 10” item.

After starting the installation, you will be asked to accept the license agreement and select the installation type. For better control over the installation process, we note the custom installation.

If there is a network mobile devices, you can install a separate component to manage their protection.

Enter the size of your network. This point, however, does not carry any important determining force.

Next, the installation program will ask under which user to run the administration server service. You can specify an existing user with admin rights or allow the installer to create a new one.

The next step is to select a database server. As already mentioned, there are two options here - MS SQL or MySQL. If you do not have a ready-made server, Kaspersky Security Center will carefully deploy MS SQL Express.

At this step in the installation process, you may be in for a small surprise if it is not installed on your system. NET Framework 3.5SP 1.

Windows Server .NET Framework 3.5 SP 1 is built in as a feature and only needs to be enabled. If you do not have a server room operating system, then you need to go to the Microsoft website and download the installer.

Let's consider the option of enabling the component in Windows Server. To do this, open Server Manager and select “Add roles and features.”

A wizard will launch in which we need to indicate that we are going to install roles or components.

We select our server and skip the selection of roles. In the list of components, find .NET Framework 3.5 Functions and check them.

After this, we will return to installing Kaspersky Security Center itself.

We need to select the SQL authentication mode. This could be separate Account, and the current one.

The Kaspersky Security Center server requires a shared folder, which client computers could access to receive updates and installation packages. You can create a new folder or specify an existing one.

We indicate the ports through which we will connect to the administration server.

Specify the server address on the network. If the server has and will have a static IP address, you can limit yourself to it. But it’s still more convenient to identify the server by name.

The last step before installation is to select the necessary plugins. Plugins allow you to manage various Kaspersky Lab antivirus products. This is useful if you have a whole “zoo” of versions. Plugins can also be installed later.

Now all that remains is to watch the installation process. Sometimes plugins require you to accept a separate license agreement.

The installation of Kaspersky Security Center is complete.

Now let's go over the initial server setup. The administration console installed with the server looks like this:

The console can also be installed separately. And it’s even necessary so as not to log into the server every time for routine actions.

The left column lists the servers. For now there is only our newly created server. If you administer several servers, then simply click Add Administration Server.

So, click on the newly created server and the Initial Setup Wizard will launch. You will be asked to activate the program using a code or key. However, this can be done later.

In addition, the wizard will ask for your consent to participate in the Kaspersky Security Network program. Essentially, this is another spy on your computers that sends Kaspersky Lab data about what resources you access and where you pick up the infection. This is motivated by the creation of a certain knowledge base. In my opinion, for the end user the point of participating in such a program is questionable.

You will also be asked to indicate mailboxes for notifications from the Kaspersky Security Center server. You can skip this step.

After all these steps, the server will start downloading the latest updates from the network. In the future, you can configure not the Kaspersky Lab server on the Internet as an update source, but an upstream server, if there are several of them on your network.

After downloading updates and polling the network, the wizard will display a successful completion message and offer to run the Deploy Protection on Workstations Wizard.

We will talk about deploying protection on workstations in.

The connection gateway is used if it is not possible to establish a direct connection with the Administration Server and the client computer. For example, the Administration Server is located on the corporate network, but the client computer is not part of it.

How to install

To install Network Agent locally in connection gateway mode:

1. Run the installation file on the device that will be the connection gateway.

By default, the installation file is located:
\\<Адрес сервера администрирования>\KLSHARE\Packages\NetAgent_10.4.343.

1. Read the terms and conditions License Agreement and check the box I accept the terms of the License Agreement.

1. Select the installation folder.

1. Set Server Address and uncheck Allow Network Agent to open a UDP port.

1. Skip a step Proxy configuration.
2. Select Use as a connection gateway in the demilitarized zone.

1. Select Receive from Administration Server.

1. Set tags if you use them. For more information about using tags, see the article How and why to use tags in Kaspersky Security Center 10.

1. Skip a step Extra options.
2. Check the box Run the program during installation.

1. Click Install.

How to setup

1. Open Kaspersky Security Center 10.
2. Open context menu node Managed devices and press Create → group.

1. Set a name new group and press OK.

1. Open Properties node Administration Server.
2. Go to section Update Agents and uncheck Assign update agents automatically.Click Add.

1. In the field drop-down menu, click Add a connection gateway located in the DMZ at.

1. Enter the connection gateway address and click OK.

1. Select the set of devices associated with this connection gateway. Click OK.

During the next network scan, the Administration Server will detect the connection gateway added by IP address and place it in Unassigned devices.

1. Add a connection gateway to a group External devices created in step 3.
2. Open Properties node Administration Server and go to the section Update Agents. Click Add.
3. In the field dropdown menu A device that will act as an update agent click Add a device from a group. Add a connection gateway from the group Externaldevices and press OK. Repeat step 8.
4. Select the added connection gateway and open it Properties.

1. Go to section Gateway. Check the box Connection Gateway And Initiate the creation of a connection to the gateway from the Administration Server side. Set Gateway address for remote devices, for example, abc-lab.kaspersky.com. Click OK.

You can create a Network Agent policy for the connection gateway. When creating at step Net uncheck the box Use UDP port.

This material was prepared for specialists involved in management antivirus protection and safety at the enterprise.

This page describes and discusses the most interesting functionality of the latest versions of Kaspersky Endpoint Security 10 and the central management console of Kaspersky Security Center 10.

The information was selected based on the experience of communication by NovaInTech specialists with system administrators, heads of IT departments and security departments of organizations that are just switching to Kaspersky anti-virus protection, or are going through the process of switching from using the 6th version of the anti-virus on client computers and the Administration management console Kit 8. In the latter case, when anti-virus protection from Kaspersky Lab is already in use, it is also often the case that IT specialists do not know the most interesting aspects in the work of new versions of products that really help make life easier for these same IT specialists, and at the same time increase level of safety and reliability.

After reading this article and watching the videos, you will be able to briefly familiarize yourself with the most interesting functionality that provides latest version management consoles of Kaseprky Security Center and Kaspersky Endpoint Security and see how it works.

1. Installation of the Kaspersky Security Center 10 administration server.

You can find the necessary distribution kits on the official Kaspersky Lab website:

ATTENTION! To the distribution full version Kaspersky Security Center already includes the latest version of Kaspersky Endpoint Security distribution kit.

First of all, I would like to talk about where to start installing anti-virus protection from Kaspersky Lab: Not with the anti-viruses themselves on client computers, as it might seem at first glance, but with the installation of the administration server and the central management console Kaspesky Security Center (KSC ). Using this console, you can deploy anti-virus protection on all computers in your organization much faster. In this video you will see that after installing and minimally configuring the KSC administration server, it becomes possible to create an installer for an anti-virus solution for client computers, which even a completely untrained user can install (I think every administrator has such “users”) - the installation interface contains only 2 buttons - “Install” and “Close”.

The administration server itself can be installed on any computer that is always on or is maximally accessible; this computer must be visible to other computers on the network, and it is very important for it to have access to the Internet (for downloading databases and synchronizing with the KSN cloud).

Watch the video, even if you have installed the center console before, but previous versions- perhaps you will hear and see something new for yourself...

DID YOU LIKE THE VIDEO?
We do the same supply of Kaspersky products. And even more - we provide technical support. We care about our clients.

2. Setting up centralized management on computers with Kaspersky already installed.

It is often found that in small organizations, system administrators install and configure anti-virus protection on each computer manually. Thus, the time they spend on maintaining anti-virus protection increases and they do not have enough time for some more important tasks. There are cases when administrators, simply due to lack of time, simply do not know that corporate versions of anti-virus protection from Kaspersky Lab generally have centralized management, and do not know that they do not have to pay anything for this miracle of civilization.

In order to “link” already installed client antiviruses with the administration server, you need very little:

• Install the administration server (First section of this article).
• Install the administration server agent (NetAgent) on all computers - I will tell you about the installation options in the attached video below.
• After installing the administration server agent, the computers, depending on your settings, will be either in the “Non-distributed computers” section or in the “Managed computers” section. If the computers are in “Not distributed computers”, they will need to be transferred to “Managed computers” and configure a policy that will apply to them.

After these steps, your computers will be visible to you from the central console, users will no longer be able to manage the antiviruses installed on their machines and, as a result, there will be fewer infections and less headaches for the administrator.

In the video below, I will try to describe scenarios for installing NetAgents on client computers, depending on how your network is structured.

Good day, dear visitor. From the title of the article you already understand that today we will talk about protection. In one of the previous articles, I reviewed a product related to this area of ​​IT, which showed itself well. Today I will tell you about an equally interesting product from Kaspersky Lab, of which we are partners, Kaspersky Endpoint Security. It will be reviewed in the Hyper-V virtual environment, on second-generation machines. The server part will be implemented on a domain controller running Windows Server 2012 R2, AD mode Windows Server 2012 R2, and the client part on Windows 8.1.

It is worth noting that we constantly use this product in our practice. IT outsourcing.

What is Kaspersky Endpoint Security?

Kaspersky Endpoint Security for Windows offers world-class technology to protect against malware combined with Application Control, Web Control and Device Control, as well as data encryption - all within one application. All functionality is managed from a single console, which simplifies the deployment and administration of a wide range of Kaspersky Lab solutions.

Possibilities:

• Single application
• Single console
• Unified policies

Kaspersky Endpoint Security for Windows is a single application that includes a wide range of critical security technologies, such as:

• Anti-malware protection (including firewall and intrusion prevention system)
• Workplace control
• Program control
• Web Control
• Device Control
• Data encryption

Kaspersky Endpoint Security differs in the set of included modules, containing a different number of modules depending on the edition:

• STARTING,
• STANDARD
• ADVANCED
• Kaspersky Total Security for business

In our case we will use ADVANCED.

The following features are available as part of the Kaspersky Endpoint Security for Business START solution:

The following features are available as part of the Kaspersky Endpoint Security for Business STANDARD solution:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control

...as well as other Kaspersky Lab technologies to ensure IT security

The following features are available as part of the Kaspersky Endpoint Security for Business ADVANCED and Kaspersky Total Security for Business solutions:

• Anti-malware, firewall and intrusion prevention system
• Workplace control
• Program control
• Web Control
• Device Control
• Encryption
  ...as well as other Kaspersky Lab technologies to ensure IT security.

Architecture

Server part:

• Kaspersky Security Center Administration Server
• Administration console of Kaspersky Security Center
• Kaspersky Security Center Network Agent

Client part:

• Kaspersky Endpoint Security

So let's get started

Installing the administration server

In our case, the administration server will be installed on the AD controller in Windows mode Server 2012 R2. Let's start the installation:

I forgot to clarify, we will use Kaspersky Security Center 10. Let's install full distribution , downloaded from the Kaspersky Lab website, which includes the installation package of Kaspersky Endpoint Security 10, respectively, and Network Agent 10

In the next wizard window, select the path to unpack the distribution and click “Install”.

After unpacking the distribution, we are greeted by the Kaspersky Security Center installation wizard; after clicking the “Next” button, the wizard asks “Network size”, because We will have only two clients, one x86 and the other x64, then we indicate “Less than 100 computers on the network.”

We specify the account under which the “Administration Server” will start. In our case, the domain administrator account.

Kaspersky Security Center stores all its data in a DBMS. During installation, the wizard prompts you to install Microsoft SQL Server 2008 R2 Express, or, if you have an already installed DBMS, you can select the name of the SQL server and the name of the database.

At the “Administration server address” stage, the wizard asks you to specify the server address, because Since we have AD installed and DNS integrated, it would be wiser to specify the server name.

After selecting the plugins for management, the installation of Kaspersky Security Center will begin.

After successful installation and the first launch of Kaspersky Security Center, we are greeted by the initial setup wizard, in which we can specify a key, accept the agreement for KSN participation, and specify an email address for notifications.

The update parameters are also specified and a policy with tasks is created.

After installation, the following will be installed on our server:

• Administration Server
• Administration Console
• Administration Agent

But Kaspersky Endpoint Security will not be installed. We will perform a remote installation, because... the administration agent is already installed, then we can deploy Kaspersky Endpoint Security to the server. If there is no administration agent and all incoming connections are blocked in the Firewall Windows remote installation will not work. Expand the “Remote Installation” node and select “Run Remote Installation Wizard”. Select the installation package and click the “Next” button

In the “Select computers for installation” window, select the installation option for computers located in administration groups. Then select the server and click the “Next” button.

A system reboot will be required after updating important modules of Kaspersky Endpoint Security, because... The package is new enough that a reboot is not needed. When selecting credentials, let's leave everything as default, i.e. empty. After clicking the “Next” button, we will see the installation progress of Kaspersky Endpoint Security.

Creating groups

Because Since the policies and tasks intended for servers differ from the policies and tasks of workstations, we will create groups corresponding to the type of administration for different machines. Expand the “Managed computers” node and select “Groups”, click “Create a subgroup”. Let's create two subgroups, “Workstations” and “Servers”. From the “Managed computers – Computers” menu, using “drag and drop” or “cut & copy”, move “DC” to the “Servers” group and create a policy and tasks for this group different from the tasks and policies in the “Managed computers” node "

Installing Kaspersky Endpoint Security

To install Kaspersky Endpoint Security remotely, you need to disable UAC during installation. The requirement is "inconvenient", so we will create a policy in the GPO for Windows Firewall, in which we will allow an incoming connection according to the following predefined rule “ General access to files and printers."

After setting up and distributing Group Policy, let's go to the administration console. Expand the “Administration Server” node and select “Install Kaspersky Anti-Virus”, click “Run Remote Installation Wizard”. In the installation package selection wizard window, select the required package and click “Next”. Select clients in the “Unassigned computers” group and click “Next”.

In the next window, leave everything as default and click “Next”. After the window with choosing a key, the wizard prompts you to ask the user to reboot the system after installation of Kaspersky Endpoint Security is completed, leave it as default and click “Next”. At the “Remove incompatible programs” step, you can make adjustments, of course, if they are necessary. Next, the wizard suggests moving client computers to one of the groups; in our case, moving them to the “Workstations” group.

As we can see, the console “speaks” about the successful installation of Kaspersky Endpoint Security on client stations.

As we can see, after installation, the administration server transferred client machines according to the conditions in the remote installation task.

Kaspersky Endpoint Security on the client machine.

Let's create a policy for client stations in which we will enable "Password protection", this is necessary, for example, if the user wants to turn off the antivirus.

Let's try to disable protection on the client machine.

Rules for moving computers

On the administration server, you can set movement rules for client computers. For example, let's create a situation in which Kaspersky Endpoint Security will be installed on a newly discovered PC. This is useful in a scenario where an organization has installed a new PC.

To automate the deployment of Kaspersky Endpoint Security, we will define movement rules for computers. To do this, select the “Unassigned computers” node and select the “Configure rules for moving computers to administration groups” item and create a new rule.

In the created rule, the newly detected PC will be added to the “Workstations” group from the specified range of IP addresses.

Next, we will create a task to automatically deploy anti-virus protection for machines on which it is not installed. To do this, select the “Workstations” group and go to the “Tasks” tab. Let’s create a task to install anti-virus protection with the “Immediate” schedule.

So, we see that the client computer has been added to the “Workstations” group.

Let's go to the "Tasks" tab and see that the installation task has started.

Let me remind you that the situation was reproduced on a machine without anti-virus protection (although before that I demonstrated a remote installation on one of them, after that the anti-virus was removed to demonstrate this scenario) and, as you can see, the installation takes place on a machine without anti-virus protection, a machine with anti-virus protection was not touched by the defense. After installing anti-virus protection, the KES policy will be applied to this client computer.

Reports

Reports in Kaspersky Endpoint Security are more than informative. For example, let's look at the report “About versions of Kaspersky Lab programs”.

The report, in some detail, displays information about installed programs Kaspersky Lab. You can see how many agents, client solutions and servers are installed. Reports can be deleted and added. You can also view the status of anti-virus protection using the “Selection of computers”, which helps you conveniently sort computers with infected objects or with critical events.

In conclusion, I would like to say that only a small part of the Kaspersky Lab anti-virus complex was reviewed. The controls are indeed convenient and intuitive. But it is worth noting the enormous workload of client systems during the search for viruses and potential threats; this workload is caused mainly by heuristic analysis, which requires quite a lot of resources. The product is very easy to administer and is suitable for both AD and working group. This product installed on many our clients and shows himself only from the good side.

That's it, people, peace to you!