KL 019 10 Eng Guide PDF

LY
ON
E
US
FO
R
IN
TE
RN
AL
Version 3.2
Kaspersky Lab
www.kaspersky.com
Technical Training KL 019.10
LY
Kaspersky Endpoint Security and Management:

Small Business
ON
Student Guide
Foreword ......................................................................................................................... 4
Background ................................................................................................................................................................... 4
Idea ............................................................................................................................................................................... 6
Audience ....................................................................................................................................................................... 8
Outline .......................................................................................................................................................................... 8
Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control ......... 10
US
1.1 Structure and Licensing of KES for Business ....................................................................................................... 10

License types ........................................................................................................................................................ 10
Kaspersky Endpoint Security for Business Core .................................................................................................. 10
Kaspersky Endpoint Security for Business Select ................................................................................................ 12
Kaspersky Endpoint Security for Business Advanced .......................................................................................... 12
Targeted Security solutions .................................................................................................................................. 14
AL
1.2 Requirements of Small Businesses ....................................................................................................................... 14

1.3 Description of KES for Business .......................................................................................................................... 16
RN
Kaspersky Endpoint Security components ........................................................................................................... 16

Anti-malware protection ...................................................................................................................................... 18
Updates ................................................................................................................................................................ 22
Centralized management...................................................................................................................................... 24
Endpoint Control.................................................................................................................................................. 26
Summary .............................................................................................................................................................. 30
Chapter 2. KES for Business: Installation, Setup, Troubleshooting ............................ 32
2.1 Basic Installation Sequence .................................................................................................................................. 34
TE
Installing the Administration Server .................................................................................................................... 34

Installing Kaspersky Endpoint Security over the network ................................................................................... 37
Local installation of Kaspersky Endpoint Security .............................................................................................. 40
Getting started with the console ........................................................................................................................... 42
Virus activity monitoring...................................................................................................................................... 44
2.2 Advanced Installation Scenarios ........................................................................................................................... 46
IN
Uninstallation of protection tools by other manufacturers .................................................................................. 46

KES Activation ..................................................................................................................................................... 49
2.3 Monitoring ............................................................................................................................................................ 52
FO
R
Where to look ....................................................................................................................................................... 52

Update health ....................................................................................................................................................... 54
Protection health check ........................................................................................................................................ 56
2.4 Settings ................................................................................................................................................................. 58

Configuring real-time protection exclusions........................................................................................................ 58
Blocking program start ........................................................................................................................................ 60
Blocking removable drives ................................................................................................................................... 64
Blocking online shops .......................................................................................................................................... 66
2.5 Virus Scanning Demonstration ............................................................................................................................. 68

2.6 Summary ............................................................................................................................................................... 70
KASPERSKY LAB
KL 019.10: Kaspersky Endpoint Security and Management: Small Business
LY
Chapter 3. KES for Business: Extended Features ........................................................ 72

3.1 Mobile Device Management ................................................................................................................................. 72
ON
Outline .................................................................................................................................................................. 72
Objective .............................................................................................................................................................. 72
Bring your own device.......................................................................................................................................... 74
Range of technologies .......................................................................................................................................... 74
Apple MDM .......................................................................................................................................................... 76
Microsoft ActiveSync ............................................................................................................................................ 76
Kaspersky Security for Mobile ............................................................................................................................. 78
Conclusion............................................................................................................................................................ 80
3.2 Encryption ............................................................................................................................................................. 80
US
Outline .................................................................................................................................................................. 80
Objective .............................................................................................................................................................. 80
Encryption in Kaspersky Lab products ................................................................................................................ 82
Disk encryption .................................................................................................................................................... 82
Encryption of files and folders ............................................................................................................................. 84
Encryption of removable drives............................................................................................................................ 84
What encryption cannot protect from ................................................................................................................... 84
Conclusion............................................................................................................................................................ 86
3.3 Systems Management ........................................................................................................................................... 86
RN
AL
Outline .................................................................................................................................................................. 86
Objective .............................................................................................................................................................. 88
Vulnerability and patch management ................................................................................................................... 88
Software management .......................................................................................................................................... 90
Operating system deployment .............................................................................................................................. 90
Network access control ........................................................................................................................................ 92
Inventory and license control ............................................................................................................................... 93
Conclusion............................................................................................................................................................ 94
3.4 Kaspersky Security for Microsoft Exchange ......................................................................................................... 96
TE
Outline .................................................................................................................................................................. 96
Objective .............................................................................................................................................................. 96
Licensing .............................................................................................................................................................. 96
Anti-virus protection ............................................................................................................................................ 96
Anti-spam protection ............................................................................................................................................ 98
Conclusion............................................................................................................................................................ 98
3.5 Summary ............................................................................................................................................................... 98
FO
R
IN
Conclusion .................................................................................................................. 100
FO
R
AL
RN
TE
IN
E
US
ON
LY
3
KASPERSKY LAB
LY
Foreword
First of all, let us briefly describe:
ON
Course backgroundour view of the situation and what we would like to change
Course ideawhat we believe is able to change the situation
Course outlinethe themes that will be covered and their presentation order. Because it is always good to
know what is in store for us
Audienceour view of prospective trainees
Background
US
First of all, we are going to tell only about business products by Kaspersky Lab. No KISes, only KESes.
Our picture of the world is as follows. Doing business only through direct sales is possible, but inefficient. That is
why we, meaning, Kaspersky Lab, are extremely interested in retailers. We want to help them in every possible way.
European and worldwide statistics tell us that majority of purchases are being done by not even middle, but small
business (about 50 endpoints). These sales are made by relatively small partners.
AL
Such a partner does not have pre-sales and post-sales engineers; instead, more often than not they have a versatile
employee responsible for selling Kaspersky Lab products (and quite likely other products as well).
RN
We believe that because of such versatility, this employee does not possess deep knowledge of Kaspersky Lab
products, their installation and configuration, and therefore cannot influence the sales process, because for them,
Kaspersky Lab products are just goods like any others and the sales success mainly depends on the knowledge and
interest of the buyer. And this is the first thing we would like to change.
We want this versatile employee to tell a potential customer an entertaining and informative story about Kaspersky
Lab products and thus boost their interest (and sales).
TE
We also know that sales in the Anti-Virus protection market (or, in modern terms, in the endpoint protection market)
are cyclic. Sales are cyclic. It means that a one-year license is sold, which can be renewed a year later at a lower
price. One would think that the discount is sufficient to motivate the renewal, but in fact the customer can get
a similar discount for migrating to a rival product. The price is not enough to retain a customer.
FO
R
IN
For a successful renewal, it is important to keep the customers happy, or at least satisfied. Currently, the versatile
sales people have little influence on the customers satisfaction. They do not participate in product installation and
support.
FO
R
AL
RN
TE
IN
E
US
ON
LY
Foreword
KASPERSKY LAB
ON
LY
Meanwhile, the customers satisfaction mainly depends on their ability to correctly install and configure the product.
Later, the customer may contact the technical support of the local Kaspersky Lab office. But at first, someone has to
install the products. Small clients (10-50 endpoints) may lack skilled employees to perform this task. In fact, this
task is not difficult at all, but people often make mountains out of mole hills. The deal may fail for the reason that
product installation is not guaranteed. Or the deal can be made, but the customer may install the product incorrectly;
in a year, the disappointed client will not renew the license. And this is the second point we want to change.
We want the versatile sales person to spend a couple of hours helping the customer to install and configure
Kaspersky Lab products if necessary. Let us repeat once again, the task is not actually difficult. Especially with
a small number of computers.
Idea
To achieve our aims, i.e.
US
Help small partners gain buyers interest in Kaspersky Lab products

Teach small partners how to install and configure Kaspersky Lab products should the necessity arise
AL
Kaspersky Lab decided to prepare a small workshop. We understand that we are talking about small partners who
are not exclusive resellers of Kaspersky Lab, for which Kaspersky Lab sales are important, but not a top priority,
and who are not ready to invest too much in collaboration with Kaspersky Lab. And we do not require considerable
investments. The workshop will take less than a day. During the workshop, we will tell about the products without
too much technicalities, and also demonstrate and let you try installing and configuring the products.
FO
R
IN
TE
RN
It goes without saying that we are talking not about all of Kaspersky Lab products, but only about those that may be
of interest to small partners and clients. Namelyabout Kaspersky Endpoint Security, Kaspersky Security Center
and a couple of other products that may come in handy as well.
FO
R
AL
RN
TE
IN
E
US
ON
LY
Foreword
KASPERSKY LAB
LY
Audience
ON
The course is designed to help partners; however, it will be delivered to people, not to abstract legal persons. We
would like to shake hands with those versatile people who sell Kaspersky Lab products. What do we expect from the
audience?
We expect that they ever installed some programs by themselves. Whichever. The point is that the installation
process must not seem difficult or requiring some special skills to them.
We expect that they ever heard of malware and the harm it may cause. Just basics, no special knowledge is required.
We expect that they are interested in knowing more about Kaspersky Lab products, what they can do and how to
install them.
US
Thats it. And now let us get down to the course outline.
Outline
AL
The workshop consists of three parts: two reviews and one practice. During the practical part, we will explain how
to install and configure Kaspersky Endpoint Security and Kaspersky Security Center. We will not go into all of
the details and technicalities; instead, we will study the simplest scenarios that should work well in small networks.
The practical part will go second. First of all, we will review Kaspersky Endpoint Security and Kaspersky Security
Center. It is not supposed to be a deep study, since KES and KSC together have so many capabilities that we wrote
a 7-day technical course to describe them and yet had to omit some minor features.
RN
That is why during the first overview, we will just tell you how KES and KSC provide protection against threats.
Eventually, a small company typically arrives at the idea of buying Kaspersky Anti-Virus after an unpleasant
malware incident rather than after a thorough analysis of processes and automation solutions.
In the third (final) part of the workshop we will briefly describe what KES and KSC can do in addition to anti-virus
protection, and also tell about Kaspersky Security for Microsoft Exchange.
TE
So, the course outline is as follows:
Protection against threats, Endpoint Control, centralized management and licensing (the order may vary
though)
2.
Installation and initial setupdemonstrations, explanations and practice of installing Kaspersky Endpoint
Security and Kaspersky Security Center
3.
Mobile Device Management, Encryption, Systems Management, special capabilities for service providers,
protection for the Microsoft Exchange mail system
IN
1.
FO
R
At the beginning of each chapter, we will provide a bit more detailed outline.
FO
R
AL
RN
TE
IN
E
US
ON
LY
Foreword
10
KASPERSKY LAB
LY
Chapter 1. Kaspersky Endpoint Security

for Business: Protection and Control
ON
In this chapter we start studying Kaspersky Endpoint Security for Business. Since several license bundles are
available for this solution, let us first focus on licensing and find out which capabilities each license provides, and,
accordingly, which license better serves the customers purposes.
After that, we will review specifics of small businesses once again, and discuss why their requirements differ from,
for example, personal users on the one hand and large and middle-size businesses on the other hand; and which
protection features are most important for small businesses.
Then we will explain how a customer would benefit from the Kaspersky Endpoint Security for Business solution.
US
1.1 Structure and Licensing of KES for Business

License types
If you open Kaspersky Lab web site and look at the offers for small businesses, you will see the following:
AL
Kaspersky Endpoint Security for Business Core

Kaspersky Endpoint Security for Business Select
Kaspersky Endpoint Security for Business Advanced
RN
These are license types, or, to be more precise, license bundles. A license governs the use of Kaspersky Lab
products and components.
Each subsequent license bundle extends the set of available capabilities. Select includes all of the Core functions and
additionally allows using other programs and components. Advanced includes the Select bundle and further extends
the list of available components. Later we will study in detail what each license bundle consists of.
TE
Sometimes the customer says that they do not need additional programs from the Select bundle, but need a program
from Advanced. There are special Targeted Security solution licenses for such clients. They permit using a specific
program or technology and they can be added to the license bundles. For example, a customer may purchase
the KES for Business Core bundle and additionally the Kaspersky Security for Mobile license. We will list
the Targeted Security solution licenses later.
IN
If you are lucky enough, your customer might say that they have no time to pick and choose, they want it all, and
have enough money. For such customers, there is the Kaspersky Total Security for Business license bundle, which
allows using almost all of Kaspersky Lab products and technologies.
FO
R
Kaspersky Endpoint Security for Business is licensed by the number of protected nodes, meaning, computers where
protection tools are to be installed. If there are 50 computers in the customers network, they will need 50 licenses.
KES for Business Select and Advanced allow protecting not only computers, but also mobile devices, such as
smartphones and tablets. For these bundles, you need to take into account all protected devicescomputers,
smartphones and tablets.
Kaspersky Endpoint Security for Business Core

Kaspersky Endpoint Security for Business Core is designed to protect workstations against threats: malware, hacker
attacks, phishing, etc. The Core bundle does not provide protection for servers.
11
IN
TE
RN
AL
US
ON
LY
Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control
Instead, it covers most types of workstationsWindows, Linux, Mac OS. The following versions of Kaspersky Lab
programs provide protection for the respective operating systems:
FO
R
Kaspersky Endpoint Security for Windows Workstations

Kaspersky Endpoint Security for Linux Workstations
Kaspersky Endpoint Security for Mac OS
All these programs can be used under the KES for Business Core license.
Kaspersky Endpoint Security for Windows consists of many components; some of them provide protection against
threats, and others solve other tasks. The KES for Business Core license activates only the protection components.
We will describe all components of KES for Windows and their purposes later.
All business products have remote management consoles. The remote management console of Kaspersky Endpoint
Security for workstations is implemented in another program, Kaspersky Security Center. It goes without saying that
the KES for Business Core license permits using Kaspersky Security Center for managing Kaspersky Endpoint
Security. However, Kaspersky Security Center also has additional components that are not covered by the KES for
Business Core license. We will study these components in Chapter 3.
12
KASPERSKY LAB
Kaspersky Endpoint Security for Business Select
LY
ON
Kaspersky Endpoint Security for Business Select includes everything available in the Core bundle: protection
against threats for Windows, Linux and Mac workstations, and also protection management via Kaspersky Security
Center.
Additionally, KES for Business Select allows protecting against threats Windows, Linux and Novell NetWare
servers. The following programs provide protection for servers:
Kaspersky Endpoint Security for Windowsthe same program that protects workstations; works on all
Windows computers
Kaspersky Anti-Virus for Windows Servers Enterprise Editiona special version for corporate server
systems; supports terminal services, clusters, etc.
Kaspersky Anti-Virus for Linux File Server
Kaspersky Anti-Virus for Novell Netware
US
Except for computers, Kaspersky Endpoint Security for Business Select enables protecting mobile devices
smartphones, tablets, etc. The program by Kaspersky Lab that protects such devices is named Kaspersky Security
for Mobile.
AL
The KES for Business Select license is not limited to protection only. It activates the components of Kaspersky
Endpoint Security for Windows that allow controlling employees actionsprohibit the users from starting
the selected programs, connecting devices and visiting web sites. We will overview the capabilities of these
components in more detail later.
Finally, KES for Business Select allows using Kaspersky Security Center for managing all of the abovementioned
programs. In particular, activates special components of Kaspersky Security Center for mobile device management.
We will describe these components in Chapter 3.
RN
Kaspersky Endpoint Security for Business Advanced

The Advanced bundle includes everything from the Select bundle and provides several additional capabilities.
TE
In Kaspersky Endpoint Security for Windows Workstations, the KES for Business Advanced license activates
encryption components. These components protect data on the devices that can be lost or stolen.
In Kaspersky Security Center, the KES for Business Advanced license activates the Systems Management
components.
FO
R
IN
All these components will be described in Chapter 3.
13
FO
R
IN
TE
RN
AL
US
ON
LY
14
KASPERSKY LAB
LY
Targeted Security solutions
ON
It may happen that the customer is interested in protection for workstations and servers, and is not interested in
protecting mobile devices. Or needs to protect only workstations and mobile devices, without servers. Such
a customer may be offered the KES for Business Core bundle and an additional license for server protection or
mobile device protection.
For Mail Server

For File Server
For Mobile
For Internet Gateway
For Virtualization
For Collaboration
For Systems Management
For Storage
For Anti-Spam Protection
For Windows Servers Enterprise Edition
US
The following additional licenses are available within the framework of the Targeted Security solutions program:
We will not go into the details concerning these licenses and programs they activate. The only program we will
describe is Kaspersky Security for Microsoft Exchange Servers, which is activated by the license for mail servers.
AL
If a customer needs all (or almost all) business products by Kaspersky Lab, the Kaspersky Total Security for
Business license will suit them perfectly. It includes all licenses for targeted security solutions and everything
available in the Kaspersky Endpoint Security for Business Advanced bundle.
RN
1.2 Requirements of Small Businesses

Any business needs protection against threats, and small businesses have their specifics and typical requirements for
the protection system.
TE
Unlike large companies, small businesses have no specialization among administrators. There is usually only one
administrator, sometimes even not on the staff, who is responsible for administering everything within the company.
Small businesses cannot invest much in the administrators education.
Therefore, small businesses need user-friendly solutions that require minimum administering. A protection solution
must block threats automatically without bothering the users and have no false positives. Installation and setup of
such a solution must not require special knowledge and skills.
FO
R
IN
Let us look at Kaspersky Endpoint Security for Business from this point of view and demonstrate that KES for
Business can be used right away, without training, that installation will not take much time, setup is not necessary,
and maintenance boils down to consulting the console from time to time.
15
FO
R
IN
TE
RN
AL
US
ON
LY
16
KASPERSKY LAB
LY
1.3 Description of KES for Business

Kaspersky Endpoint Security components
ON
Kaspersky Endpoint Security consists of components, each of which has its own responsibility area. Some
components protect against threats, some help to control the user, and others encrypt data.
Protection components are most numerous and they can be grouped by functionality.
The following components search for malware and neutralize it:
Virus scan
File Anti-Virus
Mail Anti-Virus
Web Anti-Virus
IM Anti-Virus
US
These components protect against threats propagating over the network:

Firewall
Network Attack Blocker
AL
The System Watcher component protects from complex threats that can be detected only if information from all
other protection components is gathered.
KSN and update modules also participate in protection against threats. We will talk about them later in this chapter.
RN
Each of the control components has a special purpose:

Application Privilege Control
Application Startup Control
Device Control
Web control
TE
Finally, encryption components protect data at two levels:
FO
R
IN
Disk Encryption
Encryption of files and folders
17
FO
R
IN
TE
RN
AL
US
ON
LY
18
KASPERSKY LAB
LY
Anti-malware protection
When describing components, similarly to products in general, we will place emphasis on the role they perform and
the difference they make. Now let us study the following components of Kaspersky Endpoint Security:
ON
Virus scan
File Anti-Virus
Mail Anti-Virus
Web Anti-Virus
IM Anti-Virus
All of them are directly responsible for anti-malware protection. Other components improve protection; make it
more reliable, more self-sufficient, and more proactive. But most of the virus detection activities are performed by
the components listed above.
US
Why so many Anti-Virus components? They differ in where they look for malware.
File Anti-Virus
File Anti-Virus permanently monitors the files being accessed on the computer and scans them for infections prior
to allowing access. This is the most important of the Anti-Virus components. It prevents most of the malware from
starting. It cannot be disabled.
AL
Mail Anti-Virus
Mail Anti-Virus scans e-mail messages on the fly and also checks the attachments for malware.
RN
If Mail Anti-Virus is disabled, messages and files attached to them will be scanned nevertheless by File Anti-Virus.
But it is easier to delete malware before it is saved to disk; also, scanning messages on the fly takes fewer resources.
Mail Anti-Virus saves the overall resources spent in detecting and removing malware.
Web Anti-Virus
TE
Web Anti-Virus intercepts web requests and does the following:

Scans the downloaded files for malware and thus saves resources similarly to Mail Anti-Virus
IN
Prevents the user from opening a phishing web site or a site spreading malwarethe Web Anti-Virus is
the key anti-phishing component
Disabling Web Anti-Virus makes the user vulnerable to phishing attacks.
IM Anti-Virus
FO
R
IM Anti-Virus checks links to websites within the messages sent via ICQ, MSN, Google Talk, etc. Just like Web
Anti-Virus, IM Anti-Virus checks for the links to phishing and dangerous web sites, and warns the user when
detects one. If IM Anti-Virus is disabled, the links will be intercepted by Web Anti-Virus when the user tries to open
them in a browser.
Virus scanning
Virus scanning does not intercept anything. It runs on the specified schedule and scans files on the drive more
thoroughly than the File Anti-Virus. Virus scanning should be performed once every 2 or 4 weeks, preferably at
night, because virus scanning during business hours can considerably decrease computer performance.
19
FO
R
IN
TE
RN
AL
US
ON
LY
20
KASPERSKY LAB
LY
Network Attack Blocker
ON
Some components of Kaspersky Endpoint Security do not search for malware. They help to repel threats by
decreasing the attack surface. Malware may use various penetration methods. The user might download them
from a suspicious web site, receive by e-mail, copy from an infected removable drive, etc. Some malware actively
search for the ways to penetrate a computer, try to copy themselves over the network or sneak through vulnerability
in a service running on the network computers. Limitation of the computer accessibility is called decreasing
the attack surface.
For example, complete prohibition on the use of removable drives is a method of decreasing the attack surface.
The Device Control, which will be described later, allows doing this in KES.
The use of a firewall to block unnecessary connections is another popular method of decreasing the attack surface.
A personal (or office) computer rarely needs to accept inbound connections. Usually, it establishes outbound
connections to web sites, local file servers, mail servers, etc. The firewall prevents active network attacks by
limiting inbound connections to the computer.
US
The Firewall of Kaspersky Endpoint Security is supplied with standard pre-set rules that restrict unnecessary
connections, especially, connections from the Internet.
The Firewall does not analyze the information received over the network; it works according to the rules instead. If
formal characteristics of a connection (where from, where to, via which program) indicate that it is to be blocked,
the Firewall blocks it. The Firewall is completely autonomous and does not require updates.
AL
The Network Attack Blocker component complements the Firewall. This component, on the contrary, analyzes
the information received over the network and compares it with the signatures of known network attacks. If a match
is found, the connection is blocked.
RN
System Watcher
System Watcher is another component that helps to fight new threats. Unlike Anti-Virus components and the KSN
module, which scan file contents before the program starts, the System Watcher checks what the program does when
started. If the program undertakes suspicious activities, the System Watcher stops it and moves to the Quarantine.
This way, any malware (even unknown) can be detected by its behavior.
FO
R
IN
TE
The System Watcher not only tracks program actions, but also logs them. If later (for example, after an update)
the program turns out to be malicious, the System Watcher will consult the log and roll its actions back.
21
FO
R
IN
TE
RN
AL
US
ON
LY
22
KASPERSKY LAB
LY
Updates
ON
Components use the Anti-Virus database when searching for viruses. The database contains descriptions of viruses.
When scanning files for malware, Kaspersky Endpoint Security checks whether the database contains a similar
description.
When new malware appears, Kaspersky Lab adds new descriptions to the database. Therefore, to provide reliable
protection against threats, the latest version of the Anti-Virus database must be installed on the computer. A special
update module is responsible for this.
It automatically checks for a newer version of the database and downloads it to the computer. The update module
needs Internet access for this. Typically, updates do not consume much traffic, because the database is not
downloaded completely, only the new descriptions are added, which were not yet available in the previous version.
The administrator does not need to configure updates, but needs to watch that they work without errors.
US
Kaspersky Security Network
Preparation of virus descriptions requires time. During that time, a new virus may infect a computer. On the other
hand, sometimes (rarely though), KES encounters a file that matches a virus description, but is not a virus: this is
called a false positive.
AL
Kaspersky Security Network protects computers from new viruses and at the same time prevents false positives. It is
a huge database of all programs known to Kaspersky Lab. The database contains information about each program:
whether it is malicious or not.
RN
Programs are added to the database very quickly, much faster than descriptions are prepared for the local Anti-Virus
database. That is why a new virus has far less time for infecting computers. As far as legitimate programs are
concerned, if a program is included in the KSN database, it will not cause false positives.
Unfortunately, the KSN database is so huge that it cannot be downloaded to every computer. To check a program
against the KSN database, KES has to send a Web request to Kaspersky Lab where the database is stored.
The answer whether the program is good or bad will be returned immediately.
Conclusion
TE
If there is no access to the Internet, only the local Anti-Virus database is used for virus scanning.
IN
Protection components complement and reinforce each other. Together they provide reliable protection against any
malware, including the most recent. Each component contributes to the job. Disabling of even one of them may be
dangerous.
FO
R
All protection components work independently. The administrator does not need to configure them specifically.
KES protection is completely operational right after the installation, on the condition that the Internet is accessible,
which is necessary for updates and the use of KSN. The administrator only needs to monitor that everything works
normally.
23
FO
R
IN
TE
RN
AL
US
ON
LY
24
KASPERSKY LAB
LY
Centralized management
Advantages
ON
The larger the company, the more it can save on automation, including automation of protection management.
However, a small company also benefits from managing Kaspersky Endpoint Security via Kaspersky Security
Center compared to the use of KES without centralized management.
Even in a small company, there must be a person who maintains computers. Especially if the companys business is
not related to computers or information technologies, and most of the employees do not possess sufficient
qualification in solving issues with programs and equipment. And some issues always arise.
US
There is usually one specialist of this kind in a small company; let us call them the administrator. It can be a staffer
who works fixed hours, or a contractor on call who comes, solves an issue, and goes. However, even a staffer is
typically responsible for numerous things and cannot afford spending much time on any one of them, whether it is
an anti-malware protection system, network infrastructure, special programs for business or something else.
The administrator should be able to quickly check whether computers protection is all right. If the answer is
positive, they can proceed to something else. If negative, they need to investigate the issue, preferably without
leaving their desktop. These capabilities are provided by our centralized management system, Kaspersky Security
Center: understand what is going on and solve the issues remotely.
AL
Structure
Kaspersky Security Center consists of the Administration Server and Network Agents.
RN
The server is the centralized part of the management system, where you can see the big picture and if necessary
modify settings on all computers simultaneously.
Installation
TE
Network Agents are installed on all computers and connect the Administration Server to the KES installed on
the computer. The Agents supply the Server with information and receive from it the settings to be applied to
Kaspersky Endpoint Security.
Kaspersky Security Center automates and centralizes various tasks including deployment of Kaspersky Endpoint
Security.
IN
Kaspersky Endpoint Security is not difficult to install. Theoretically, you can leave it even to the employees,
provided they will not try to change the settings. The installation wizard does not require making decisions, save for
adding the license.
However, first of all, that would be a protection system without centralized management. Second, there's no
guarantee that the users will leave important parameters untouched and protection will not suffer.
FO
R
Kaspersky Security Center helps the administrator to install the products without involving the users, either remotely
or make a stand-alone installation package to be started on a computer. Such a package uses the installation
parameters specified by the administrator, and even if the package is sent to the users, they will not be able to reconfigure the product.
In the following chapter we will describe most typical installation scenarios.
25
IN
Monitoring
TE
RN
AL
US
ON
LY
FO
R
One of the important tasks solved by the management system is the capability to quickly assess the protection status.
The administrator needs to take the decision: either everything is normal and they can deal with other tasks, or there
are considerable anomalies that need close attention.
Kaspersky Security Center conveniently represents the computers having various issues, if any. For example,
computers where Kaspersky Endpoint Security is not running or is not installed, which is very bad, because such
computers are not protected and may become a source of various issues if get infected.
If some issues do exist, the administrator can try to analyze and solve them from the console: remotely start
Kaspersky Endpoint Security, view the history of infections, perform remote installation, modify the settings, etc.
Setup
Another important task of Kaspersky Security Center is applying unified settings to all computers. It is handy from
two points of view. First, the administrator does not need to go from one computer to another to modify, for
example, virus scan schedule. It can be done in several clicks via the Administration Server.
26
KASPERSKY LAB
LY
Second, the settings enforced via Kaspersky Security Center cannot be modified on the computers. The employees
will not be able to get rid of the limitations configured by the administrator in the control components or disable
protection components. This considerably improves the network protection.
ON
Conclusion
Kaspersky Security Center is a management console that saves the administrators time. It gathers and conveniently
displays the issues encountered on the computers. Also, it guarantees that the users do not change the recommended
settings.
Kaspersky Security Center allows doing much more than that, but all those capabilities cannot be covered within
the framework of a brief workshop and make little sense in the context of small networks.
In the next chapter, we will quote specific examples of how Kaspersky Security Center helps to do typical tasks.
US
Endpoint Control
Application Privilege Control
AL
This component is designed for protection. It decreases the attack surface by limiting program actions instead of
limiting the actions of the user.
Similarly to the System Watcher, the Application Privilege Control monitors the programs activities. But unlike
System Watcher that analyzes sequences of actions, Application Privilege Control considers each action individually
and allows or blocks it according to the specified rules.
RN
The component is autonomous and does not require special setup. When a program starts, Kaspersky Endpoint
Security defines its trust level: Trusted, Low Restricted, High Restricted, or Untrusted. The verdict is returned by
the Kaspersky Security Network module, and if the Internet is inaccessible, by a special algorithm. The lower
the program trust level, the less access it receives to the settings of the computer and other programs. Untrusted
programs are prohibited from being started, High Restricted programs have no access to the network, etc.
TE
It is an important component from the point of view of repelling new threats. Unknown programs information about
which has not yet been added to KSN are categorized as either High Restricted or Untrusted. Even if such a program
is allowed to start, it will not be able to edit startup settings or connect the computer to a botnet because of
the limitations imposed by the Application Privilege Control.
Application Startup Control
IN
Unlike Application Privilege Control, the other control components are designed to limit the users actions. You can
use Application Startup Control to prohibit employees from starting:
FO
R
Games and other entertainment programsto improve labor productivity

Old versions of Internet Explorer (Microsoft Office, Adobe Reader, etc.)to protect against threats,
because old versions have more vulnerabilities which may be exploited by malware
Any mail clients except for Microsoft Outlookto implement internal standards
etc.
27
IN
TE
RN
AL
US
ON
LY
FO
R
Unlike protection components, which efficiently repel threats with the default settings right after the installation,
the control components (except for Application Privilege Control) do not have default settings and work in a passive
mode after the installation. For the Application Startup Control to limit something, the administrator must create
limitation rules.
Application Startup Control allows creating limitation rules with complicated scenarios. However, this requires
careful consideration and testing, which is usually impossible in a small company due to lack of resources. That is
why in small companies Startup Control can be used for simple limitations described above: prohibit games, old
program versions, allow only one program of a particular kind.
28
KASPERSKY LAB
LY
Device Control
The purpose of Device Control is obvious: to prohibit connecting the specified device types to the computer, for
example, USB flash drives, modems, or printers. Device Control helps to solve the following tasks:
ON
Decrease the attack surfaceif removable drives are prohibited from connecting to the computer,
the employees will not be able to bring malware from outside and copy it to their computers, neither
intentionally nor accidentally
Reduce the risk of losing important dataif removable drives may not be connected to the computer,
important documents cannot be copied to them. If an employee loses the flash drive, it will contain nothing
of importance to the company
US
Just like the Application Startup Control, Device Control does not block anything with the default settings. There
must be an administrator in the company who realizes the business necessity of the Device Control, can formulate
a security policy, and implement it in the blocking rules.
Web Control
Web Control is a kind of Parental Control in the business context. Lazy employees instead of curious children, and
an obstinate administrator instead of stern parents.
AL
Web Control can be configured to prohibit the users from visiting social networks, job search sites, terrorist sites,
arms traders, drug dealers, child pornography. You can also prohibit downloading music, video and executable files
from the Internet. The expected positive effects include:
Decreased attack surfaceif dubious sites and download of executable files are prohibited, computer
infection risk decreases drastically
RN
Higher labor productivitythe less distractions the employees have, the higher the chances that they will
work instead of chatting in social networks, choosing wallpaper for the kitchen or searching for a new job
FO
R
IN
TE
Web Control does not have any default settings. It does not block anything right after the installation. It is
the administrator who creates the blocking rules.
29
FO
R
IN
TE
RN
AL
US
ON
LY
30
KASPERSKY LAB
LY
Conclusion
ON
Control components can be regarded as additional protection elements that decrease the attack surface on
the computer. But their main purpose is to limit employees actions, especially during business hours. In some
control components, you can configure schedules for the limitations, for example, only from 9 to 18 and only on
weekdays.
Regardless of the objective, settings for the control components need to be created from scratch by an administrator
or an expert who understands the business problem and is able to solve it by configuring the rules for the control
components.
Summary
So, Kaspersky Endpoint Security for Business possesses all the qualities important for small companies:
US
Installation does not take much time thanks to the Kaspersky Security Center centralized console
The components that provide protection against threats do not require configuring and work efficiently
right after the installation
The users do not notice KES operation, because all messages are sent to the centralized console instead of
the employees screens
AL
The administrator can quickly spot issues in the centralized reports
FO
R
IN
TE
RN
As you will see, expanding the solution capabilities does not require any effort either. Switching from the Core to
the Select bundle requires almost nothing but purchasing a new license.
31
FO
R
IN
TE
RN
AL
US
ON
LY
32
KASPERSKY LAB
LY
Chapter 2. KES for Business: Installation, Setup,

Troubleshooting
ON
This chapter consists of short and simple instructions for most frequent operations with Kaspersky Security Center
and Kaspersky Endpoint Security. First of all, for installation.
We told in the beginning of our course that if the customer fails to successfully install the purchased protection tool,
they will hardly be happy with the purchase and will hardly renew the license after it expires.
US
In this chapter we will also cover the following situations:
At the same time, the customers administrator cannot spend much time studying and diagnosing a new product.
They already have much work and little time. If they have some difficulty, they are likely to postpone
the installation, and then again, and again, and again. That is why it would be important, or at least helpful, if
the partners representative could spend an hour or two helping the customer to install the purchased product.
Installation of the Administration Server

Installation of KES over the network within a domain with the domain administrators password
Local installation of KES, if there is no domain and administrators passwords are different on
the computers
Getting started with the KSC console
AL
It is the basic scenariominimum skills required for installing KES for Business in the customers network.
Additionally, we will describe several other scenarios that may help to show yourself and the product to good
advantage.
RN
The first add-on concerns alternative installation scenarios. To be more precise, some steps that are usually
performed automatically without being noticed:
Uninstallation of protection tools by other manufacturers
Adding or renewing the license
TE
If something goes wrong during the automatic installation, we will explain how to easily force uninstallation of
incompatible applications or activate KES.
The second add-on is about monitoring. Upon completion of the basic scenario, the customer has a completely
functional protection system that does not require configuring. All the administrator has to do is to monitor reports
and make sure that everything works normally. We will show you three scenarios and tell what to look at and how to
quickly fix the most typical issues encountered during the day-to-day work:
IN
Virus activity monitoring

Updates monitoring
Protection monitoring
FO
R
The third add-on is about setup. Unlike protection that does not require configuring after the installation, the control
components are idle until set up properly. To benefit from the control components, you need to create control rules
for them. Also, it is useful to know how to exclude files and programs from the protection scope. We will consider
four setup scenarios:
Configuring exclusions
Prohibition to start games
Prohibition to use removable drives
Prohibition to shop online
33
IN
TE
RN
AL
US
ON
LY
Chapter 2. KES for Business: Installation, Setup, Troubleshooting
Finally, as a bonus scenario, we will tell you how to demonstrate the efficiency of KES for Business if the customer
has not yet decided whether they want to change their old Anti-Virus for Kaspersky Endpoint Security:
FO
R
Scanning the computer for malware

In each case we will describe the administrators objective, a typical procedure, probable complications and
checkpoints.
34
KASPERSKY LAB
LY
2.1 Basic Installation Sequence

Installing the Administration Server
ON
So, you are at a stage when the customer has finally accepted your reasons, purchased KES for Business, and needs
to deploy it. The customer would gladly accept your help in this work, which is easy in fact. And you will be able to
provide this support.
Any undertaking should be planned. In this case, you will need a deployment plan. Fortunately, you are not the first
person on Earth who needs to deploy KES. Much experience is accumulated in this domain, which we are going to
share with you.
US
First let us remind you that KES for Business is not a single program but a complex solution, and some of its
programs consist of separate components. The deployment plan is about installing programs and components in
the correct order. So, the programs and components to be installed are:
Centralized console of Kaspersky Security Center
Kaspersky Security Center Agents
Kaspersky Endpoint Security for Windows
The Console will be installed only once. The Agent and KES for Windows need to be installed on each computer.
1.
2.
AL
The skeleton of the deployment plan is as follows:

Installs the centralized console of Kaspersky Security Center
Using the KSC console, remotely install KSC agents and KES for Windows
RN
Sometimes it is really as easy as one and two. Oneinstalling the console, twodeploying the agents and
protection tools. But we live in the real world and therefore we need a plan B. Or best of all C as well, and maybe
a few more. For this purpose, we need a better understanding of what is going on during the remote installation of
KES.
At the second step, several actions are actually performed:
IN
TE
2.1. Searching for target computers

2.2. Connecting to the computers over the network with the aim of remote installation of the Agent
2.3. Installing the Agent
2.4. Searching for protection tools by other manufacturers and uninstalling them automatically
2.5. Installing KES for Windows through the Agent
2.6. Activating KES for Windows
Issues are probable at stages 2.1, 2.2, 2.4 and 2.6. The console may fail to find some computers, for example, if they
are turned off. The Console may fail to connect to some computer over the network, for example, if firewalls are
incorrectly configured on them. KES installer may fail to uninstall protection tools by other manufacturers. Finally,
KES activation may fail because of mistakes made by the administrator. Installation of the Agent and KES
installation through the Agent are usually trouble-free.
FO
R
Plan B for the error-prone steps is:

Use a stand-alone installation package on the computers that were not found or were inaccessible over
the network
Use a special task for uninstalling protection tools by other manufacturers
Use a special activation task.
The first step is to install KSC console. It needs to be installed on one computer, which has to be selected in the first
place.
The computer where Kaspersky Security Center is installed is called the Administration Server. This computer must
be turned on permanently or at least most of the time. In middle-size and large networks, an individual physical or
35
LY
virtual server is allocated for this purpose. In a small network, it can be the administrators workstation;
alternatively, the Administration Server can share the computer with an available server.
ON
During the installation, KSC server, MS SQL server and KSC console will be installed on the computer. None of
these components usually conflict with other programs. Even if MS SQL is already installed on the server, it is not
a problem.
The system requirements for the computer are not utterly important. As far as the operating system is concerned,
you can install on any business version of Windows starting with Windows XP. The minimum hardware
requirements are enough for managing a hundred of computers. They are as follows:
1.4 GHz processor

1 GB RAM
About 10 GB of free hard drive space
FO
R
IN
TE
RN
AL
US
To start the installation, you will need the KSC distribution (about 800 MB), a license and administrative
permissions on the computer. The license can be purchased as a code or a key. We will explain where to get them in
a special demonstration.
36
KASPERSKY LAB
LY
Procedure
Kaspersky Security Center installer can always be downloaded from the Kaspersky Lab web site. It is a large file of
about 800 MB, which includes many components that are not required in small networks. Fortunately, they do not
show up during the installation.
ON
In the installation wizard, you can accept the default settings at all stages. At the first step, you need to select where
to extract the installation files. A folder on drive C: is offered by default; you need not change it.
After that, you will need to click a few buttons to:
Start the installation

Accept the KSC license agreement
Select the Typical installation because the Custom installation options are rarely required in small networks
Agree to the fact that the installation takes place in a small network of up to 100 computers. The difference
between Fewer than 100 computers and From 100 to 1000 computers is too subtle to take care of.
When in doubt, for example, there are almost 100 computers now, but the number may increase in the near
future, selecting the From 100 to 1000 size will do no harm
Start copying files and creating services
Accept the license agreement of Kaspersky Endpoint Security
Finish installation of Kaspersky Endpoint Security management plug-in (whatever it is)
Finish installation of the Administration Server and start installation of the Administration Console
US
AL
You may think Thats much, but on closer examination you just need to click OK or Next at all of these steps. No
decisions are to be made.
However, the installation is not finished yet when the Administration Console starts. At the first start of the Console,
it is necessary to proceed through the Quick Start wizard. The wizard includes the following steps:
Welcome windowno decision-making, just click Next.
2.
Add licensespecify the key or code, whichever you have. A code is an alphanumeric sequence, like
N1R57-8XEGG-7E934-8MKRF (four sections of 5 characters each). A key is a file named like
1BC971F1.key. The letters and digits may vary in the name, but there are always 8 of them.
RN
1.
TE
Depending on the license you have, you need to click the corresponding button. If you click the button for
entering the code, a field will appear where you will need to type your code. If you click the button for
loading the key from a file, you will need to click the Select button to specify the path to the key file.
The Administration Server will check the license parameters and proceed to the next step.
Kaspersky Security NetworkKSN is important for anti-malware protection and prevention of false
positives, that is why you need to select Accept KSN Statement and allow the use of KSN
4.
5.
6.
7.
E-mail address of the administratoryou can ignore this and just click Next
Protection configurationnothing to select here
Proxy server settingsif a proxy server is used, specify it. This is necessary for downloading updates
Downloading updatesyou need not either select anything or wait for the download to complete; just click
Next
Wizard completion
FO
R
8.
IN
3.
Finally, the installation of the Administration Server can be considered finished. The administrator needs to take
some actions at 4 of the Quick Start wizard steps only. It is important to specify the license correctly, enable the use
of KSN and specify the proxy server parameters. Specifying the administrators e-mail address is worthwhile but not
required.
37
AL
US
ON
LY
Installing Kaspersky Endpoint Security over the network
RN
In this scenario, our objective is to install the Network Agent and Kaspersky Endpoint Security on the network
computers. We presume that the computers belong to the same domain, and we know the password of the domain
administrator. Otherwise, skip to the local installation scenario.
There are several remote installation prerequisites:
KSC must complete network polling and searching for computersif not all of the computers are found,
it's OK. They may be found later, or we will use another installation method on them
TE
The computers must be accessible over the networkyou will understand whether this requirement is met
from the installation results. Again, inaccessible computers are not a big problem. We will just use another
installation method.
IN
You must know the administrators password for these computersask the administrator
During the remote installation, Anti-Viruses by other manufacturers are uninstalled and KES is activated
automatically. The license you specified during the previous scenario is used for the activation. If you encounter
some issues, you will have plan B (we will tell about it later).
FO
R
Remote installation saves time. Neither you nor the administrator will need to go from one computer to another and
repeat the same routine operations to install first the Agent, and then KES. At the same time, do not be upset if
remote installation fails on some computers. Even if 70-80% of computers return success, it saves a lot of effort.
Even in large and well-organized networks one hundred percent success is rare and you cannot seriously count on
that. Plan B should always be on hand.
For remote installation, you will only need Kaspersky Security Center installed and the administrators password for
the computers.
38
KASPERSKY LAB
LY
Procedure
ON
We will install KES with the default settings. It means that the protection and control components will be installed.
In practice, you may act similarly. Even if the customer has purchased only the Core bundle, additional components
will do no harm. They will not be activated, which means that they will not start and consume computer resources.
On the other hand, if the client decides to purchase the Select license bundle later, they will not need to reinstall
the system, they will only need to distribute the new license to the computers.
The remote installation procedure is as follows:
Start the Administration Console
2.
Make sure that Getting started is written in the upper-right corner of the window. Otherwise, select
the Administration Server node in the left pane of the Console window (the second node from top, under
the Kaspersky Security Center)
3.
Find the Deployment area in the main page of the console (in the upper-left corner) and click the Install
Kaspersky Anti-Virus link there
4.
Make sure that the Remote installation page opens, and click the Start Remote Installation Wizard link
therethe wizard contains numerous steps, but in most cases you need not select anything as before, you
just need to accept the offered options
5.
On the first page of the wizard, make sure that the Kaspersky Endpoint Security 10 for Windows
program is selected on the list, and click Next
6.
On the Selecting computers for installation page, click the Select computers for deployment square
button
7.
On the next page, select both Managed computers and Unassigned computers nodes. Click Next
8.
On the Defining remote installation task settings page, just click Next
9.
On the Selecting a key page, make sure that there is a license in the list and it is selected; after that, click
Next. If the license is missing, stop the installation and proceed to the KES Activation scenario.
RN
AL
US
1.
TE
10. On the Selecting action if operating system restart is required page, click Nexta restart is unlikely to
be necessary
11. On the Removing incompatible applications page, click the Configure automatic removal link and
enable the Uninstall incompatible applications automatically checkbox. Then click OK and Next
IN
12. On the Moving to the list of managed computers page, just click Next
13. On the Selecting accounts to access the computers page, click the Add button, enter the username of
a domain administrator as <domain name>\<username> and then type the password of the domain
administrator twice. Click OK and Next.
FO
R
14. On the Starting installation page, click Next

15. On the subsequent page, click Next once again
16. Wait for the results
Despite the steps are numerous, only three or four of them are really important. We enabled automatic uninstallation
of protection tools by other manufacturers, because two protection tools must not work on the same computer. We
specified the name and password of the domain administrator for remote installation, because remote installation is
impossible without a password. We selected installation on all network computers detected by the Administration
Server.
39
FO
R
IN
TE
RN
AL
US
ON
LY
40
KASPERSKY LAB
Local installation of Kaspersky Endpoint Security
LY
Local installation is plan B in case remote installation fails on some computers. It is normal and 70-80% success is
a good result for remote installation.
ON
Other computers might have been off, might have been firewalled or the administrators password might have been
rejected. That is why the computers could either not have been displayed in the KSC console at all, or be displayed
but remote installation would fail.
Often, you can try to solve the remote installation issues and re-run it. But in small networks, it is usually easier to
go to the rest of the computers and run a local installation. The more so because KSC simplifies local installation of
the Agent and KESyou will only need to make a couple of mouse clicks.
US
Instead of two installers for the Agent and KES, each of which contains several steps including crucial ones where it
is important not to make a mistake, KSC can make one installer without any steps at all with built-in parameters to
save time and prevent errors. You just need to go to the computer and start the installation.
For a local installation, you will need a removable drive and the password of the computer administrator.
Procedure
The procedure is as follows:
Start the Administration Console
2.
On the Getting started page, find the Deployment area and click the Install Kaspersky Anti-Virus link
there
3.
On the Remote installation page that opens, click the View the list of installation packages link
4.
Select the package named Kaspersky Endpoint Security 10 for Windows
5.
To the right of the package, click the Create stand-alone installation package link
6.
The wizard will start, where you will mostly need to agree to the default options. On the first page, click
Nextthus you will agree to add Network Agent to the KES installation package
7.
On the Moving to the list of managed computers page, also click Nextthus we agree to move all
computers to the Managed computers group after the installation
TE
RN
AL
1.
IN
8. Wait
9. On the Result of stand-alone installation package creation page, click the Open folder link
10. Copy the setup.exe file from the folder to the removable drive (USB stick)
Bring this flash drive to the computer, take the users place and do the following:
Start the copied setup.exe file
If asked, type the name and password the of computers administrator
Click Install
Wait for the message informing that the installation is completed and click Close
Thats it
FO
R
11.
12.
13.
14.
15.
Repeat on all computers.
41
FO
R
IN
TE
RN
AL
US
ON
LY
42
KASPERSKY LAB
LY
Getting started with the console
ON
By that time, the deployment is finished. Kaspersky Endpoint Security is installed on the customers computers and
protects them against malware. The default settings are specified for all computers in the tasks and policies of
the Kaspersky Security Center console. These settings are pre-configured by Kaspersky Lab experts, who analyzed
probable threats and KES use experience and adjusted the settings to optimize protection and user comfort.
Now you can thank the administrator for cooperation, pack your things and go back to the office. Or you can stay
a while longer and help the customer a little bit more to make sure they are glad with the purchase and will buy
a renewal in a year. You can demonstrate the KSC console to the administrator and tell where to look at to evaluate
the protection status and efficiency, and how to adjust the most important settings.
The first step is getting started with the console.
US
Procedure
1.
Start the Kaspersky Security Center console. Study the right part of the window, pay attention to the color
signals, their descriptions and links below
2.
Select Managed computers in the tree on the left. Look at the right pane and pay attention to the tabs.
3.
AL
Managed computers is a group. A group has policies and tasks, which enforce protection parameters. All
protected computers need to be placed to groups for policies and tasks to be applied to them. You can
create subgroups within the Managed computers group and move computers from one subgroup to
anotherthis is how different policies and tasks are applied to different computers
Select the Computers tab in the right pane. Look through the list of computers. Select one of
the computers and read its description to the right of the list.
4.
RN
Each computer has a color status, description of this status and a list of characteristics: name, address,
installed programs, etc.
Select the Policies tab. Look through the list of policies.
5.
TE
Those are the default settings. They define operation of the Agent and KES in real time. Specifically,
operation of the protection and control components, the use of various technologies, such as KSN. They do
not influence scheduled operationstasks are responsible for this.
Select the Tasks tab. Look through the list of tasks.
6.
IN
Those are other default settings. The tasks manage execution of regular operations, such as updates,
scheduled virus scanning, search for vulnerabilities.
Select Unassigned computers on the tree. Expand this node, expand the Domains sub-node and select
the node with your domain name.
FO
R
It contains computers found by KSC in the network that the administrator has not yet moved to
the Managed computers group. Unassigned computers is not a group. There are no policies and tasks
here. If it contains some computers that need to be protected, it is necessary to install the Agent and KES
on them and move them to Managed computers.
7.
Select the Reports and Notifications node on the tree. Look through the right pane with numerous charts.
Pay attention to two layers of tabs in the right panethe Statistics tab has its sub-tabs.
Statistics are quick reports that are updated in real time. There are several statistics pages (tabs of
the second level), which display various reports. The administrator can re-group them as needed. Add
pages, remove pages, re-arrange reports on the pages, remove uninteresting reports, add interesting, etc.
43
FO
R
IN
TE
RN
AL
US
ON
LY
44
KASPERSKY LAB
LY
Virus activity monitoring
ON
Perhaps the most interesting part of the reports is how many viruses and other threats Kaspersky Endpoint Security
stopped. Regular virus activity convinces the customer that the money is not wasted. And detailed statistics shows
the employees with risky Internet behavior.
The general statistics is visually represented in the reports. There is a report with virus statisticshow many and
which were caught. There is a report on the number of prevented infections by computers and by users. There is also
a report on network attacks, which are counted separately from viruses.
Procedure
Let us view the reports

Select the Reports and Notifications node in the KSC console
2.
In the right pane, open the Statistics tab and select the Anti-Virus statistics page (among the second-level
tabs). Look through the reports headings and contents
3.
Expand the Reports and Notifications node on the tree. Select the Viruses report. Examine the chart,
summary and details
US
1.
4.
AL
Here you can find out which viruses were caught and how they were neutralized: blocked (if detected in
the network traffic), deleted (on the drive) or disinfected (for disinfectable malware)
Select the Most infected computers report
RN
Here you can see on which computers KES detected viruses most often over the last month. There might be
old and vulnerable programs on them, or it may be necessary to talk to the user about safe online behavior
FO
R
IN
TE
In addition to reports, handy information can be found in the repositories. There is a repository of copies of deleted
and cured viruses, repository of suspicious files and repository of unprocessed threats. Unprocessed threats are
usually waiting for restart to complete virus disinfection or removal. Suspicious files are typically new versions of
malware detected with the help of heuristics or behavior analysis.
45
FO
R
IN
TE
RN
AL
US
ON
LY
46
KASPERSKY LAB
LY
2.2 Advanced Installation Scenarios
Uninstallation of protection tools by other manufacturers
ON
Sure, it may happen that the customer did not have any protection tools before Kaspersky Endpoint Security. But
this rarely happens. In the second decade of the XXIst century, almost every computer has some protection. And we
have to take this into account when deploying KES for Business, because two different protection tools poorly
coexist on one computer.
Plan A is straightforward in this case. KES installer automatically detects protection tools by other manufacturers,
uninstalls them and then installs Kaspersky Endpoint Security. The only thing you need to remember: if protection
tools by other manufacturers were installed on the computer, it will be necessary to restart it after the KES is
installed. Otherwise, restart is not required.
US
Suppose, plan A failed. Suppose, there are several computers where KES installation has not been completed
because of a third-party Anti-Virus or firewall. Then we have plan B.
Plan B is somewhat more complicated:
1.
Gather information about the protection tools by other manufacturers installed on the computers.
AL
It is performed by Network Agents, which we already installed. According to plan A, KES installation
includes installing the Agent. While KES may have issues with Anti-Viruses by other manufacturers, Agent
installation is not obstructed by protection tools by other manufacturers.
You just need to wait some timefrom 15 to 30 minutesfor the Agents to transfer information about
the installed programs to Kaspersky Security Center.
2.
RN
After that, create an Incompatible applications report. The report will show all protection tools by other
manufacturers detected on the customers computers. This list will be necessary at the following step.
Create an uninstallation task for incompatible applications
3.
TE
In the task settings, select the Anti-Viruses and firewalls listed in the report. Alternatively, you can skip
step 1 and make the task delete any protection tools by other manufacturers. In this case, the task will take
longer to run.
Run the task and restart the computers.
IN
The incompatible application uninstallation task requires a restart (just in case). Sometimes, everything
works all right without a restart. If the worst comes to the worst, and you uninstall an Anti-Virus by another
manufacturer and then install KES without restarting the computer, some KES components may
malfunction. Restart the computer after the KES installation to solve the issues.
FO
R
Sometimes, it is difficult to say whether a restart is necessary; that is why the task always requires it.
The administrators can disable the restart requirement at their own risk or leave the default settings. By
default, the task will prompt the user to save the documents and restart the computer.
After the restart, wait for 15-30 minutes and refresh the Incompatible applications reports. If plan B has
worked out, the report should be empty.
What to do if plan B also fails? Resort to plan C. Find the problematic computers, and manually uninstall protection
tools by other manufacturers using the list of installed programs in the Windows Control Panel. It should be easy
because we are talking about small companies where all computers are usually located in the same building and
often on the same floor.
47
FO
R
IN
TE
RN
AL
US
ON
LY
48
KASPERSKY LAB
LY
Procedure
ON
Let us introduce a more general and at the same time detailed procedure of uninstalling protection tools by other
manufacturers. Let us presume that you already know that incompatible protection tools are installed in the network,
for example, from the results of the remote installation task. That is why we will start from finding out what are
those programs and where they are installed.
In the KSC console, select the Reports and Notifications node. Switch to the Reports tab in the right pane.
2.
Find the Deployment area in the right pane and click the Incompatible applications report link
3.
Find the Summary section in the report and study the list of programs incompatible with KES for
Windows. Memorize or write down the program names, or print out the report.
4.
Look at the Details section below and examine the list of computers where these programs are installed.
This list need not be memorized.
5.
Select the Tasks for specific computers node on the tree.
6.
Click the Create a task link, click Next, name the task properly, click Next
7.
Under Kaspersky Security Center Administration Server, expand the Advanced node, select
the Uninstall application remotely task, and click Next
8.
Click the Uninstall incompatible application button
9.
Click the Add button, hold down the CTRL key and click all incompatible applications that were listed in
the report. Release the CTRL key, click OK, click Next
AL
US
1.
RN
If there are many applications and you do not want to search for them in the list, you can use the Select all
buttonthe task will take longer to complete, but nothing wrong will happen. If there was only one
incompatible application in the report, do not press CTRL.
10. Click Next
TE
11. Click the upper square button
It enables you to select computers for the task scope from the lists of managed computers and unassigned
computers. The other button opens an empty list to be manually filled in with names or addresses of
computers.
IN
12. Select the Managed computers group. Thus you will select all computers in the group. Click Next
13. Click Next twice
14. Select the Run task after Wizard completion checkbox and click Finish
FO
R
15. Wait for the task to complete

16. Wait for 15-30 minutes. Open the Incompatible applications report
17. Click the Refresh button on the toolbar. Make sure that the report is empty now
49
AL
US
ON
LY
KES Activation
RN
After the installation, Kaspersky Endpoint Security needs to be activated. It will not work without it. Activation
requires a code (a string like N1R57-8XEGG-7E934-8MKRF) or a key (a file named like 1BC971F1.key).
Plan A is to use automatic activation via Kaspersky Security Center. After Kaspersky Security Center is installed,
the Quick Start wizard prompts for a license. The specified key (or code) is automatically used for activating
Kaspersky Endpoint Security during the deployment.
TE
Suppose, plan A has failed. For example, the key was not specified in the Quick Start wizard. Or Kaspersky
Endpoint Security was activated with a trial key by mistake, which expires in a month. Or a wrong key was
specified in the Quick Start wizard. For all these cases, we have plan B.
IN
According to plan B, you need to create an installation task for the key (or code, it is the same task). Specify your
code (or key) for Kaspersky Endpoint Security activation in the task. After that, run the task on the computers where
activation issues have been encountered.
How to select the necessary key
FO
R
Sometimes you may have trouble selecting the necessary key. For example, Kaspersky Endpoint Security for
Business Select license bundle can include two keysone for computer protection and the other for managing
mobile devices. And the Kaspersky Total Security for Business license bundle can contain 6 keys for different
products.
To understand which key to select for Kaspersky Endpoint Security activation, attentively read the keys
descriptions. A description file in PDF format is supplied together with the key files. You can read there which key
fits which programs.
50
KASPERSKY LAB
LY
Procedure
On the KSC console tree, expand the Repositories node and select the Keys repository
2.
Above the list of keys, click Deploy key to managed computers
3.
Leave the task name and click Next
4.
Select Kaspersky Endpoint Security 10 for Windows Maintenance Release 1 (or another KES version
you use), and click Next
5.
Select the Key file or key option, click the arrow on the Select button, click Key from Kaspersky
Security Center storage
6.
If there are several licenses in the list, select the one with the farthest expiration date, and click OK
ON
1.
6.1. Click Cancel and once again Cancel in the wizard

6.2. Open the Keys repository
US
6.3. Click the Add key link above the list of licenses
If there are no suitable licenses at all, do the following:
6.4. If you have a license code (N1R57-8XEGG-7E934-8MKRF), click the upper square button, if a key
file (1BC971F1.key), click the lower.
6.5. Type your license code or specify the path to the key file. Click Next. Finish the wizard
6.6. Repeat steps 2-5 for all codes and keys you have
Click Next
8.
Click the upper square button
9.
Select the Managed computers group and click Next
10. Click Next once again
AL
7.
RN
11. Select the Run task after Wizard completion checkbox and click Finish
FO
R
IN
TE
12. Wait for the task to complete
51
FO
R
IN
TE
RN
AL
US
ON
LY
52
KASPERSKY LAB
LY
2.3 Monitoring
ON
After deploying the protection, you need not configure anything. Kaspersky Endpoint Security reliably and
efficiently protects computers against threats with the default settings. However, occasionally you need to make sure
that the protection works (at least).
It is task of the customers administrator. However, the partners representative can spend 15 minutes after
the installation to tell and show what to look at and what to look for.
Where to look
All the necessary information is available in the Kaspersky Security Center console. The console shows general
protection statuses, quick and detailed reports; there is also the capability to search for computers with some issues,
and view event logs.
US
In a small network, reports and the general list of computers are usually sufficient.
Kaspersky Security Center automatically evaluates computer status and colors it yellow or red in the console if
the computer encounters some protection issues.
AL
The administrator can generate a protection status report to review all the issues found on all computers.
Alternatively, the administrator can select the red computers in the general list and read which issues need to be
solved on each of them. For a small network of 50-100 computers this will not take long.
Not all of the issues that color computers red are equally important. But some of them, undoubtedly, do require
attention:
RN
Kaspersky Anti-Virus is not installed

Kaspersky Anti-Virus is not running / Protection is off
Databases are out of date
License expired
There are unprocessed objects
FO
R
IN
TE
53
FO
R
IN
TE
RN
AL
US
ON
LY
54
KASPERSKY LAB
LY
Update health
Objective
ON
To maintain efficiency of protection against malware and other threats, the local signature database needs to be
updated regularly. Therefore, to evaluate the protection status, we need to make sure that signature databases are up
to date on the computers.
A bit of theory
Where do databases come from? Kaspersky Endpoint Security downloads them via the Internet from special
Kaspersky Lab servers. With Kaspersky Security Center, it works a bit differently.
US
With Kaspersky Security Center, databases are downloaded in two stages. First, the Administration Server
downloads database updates from Kaspersky Lab servers. Then Kaspersky Endpoint Security downloads these
updates from the Administration Server to the users computer.
To correctly evaluate databases status, you need to check both the databases stored on the Administration Server
and the databases used on the client computers.
AL
Database version is defined by their issue date. If the databases are issued today, it is OK. If they are issued
yesterdayit is normal enough, not yet a cause for concern. Sometimes new dangerous threats are not found for
hours. If the databases are issued 2-3 days ago, you need to check whether all database distribution mechanisms
work smoothly.
RN
First, it is necessary to find out when the latest updates were issued. There is a special page on Kaspersky Lab web
site for this purposehttp://www.kaspersky.com/viruswatch3. In the second area on the left, you can find out when
the latest updates were issued.
With this information on hand, you need to check the version of the databases stored on the Administration Server.
They must not be more than a couple of hours older.
Procedure
TE
Finally, knowing the version of the databases stored on Kaspersky Security Center, check the versions of
the databases on the client computers. This gap must not exceed a couple of hours either.
Open the http://www.kaspersky.com/viruswatch3 page in the browser and check the time when the updates
were last issued
2.
Start the Kaspersky Security Center console
3.
On the Getting started page, find the Update area and read what is written in its upper part. For example,
that the Update download task is running, or when updates were last downloaded to the Administration
Server.
FO
R
IN
1.
4.
5.
In the Update area, click the Go to Updates folder link

Click the Refresh link (just in case)
6.
Select the Anti-Virus databases in the list (they are updated more often than some other types of
signatures) and check when they were created. The time must not differ too much from the time of the last
update defined at step 1.
7.
Look at the database version chart in the upper part of the updates repository. The shares of the computers
where the databases are older than 3 days are orange and red. If such sectors are displayed, it is bad.
8.
To understand on which computers the databases are outdated, expand the Reports and Notifications
folder on the tree, then the Computer selections folder and click the Databases are out of date selection
55
IN
TE
RN
AL
US
ON
LY
9.
The selection contains the computers where databases were last updated 7 or more days ago. To view
the computers where databases are older than 3 days, it is necessary to modify some parameters on
Kaspersky Security Center.
FO
R
10. Evaluate the statuses of the computers displayed in the selection. Specifically, when they last connected to
the Administration Server and when they were last visible in the network. If the computer last connected
long ago, it is likely to be just powered off, and old databases are not an issue for it. The issue is to be
solved only if there are computers that have connected recently, but their databases are out of date.
11. Update the computers manually. Start an update task on them for this purpose. The update task needs to be
created first
12. If there are computers in the selection, right-click the selection node on the tree and select Run a task
13. In the task list, select the update task and click OK
14. Wait for the task to complete and look through the results; if errors are encountered, contact the technical
support of Kaspersky Lab
56
KASPERSKY LAB
LY
Protection health check

Objective
ON
You need to understand whether there are computers in the company where protection does not work. You should
also find out whether threats have been detected lately that were not neutralized for some reason.
A bit of theory
The theory is all in all simple here. For Kaspersky Endpoint Security to be useful, it must be installed and running. If
it is not installed or not running on some computers, it must be installed and started. Unprotected computers can be
detected with the help of reports and selections. To install and start Kaspersky Endpoint Security, use tasks.
US
It is logical to expect that KES will detect threats occasionally. In most cases, this does not require administrators
attention, because the detected threats are typically blocked immediately. But it may happen that a threat is not
blocked and the user or the administrator is to take some action to neutralize it. The administrator needs to be able to
spot such situations on the computers and take the necessary actions.
Procedure
AL
Let us start with finding out whether protection works all right:
2.
Expand the Reports and Notifications node on the tree and select the Protection status report. If
everything is all right, the report will be empty except for the Number of unprotected computers: 0 record.
If the report is not empty, study it.
3.
Look for the following statuses: Kaspersky Anti-Virus is not installed, Kaspersky Anti-Virus is not running
and Protection is off. Kaspersky Anti-Virus stands for Kaspersky Endpoint Security here. If such statuses
are found in the table, you need to fix that.
4.
If the Kaspersky Anti-Virus is not installed status is found, expand the Computer selections node (within
the Reports and Notifications node) and click the Kaspersky Anti-Virus is not installed selection. It
contains the computers where Kaspersky Endpoint Security is missing. To solve the issue, either run
remote installation, or find these computers in the office and install the product locally. To install
the application remotely, on the shortcut menu of the selection click Install application. For further steps,
consult the Installing Kaspersky Endpoint Security over the network procedure. For local installation
Local installation of Kaspersky Endpoint Security.
5.
If the Kaspersky Anti-Virus is not running or Protection is off statuses are found, expand the Computer
selections node (within the Reports and Notifications node) and click the Protection is off selection.
After that, create (unless already created) and run the task that will start Kaspersky Endpoint Security. For
this purpose:
IN
TE
RN
1.
On the selections shortcut menu, click Create a task

Type Start KES for the name
In list of tasks, expand the Advanced node and select the Start or stop application task
Select the Kaspersky Endpoint Security application and the Start command
Leave the Manually schedule
Select the Run task after Wizard completion checkbox on the last page of the wizard
FO
R
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
6.
Later, you will need to click the Run a task instead of the Create a task command, and select the Start
KES task
After the task is completed, wait for up to 20 minutes and refresh the selection contents.
57
FO
R
IN
TE
RN
AL
US
ON
LY
58
KASPERSKY LAB
LY
2.4 Settings
Configuring real-time protection exclusions
ON
Objective
Sometimes, KES erroneously considers a program to be malicious. Such situations are very rare, because all
signatures are thoroughly tested on an extensive database of programs in Kaspersky Lab. Additional protection is
provided by the KSN database, which stores data about even more programs than used for testing. If a program is
spread more or less widely, it is likely to be added to KSN and marked to be legitimate.
False positives are probable for the programs that are not widespread. For example, tailor-made software. Or some
special programs. If this happens, you need to configure an exclusion.
US
It may also happen that a program calls the drive too often, and KES intercepts all these operations and slows it
down. In this case you can also configure an exclusion.
A bit of theory
AL
When a false positive happens, employees begin complaining that they are not able to work with an important
program. It may happen after Kaspersky Endpoint Security is installed or after an update.
With the default settings, KES will not notify the user. To correctly understand what has happened, open the KES
window on the computer of the complaining employee, open the reports and look for events concerning the program
in question. Usually, false positives are caused by the File Anti-Virus or System Watcher.
RN
To eliminate a false positive, create an exclusion for the program, and Kaspersky Endpoint Security will not treat it
as malware and will not check its actions.
Procedure
TE
Let us omit unnecessary details and tell you how to create a most comprehensive exclusion for a program.
Technically, it will be necessary to create two exclusions: one for KES not to scan the program file, and the other for
KES not to block the programs actions.

Select the Managed computers node and switch to the Policies tab
Open the Protection policy and switch to the General Protection Settings section
In the Exclusions and trusted zone area, click the Settings button
On the Exclusion rules tab, click the Add button
Click the Select file or folder link and enter the full name of the executable file of the necessary program
Save the exclusion
Switch to the Trusted programs tab and click the Add button
Type the name of the executable file of the program in question
Select the Do not scan opened files, Do not monitor application activity, Do not inherit restrictions of
the parent process, and Do not monitor child application activity checkboxes
11. Save the exclusion, close the Trusted zone window and save the policy
FO
R
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
IN
First of all, you need to find and write down the full path to the executable file that was blocked by mistake. Then do
the following:
59
FO
R
IN
TE
RN
AL
US
ON
LY
60
KASPERSKY LAB
LY
Blocking program start
ON
All employees have their tasks. To perform some of them, a computer and the programs installed on it are necessary.
Usually, the programs necessary for work are not numerous: a browser for visiting web sites, a mail client, an instant
messenger, an office suite to work with documents, and maybe some professional programs (accounting,
development)anyway, a couple of dozen programs, not hundreds.
If employees start some other programs, they are likely to be distracted from their work, which no good for
the company. Kaspersky Endpoint Security for Business enables the administrator to generate a report about
the programs installed on the computers and create the rules that will block unnecessary programs.
The decision about what to block is usually made by the head of the company (department) after reviewing
the report provided by the administrator. For example, they may ask the administrator to prohibit all games.
The administrator can easily do it using KES.
US
To block some programs, you need to specify the conditions to be met by programs. This set of conditions is saved
to a category and then you can create a blocking rule for this category.
Conditions can include the file name, the folder where the file is located, file checksum, and also file type according
to Kaspersky Lab classification.
AL
If your task is broad enough, for example, to block all games, it cannot be solved with file names or checksums. Of
course, the administrator can select games from the list of installed programs, create a condition by file name and
folder for each game and prohibit starting programs that match those conditions. But it will not help to block other
games the users will install or start from external media.
RN
This task can be solved with the help of program classification by Kaspersky Lab, so-called KL categories.
Kaspersky Lab experts analyze existing programs day after day, define their types and add them to the KSN
database. It is sufficient to create only one condition: programs belonging to the Games KL categoryand KES
will block all programs included in this category. New games are quickly classified by Kaspersky Lab experts and
information about this promptly gets on the computers via KSN and planned updates. The administrator creates just
one condition to block all games, existing and those that will be developed in future.
The administrator can use file name or location conditions to make a rule more precise or add exclusions. For
example, to prohibit all games except for the Solitaire.
TE
Startup Control can also help to reinforce protection. It is common knowledge that old versions of browsers and
mail clients contain more vulnerabilities through which viruses may get on the computer. The administrator can
prohibit starting obsolete versions of these programs. Alternatively, the administrator can allow only the Microsoft
Office Outlook mail client and watch it to be frequently updated, and prohibit other mail clients with unknown
vulnerabilities.
FO
R
IN
And this is only part of it. Application Startup Control allows implementing sophisticated scenarios, which are to be
explored by the customers administrator, if the company managers are interested in this functionality.
61
FO
R
IN
TE
RN
AL
US
ON
LY
62
KASPERSKY LAB
ON
FO
R
IN
TE
RN
AL
US
4.
5.
6.
7.

Expand the Applications and vulnerabilities node and select the Application categories folder
Create a category for games:
3.1. Click the Create a category link
3.2. On the page with three square buttons, click the uppermost to manually specify the conditions
3.3. Type a name for the category, for example, Games
3.4. Click the down arrow on the Add button and select KL category
3.5. Expand the Entertainment node and select the Games category
3.6. Do not specify exclusions
Select the Managed computers node
In the right pane, switch to the Policies tab
Open the properties of the Protection policy
Create a block rule for the Games category:
7.1. Switch to the Application Startup Control section
7.2. Click Add
7.3. Select the Games category
7.4. In the Users and / or groups that are denied permission field, specify Everyone
7.5. Save the rule (ignore the warning)
7.6. Close the policy
1.
2.
3.
LY
Procedure
63
FO
R
IN
TE
RN
AL
US
ON
LY
64
KASPERSKY LAB
LY
Blocking removable drives
External devices may become a source of threats (malware) and a channel of confidential data leakage. If external
devices are prohibited, the risk of infections and leakages reduces.
ON
On the other hand, removable devices are very usefulyou can take a presentation to a business trip, bring someone
elses presentation from a business trip, load music, movies, books, etc. to the phone. Small companies rarely pursue
a draconian internal policy, and external devices are rarely prohibited. However, it depends on the company and
the business.
A bit of theory
US
Kaspersky Endpoint Security can block devices by types (removable drives, printers, modems, etc.) and by
connection methods (USB, FireWire, infrared port, PCMCIA, etc.). The settings configured for device types have
higher priority than the settings specified for connection methods. If removable drives are allowed, they will be
usable regardless of whether USB ports are allowed.
This is configured not just easily, but incredibly easily. Literally in a couple of clicks. You only need to open
the console and the policy properties and then block the necessary device.
AL
Device control allows creating exclusions for individual devices or individual users. You can allow access only for
reading or only during business hours or, vice versa, after hours. You can block various device types, for example,
external modems, to prevent users from establishing their own Internet access channels.
Procedure
Let us learn how to block devices through the example of removable drives:
RN

Open the properties of the Protection policy
Switch to the Device Control section
Find Removable drives in the list, right-click them and select Block
Save the policy
FO
R
IN
TE
1.
2.
3.
4.
5.
6.
65
FO
R
IN
TE
RN
AL
US
ON
LY
66
KASPERSKY LAB
LY
Blocking online shops

Objective
ON
The task is simplerestrict employees access to the web resources that are not related to their work. For example,
job search, online shopping, social networks, etc. The idea behind this is to finally make the employees work. Also,
some unwanted sites are highly dangerous from the fraud or malware viewpoints. All in all, the objective is to
prevent employees from accessing the specified resources at least during business hours, which is reasonable enough
even for small companies.
A bit of theory
US
Just like in the Application Startup Control, web sites are classified by Kaspersky Lab experts, and Kaspersky
Endpoint Security receives this data with signature updates, and also from KSN. The administrator just selects
the categories of web sites to be blocked.
Also, the administrator can specify the blocking schedule. For example, prohibit online shopping from 9 to 18 and
allow the rest of the time. Also, some employees can be prohibited from visiting some sites, while others allowed.
For example, job search can be blocked for ordinary employees, and allowed to the employee responsible for hiring.
AL
Just like in the Application Startup Control, KL categories of web sites help the administrator very much.
The administrator does not need to search for addresses of all popular online shops or react post factum to the users
visiting new unwanted sites. All they need to do is to block a category on the list, and Kaspersky Lab experts ensure
correct recognition of sites of this category.
RN
Just like for application categories, they continuously analyze web sites and categorize their contents.
The information about this is delivered to the computers via KSN and planned updates. The administrator just makes
several clicks, and the rest of the job is done by Kaspersky Lab experts and programs.
Procedure
We will create a rule that blocks online shopping Monday to Friday from 9 to 6:
TE

Open the properties of the Protection policy and switch to the Web control section
Create the rule:
4.1. Click the Add button
4.2. Type Online shops for the name
4.3. In the Filter content field, select By content categories
4.4. On the list of categories, select Online stores
4.5. In the Action field, select Block
4.6. Click the Settings button next to the Rule schedule field
4.7. Deselect all, then select Monday to Friday 9 to 6
4.8. Click the Save as button and type Business hours for the name
4.9. Save the schedule, save the blocking rule
5. Save the policy
FO
R
IN
1.
2.
3.
4.
67
FO
R
IN
TE
RN
AL
US
ON
LY
68
KASPERSKY LAB
LY
2.5 Virus Scanning Demonstration
ON
Often a prospective customer already has a solution that provides protection against viruses and other threats. If
the customer is looking for another solution, they are not very satisfied with the current one. But it does not mean
that they are ready to change it for anything. The partner can drive the customer towards the purchase by visually
demonstrating the advantages of Kaspersky Endpoint Security.
A typical demonstration is to install KES and run virus scanning on the customers computers to find malware that
their current Anti-Virus failed to detect.
Such a demonstration usually takes place before the customer decides to purchase KES. That is why on the one
hand, you cannot uninstall the current protection tools from the customers computers. And on the other hand, two
Anti-Viruses running on the same computer may hamper each other. To solve this issue, install a minimum set of
KES components necessary for virus scanning.
Kaspersky Endpoint Security for Windows

Kaspersky Endpoint Security for Linux
Kaspersky Endpoint Security for Mac
Kaspersky Security Center
US
KES for Business Core consists of several programs:
AL
To demonstrate virus scanning, you will need KES for Windows. The probability of detecting overlooked viruses is
higher on a Windows computer than on Linux or Mac, and KSC is not necessary at all for one-time virus scanning.
KES for Business includes several programs, which consists of components. We studied them in the previous
chapter. The good news is that you do not need to know how to configure these components to demonstrate
protection efficiency.
RN
To scan a computer, you need only the virus scan task and the update task; the other components even need not be
installed. We will guide you through a simple installation where almost nothing is to be configured. However,
sometimes a more complicated alternative is preferable to keep intact the protection tools installed on the customers
computers.
TE
Procedure
You will need an installer of KES for Windows. It can be downloaded directly to the computer from the Kaspersky
Lab web site, but the program is large enough400 MB. You had better download it beforehand and take along on
a USB flash drive.
Start the installer of KES for Windows
On the welcome page of the wizard, click Next
Change the unpack path to C:\kes10
IN
1.
2.
3.
FO
R
If you do not specify an unpack path, the installer will extract the installation files to the same folder from
which the installer was started. For example, if you start the installer from the desktop, it can extract
installation files directly to the desktop, which is not always desired
4.
5.
6.
7.
Wait for unpacking to be completed and click Finish

Open the folder where the files were unpacked and run setup.exe; then click Next
Accept the license agreement and click Next
Agree to the use of KSN and click Next
69
IN
TE
RN
AL
US
ON
LY
8.
Agree to the Standard installation and click Next
FO
R
For a virus scanning demonstration, we will need only one componentVirus Scan. All other components
can be deselected. We decided not to complicate the procedure and install the default components. To
install only what is strictly necessary, select the Custom installation checkbox and click Next; on
the subsequent page, disable all the components except for the scan tasks.
9.
Click Install
If other protection solutions are installed on the computer, the KES installer will detect them and offer to
uninstall. We will take the easy way and agree to uninstallation of Anti-Viruses by other manufacturers.
Alternatively, you can choose the hard way and install KES concurrently with another Anti-Virus, but only
if you install KES in the minimum configuration: solely virus scanning components. The complete standard
or even basic installation of KES together with other protection tools can considerably slow down
the computer.
70
KASPERSKY LAB
LY
The hard way is to start setup.exe (step 5) from the command line with /pSKIPPRODUCTCHECK=1
/pSKIPPRODUCTUNINSTALL=1 parameters. Thus you disable searching for incompatible applications
on the computer during the installation. Remember that afterwards you should select custom installation
and opt out of all components except for virus scanning.
ON
If you are not sure you can do it, stick to the easy way. We continue describing the easy path.
10. If a window with an incompatible application name opens, click Next.
Thus you give your consent for the installer to uninstall the incompatible Anti-Virus.
Windows User Account Control may prompt to confirm program uninstallation and KES installation. In
both cases, click Yes.
After the installation, KES activation window opens. Select Activate trial version and click Next
If prompted for the activation type, select Standard installation and click Next
Wait for the activation to be completed and click Next
On the final page of the installation wizard, click Finish
US
11.
12.
13.
14.
The installer may prompt for computer restart. Unless in a hurry, reboot the computer. If do not want to do
it, clear the Restart the computer checkbox before clicking the Finish button. It will make no harm to
the virus scan demonstration.
AL
Wait for the KES for Windows icon to appear in the notification area (next to the clock) and click it
In the main window of KES for Windows, click the Tasks area
Click the Critical Areas Scan task and on the shortcut menu select Start scanning
Wait for the scanning to be completed (progress percentage is displayed next to the task name)
Click the Critical Areas Scan task once again and on the shortcut menu select Reports
Look through the report to check whether viruses were found
If the Critical Areas Scan task found nothing, repeat steps 17-20 with the Full scan task
RN
15.
16.
17.
18.
19.
20.
21.
2.6 Summary
What next?
TE
We discussed how to deploy the protection system, assess its status, and adjust the settings. All these actions are
very easy, do not require some special technical skills and may be performed during a brief visit to the customer.
IN
As a result of the described procedures, we have an operational protection system and the administrator who is more
or less aware of how to maintain it. Chances are that in a year the customer will still be glad with the purchase and
buy license renewal.
FO
R
When discussing the renewal, it might be worthwhile to talk about extending the license. In the next chapter we will
describe several possible development directions for the created protection system.
71
FO
R
IN
TE
RN
AL
US
ON
LY
72
KASPERSKY LAB
LY
Chapter 3. KES for Business: Extended Features
Protection for mobile devices / Mobile device management

Data protection (encryption)
Systems Management
Anti-spam protection / centralized protection for the e-mail system
Customer protection management for service providers
US
3.1 Mobile Device Management
ON
Now the customer has an operational protection system based on Kaspersky Endpoint Security for Business. This
system can be easily upgraded depending on the customers growing requirements. In this chapter we will describe
possible upgrade directions:
Outline
AL
Let us describe mobile device management first. We will discuss the role of mobile devices in business, and
the benefits and issues involved. Afterwards, we will tell how Kaspersky Lab helps to solve these issues. Which
products are available, what they do, and how they are licensed.
Objective
RN
Nowadays, employees regularly use at least one, and often several mobile devicessmartphones, tablets and their
variations. On the one hand, these are almost full-fledged computers that are used for communication and work with
the documents. Employees use smartphones and tablets for business correspondence, viewing and storing work
documents as a matter of course.
TE
On the other hand, those are often personal devices of the employees. It means that they are all different, they are
unpredictably upgraded or replaced, they may be accessed by the employees relatives and friends, and may be sold
to strangerseverything without the administrators consent.
All things considered, allowing the employees to access the work documents via mobile devices is not safe. At
the same time companies, especially small, often have neither will nor way to prevent this. As a result, they have to
look for ways to minimize losses.
IN
Mobile devices, whether personal or corporate, are easy to lose: leave in a bar, drop in a taxi, fell victim to
a pickpocket. It is a real issue if corporate data is stored on the device. There should be the capability to clear such
data remotely from the device if it falls into a stranger's hands.
FO
R
Do not forget the malware issue. Their number is rocketing in the mobile device sector. They may become a channel
of important data leakage, and a source of various issues. Mobile devices need protection similarly to desktops.
73
FO
R
IN
TE
RN
AL
US
ON
LY
74
KASPERSKY LAB
LY
Bring your own device
The fact that employees prefer working from their personal phones and tablets is, on the one hand, good.
The company does not need to spend for devices, and benefits from the employees increased accessibility and
ability to work on the go, at lunch, and in other situations, not only at their workstations.
ON
But to be able to actually benefit from that, employees smartphones need to be connected to the company
resources: configured to receive corporate e-mail and connect to the office wireless (Wi-Fi) network; certificates for
secure connections to the company servers (e-mail, for example) must be downloaded on them, etc.
It is called enablement. And the administrator has to do that with every new personal device. The capability to
install the management agent on the device and then transfer all the necessary settings through it would be very
useful.
US
On the other hand, and we talked about this already, employees play games on their smartphones, give them to their
children, can easily leave the smartphone in a bar or drop in a taxi. Such smartphones should have an unlock
password, and one more password for accessing the corporate data. And it would be perfect to be able to define
the device coordinates and to send an erase command to the smartphone as a last resort to delete all corporate data.
The issue is aggravated by the fact that employees have different smartphones. Some of them have Apple, some
Blackberry, someNokia running Windows Phone, and someSamsung running Android. And all these devices
need to be connected and protected.
RN
Range of technologies
AL
The mobile device management tools attempt to put a girdle about the chaos. They enable the administrator to
control various employees devices. Specifically, they can require the employees to set an unlock password, can
block or wipe a device if it is lost. The degree of control varies for different devices.
In Kaspersky Lab products, mobile device management is a part of Kaspersky Security Center. And this is not just
one technology; it is a set of several technologies that embrace various device types.
Kaspersky Security Center possesses the following technologies:
TE
Apple MDM (Apple Push Notification service)allows managing Apple devices (iPhone, iPad) and only
them
Exchange ActiveSyncallows managing smartphones and tablets via the Microsoft Exchange mail client.
Covers all popular mobile platforms, but with limited control capabilities
IN
Kaspersky Security for Mobilean application for smartphones (and tablets) that protects against threats
and allows managing the device via Kaspersky Security Center; supports the majority of the mobile
platforms
FO
R
Let us describe these technologies in some more detail.
75
FO
R
IN
TE
RN
AL
US
ON
LY
76
KASPERSKY LAB
LY
Apple MDM
ON
In the Apple world, everything is somewhat more complicated for third-party developers than in the Microsoft and
Android worlds. For example, viruses are declared forbidden in the Apple world. It does not mean that they do not
exist, but it means that third-party developers may not create Anti-Virus programs for iOS. That is why Kaspersky
Security for Mobile for iOS neither searches for malware nor blocks it; it only blocks malicious and phishing sites
thus protecting the device as far as possible.
iPhone and iPad devices still need control, because employees can read corporate e-mail on them, store and view
documents, etc. Unless a lost iPhone is properly protected, anyone can read e-mail or documents of the employee.
Mobile device control guarantees basic protection for smartphones. At least the use of an unlock password.
Apple developed their own mobile management framework that third-party developers may use. And many do,
including Kaspersky Lab.
US
Apple MDM is good because it does not require installing any additional programs on the smartphone (or tablet).
The smartphone connects to the management system using a so-called profile. But it is not a programprofiles are
supported by the operating system.
At the same time, Apple MDM lacks some important features: it does not protect against threats, and does not
support program containerization (that is, the programs that access corporate data cannot be separated from other
applications).
AL
On the other hand, Kaspersky Security for Mobile do possesses these advantages, and that is why Apple MDM
should be used together with Kaspersky Security for Mobile. The more so because it does not involve extra
expendituresthe KES for Business Select license allows using all three mobile device management technologies.
RN
Microsoft ActiveSync
Essentially, it is a technology by Microsoft that works independently of Kaspersky Security Center. The key
requirement of this technology for the company infrastructure is the availability of a Microsoft Exchange server. If
this requirement is met, the company can control the devices that get e-mail from this server.
TE
ActiveSync Device Control allows enforcing the device access password or encryption requirements, prohibiting
the use of networks or program installation. If necessary, the administrator can remotely wipe the device if
the employee informs that the smartphone is lost.
IN
That is not a complete list of Exchange ActiveSync capabilities; but the fact of the matter is that only devices
running Windows Mobile support these capabilities to the full extent, while the majority of devices on the market
run Android and iOS. These operating systems support only some of ActiveSync capabilities, most important of
which are listed in the previous paragraph: password, encryption, remote wipe.
Kaspersky Security Center integrates with Microsoft Exchange Server and enables the administrator to control
mobile devices from the same console as typical computers. It is important in large companies, where
responsibilities are divided among the administrators. But it also important for small companies, where one
administrator is responsible for everything and the less consoles need to be monitored, the easier life.
FO
R
ActiveSync technology is attractive because it does not require installing additional programs on the devices.
The management is performed via the e-mail program, which is often a system program pre-installed on
the smartphone. Since ActiveSync provides only basic management capabilities on most devices, we recommend
using Kaspersky Security for Mobile together with ActiveSync.
Is this technology interesting for small companies? On the one hand, small companies rarely use Microsoft
Exchange for e-mail. It is neither the simplest nor the cheapest solution. A small company would rather use
an Internet provider services, a global service like Office 365 or one of numerous free products, whose flexibility
and complexity varies considerably.
On the other hand, the Microsoft Small Business Server offer is designed for small businesses. Some versions of
SBS include Microsoft Exchange Server. These companies would undoubtedly be interested in mobile device
management via Exchange ActiveSync.
77
FO
R
IN
TE
RN
AL
US
ON
LY
78
KASPERSKY LAB
LY
Kaspersky Security for Mobile
It is perhaps the only technology that will be of great interest to small businesses. It does not require any
infrastructure except for Kaspersky Security Center and is installed easily.
ON
To make mobile devices manageable, it is necessary to install Kaspersky Security for Mobile on them. It will
provide not only management capabilities, but also protection from typical threats (mobile malware, unauthorized
network activity of the programs, etc.)
Capabilities
KSM does much good for the user and for the company: from Anti-Virus protection to control over the smartphone
access settings, protection against theft, SMS filter, etc. Let us briefly describe the main capabilities:
US
Anti-Virus protectiona counterpart of computer Anti-Virus, watches which files are saved on
the smartphone and which programs are started. Also scans files on the smartphone on the specified
schedule. If they match malware signatures, KSM blocks them.
Anti-Theft protectionif a smartphone is lost, one would want it, first, found and back, and second,
corporate e-mail and other important data to be inaccessible to strangers. KSM can transfer GPS
coordinates of the device, block it until a long one-time code is entered, completely block the smartphone if
the SIM card is replaced, and, as a last resort, wipe all data from the smartphone.
AL
Network protectioncan block inbound connections (Wi-Fi, etc.) to decrease malware infection risk, can
block inbound and outbound connections to prevent unauthorized network activity of programs, can also
block access to web sites similarly to Web control in Kaspersky Endpoint Security, meaning, prohibit, for
example, social networks.
RN
Application Controlyou can prohibit installation and start of the specified programs, can install
programs in a special mode (container), when a password will need to be specified to start the program and
the program data can be deleted separately from other programs data.
Hardware controlyou can completely disable Wi-Fi, Bluetooth or camera, enforce the use of a device
access password and code
TE
SMS and call filtersemployees can configure blocking of unwanted messages and calls, and also can
hide calls and SMS to the specified numbers
These capabilities can be used either separately or all together; the Anti-Theft protection capabilities are apparently
useful for companies of any size.
IN
Support of various smartphones and tablets
FO
R
The mobile device control issue is aggravated by the fact that there are many various types of mobile devices on
the market. At this writing, smartphones (and tablets) running iOS and Android are most wide-spread. The share of
Windows (Windows Mobile, Windows Phone) is growing, but still is not large. The percentage of devices running
Symbian and Blackberry is decreasing drastically.
All these operating systems are as different as Windows, Linux and Mac OS X. They possess different capabilities,
are vulnerable to different threats and Kaspersky Security for Mobile works differently on them.
Android, the most widespread platform, is supported best of all. Almost everything Kaspersky Security for Mobile
is able ofprotection against malware and network attacks, measures that can be taken about lost and stolen
devices, application control and containerizationis applicable to Android smartphones and tablets.
79
IN
TE
RN
AL
US
ON
LY
iOS is supported somewhat worse, but mainly because of Apple marketing requirements. Most important
technologies, such as program containerization and network protection, are implemented for iPhone and iPad.
FO
R
Niche devices running Windows, Symbian and Blackberry are supported even less. However, Kaspersky Security
for Mobile has handy tools for them too: for example, required password, anti-malware protection and network
connection control.
80
KASPERSKY LAB
LY
Conclusion
Mobile device management is, at least, a way to make the unlock password required. It is important, because
smartphones and tablets may comparatively easily fall into hands of strangers.
ON
A good MDM solution is much more than just a required password. It supports various mobile platforms (Android,
iOS, etc.), protects devices against threats (viruses, phishing), allows taking some measures about lost or stolen
devices, and allows separating corporate data and programs from personal.
MDM by Kaspersky Lab is a good MDM solution because it embraces several technologies:
Management via Kaspersky Security for Mobileprovides protection against threats, containerization
(separation of corporate and private data), protection from theft; supports various platforms
US
Management via Exchange ActiveSyncprovides detection of corporate devices, minimum security on

numerous platforms, and anti-theft protection
Management via Apple MDMprovides enhanced management capabilities for iOS devices, simplifies
deployment of Kaspersky Security for Mobile on them
Advantages of mobile device management by Kaspersky Lab:
AL
The use of world best protection against viruses and other threats
Containerizationseparation of corporate programs and data from private
Management from a single consolecomputers, smartphones and tablets are managed via Kaspersky
Security Center
Support of numerous mobile platforms
RN
Mobile device management is available within the framework of Kaspersky Endpoint Security for Business Select
bundle and can also be purchased separately as a Targeted Security solution.
Outline
TE
3.2 Encryption
Objective
IN
The anti-threat protection system can be supplemented with a system that protects data by encrypting. In this chapter
we will discuss in which cases this protection is effective, and what is not to be expected of it. It goes without saying
that we will also describe offers by Kaspersky Lab, the capabilities of the corresponding products, and how they are
licensed.
FO
R
If an employee loses a USB flash drive or a notebook, anyone who finds it can easily read the files stored on
the device. Sure, sometimes it is extremely undesirable for the company.
In a sense, it is even a more serious issue than a lost smartphone. Notebook is a way more functional tool and more
work documents are usually stored on it than on a smartphone or a tablet. And even if the system is passwordprotected, the data from the notebook can be read by detaching its hard drive and connecting it to another computer.
To prevent such threats, you need to protect not only logging on to the system, but also the stored data, so that it
cannot be read without a password or some other authentication, even if the drive is connected to another computer.
Such protection is implemented in encryption.
81
FO
R
IN
TE
RN
AL
US
ON
LY
82
KASPERSKY LAB
LY
Encryption has been used for protecting secret data since the dawn of time. For example, Caesar cipher is one of
the simplest encryption methods that was used by the very same Caesar. Over the last 2000 years, various methods
of cipher breach were invented, as well as new encryption methods. During the last 100 years, mathematicians gave
their minds to it and invented encryption methods that will take more time to breach than the universe exists, even
with all of the world computers employed.
ON
Encryption is a technology that ensures that a file cannot be read without effort. Encrypted files are not just hard to
read, they are incredibly hard to read, almost impossible. Unless you know the password. With the password, they
can be read as easily as non-encrypted. But a stranger does not know the password. Therefore, encryption reliably
protects data on lost or stolen devices.
US
To provide high reliability, contemporary encryption methods are complicated enough. AES-256 encryption cannot
be easily used with a pen and paper. It is not impossible, but will take much time. However, you do not need to
know anything about all those complications to be able to use encryption. You just need to remember your password
and enter it when prompted. Encryption programs, for example, Kaspersky Endpoint Security for Windows, will
take care of the complexity. After entering the password, the user works with encrypted files as usual. Without
the password, these files will look like nonsense.
Encryption in Kaspersky Lab products
Kaspersky Lab offers data encryption within the framework of the Kaspersky Endpoint Security for Business
Advanced bundle.
AL
The data is encrypted by Kaspersky Endpoint Security program; additionally, for the network users to be able to
exchange encrypted data, the Kaspersky Security Center console is necessary.
The administrator can use Kaspersky Endpoint Security to encrypt data on various data carriers and at various
access levels. All in all, there are three encryption modes; we will describe each of them:
RN
Disk encryption
Encryption of removable drives
Disk encryption
TE
All the three modes use the same encryption algorithm, AES-256. It is an industry standard mentioned in ISO
documents and used in most encryption tools on the market. Unlike anti-threat protection tools, where
manufacturers compete by offering similar, but different technologies, encryption tools use the same technology and
compete in flexibility and usability.
IN
The encryption technology can be used differently. One of the methods is to encrypt the whole drive completely.
A huge advantage of this method is that you need not bother where important files are stored on the notebook.
Wherever. Everything will be encrypted. And the administrator does not need to configure anything, just enable
encryption on the computer where Kaspersky Endpoint Security is installed.
FO
R
A relative drawback of this method is that if a notebooks drive is encrypted, the access password has to be entered
before Windows boots. It is unusual for the users, and everything unusual is not desirable.
Sometimes people are afraid that if the user forgets the password, the encrypted data is very difficult to recover. It is
not quite true. Kaspersky Endpoint Security together with Kaspersky Security Center offers the administrator
several methods for recovering encrypted data even from damaged drives. If the user just forgets the password, it is
not a problem at all.
After the encryption password is entered, the user has nothing to worry about. KES for Windows seamlessly and
imperceptibly for the user decrypts the data being read from the drive and encrypts the data being saved to the drive.
If criminals get hold of such a drive, they will not be able even understand which files are stored on the drive and
whether they are stored there at all, let alone read them. An encrypted drive with files looks the same as an empty
encrypted drive, unless you enter the password.
83
FO
R
IN
TE
RN
AL
US
ON
LY
84
KASPERSKY LAB
LY
ON
Another encryption method is to encrypt files and folders according to the specified conditions. For example, all
files in the users home folder, all Microsoft Office documents, and local e-mail archives. The advantage of this
approach is that an employee does not perceive encryption. The access password is the Windows logon password.
The drawback is that the administrator has to draw up the list of conditions according to which files and folders are
encrypted. The administrator cannot control the users. They may save important documents elsewhere, and these
files will not be encrypted. Meaning, there is the risk that encryption will not be as efficient as it could be.
Encryption of removable drives
US
Unlike hard drives, which are rarely detached from computers to be connected to another computer, removable
drives are designed exactly for this. They help to carry documents from work to home and back, store presentations,
etc.
Encrypted data can be easily read on the computers connected to Kaspersky Security Center. But if the USB flash
drive is lost in a taxi, strangers will not be able to read its files on their computers.
AL
To be able to read protected data on the computers that are not connected to Kaspersky Security Center, for
example, at home or at a conference, use a special portable encryption mode in KES. It allows decrypting files on
any computer with the password.
What encryption cannot protect from
RN
Encryption prevents strangers from accessing the data. If someone finds or steals an encrypted device, they will not
be able to read the data.
FO
R
IN
TE
At the same time, encryption cannot prevent employees from transferring important data to a stranger accidentally
or deliberately. Or, in marketing terms, encryption is not a DLP solution. It can undoubtedly be a part of it, one of
the technologies implemented in a DLP solution. But by itself and in the way it is implemented in KES or any other
product for mobile data protection, encryption cannot guarantee comprehensive protection from data leakage.
85
FO
R
IN
TE
RN
AL
US
ON
LY
86
KASPERSKY LAB
LY
Conclusion
Encryption is mainly designed for protecting mobile data (data on laptops or media that may be lost or stolen).
An encrypted device reliably protects data from strangers.
ON
At the same time, encryption is not a full-fledged DLP solution able to protect from data leakage in general.
Encryption should not be regarded as universal protection from data leakage.
Data encryption can be organized in several ways, which differ in the balance of protection, the administrators
effort and the users convenience. Disk encryption provides the best protection, does not requires special setup by
the administrator, but changes the logon procedure for the user and adds work to the administrator if the user forgets
the password or a computer has to be given to another user.
Encryption of files and folders, vice versa, is seamless for the user and easy to maintain, but requires serious setup
and is not as reliable as disk encryption in the long run.
US
Most encryption tools available on the market use the same encryption methods (algorithms). Almost all of them are
based on the standard (today and for the near future) AES-256 algorithm.
A distinctive feature of encryption implemented in Kaspersky Endpoint Security for Business is the ease of
deployment and use both for the administrator and employees. Competitive solutions try to match requirements of
different market segments, and therefore are more complicated and less friendly to small businesses.
AL
KES for Business Advanced license is necessary for using encryption in Kaspersky Endpoint Security.
RN
3.3 Systems Management

Outline
TE
Another way to extend the capabilities of Kaspersky Endpoint Security for Business is to use Kaspersky Security
Center for general computer management rather than only for protection. Considering the fact that there is only one
administrator in the network, any help in network management is welcome.
In this chapter we will describe how Kaspersky Lab can help the administrators in their work, which products can be
used for this purpose and which licenses are necessary for that.
Vulnerability and patch management

Programs management
Operating system deployment
Network access control
License management
Hardware inventory
FO
R
IN
Specifically, we will study the tools available within the framework of the Systems Management functionality of
KSC:
We will tell you about the benefits provided by the Systems Management in general, and what would be of interest
to small businesses.
87
FO
R
IN
TE
RN
AL
US
ON
LY
88
KASPERSKY LAB
LY
Objective
The general task of Systems Management in KSC is to help the administrator cope with the tasks other than
protecting the network from various threats. And improve protection as well.
Purchase new computers and upgrade old ones

Prepare computers for work
Install, activate, update and uninstall programs for employees
Configure network access for employees and visitors
etc.
ON
The administrator has lots of work to do apart from protection:
Many of these operations are routine and the same for all computers. Such operations are just asking for automation.
Kaspersky Security Center provides it.
US
Systems Management in Kaspersky Security Center helps to solve the following tasks:
AL
Tell the administrator which devices are installed on the computers (how much memory, which processors,
etc.)
Tell the administrator which programs are installed on the computers
Install and uninstall programs
Tell the administrator if the installed programs need to be updated
Tell the administrator if there are vulnerabilities in programs or operating systems
Automatically download and install vulnerability fixes and program updates
Quickly install operating system and programs from an image prepared beforehand
Capture an image from any computer
Tell which devices (computers and other equipment) are found in the corporate network
Block network access for unknown or non-protected computers
RN
It is Kaspersky Security Center that does it, not Kaspersky Endpoint Security. Kaspersky Endpoint Security is not
necessary here at all.
The KES for Business Advanced license is necessary for Kaspersky Security Center to be able to manage systems.
TE

Programs have errors. Some of them just annoy users, and some can be used by criminals, for example, to infect
a computer with a Trojan. Such errors are called vulnerabilities.
IN
Vulnerability fixing is an important part of network protection. Until a vulnerability remains on the computer, it will
be attacked by malwareand one of them may finally pass by the Anti-Virus. If a vulnerability is fixed, the whole
class of the corresponding malware, both existing and not yet written, ceases to be dangerous for the computer.
FO
R
The first step in fixing vulnerabilities is detecting them. Kaspersky Lab maintains an extensive database of
vulnerable programs and uses it for scanning the computers. As a result of scanning, a list of vulnerable programs is
drawn up for each computer.
Such a scanning is implemented in many solutions, but the list of vulnerabilities by itself does not get us anywhere.
Vulnerabilities are fixed by installing updates. When the manufacturer gets to know about a program vulnerability,
they release a special update that replaces program files, or a new version to be installed instead of the old.
With the vulnerability list on hands, the administrator needs to do much work: find new program versions and install
them on the network computers. Most of the solutions available on the market cannot help much here.
89
IN
TE
RN
AL
US
ON
LY
FO
R
Systems Management in Kaspersky Security Center not only detects vulnerabilities, but can also fix them
automatically. The Kaspersky Lab vulnerability database contains information about where from to download
the fix or the new program version and how to install it silently. KSC automatically downloads the necessary files
and installs them on the vulnerable computers on the schedule specified by the administrator.
The administrator can adjust this process, for example, prohibit installation of an update or enable automatic
installation of non-critical updates, but it works all right with the default settings as well.
90
KASPERSKY LAB
LY
Software management
Vulnerability fixing tools can also be used for other purposes. After scanning the computers, Kaspersky Security
Center can inform the administrator about all installed programs rather than only about vulnerable.
ON
The administrator can use Kaspersky Security Center to centrally uninstall unnecessary programs. Kaspersky
Security Center can inform the administrator if the users try to install these programs again.
Information about new program versions from the vulnerability database can be used for installing programs on
the computers. To install, for example, Adobe Reader, the administrator just selects it on the list of supported
programs in Kaspersky Security Centerthe latest version will be automatically downloaded from the Internet and
installed on the selected computers.
All together, it is called software management: gathering information about the installed programs, centralized
installation, update and uninstallation of programs.
AL
Objective
US
In addition to software management, Kaspersky Security Center has license monitoring, which will be described
later.
When a new employee joins the company, the administrator prepares a computer: installs the operating system and
all the programs necessary for work. If traditional methods are employed, it will take several hours.
RN
Kaspersky Security Center allows preparing a computer for considerably less time, and unattended at that, meaning,
the administrator just starts the process, and can deal with other tasks meanwhile.
How it works
TE
To quickly and automatically install an operating system and programs on a computer, it is necessary to prepare
a so-called disk image. You will need a computer where everything required is already installed. At
the administrators command, Kaspersky Security Center captures the computers image, which then can be used for
installation on other computers.
IN
The image can be installed even on an absolutely new computer without a system. It is sufficient to connect it to
the network. Kaspersky Security Center will detect and display it, and the administrator will be able to start
installation there.
FO
R
It works best when the computers are identical. But even if the computers are different, operating system
deployment can also be used.
91
FO
R
IN
TE
RN
AL
US
ON
LY
92
KASPERSKY LAB
LY

Objective
ON
There are usually shared folders for document exchange in the corporate network. At the same time, hospitality and
business rules require that visitors (customers, partners, contractors, etc.) are provided with Internet access to be able
to work with e-mail and not to feel neglected.
In small companies, networks are usually organized rather simply. Everyone can connect to everyone. It is easy to
configure, but you can easily suffer from that approach as well. Visitors might bring malware, which will try to
attack the network computers. Some visitors may try to steal documents from shared folders or internal web
resources. This should be prevented.
US
Network access control implemented in Kaspersky Security Center allows the administrator to monitor
the computers connected to the network, and restrict their access to internal resources. The network need not be
reconfigured for that.
Typical scenario
AL
Explaining how it works would involve too much technicalities. Let us just say that network access control in
Kaspersky Security Center does not require additional devices for traffic interception, does not require switching
network devices to special modes and in general does not require any changes to be made to the network settings.
Instead of technicalities, let us study the main scenarios of using network access control.
RN
Suppose, the administrator comes to work and notices that there has been many infection attempts in the network,
which were fortunately blocked by Kaspersky Endpoint Security. It's all right so far; however, if there is an infected
computer in the network, it may download new virus modifications from the Internet and no guarantee that one of
them will not be luckier. You should better find the threat source and neutralize it.
TE
The administrator can use network access control to view which computers are connected to the network. In a small
company, the administrator may know all computer names. If an unfamiliar name shows on the list of network
computers, the administrator can manually block this computer. Kaspersky Security Center will take care of
the computer so that it cannot connect to other network computers.
To protect the network from similar cases in future, the administrator can create a rule according to which unknown
computers will not receive network access unless approved by the administrator. Or a rule according to which
unknown computers will be able to access only the Internet rather than the network computers.
IN
It may also turn out that one of internal computers has become a source of infection. There can be old databases on
it, or Kaspersky Endpoint Security disabled; anyway, it got infected and began attacking other computers.
To protect from this, the administrator can create a rule according to which a computer with bad protection status
(outdated databases, KES not running) cannot connect to other computers and access the Internet; it will only be
able to connect to the Administration Server.
FO
R
Usually, network access control is required in large companies where it is difficult to monitor numerous visitors,
employees and their requirements. However, a considerable advantage of Kaspersky Security Center is that
configuring access control requires minimum effort and nothing need to be changed in the network settings. Such
access control can be easily employed in a small company.
93
AL
US
ON
LY
Inventory and license control
RN
We already mentioned inventory in the section devoted to programs management. We told that the administrator can
receive the list of installed programs and then uninstall some of them or install others.
If licensed programs are used in the company, the administrator has to monitor the number of activated licenses not
to exceed the limit. The administrator can specify in Kaspersky Security Center how many licenses the company
purchased for each program, and Kaspersky Security Center will inform the administrator about upcoming license
expiration or exceeded limit.
TE
In addition to the list of programs, the administrator receives the list of hardwarewhich processors are installed in
the computers, which drives, how much memory, etc. This list can be used to plan purchases of new computers and
retirement of old. It is anyway easier than gathering this data from each computer one by one.
IN
Hardware and software inventory would be of great use to a newcomer administrator, because it helps to understand
what, where and how is installed on the computers.
FO
R
We described in general the capabilities of Systems Management in Kaspersky Security Center. In this connection,
the question may arise who could benefit from them.
94
KASPERSKY LAB
LY
First, the companies that seek to improve their protection system. Thanks to detecting and fixing the vulnerabilities
and network access control, infection probability decreases, as well as probable harm.
ON
Second, the companies that regularly prepare new computers. For example, large companies where there are many
employees and even if quitting percentage is small, it has an impact already. It can also be a certification or training
center, university, school, cybercaf or other similar organizations, where computers often have to be brought to
the initial state.
Third, Systems Management can be of use for the companies that need to observe license terms. Kaspersky Security
Center helps to monitor the installed programs and the use of licenses.
Finally, Systems Management comes in handy if the company pays much attention to the processes and internal
security policy. Network access control allows enforcing this policy on employees and visitors.
US
All of this (high security requirements, strict processes, the necessity to monitor the use of software) is rather typical
of large companies. And Systems Management, probably, would rather be used by them. But it does not mean that
small companies cannot benefit from using Systems Management at all.
First, enhanced security is beneficial for any company, regardless of the size. And fixing the vulnerabilities is a very
effective weapon against many threats, including new ones.
AL
Second, in a small company, the administrator needs help more than in a large one. In large companies,
the administrators have their specializations and split responsibilitiese-mail, protection, network equipment, etc.
In a small company, the administrator is responsible for everything and any time-saving tool comes in handy: help
in setting up a new computer, installing programs or updates, or any other.
RN
Third, Systems Management in Kaspersky Security Center enables small companies to use traditionally complex
technologies without complexities. Network access control, vulnerability and patch management, programs
management, operating system deploymenteverything is available in the single protection management console
and is considerably easier to use than traditional tools.
Conclusion
Systems Management in Kaspersky Security Center is a set of tools for routine and time-consuming network
maintenance administrative tasks:
Management of programs and licenses
Hardware inventory
TE
IN
Systems Management simplifies the administrators work. The more computers the company has, the more useful
Systems Management is. Additionally, Systems Management improves the companys protection against threats.
FO
R
Traditionally, all of the Systems Management components were separate and complex solutions. That is why they
were little used not only by small, but also by large businesses. Kaspersky Lab offers a new approach to the old
issuescomplex technologies without traditional complexities.
All tools are available through the single protection management consoleKaspersky Security Center, and do not
require any special knowledge. Vulnerability fixing can be completely automatic. Setting up access control in
the whole network is no more difficult than configuring a personal firewall.
To be able to use Systems Management by Kaspersky Lab, you only need Kaspersky Security Center and the KES
for Business Advanced license. On the one hand, it is a more expensive license than needed for protection (KES for
Business Core or KES for Business Select). On the other hand, if the company uses encryption in Kaspersky
Endpoint Security, they already have the KES for Business Advanced license, and they can benefit from Systems
Management as well.
95
FO
R
IN
TE
RN
AL
US
ON
LY
96
KASPERSKY LAB
LY
3.4 Kaspersky Security for Microsoft Exchange

Outline
ON
Speaking of protection system enhancement, let us discuss anti-virus and anti-spam protection for Microsoft
Exchange mail systems. Small companies may use Microsoft Exchange as a part of Microsoft Small Business
Server, and therefore they can be interested in Kaspersky Security for Microsoft Exchange Server.
We will describe which capabilities this product has, how it is licensed, and what is required of the administrator.
Objective
US
The viruses sent by e-mail can be caught by File Anti-Virus, too. However, just like in real life, a disease is easier to
cure at early stages. When viruses are deleted from messages by the Mail Anti-Virus, it spends fewer resources and
creates fewer inconveniences.
However, malicious messages can be deleted even earlier, on the mail server. It saves even more resources and is
even more imperceptible for the employees.
AL
In addition to viruses, there is spam in e-mail. It does not harm the computer, but hampers the work and that is why
everybody tries to get rid of it the sooner the better. Anti-spam protection is built into, for example, Google Mail and
other online e-mail services. Spam, just like viruses, is far more efficiently countered on the mail server than on
the employees computers.
Mail servers belong to various e-mail systems. For example, Microsoft Exchange, Lotus Notes, Sendmail, Postfix,
etc.
RN
A small company is unlikely to purchase Microsoft Exchange. They would rather have Microsoft Small Business
Server, most editions of which contain Microsoft Exchange. However, this situation will not last long, because
Microsoft discontinues support of Small Business Server, and small companies will be offered Office 365 online
service instead.
Licensing
TE
But until this happens, and some small companies are still using Microsoft Exchange, they may be is interested in
protecting the mail going through it from malware and spam. Kaspersky Lab offers these companies Kaspersky
Security for Microsoft Exchange Server.
IN
Kaspersky Security for Microsoft Exchange Server is licensed by the number of inboxes on the server. The KES for
Business Core, Select and Advanced licenses do not include this protection. Kaspersky Total Security for Business
covers it, but costs much.
A small company would rather buy an additional license for inbox protection.
FO
R
Anti-virus protection
Anti-virus protection in Microsoft Exchange is somewhat more complicated than in KES Mail Anti-Virus.
The received messages are intercepted and scanned against the malware database. If a message is infected, it will be
blocked and will not be delivered to the addressee. There are minimum settings, you only need to monitor that
the signature database is regularly updated. The updates must work automatically; the administrator should only
check for errors from time to time.
To improve reliability and eliminate false positives, Kaspersky Security for Microsoft Exchange Server uses KSN.
97
FO
R
IN
TE
RN
AL
US
ON
LY
98
KASPERSKY LAB
LY
Anti-spam protection
Anti-spam protection is a bit more complicated. The general principle is the same: the messages received on
the server are scanned for spam.
ON
The complexity is that spam is sometimes difficult to distinguish from advertisement or commercial messages.
Sometimes the difference can be revealed after thorough analysis of the message text, sometimes it is necessary to
check where the message comes from, and sometimes if the message contains images it is necessary to check what
is on these images or where they are published in the Internet (if a message contains links to images instead of files).
Spam can be detected by various checks. Each check influences the total probability of message being an unwanted
spam message. However, in general, e-mailing is organized so that it is hard to tell whether a message is spam.
Criminals use trapdoors in e-mail protocols and successfully conceal spam message sources. And the mere text of
the message is not enough to reliably detect spam.
US
As a result, efficiency of Anti-Spam filtering is lower than that of Anti-Virus regardless of the installed Anti-Spam
program. Some part of spam messages will periodically pass the filter, or the filter will block some legitimate
messages.
In Kaspersky Security for Microsoft Exchange, the administrator can adjust the spam threshold. With stricter
settings, spam is blocked better, but legitimate message may suffer. The other way round, legitimate messages are
rarely detained, but more spam is let through the filter.
AL
In addition to general sensitivity, the administrator can modify many scan settings. There are considerably more of
them than in the Anti-Virus settings. However, in a small company the administrator rarely needs to do this,
considering the fact that the Anti-Spam filter works very efficiently with the default settings.
RN
Conclusion
3.5 Summary
TE
Kaspersky Security for Exchange is of use to small companies who want to protect e-mail on Microsoft Small
Business Server. Kaspersky Security does not require special setup, and thus meets the requirements for products for
small businesses.
IN
In this chapter we discussed what you can offer a satisfied customer when they come to buy a renewal. Depending
on the customers business, you can offer data encryption, protection and management for smartphones and tablets,
extended computer management and anti-spam protection.
FO
R
Additionally, you can contact the customers service provider and offer a management automation toolKaspersky
Security Center Service Provider Edition.
99
FO
R
IN
TE
RN
AL
US
ON
LY
100
KASPERSKY LAB
LY
Conclusion
FO
R
IN
TE
RN
AL
US
ON
We get more acquainted with Kaspersky Security for Business product line today and obtained experience in
deploying basic solutions. It should help when talking to prospects and customers, turning prospects into customers,
and customers to regular customers.
3.2

KL 019 10 Eng Guide PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL 019 10 Eng Guide PDF

Uploaded by

Copyright:

Available Formats

LY

Technical Training KL 019.10

Kaspersky Endpoint Security and Management:

1.1 Structure and Licensing of KES for Business ....................................................................................................... 10

1.2 Requirements of Small Businesses ....................................................................................................................... 14

Kaspersky Endpoint Security components ........................................................................................................... 16

Installing the Administration Server .................................................................................................................... 34

Uninstallation of protection tools by other manufacturers .................................................................................. 46

Where to look ....................................................................................................................................................... 52

2.4 Settings ................................................................................................................................................................. 58

2.5 Virus Scanning Demonstration ............................................................................................................................. 68

Chapter 3. KES for Business: Extended Features ........................................................ 72

Conclusion .................................................................................................................. 100

KL 019.10: Kaspersky Endpoint Security and Management: Small Business

Help small partners gain buyers interest in Kaspersky Lab products

So, the course outline is as follows:

Chapter 1. Kaspersky Endpoint Security

1.1 Structure and Licensing of KES for Business

Kaspersky Endpoint Security for Business Core

Kaspersky Endpoint Security for Business Core

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Kaspersky Endpoint Security for Windows Workstations

Kaspersky Endpoint Security for Business Select

KL 019.10: Kaspersky Endpoint Security and Management: Small Business

Kaspersky Endpoint Security for Business Advanced

All these components will be described in Chapter 3.

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Targeted Security solutions

For Mail Server

1.2 Requirements of Small Businesses

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

1.3 Description of KES for Business

These components protect against threats propagating over the network:

Each of the control components has a special purpose:

Finally, encryption components protect data at two levels:

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Web Anti-Virus intercepts web requests and does the following:

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Network Attack Blocker

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Kaspersky Security Network

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Application Startup Control

Games and other entertainment programsto improve labor productivity

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

The administrator can quickly spot issues in the centralized reports

Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control

Chapter 2. KES for Business: Installation, Setup,

In this chapter we will also cover the following situations:

Installation of the Administration Server

Virus activity monitoring

Chapter 2. KES for Business: Installation, Setup, Troubleshooting

Scanning the computer for malware

2.1 Basic Installation Sequence

The skeleton of the deployment plan is as follows:

2.1. Searching for target computers

Plan B for the error-prone steps is:

1.4 GHz processor

Start the installation

Chapter 2. KES for Business: Installation, Setup, Troubleshooting