KL 019.10 Student Guide V5-Ing-Mx

SP2 Version 5.
Kaspersky Lab
www.kaspersky.com
Training KL 019.10
Kaspersky Endpoint Security and Management
for Small Business
Student Guide
Foreword ......................................................................................................................... 4
Background ................................................................................................................................................................... 4
Idea ............................................................................................................................................................................... 6
Audience ....................................................................................................................................................................... 8
Outline .......................................................................................................................................................................... 8
Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control ......... 10
1.1 Licensing............................................................................................................................................................... 10
License types ........................................................................................................................................................ 10
Kaspersky Endpoint Security for Business Core .................................................................................................. 11
Kaspersky Endpoint Security for Business Select ................................................................................................ 12
Kaspersky Endpoint Security for Business Advanced .......................................................................................... 12
Targeted Security solutions .................................................................................................................................. 14
1.2 Requirements of Small Businesses ....................................................................................................................... 14
1.3 Description of Kaspersky Endpoint Security for Business ................................................................................... 16
Kaspersky Endpoint Security components ........................................................................................................... 16
Anti-malware protection ...................................................................................................................................... 18
Updates ................................................................................................................................................................ 22
Centralized management ...................................................................................................................................... 24
Endpoint control .................................................................................................................................................. 26
Summary .............................................................................................................................................................. 30
Chapter 2. KES for Business: Installation, Setup, Troubleshooting ............................ 32

2.1 Basic Installation Sequence .................................................................................................................................. 34
Installing the Administration Server .................................................................................................................... 34
Installing Kaspersky Endpoint Security over the network ................................................................................... 37
Local Installation of Kaspersky Endpoint Security .............................................................................................. 40
Getting Started with the Console ......................................................................................................................... 42
Virus activity monitoring...................................................................................................................................... 44
2.2 Advanced Installation Scenarios ........................................................................................................................... 46
Uninstallation of protection tools by other manufacturers .................................................................................. 46
Kaspersky Endpoint Security activation............................................................................................................... 49
2.3 Monitoring ............................................................................................................................................................ 52
Monitoring ........................................................................................................................................................... 52
Where to look ....................................................................................................................................................... 52
Update health ....................................................................................................................................................... 54
Protection health check ........................................................................................................................................ 56
2.4 Settings ................................................................................................................................................................. 58
Configuring real-time protection exclusions ........................................................................................................ 58
Blocking program start ........................................................................................................................................ 60
Blocking removable drives ................................................................................................................................... 64
Blocking online shops .......................................................................................................................................... 66
2.5 Virus Scanning Demonstration ............................................................................................................................. 68
2.6 Summary ............................................................................................................................................................... 70
2 KASPERSKY LAB™
KL 019.10: Kaspersky Endpoint Security and Management: for Small Business
Chapter 3. KES for Business: Extended Features ....................................................... 72

3.1 Mobile Device Management ................................................................................................................................. 72
Deployment Plan .................................................................................................................................................. 72
Objective .............................................................................................................................................................. 72
Bring your own device ......................................................................................................................................... 74
Range of technologies .......................................................................................................................................... 74
Apple MDM .......................................................................................................................................................... 76
Microsoft ActiveSync ............................................................................................................................................ 76
Kaspersky Endpoint Security for Mobile.............................................................................................................. 78
Self Service Portal ................................................................................................................................................ 80
Summary .............................................................................................................................................................. 80
3.2 Encryption............................................................................................................................................................. 82
Deployment Plan .................................................................................................................................................. 82
Objective .............................................................................................................................................................. 82
Encryption in Kaspersky Lab products ................................................................................................................ 84
Disk encryption .................................................................................................................................................... 84
Encryption of files and folders ............................................................................................................................. 86
Encryption of removable drives ........................................................................................................................... 86
What encryption cannot protect from ................................................................................................................... 86
Conclusion ........................................................................................................................................................... 86
3.3 Systems Management ........................................................................................................................................... 88
Outline.................................................................................................................................................................. 88
Objective .............................................................................................................................................................. 90
Vulnerability and patch management .................................................................................................................. 90
Software management .......................................................................................................................................... 92
Operating system deployment .............................................................................................................................. 92
Network access control ........................................................................................................................................ 94
Inventory and license control ............................................................................................................................... 95
Small business benefits ......................................................................................................................................... 96
Conclusion ........................................................................................................................................................... 96
3.4 Kaspersky Security for Microsoft Exchange ........................................................................................................ 98
Outline.................................................................................................................................................................. 98
Objective .............................................................................................................................................................. 98
Licensing .............................................................................................................................................................. 98
Antivirus protection............................................................................................................................................ 100
Anti-spam protection .......................................................................................................................................... 100
Data leakage prevention .................................................................................................................................... 100
Conclusion ......................................................................................................................................................... 100
3.5 Summary ............................................................................................................................................................. 102
Conclusion .................................................................................................................. 102

3
4 KASPERSKY LAB™
Foreword
First of all, let’s briefly describe:
— Course background—our view of the situation, and what we would like to change
— Course idea—what we believe is able to change the situation
— Course outline—the themes that will be covered and their presentation order. Because it is always good to
know what is in store for us
— Audience—our view of prospective trainees
Background
First of all, we are only going to cover business products by Kaspersky Lab. No “KISes”, only “KESes.”
Our picture of the world is as follows. Doing business through direct sales only is possible, but inefficient. That is
why we, Kaspersky Lab, are extremely interested in retailers. We want to help them in every possible way.
European and worldwide statistics tell us that the majority of purchases are being done by small business (about 50
endpoints) and these sales are made by relatively small partners.
These relatively small partners do not have pre-sales or post-sales engineers; instead, more often than not, they have
a sales employee responsible for selling Kaspersky Lab products (and other products as well).
We believe that because of this focus on sales, this employee does not possess deep knowledge of the Kaspersky
Lab products, their installation and configuration, and therefore will have less influence in the sale. To them,
Kaspersky Lab products are just “goods” like any other and for the sale to succeed, they must depend upon
the knowledge and interest of the buyer. This is the first thing we would like to try to change.
In order to boost the customer’s interest, we want this employee to tell an entertaining and informative story about
Kaspersky Lab products.
We know that sales in the Anti-Virus (endpoint) protection market are cyclic. It means that a one-year license is
sold, and renewed a year later at a lower price. One would think that the discount is sufficient to motivate
the renewal, when in fact, the customer can get a similar discount for migrating to a rival product. Price is not
enough to retain a customer.
It is important to keep the customers happy, or at least satisfied for a successful renewal. Currently, sales people
have little influence on the customer’s satisfaction. They do not participate in the product installation or support.
5
Foreword
6 KASPERSKY LAB™
The customers’ satisfaction depends mainly on their ability to correctly install and configure the product. Later on,
they may contact the technical support of the local Kaspersky Lab office. But first, someone has to install
the products. Small businesses (10-50 endpoints) may lack skilled employees to perform this task. Even though this
task is not difficult, inexperience may lead to difficulties. A deal may fail if the product installation is not
guaranteed. Or the deal can be made, but the customer may install the product incorrectly. Then, in a year,
the disappointed client will not renew the license. This is the second point we want to change.
We want the sales person, if necessary, to spend time (a couple of hours) helping the customer to install and
configure Kaspersky Lab products. Let’s repeat once again, the task is not actually difficult. Especially with a small
number of client computers.
Idea
Kaspersky Lab has prepared a small workshop to achieve our goals, i.e.
— Help small partners gain buyers’ interest in Kaspersky Lab products

— Teach small partners how to install and configure Kaspersky Lab products should the necessity arise
We understand that small partners are not selling Kaspersky Lab products exclusively and Kaspersky Lab sales
while important, may not be a top priority, and investing too much time in collaboration with Kaspersky Lab is less
than desirable. The good news is that we do not require a considerable investment of time. The workshop will take
less than a day. During the workshop, we will talk about the products, leaving out many technical details. We will
demonstrate and let you try installing and configuring the products.
It goes without saying that we are not covering all of the Kaspersky Lab products, but only about those that may be
of interest to small partners and clients. Namely—Kaspersky Endpoint Security, Kaspersky Security Center and
a couple of other products that may come in handy as well.
7
Foreword
8 KASPERSKY LAB™
Audience
The course is designed to help partners. We would like to shake hands with those talented individuals who sell
Kaspersky Lab products. What do we expect from the audience?
We expect that they have, at some point, installed some sort of software program by themselves. The point is that
the installation process itself must not seem difficult or requiring some special skills to them.
We expect that they ever heard of malware and the harm it may cause. Just basics, no special knowledge is required.
We expect that they are interested in knowing more about Kaspersky Lab products, what they can do and how to
install them.
That’s it. And now let’s get down to the course outline.
Outline
The workshop consists of three parts: two reviews and one practice.
First, we will review Kaspersky Endpoint Security and Kaspersky Security Center. It is not intended as a deep study,
since Kaspersky Endpoint Security and Kaspersky Security Center together have so many capabilities that we wrote
a 7-day technical course to describe them and yet had to omit some minor features.
That is why during the first overview, we will just tell you how Kaspersky Endpoint Security and Kaspersky
Security Center provide protection against threats. Eventually, a small company typically arrives at the idea of
buying “Kaspersky Anti-Virus” after an unpleasant malware incident rather than after a thorough analysis of
processes and automation solutions.
During the practical part, we will explain how to install and configure Kaspersky Endpoint Security and Kaspersky
Security Center. Again, we will not go into all of the details and technicalities; instead, we will study the simplest
scenarios that should work well in most small networks.
In the third (final) part of the workshop we will briefly describe what Kaspersky Endpoint Security and Kaspersky
Security Center can do in addition to antivirus protection, and also tell about Kaspersky Security for Microsoft
Exchange.
So, the course outline is as follows:
1. Protection against threats, Endpoint Control, centralized management and licensing (the order may vary
though)
2. Installation and initial setup—demonstrations, explanations and practice of installing Kaspersky Endpoint
Security and Kaspersky Security Center
3. Mobile Device Management, Encryption, Systems Management, protection for the Microsoft Exchange
mail system
At the beginning of each chapter, we will provide a bit more detailed outline.
9
Foreword
10 KASPERSKY LAB™
Chapter 1. Kaspersky Endpoint Security for

Business: Protection and Control
In this chapter we start studying Kaspersky Endpoint Security for Business. Since several license bundles are
available for this solution, let’s first focus on licensing and find out which capabilities each license provides, and,
accordingly, which license better serves the customer’s needs.
After that, we will review some specifics of small businesses and discuss which protection features are most
important to them, and why their requirements differ from personal users and large or medium-sized businesses.
Then we will explain how a customer would benefit from the Kaspersky Endpoint Security for Business solution.
1.1 Licensing
License types
If you open Kaspersky Lab web site and look at the offers for small businesses, you will see the following 1:
— Kaspersky Endpoint Security for Business Core

— Kaspersky Endpoint Security for Business Select
— Kaspersky Endpoint Security for Business Advanced
These are license types, or, to be more precise, license bundles. A license governs the use of Kaspersky Lab
products and components.
Each subsequent license bundle extends the set of available capabilities. Select includes all of the Core functions and
additionally allows a customer to use other programs and components. Advanced includes the Select bundle and
further extends the list of available components. Later we will study in detail what each license bundle consists of.
Sometimes the customer says that they do not need additional programs from the Select bundle, but need a program
from Advanced. There are special Targeted Security solution licenses for such clients. They permit using a specific
program or technology and they can be added to the license bundles. For example, a customer may purchase the
Kaspersky Endpoint Security for Business Core bundle and additionally the Kaspersky Security for Mobile license.
We will list the Targeted Security solution licenses later.
If you are lucky enough, your customer might say that they have no time to pick and choose, they want it all, and
have the budget for it. For these customers, there is the Kaspersky Total Security for Business license bundle, which
allows a customer to use nearly all of the Kaspersky Lab products and technologies.
Kaspersky Endpoint Security for Business is licensed by the number of protected nodes, meaning, computers where
protection tools are to be installed. If there are 50 computers in the customer’s network, they will need 50 licenses.
Kaspersky Endpoint Security for Business Select and Advanced allow protecting not only computers, but also
mobile devices, such as smartphones and tablets. For these bundles, you need to take into account all the protected
devices—computers, smartphones and tablets.
1
Some licenses are not offered on some markets.
11
Chapter 1. Kaspersky Endpoint Security for Business: Protection and Control
Kaspersky Endpoint Security for Business Core2

Kaspersky Endpoint Security for Business Core is designed to protect workstations against threats: malware, hacker
attacks, phishing, etc. The Core bundle does not provide protection for servers.
It covers most types of workstations: Windows, Linux, Mac OS. The following versions of Kaspersky Lab programs
provide protection for the respective operating systems:
— Kaspersky Endpoint Security for Windows Workstations

— Kaspersky Endpoint Security for Linux Workstations
— Kaspersky Endpoint Security for Mac OS
All these programs can be used under the Kaspersky Endpoint Security for Business Core license.
Kaspersky Endpoint Security for Windows consists of many components; some of them provide protection against
threats, and others achieve other goals. The Kaspersky Endpoint Security for Business Core license activates only
2
On some markets, the Core bundle is not available; the Select bundle is offered instead, which comprises the Core
functionality.
12 KASPERSKY LAB™
the protection components. We will describe all components of Kaspersky Endpoint Security for Windows and their
purposes later.
All Kaspersky business products have remote management consoles. The remote management console of Kaspersky
Endpoint Security for workstations is implemented in another program, Kaspersky Security Center. Kaspersky
Endpoint Security for Business Core license permits using Kaspersky Security Center for managing Kaspersky
Endpoint Security. However, Kaspersky Security Center also has additional components that are not covered by the
Kaspersky Endpoint Security for Business Core license. We will study these components in Chapter 3.
Kaspersky Endpoint Security for Business Select

Kaspersky Endpoint Security for Business Select includes everything available in the Core bundle: protection
against threats for Windows, Linux and Mac workstations, and protection management via Kaspersky Security
Center.
Additionally, Kaspersky Endpoint Security for Business Select allows protecting Windows, Linux and Novell
NetWare servers against threats. The following programs provide protection for servers:
— Kaspersky Endpoint Security for Windows—the same program that protects workstations; works on all
Windows computers
— Kaspersky Anti-Virus for Windows Servers Enterprise Edition—a special version for corporate server
systems; supports terminal services, clusters, etc.
— Kaspersky Anti-Virus for Linux File Server
— Kaspersky Anti-Virus for Novell Netware
Aside from traditional laptops and desktops, Kaspersky Endpoint Security for Business Select allows a customer to
protect mobile devices: smartphones, tablets, etc. The application designed by Kaspersky Lab for these devices is
named Kaspersky Endpoint Security for Mobile.
The Kaspersky Endpoint Security for Business Select license is not limited to protection only. It activates
the components of Kaspersky Endpoint Security for Windows that allow controlling employees’ actions—prohibit
the users from starting selected programs, connecting devices and visiting web sites. We will review the capabilities
of these components in more detail later.
Finally, Kaspersky Endpoint Security for Business Select allows a customer to use Kaspersky Security Center for
managing all of the abovementioned programs. In particular, activates special components of Kaspersky Security
Center for mobile device management. We will describe these components in Chapter 3.
Kaspersky Endpoint Security for Business Advanced

The Advanced bundle includes everything from the Select bundle and provides some additional capabilities.
In Kaspersky Endpoint Security for Windows Workstations, the Kaspersky Endpoint Security for Business
Advanced license activates encryption components. These components protect data on the devices that can be lost or
stolen.
In Kaspersky Security Center, the Kaspersky Endpoint Security for Business Advanced license activates
the Systems Management components.
All these components will be described in Chapter 3.

13
14 KASPERSKY LAB™
Targeted Security solutions

If a customer is interested in protection for workstations and servers, and is not interested in protecting mobile
devices, or needs to protect only workstations and mobile devices, without servers; they can be offered
the Kaspersky Endpoint Security for Business Core bundle and an additional license for server protection or mobile
device protection.
The following additional licenses are available within the framework of the Targeted Security Solutions program:
— For Mail Server

— For File Server
— For Mobile
— For Internet Gateway
— For Virtualization
— For Collaboration
— Systems Management
— For Storage3
— For Anti-Spam Protection4
We will not go into the details concerning these licenses and programs they activate. The only program we will
describe is Kaspersky Security for Microsoft Exchange Servers, which is activated by the license for mail servers.
If a customer needs all (or almost all) business products by Kaspersky Lab, the Kaspersky Total Security for
Business license will suit them perfectly. It includes all licenses for targeted security solutions and everything
available in the Kaspersky Endpoint Security for Business Advanced bundle.
1.2 Requirements of Small Businesses

All businesses need protection against threats, and small businesses have their specifics and typical requirements for
the protection system.
Unlike large companies, small businesses have no specialization among administrators. There is usually only one
administrator, sometimes even not on the staff, who is responsible for administering everything within the company.
Small businesses cannot invest much in the administrator’s education.
Therefore, small businesses need user-friendly solutions that require minimum administering. A protection solution
must block threats automatically without bothering the users and have no false positives. Installation and setup of
such a solution must not require special knowledge and skills.
Let’s look at Kaspersky Endpoint Security for Business from this point of view and demonstrate that Kaspersky
Endpoint Security for Business can be used right away, without training, that installation will not take much time,
setup is not necessary, and maintenance boils down to consulting the console from time to time.
3
Depending on the market, the solution for WSEE is either available as a separate license, or included in the solution for file
servers.
4
This license is not available on some markets.
15
16 KASPERSKY LAB™
1.3 Description of Kaspersky Endpoint Security for

Business
Kaspersky Endpoint Security components

Kaspersky Endpoint Security consists of components, each of which has its own area of responsibility. Some
components protect against threats, some help to control the user, and others encrypt data.
Protection components are the most numerous and can be grouped by functionality.
The following components search for malware and neutralize it:
— Virus Scan
— File Anti-Virus
— Mail Anti-Virus
— Web Anti-Virus
— IM Anti-Virus
These components protect against threats propagating over the network:
— Firewall
— Network Attack Blocker
The System Watcher component protects from complex threats that can be detected only if information from all
other protection components is gathered.
The BadUSB Attack Prevention component helps to repel the threat of malicious flash drive firmware.
Kaspersky Security Network and update modules also participate in protection against threats. We will talk about
them later in this chapter.
Each of the control components has a special purpose:
— Application Privilege Control

— Application Startup Control
— Device Control
— Web Control
Finally, encryption components protect data at two levels:
— Disk encryption
— Encryption of files and folders
17
18 KASPERSKY LAB™
Anti-malware protection
When describing components, similarly to products in general, we will place emphasis on the role they perform and
the difference they make. Let’s study the following components of Kaspersky Endpoint Security:
— Virus Scan
— File Anti-Virus
— Mail Anti-Virus
— Web Anti-Virus
— IM Anti-Virus
All of them are directly responsible for anti-malware protection. Other components improve protection; make it
more reliable, more self-sufficient, and more proactive. But most of the virus detection activities are performed by
the components listed above.
Why so many Anti-Virus components? They differ in where they look for malware.
File Anti-Virus
File Anti-Virus permanently monitors the files being accessed on the computer and scans them for infections prior
to allowing access. This is the most important of the Anti-Virus components. It prevents most of the malware from
starting. It should never intentionally be disabled.
Mail Anti-Virus
Mail Anti-Virus scans e-mail messages on the fly and also checks the attachments for malware.
If Mail Anti-Virus is disabled, messages and files attached to them will eventually be scanned by File Anti-Virus.
But it is easier to delete malware before it is saved to the disk; also, scanning messages on the fly takes fewer
resources. Mail Anti-Virus saves the overall resources spent in detecting and removing malware.
Web Anti-Virus
Web Anti-Virus intercepts web requests and does the following:
— Scans the downloaded files for malware and thus saves resources similarly to Mail Anti-Virus
— Prevents the user from opening a phishing web site or a site spreading malware—the Web Anti-Virus is
the key anti-phishing component
Disabling Web Anti-Virus makes the user vulnerable to phishing attacks.
IM Anti-Virus
IM Anti-Virus checks links to websites within the messages sent via ICQ, MSN, Google Talk, etc. Just like Web
Anti-Virus, IM Anti-Virus checks for the links to phishing and dangerous web sites, and warns the user when
detects one. If IM Anti-Virus is disabled, the links will be intercepted by Web Anti-Virus when the user tries to open
them in a browser.
Virus Scan
Virus scanning does not intercept anything. It runs according to the specified schedule and scans files on the drive
more thoroughly than the File Anti-Virus. Virus scanning should be performed once every 1 or 2 weeks, preferably
at night, because virus scanning during business hours can considerably decrease computer performance.
19
20 KASPERSKY LAB™
Network Attack Blocker
Some components of Kaspersky Endpoint Security do not search for malware. They help to repel threats by
“decreasing the attack surface.” Malware may use various penetration methods. The user might download them
from a suspicious web site, receive by e-mail, copy from an infected removable drive, etc. Some malware actively
search for the ways to penetrate a computer, try to copy themselves over the network or sneak through vulnerability
in a service running on the network computers. Limitation of the computer accessibility is called decreasing
the attack surface.
For example, complete restriction on the use of removable drives is a method of decreasing the attack surface.
The Device Control, which will be described later, allows doing this in Kaspersky Endpoint Security.
The use of a firewall to block unnecessary connections is another popular method of decreasing the attack surface.
A personal (or office) computer rarely needs to accept inbound connections. Usually, it establishes outbound
connections to web sites, local file servers, mail servers, etc. The firewall prevents active network attacks by
limiting inbound connections to the computer.
The Firewall of Kaspersky Endpoint Security is supplied with standard pre-set rules that restrict unnecessary
connections, especially, connections from the Internet.
The Firewall does not analyze the information received over the network; instead, it works according to the rules. If
formal characteristics of a connection (where from, where to, via which program) indicate that it is to be blocked,
the Firewall blocks it. The Firewall is completely autonomous and does not require updates.
The Network Attack Blocker component complements the Firewall. In contrast, this component does analyze
the information received over the network and compares it with the signatures of known network attacks. If a match
is found, the connection is blocked.
System Watcher
System Watcher is another component that helps to fight new threats. Unlike Anti-Virus components and
the Kaspersky Security Network module, which scan file contents before the program starts, the System Watcher
checks what the program does when started. If the program undertakes suspicious activities, the System Watcher
stops it and moves to the Quarantine. This way, any malware (even unknown) can be detected by its behavior.
The System Watcher not only tracks program actions, but also logs them. If later (for example, after an update)
the program turns out to be malicious, the System Watcher will consult the log and roll its actions back.
Among other things, System Watcher can recover the files encrypted by cryptolockers. In addition to logging
program actions, System Watcher creates backup (shadow) file copies, and if a program turns out to be
a cryptolocker, System Watcher will consult the log to find out which files have been encrypted and restore them
from shadow copies.
BadUSB Attack Prevention
The BadUSB Attack Prevention component helps to repel the threat of malicious flash drive firmware. The system
may recognize such a device not only as a flash drive, but also, for example, as a USB keyboard, and carry out
the commands programmed by criminals.
BadUSB Attack Prevention keeps track of the connected USB devices. If a device tries to connect as a USB
keyboard, the user is prompted to authorize it with a four-digit code randomly generated by Kaspersky Endpoint
Security. The user must enter the code using the connected USB device.
21
22 KASPERSKY LAB™
Updates
Components use the Anti-Virus database when searching for viruses. The database contains descriptions of viruses.
When scanning files for malware, Kaspersky Endpoint Security checks whether the database contains a similar
description.
When new malware appears, Kaspersky Lab adds new descriptions to the database. Therefore, to provide reliable
protection against threats, the latest version of the Anti-Virus database must be installed on the computer. A special
update module is responsible for this.
It automatically checks for a newer version of the database and downloads it to the computer. The update module
needs Internet access for this. Typically, updates do not consume much traffic, because the entire database is not
downloaded, only the new descriptions are added, which were not yet available in the previous version.
The administrator does not need to configure updates, but needs to watch that they work without errors.
Kaspersky Security Network
Preparation of virus descriptions requires time. During that time, a new virus may infect a computer. On the other
hand, sometimes (rarely though), Kaspersky Endpoint Security encounters a file that matches a virus description, but
is not a virus: this is called a false positive.
Kaspersky Security Network protects computers from new viruses and at the same time prevents false positives. It is
a huge database of all programs known to Kaspersky Lab. The database contains information about each program:
whether it is malicious or not.
Programs are added to the KSN database very quickly, much faster than descriptions that are prepared for the local
Anti-Virus database. That is why a new virus has far less time for infecting computers. As far as legitimate
programs are concerned, if a program is included in the Kaspersky Security Network database, it will not cause false
positives.
Unfortunately, the Kaspersky Security Network database is so huge that it cannot be downloaded to every computer.
To check a program against the Kaspersky Security Network database, Kaspersky Endpoint Security has to send
a Web request to Kaspersky Lab where the database is stored. The answer whether the program is good or bad will
be returned immediately.
If there is no access to the Internet, only the local Anti-Virus database is used for virus scanning.
Conclusion
Protection components complement and reinforce each other. Together they provide reliable protection against any
malware, including the most recent. Each component contributes to the job. Disabling of even one of them may be
dangerous.
All protection components work independently. The administrator does not need to configure them specifically.
Kaspersky Endpoint Security protection is completely operational right after the installation, on the condition that
the Internet is accessible, which is necessary for updates and the use of Kaspersky Security Network.
The administrator only needs to monitor that everything works normally.
23
24 KASPERSKY LAB™
Centralized management
Advantages
The larger the company, the more it can save on automation, including automation of protection management.
However, a small company can also benefit from managing Kaspersky Endpoint Security via Kaspersky Security
Center compared to the use of Kaspersky Endpoint Security without centralized management.
In a small company, there is a need for a person who maintains computers. Especially if the company’s business is
not related to computers or information technologies, and most of the employees do not possess qualifications for
resolving issues with programs and equipment.
There is usually one specialist; let’s call them the administrator. It can be a contractor on call who comes, solves
an issue, and leaves, or a staffer who works fixed hours. Typically, either one are responsible for numerous things
and cannot afford spending much time on any one of them, whether it is an anti-malware protection system, network
infrastructure, special business software or something else.
The administrator should be able to quickly check whether the computers’ protection is all right. If the answer is
positive, they can proceed to something else. If negative, they need to investigate the issue, preferably without
leaving their desktop. These capabilities to understand what is going on and solve the issues remotely are provided
by our centralized management system, Kaspersky Security Center.
Structure
Kaspersky Security Center consists of the Administration Server and Network Agents.
The server is the centralized part of the management system, where you can see the big picture and if necessary
modify settings on all computers simultaneously.
Network Agents are installed on all computers and connect the Administration Server to the Kaspersky Endpoint
Security installed on the computer. The Agents supply the Server with information and receive from it the settings to
be applied to Kaspersky Endpoint Security.
Installation
Kaspersky Security Center automates and centralizes various tasks including deployment of Kaspersky Endpoint
Security.
Kaspersky Endpoint Security is not difficult to install. Theoretically, you can leave it to the employees, provided
they will not try to change the settings. The installation wizard does not require making decisions, save for adding
the license.
However, that would be a protection system without centralized management, and there's no guarantee that the users
will leave important parameters untouched and that protection will not suffer.
Kaspersky Security Center helps the administrator to install the products without involving the users, either remotely
or by using a stand-alone installation package to be started on a computer. Such a package uses the installation
parameters specified by the administrator, and even if the package is sent to the users, they will not be able to re-
configure the product.
In the following chapter we will describe most typical installation scenarios.
Monitoring
One of the important features of the management system is the capability to quickly assess the protection status.
The administrator assess: either everything is normal and they can deal with other tasks, or there are considerable
anomalies that need close attention.
25
Kaspersky Security Center conveniently presents, if any, the computers having various issues. For example,
computers where Kaspersky Endpoint Security is not running or is not installed, which is very bad, because these
computers are not protected and may become a source of various issues if infected.
If issues do exist, the administrator can try to analyze and solve them from the console: remotely start Kaspersky
Endpoint Security, view the history of infections, perform remote installation, modify the settings, etc.
Settings
Another important task of Kaspersky Security Center is applying unified settings to all computers. It is handy from
two points of view. First, the administrator does not need to go from one computer to another to modify, for
example, the virus scan schedule. It can be done in several clicks via the Administration Server.
Second, the settings enforced via Kaspersky Security Center cannot be modified at the computers. The employees
will not be able to get rid of the limitations configured by the administrator in the control components or disable
protection components. This improves the network protection considerably.
26 KASPERSKY LAB™
Conclusion
Kaspersky Security Center is a management console that saves the administrator’s time. It gathers and conveniently
displays the issues encountered on the computers. Also, it guarantees that the users do not change the recommended
settings.
Kaspersky Security Center can do much more than that, but all capabilities cannot be covered within the framework
of a brief workshop and make little sense in the context of small networks.
In the next chapter, we will quote specific examples of how Kaspersky Security Center helps to do typical tasks.
Endpoint control
Application Privilege Control
This component is designed for protection. It decreases the attack surface by limiting program actions instead of
limiting the actions of the user.
Similar to the System Watcher, the Application Privilege Control monitors the programs’ activities. But unlike
System Watcher which analyzes sequences of actions, Application Privilege Control considers each action
individually and allows or blocks it according to the specified rules.
The component is autonomous and does not require special setup. When a program starts, Kaspersky Endpoint
Security defines its trust level: Trusted, Low Restricted, High Restricted, or Untrusted. The verdict is returned by
the Kaspersky Security Network module, or if the Internet is inaccessible, by a special algorithm. The lower
the program trust level, the less access it receives to the settings of the computer and other programs. Untrusted
programs are prohibited from being started, High Restricted programs have no access to the network, etc.
It is an important component from the point of view of repelling new threats. Unknown programs information about
which has not yet been added to Kaspersky Security Network are categorized as either High Restricted or Untrusted.
Even if such a program is allowed to start, it will not be able to edit startup settings or connect the computer to
a botnet because of the limitations imposed by the Application Privilege Control.
Application Startup Control
Unlike Application Privilege Control, the other control components are designed to limit the user’s actions. You can
use Application Startup Control to prohibit employees from starting:
— Games and other entertainment programs—to improve productivity

— Old versions of Internet Explorer (Microsoft Office, Adobe Reader, etc.)—to protect against threats,
because old versions have more vulnerabilities which may be exploited by malware
— Any mail clients except for Microsoft Outlook—to implement internal standards
— etc.
Unlike protection components, which efficiently repel threats with the default settings right after the installation,
the control components (except for Application Privilege Control) do not have default settings and work in a passive
mode after the installation. For the Application Startup Control to limit something, the administrator must create
limitation rules.
Application Startup Control allows the administrator to create limitation rules with complicated scenarios. However,
this requires careful consideration and testing, which is usually impossible in a small company due to lack of
resources. That is why in small companies, Startup Control can be used for simple limitations described above:
prohibit games, old program versions, allow only one program of a particular kind.
27
28 KASPERSKY LAB™
Device Control
The purpose of Device Control is to prohibit connecting the specified device types to the computer, for example,
USB flash drives, modems, or printers. Device Control helps to achieve the following:
— Decrease the attack surface—if removable drives are prohibited from connecting to the computer,
the employees will not be able to bring malware from outside and copy it to their computers, neither
intentionally nor accidentally
— Reduce the risk of losing important data—if removable drives may not be connected to the computer,
important documents cannot be copied to them. If an employee loses the flash drive, it will contain nothing
of importance to the company
Just like the Application Startup Control, Device Control does not block anything with the default settings. There
must be an administrator in the company who realizes the business necessity of the Device Control, can formulate
a security policy, and implement it in the blocking rules.
Web Control
Web Control is a kind of Parental Control in the business context.
Web Control can be configured to prohibit users from visiting social networks, job search sites, terrorist sites, arms
traders, drug dealers, child pornography. You can also prohibit downloading music, video and executable files from
the Internet. The expected positive effects include:
— Decreased attack surface—if dubious sites and download of executable files are prohibited, computer
infection risk decreases drastically
— Higher productivity—the less distractions the employees have, the higher the chances that they will work
instead of chatting in social networks, choosing wallpaper for the kitchen or searching for a new job
Web Control does not have any default settings. It does not block anything right after the installation. It is
the administrator who creates the blocking rules.
29
30 KASPERSKY LAB™
Conclusion
Control components can be regarded as additional protection elements that decrease the attack surface on
the computer. But their main purpose is to limit employees’ actions, especially during business hours. In some
control components, you can configure schedules for the limitations, for example, only from 09:00 to 18:00 and only
on weekdays.
Regardless of the objective, settings for the control components need to be created from scratch by an administrator
or an expert who understands the business problem and is able to solve it by configuring the rules for the control
components.
Summary
So, Kaspersky Endpoint Security for Business possesses all the qualities important for small companies:
— Installation does not take much time thanks to the Kaspersky Security Center centralized console
— The components that provide protection against threats do not require configuring and work efficiently
right after the installation
— The users do not notice Kaspersky Endpoint Security operation, because all messages are sent to
the centralized console instead of the employees’ screens
— The administrator can quickly spot issues in the centralized reports
As you will see, expanding the solution capabilities does not require much effort. Switching from the Core to
the Select bundle requires almost nothing but purchasing a new license.
31
32 KASPERSKY LAB™
Chapter 2. KES for Business: Installation, Setup,

Troubleshooting
This chapter consists of short and simple instructions for the most frequent operations with Kaspersky Security
Center and Kaspersky Endpoint Security. First of all, the installation.
We stated at the beginning of our course that if the customer fails to successfully install the purchased protection
tool, they will not be happy with the purchase and will not renew the license after it expires.
At the same time, the customer’s administrator cannot spend much time studying and diagnosing a new product.
They already have too much work and little time. If they have some difficulty, they are likely to postpone
the installation, and then again, and again, and again. That is why it would be important, or at least helpful, if
the partner’s representative could spend an hour or two helping the customer to install the purchased product.
In this chapter we will also cover the following situations:
— Installation of the Administration Server

— Installation of Kaspersky Endpoint Security over the network within a domain with the domain
administrator’s password
— Local installation of Kaspersky Endpoint Security, if there is no domain and administrator’s passwords are
different on the computers
— Getting started with the Kaspersky Security Center console
— Virus activity monitoring
It is the basic scenario—minimum skills required for installing Kaspersky Endpoint Security for Business in
the customer’s network. Additionally, we will describe several other scenarios that may help to show yourself and
the product as advantageous.
The first add-on concerns alternative installation scenarios. To be more precise, some steps that are usually
performed automatically without being noticed:
— Uninstalling 3rd-party protection tools

— Adding or renewing the license
If something goes wrong during the automatic installation, we will explain how to easily force uninstallation of
incompatible applications or activate Kaspersky Endpoint Security.
The second add-on is about monitoring. Upon completion of the basic scenario, the customer has a completely
functional protection system that does not require configuring. All the administrator has to do is to monitor reports
and make sure that everything works normally. We will show you two scenarios and tell what to look at and how to
quickly fix the most typical issues encountered during the day-to-day work:
— Updates monitoring
— Protection monitoring
The third add-on is about setup. Unlike protection that does not require configuring after the installation, the control
components are idle until set up properly. To benefit from the control components, you need to create control rules
for them. Also, it is useful to know how to exclude files and programs from the protection scope. We will consider
four setup scenarios to demonstrate how to:
— Configure exclusions
— Prohibit starting game programs
— Prohibit the use of removable drives
— Prohibit shopping online
33
Chapter 2. KES for Business: Installation, Setup, Troubleshooting
Finally, as a bonus scenario, we will tell you how to demonstrate the efficiency of Kaspersky Endpoint Security for
Business if the customer has not yet decided whether they want to change their old Anti-Virus for Kaspersky
Endpoint Security:
— Scanning the computer for malware
In each case we will describe the administrator’s objective, a typical procedure, probable complications and
checkpoints.
34 KASPERSKY LAB™
2.1 Basic Installation Sequence
Installing the Administration Server

So, you are at a stage when the customer has finally accepted your guidance, purchased Kaspersky Endpoint
Security for Business, and needs to deploy it. The customer would gladly accept your help with the deployment,
which is in fact easy, and you will be able to provide this support.
Any undertaking should be planned. In this case, you will need a deployment plan. Fortunately, you are not the first
person on Earth who needs to deploy Kaspersky Endpoint Security. Much experience has been accumulated in this
domain, which we are going to share with you.
First let’s remind you that Kaspersky Endpoint Security for Business is not a single program but a comprehensive
solution, and some of its programs consist of separate components. The deployment plan is about installing
programs and components in the correct order. So, the programs and components to be installed are:
— Kaspersky Security Center centralized console

— Kaspersky Security Center Network Agents
— Kaspersky Endpoint Security for Windows
The Kaspersky Security Center console will be installed only once. The Agent and Kaspersky Endpoint Security for
Windows need to be installed on each computer.
The skeleton of the deployment plan is as follows:
1. Install the centralized console of Kaspersky Security Center
2. Using the Kaspersky Security Center console, remotely install Kaspersky Security Center Agents and
Kaspersky Endpoint Security for Windows
Sometimes it is really as easy as one and two. One—installing the console, two—deploying the agents and
protection tools. But we live in the real world and therefore we need a plan B. Or best of all C as well, and maybe
a few more. For this purpose, we need a better understanding of what is going on during the remote installation of
Kaspersky Endpoint Security.
At the second step, several actions are actually performed:
2.1. Searching for target computers

2.2. Connecting to the computers over the network with the aim of remote installation of the Agent
2.3. Installing the Agent
2.4. Searching for protection tools by other manufacturers and uninstalling them automatically
2.5. Installing Kaspersky Endpoint Security for Windows through the Agent
2.6. Activating Kaspersky Endpoint Security for Windows
Issues are probable at stages 2.1, 2.2, 2.4 and 2.6. The console may fail to find some computers, for example, if they
are turned off. The Console may fail to connect to some computer over the network, for example, if firewalls are
incorrectly configured on them. The Kaspersky Endpoint Security installer may fail to uninstall protection tools by
other manufacturers. Finally, Kaspersky Endpoint Security activation may fail because of mistakes made by
the administrator. Installation of the Agent and Kaspersky Endpoint Security installation through the Agent are
usually trouble-free.
Plan B for the error-prone steps is:
— Use a stand-alone installation package on the computers that were not found or were inaccessible over
the network
— Use a special task for uninstalling protection tools by other manufacturers
— Use a special activation task
The first step is to install Kaspersky Security Center console. It needs to be installed on one computer, which first
has to be selected.
35
The computer where Kaspersky Security Center is installed is called the Administration Server. This computer must
be turned on permanently or at least most of the time. In mid-size and large networks, an individual physical or
virtual server is allocated for this purpose. In a small network, it can be the administrator’s workstation; or even
share the resources with an available server running other roles.
During the installation, Kaspersky Security Center server, Microsoft SQL server and Kaspersky Security Center
console will be installed on the computer. None of these components usually conflict with other programs. Even if
Microsoft SQL is already installed on the server, it is not a problem.
The system requirements for the computer are not imperative. As far as the operating system is concerned, you can
install on any business version of Windows starting with Windows XP. The minimum hardware requirements are
enough for managing a hundred computers. They are as follows:
— 1.4 GHz processor

— 1 GB RAM
— About 10 GB of free hard drive space
To start the installation, you will need the Kaspersky Security Center distribution (about 1 GB), a license and
administrative permissions on the computer. The license can be purchased as a code or a key. We will explain where
to get them in a special demonstration.
36 KASPERSKY LAB™
Procedure
Kaspersky Security Center installer can always be downloaded from the Kaspersky Lab web site. It is a large file of
about 1 GB, which includes many components that may not be required in small networks. Fortunately, they do not
show up during the installation.
In the installation wizard, you can accept the default settings at all stages. At the first step, select to install
the Kaspersky Security Center Administration Server.
After that, you will need to click a few buttons to:
— Start the installation

— Accept the Kaspersky Security Center license agreement
— Select the Standard installation because the Custom installation options are rarely required in small
networks
— Agree to the fact that the installation takes place in a small network of up to 100 computers. The difference
between “Fewer than 100 computers” and “From 100 to 1000 computers” is subtle. When in doubt, for
example, there are almost 100 computers now, but the number may increase in the near future, selecting
the “From 100 to 1000” size will do no harm
— Start copying files and creating services
— Finish installation of the Administration Server and start installation of the Administration Console
You may think “That’s a lot”, but on closer examination you just need to click OK or Next at all of these steps. Few
decisions need to be made.
However, the installation is not yet finished when the Administration Console starts. At the first start of the Console,
it is necessary to proceed through the Quick Start wizard. The wizard includes the following steps:
1. Welcome page—no decision-making, just click Next
2. Select application activation method—specify the key or code, whichever you have. A code is an
alphanumeric sequence, like N1R57-8XEGG-7E934-8MKRF (four sections of 5 characters each). A key is
a file named like 1BC971F1.key. The letters and digits may vary in the name, but there are always 8 of
them.
Depending on the license you have, you need to click the respective button. If you click the button for
entering the code, a field will appear where you will need to type your code. If you click the button for
loading the key from a file, you will need to click the Select button to specify the path to the key file.
The Administration Server will check the license parameters and proceed to the next step.
3. E-mail notification—you can ignore this and just click Next

4. Protection configuration—nothing to select here
4.1. Kaspersky Security Network—Kaspersky Security Network is important for anti-malware protection
and prevention of false positives; that is why you should select I accept the terms of participation in
KSN
4.2. Trusted zone—just click OK to create the recommended exclusions
5. Proxy server settings—if a proxy server is used, specify it. This is necessary for downloading updates
6. Downloading updates—you need not select anything or wait for the download to complete; just click Next
7. Wizard completion
Finally, the installation of the Administration Server can be considered finished. The administrator needs to take
some actions at 4 of the Quick Start wizard steps only. It is important to specify the license correctly, enable the use
of Kaspersky Security Network and specify the proxy server parameters. Specifying the administrator’s email
address is worthwhile but not required.
37
Installing Kaspersky Endpoint Security over the network

In this scenario, our objective is to install the Network Agent and Kaspersky Endpoint Security on the network
computers. We presume that the computers belong to the same domain, and we know the password of the domain
administrator. Otherwise, skip to the local installation scenario.
There are several remote installation prerequisites:
— Kaspersky Security Center must complete network polling and search for computers—if all of
the computers are not found, it’s OK. They may be found later, or we will use another installation method
on them
— The computers must be accessible over the network—you will understand whether this requirement is met
from the installation results. Again, inaccessible computers are not a big problem. We will just use another
installation method.
— You must know the administrator’s password for these computers—ask the administrator
During the remote installation, Anti-Viruses by other manufacturers are uninstalled and Kaspersky Endpoint
Security is activated automatically. The license you specified during the previous scenario is used for the activation.
If you encounter some issues, you will have plan B (we will talk about it later).
Remote installation saves time. Neither you nor the administrator will need to go from one computer to another and
repeat the same routine operations to install the Agent, and then Kaspersky Endpoint Security. At the same time, do
not be discouraged if the remote installation fails on some computers. If 70-80% of computers complete
successfully, it saves a lot of effort already. Even in well-organized networks one hundred percent success is rare.
Plan B should always be on hand.
For remote installation, you will only need Kaspersky Security Center installed and the administrator’s password for
the computers.
38 KASPERSKY LAB™
Procedure
We will install Kaspersky Endpoint Security with the default settings. It means that the protection and control
components will be installed. Even if the customer has purchased only the Core bundle, additional components will
do no harm. They will not be activated, which means that they will not start and consume computer resources. On
the other hand, if the client decides to purchase the Select license bundle later, they will not need to reinstall
the system, they will only need to distribute the new license to the computers.
The remote installation procedure is as follows:
1. Start the Administration Console
2. Make sure that the Administration Server node and the Monitoring tab is selected. Otherwise, select
the Administration Server node in the left pane of the Console window (the second node from top, under
the Kaspersky Security Center)
3. On the Monitoring tab, find the Deployment area (in the upper-left corner) and click the Install Kaspersky
Anti-Virus link
4. Make sure that the Remote installation page opens, and click the Deploy installation package on managed
computers (workstations) link. The wizard contains numerous steps, but in most cases you need not select
anything, just accept the offered options
5. On the first page of the wizard, make sure that the Kaspersky Endpoint Security 10 for Windows
program is selected on the list, and click Next
6. On the Selecting computers for installation page, click the Select computers for deployment square
button
7. On the next page, select both Managed computers and Unassigned devices nodes. Click Next
8. On the Defining remote installation task settings page, just click Next
9. On the Selecting a key page, select a code or key and click Next. The Administration Server does not
automatically install licenses on the computers by default
10. On the Selecting action if operating system restart is required page, click Next—a restart is unlikely to
be necessary
11. On the Removing incompatible applications page, select the Uninstall incompatible applications
automatically check box. Then click Next
12. On the Moving to the list of managed computers page, just click Next
13. On the Selecting accounts to access the computers page, select the Account required (Network Agent not
installed) option, click the Add button, enter the username of a domain administrator as <domain
name>\<username> and then type the password of the domain administrator twice. Click OK and Next
14. On the Starting installation page, click Next

15. On the subsequent page, click Next once again
16. Wait for the results
Despite the numerous steps, only three or four of them are really important. We enabled automatic uninstallation of
protection tools by other manufacturers, because two protection tools must not be on the same computer. We
specified the name and password of the domain administrator for remote installation, because remote installation is
impossible without a password. We selected installation on all network computers detected by the Administration
Server.
39
40 KASPERSKY LAB™
Local Installation of Kaspersky Endpoint Security

Local installation is plan B in case remote installation fails on some computers. 70-80% success is a good result for
a remote installation.
Other computers might have been off, might have been firewalled or the administrator’s password might have been
rejected. That is why the computers could either not have been displayed in the Kaspersky Security Center console
at all, or be displayed but remote installation would fail.
Often, you can try to solve the remote installation issues and re-run it. But in small networks, it is usually easier to
go to the rest of the computers and run a local installation. Kaspersky Security Center simplifies local installation of
the Agent and Kaspersky Endpoint Security—you will only need to make a couple of mouse clicks.
Instead of two installers for the Agent and Kaspersky Endpoint Security, each of which contains several steps
including crucial ones where it is important not to make a mistake, Kaspersky Security Center can make one
installer with built-in parameters to save time and prevent errors. You just need to go to the computer and start
the installation.
For a local installation, you will need a removable drive and the password of the computer administrator.
Procedure
The procedure is as follows:
1. Start the Administration Console
2. Go to the Administration Server node, Monitoring tab
3. On the Monitoring tab, find the Deployment area and click the Install Kaspersky Anti-Virus link
4. On the Remote installation page that opens, click the View the list of installation packages link
5. Select the package named Kaspersky Endpoint Security 10 for Windows

6. To the right of the package, click the Create stand-alone installation package link
7. The wizard will start, and you will mostly need to agree to the default options. On the first page, click Next
to agree to add Network Agent to the Kaspersky Endpoint Security installation package
8. On the Moving to the list of managed computers page, also click Next to agree to move all unassigned
computers to the Managed computers group after the installation
9. Wait
10. On the Result of stand-alone installation package creation page, click the Open folder link
11. Copy the setup.exe file from the folder to the USB flash drive
Bring this flash drive to the computer, take the user’s place and do the following:
12. Start the copied setup.exe file

13. If prompted, type the name and password the of computer’s administrator
14. Click Install
15. Wait for the message informing that the installation is completed and click Close
16. All
Repeat on all necessary computers.

41
42 KASPERSKY LAB™
Getting Started with the Console

Kaspersky Endpoint Security is now installed on the customer’s computers and protects them against malware.
The default settings are specified for all computers in the tasks and policies of the Kaspersky Security Center
console. These settings are pre-configured by Kaspersky Lab experts, who analyzed probable threats and Kaspersky
Endpoint Security use experience, and adjusted the settings to optimize protection and user comfort.
Now you can thank the administrator for cooperation, pack your things and go. Or you can stay a while longer and
help the customer a little more to make sure they are glad with the purchase and will buy a renewal in a year. You
can demonstrate the Kaspersky Security Center console to the administrator and show where to look to evaluate
the protection status and efficiency, and how to adjust the most important settings.
The first step is getting started with the console.
Procedure
1. Start the Kaspersky Security Center console. Go to the Administration Server node, Monitoring tab.
Study the right part of the window, pay attention to the color signals, their descriptions and links below.
2. Select Managed computers in the tree on the left. Look at the right pane and pay attention to the tabs.
Managed computers is a group. A group has policies and tasks, which enforce protection parameters. All
protected computers need to be placed into groups for policies and tasks to be applied to them. You can
create subgroups within the Managed computers group and move computers from one subgroup to
another—this is how different policies and tasks are applied to different computers.
3. Select the Computers tab in the right pane. Look through the list of computers. Select one of
the computers and read its description to the right of the list.
Each computer has a color status, description of this status and a list of characteristics: name, address,
installed programs, etc.
4. Select the Policies tab. Look through the list of policies.
Those are the default settings. They define operation of the Agent and Kaspersky Endpoint Security in real
time. Specifically, operation of the protection and control components, the use of various technologies,
such as Kaspersky Security Network. They do not influence scheduled operations—tasks are responsible
for this.
5. Select the Tasks tab. Look through the list of tasks.
Those are other default settings. The tasks manage execution of regular operations, such as updates,
scheduled virus scanning, search for vulnerabilities.
6. Select Unassigned devices on the tree.
It contains computers found by Kaspersky Security Center in the network that the administrator has not yet
moved to the Managed computers group. Unassigned devices is not a group. There are no policies and
tasks here. If it contains some computers that need to be protected, it is necessary to install the Agent and
Kaspersky Endpoint Security on them and move them to Managed computers.
7. Select the Administration Server node on the tree and switch to the Statistics tab. Look through the right
pane with numerous charts. Pay attention to two layers of tabs in the right pane—the Statistics tab has its
sub-tabs.
Statistics are quick reports that are updated in real time. There are several statistics pages (tabs of
the second level), which display various reports. The administrator can re-group them as needed. Add
pages, remove pages, re-arrange reports on the pages, remove uninteresting reports, add interesting, etc.
43
44 KASPERSKY LAB™
8. Select the Reports tab in the right pane. Look through the list of available reports.
Those are detailed reports. They are generated by request.
9. In addition to the previously mentioned tabs, the Administration Server node also has the Events tab. The
Events tab displays all events and their selections. Event selections are aggregate logs where information
from all computers is gathered.
10. Select the Computer selections node. Look through the list of predefined selections. Computer selections
help to search for computers by the specified conditions. There are pre-set selections here, but you can
create custom selections as well.
11. Expand the Advanced | Application management node on the tree and select the Kaspersky Lab licenses
node. Look through the list of licenses.
12. Select a license. Study the information about it to the right of the list: covered programs, limitations on
the time and number of computers; when it will expire; how many computers already use this license.
Virus activity monitoring

Perhaps the most interesting part of the reports is how many viruses and other threats Kaspersky Endpoint Security
stopped. Regular virus activity convinces the customer that the money is not wasted. Detailed statistics shows
the employees with risky Internet behavior.
The general statistics is visually represented in the reports. There is a report with virus statistics: how many and
which were caught. There is a report on the number of prevented infections by computers and by users. There is also
a report on network attacks, which are counted separately from viruses.
Procedure
Let’s view the reports
1. Select the Administration Server node in the Kaspersky Security Center console
2. In the right pane, open the Statistics tab and select the Anti-Virus statistics page (among the second-level
tabs). Look through the reports’ headings and contents
3. Switch to the Reports tab. Select the Viruses report. In the lower right corner of the window, click the
Show report link. Examine the chart, summary and details
Here you can find out which viruses were caught and how they were neutralized: blocked (if detected in
the network traffic), deleted (on the drive) or disinfected (for disinfectable malware)
4. Select the Most infected computers report. In the lower right corner of the window, click the Show report
link.
Here you can see on which computers Kaspersky Endpoint Security detected viruses most often over
the last month. There might be old and vulnerable programs on them, or it may be necessary to talk to
the user about safe online behavior
In addition to reports, information can be found in the repositories. There are repositories representing the copies of
deleted and cured viruses, suspicious files and unprocessed threats. Unprocessed threats are usually waiting for
a restart to complete virus disinfection or removal. Suspicious files are typically new versions of malware detected
with the help of heuristics or behavior analysis.
45
46 KASPERSKY LAB™
2.2 Advanced Installation Scenarios
Uninstallation of protection tools by other manufacturers

Though rare, it may happen that the customer did not have any protection tools before Kaspersky Endpoint Security.
Since almost every computer has some protection, we have to take this into account when deploying Kaspersky
Endpoint Security for Business, because two different protection tools cannot coexist on one computer.
Plan A is straightforward in this case. The Kaspersky Endpoint Security installer automatically detects many
protection tools by other manufacturers, uninstalls them and then installs Kaspersky Endpoint Security. The only
thing you need to remember is that if any protection tools by other manufacturers are installed on the computer, it
will be necessary to restart it after the Kaspersky Endpoint Security is installed. Otherwise, a restart is not usually
required.
Let’s suppose, plan A failed, and there are a few computers where Kaspersky Endpoint Security installation has not
been completed because of a third-party Anti-Virus or firewall. Then we have plan B.
Plan B is somewhat more complicated:
1. Gather information about the incompatible protection tools installed on the computers.
This is performed by Network Agents, which should already be installed, because according to plan A,
Kaspersky Endpoint Security installation includes installing the Agent. While Kaspersky Endpoint Security
may have issues with Anti-Viruses by other manufacturers, the Agent installation is generally not prevented
by protection tools by other manufacturers.
You just need to wait some time—from 15 to 30 minutes—for the Agents to transfer information about
the installed programs to Kaspersky Security Center.
After that, create an Incompatible applications report. The report will show the protection tools by other
manufacturers detected on the customer’s computers. This list will be necessary at the following step.
2. Create an uninstallation task for the incompatible applications
In the task settings, select the incompatible antiviruses and firewalls listed in the report. Alternatively, you
can skip step 1 and make the task delete any protection tools by other manufacturers. In this case, the task
will take longer to run.
3. Run the task and restart the computers.
The incompatible application uninstallation task requires a restart. Sometimes, an uninstallation works all
right without a restart but we do not recommend excluding it. If you uninstall an Anti-Virus by another
manufacturer and then install Kaspersky Endpoint Security without restarting the computer, some
Kaspersky Endpoint Security components may malfunction. Restart the computer after the Kaspersky
Endpoint Security installation to solve the issues.
Sometimes, it is difficult to say whether a restart is necessary, which is why the task always requires it.
The administrators can disable the restart requirement at their own risk or leave the default settings. By
default, the task will prompt the user to save the documents and restart the computer.
After the restart, wait for 15-30 minutes and refresh the Incompatible applications report. If plan B has
worked out, the report should be empty.
47
48 KASPERSKY LAB™
What to do if plan B fails? Resort to plan C. Find the problematic computers, and manually uninstall the protection
tools by other manufacturers using the list of installed programs in the Windows Control Panel. It should be easy
because we are talking about small companies where all computers are usually located in the same building and
often on the same floor.
Procedure
Let’s introduce a more general, and at the same time, detailed procedure of uninstalling protection tools by other
manufacturers. Let’s presume that you already know that incompatible protection tools are installed in the network,
for example, from the results of the remote installation task. That is why we will start from finding out what those
programs are and where they are installed.
1. Select the Administration Server node in the Kaspersky Security Center console Switch to the Reports
tab in the right pane.
2. Find the Incompatible applications report there. Select it and click the Show report link
3. Find the Summary section in the report and study the list of programs incompatible with Kaspersky
Endpoint Security for Windows. Memorize or write down the program names, or print out the report.
4. Look at the Details section below and examine the list of computers where these programs are installed.
This list need not be memorized.
5. Select the Tasks node on the tree.
6. Click the Create a task button
7. Under Kaspersky Security Center 10 Administration Server, expand the Advanced node, select
the Uninstall application remotely task, and click Next
8. Click the Uninstall incompatible application button
9. Click the Add button, hold down the CTRL key and click all incompatible applications that were listed in
the report. Release the CTRL key, click OK, click Next
If there was only one incompatible application in the report, do not press CTRL. If there are many
applications and you do not want to search for them in the list, you can use the Select All button. The task
will take longer to complete, but nothing wrong will happen.
10. Click Next
11. Click the upper square button
It enables you to select computers for the task scope from the lists of managed computers and unassigned
devices. The second button opens an empty list to be manually filled in with names or addresses of
computers. The third button allows you to choose a computer selection where the task will run. The fourth
one permits assigning the task to any group of managed computers.
12. Select the Managed computers group. Thus you will select all computers in the group. Click Next
13. Click Next three more times

14. Select the Run task after Wizard finishes checkbox and click Finish
15. Wait for the task to complete
16. Wait for 15-30 minutes. Generate the Incompatible applications report again
17. Make sure that the report no longer lists removed applications
49
Kaspersky Endpoint Security activation

After the installation, Kaspersky Endpoint Security needs to be activated, otherwise it will not work. Activation
requires a code (a string like N1R57-8XEGG-7E934-8MKRF) or a key (a file named like 1BC971F1.key).
Plan A is to use automatic activation via Kaspersky Security Center. After Kaspersky Security Center is installed,
the Quick Start wizard prompts for a license. You can select the Automatically deploy key to managed computers
check box for the specified key or code. Then the key (or code) will be automatically used for activating Kaspersky
Endpoint Security during the deployment.
Suppose plan A has failed. For example, the key was not specified in the Quick Start wizard or the Automatically
deploy key to managed computers check box was not selected. Or Kaspersky Endpoint Security was activated
with a trial key by mistake, which expires in a month. Or a wrong key was specified in the Quick Start wizard. For
all these cases, we have plan B.
According to plan B, you need to create an installation task for the key (or code, it is the same task). Specify your
code (or key) for Kaspersky Endpoint Security activation in the task. After that, run the task on the computers where
activation issues have been encountered.
How to select the necessary key
Sometimes you may have trouble selecting the necessary key. For example, Kaspersky Endpoint Security for
Business Select license bundle can include two keys—one for computer protection and the other for managing
mobile devices. The Kaspersky Total Security for Business license bundle can contain 6 keys for different products.
To understand which key to select for Kaspersky Endpoint Security activation, attentively read the keys’
descriptions. A description file in the PDF format is supplied together with the key files (as well as the list of
compatible products in the TXT format). You can read there which key fits which programs.
50 KASPERSKY LAB™
Procedure
1. On the Kaspersky Security Center console tree, expand the Advanced | Application management node
and select the Kaspersky Lab licenses node.
2. Above the list of keys, click Deploy key to managed computers
3. Select Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows (or
another Kaspersky Endpoint Security version you use), and click Next
4. Select the Key file or key option, click the respective Select button, and then Key from Kaspersky
Security Center storage
5. If there are several licenses in the list, select the one with the farthest expiration date, and click OK
If there are no suitable licenses at all, do the following:
5.1. Click Cancel and once again Cancel in the wizard
5.2. Open the Kaspersky Lab licenses node
5.3. Click Add key above the list of licenses
5.4. If you have a license code (N1R57-8XEGG-7E934-8MKRF), click the upper square button; if a key
file (1BC971F1.key), click the lower
5.5. Type your license code or specify the path to the key file. Click Next. Finish the wizard
5.6. Repeat steps 2-5 for all codes and keys you have
6. Click Next
7. Click the upper square button
8. Select the Managed computers group and click Next
9. Click Next twice
10. Select the Run task after Wizard finishes checkbox and click Finish
11. Wait for the task to complete

51
52 KASPERSKY LAB™
2.3 Monitoring
Monitoring
After deploying the protection, you need not configure anything. Kaspersky Endpoint Security reliably and
efficiently protects computers against threats with the default settings. However, occasionally you need to make sure
that the protection works.
Since this is an important task of the customer’s administrator, we hope the partner’s representative can spend 15
minutes after the installation to show what to look at and what to look for.
Where to look
All the necessary information is available in the Kaspersky Security Center console. The console shows general
protection statuses, quick and detailed reports; there is also the capability to search for computers with some issues,
and view event logs.
In a small network, reports and the general list of computers are usually sufficient.
Kaspersky Security Center automatically evaluates computer status and colors it yellow or red in the console if
the computer encounters some protection issues.
The administrator can generate a protection status report to review all the issues found on all computers.
Alternatively, the administrator can select the red computers in the general list and read which issues need to be
solved on each of them. For a small network of 50-100 computers this will not take long.
Not all of the issues that color computers red are equally important. But some of them, undoubtedly, do require
attention:
— Kaspersky Anti-Virus is not installed

— Kaspersky Anti-Virus is not running / Protection is off
— Databases are out of date
— The license has expired
— There are unprocessed objects
53
54 KASPERSKY LAB™
Update health
Objective
To maintain efficiency of protection against malware and other threats, the local signature database needs to be
updated regularly. Therefore, to evaluate the protection status, we need to make sure that signature databases are up
to date on the computers.
A bit of theory
Where do databases come from? Kaspersky Endpoint Security downloads them via the Internet from special
Kaspersky Lab servers. With Kaspersky Security Center, it works a bit differently.
With Kaspersky Security Center, databases are downloaded in two stages. First, the Administration Server
downloads database updates from Kaspersky Lab servers. Then Kaspersky Endpoint Security downloads these
updates from the Administration Server to the user’s computer.
To correctly evaluate databases’ status, you need to check both the databases stored on the Administration Server
and the databases used on the client computers.
Database version is defined by their issue date. If the databases are issued today, it is OK. If they are issued
yesterday—it is normal enough, not yet a cause for concern. If the databases are issued 2-3 days ago, you need to
check whether all database distribution mechanisms work smoothly.
First, you need to check the version of the databases stored on the Administration Server. They must not be more
than a few hours old.
Knowing the version of the databases stored on Kaspersky Security Center, check the versions of the databases on
the client computers. This gap must not exceed a couple of hours either.
Procedure
1. Start the Kaspersky Security Center console
2. On the Monitoring page, find the Update area and read what is written in its upper part. For example, that
the Update download task is running, or when updates were last downloaded to the Administration Server.
3. In the Update area, click the Go to Updates folder link
4. Click the Refresh link (just in case)
5. Select the Anti-virus databases in the list (they are updated more often than some other types of
signatures) and check when they were created. The creation time should not be much earlier than
the current time.
6. Look at the database version chart in the upper part of the Updates repository. The shares of the computers
where the databases are older than 3 days are orange and red, which is bad.
7. To understand on which computers the databases are outdated, select the Computer selections node on the
tree. Then on the Computers in this selection drop-down list, choose the Databases are out of date
selection
8. The selection contains the computers where databases were last updated 7 or more days ago. To view
the computers where databases are older than 3 days, it is necessary to modify some parameters on
Kaspersky Security Center.
55
9. Evaluate the statuses of the computers displayed in the selection. Specifically, when they last connected to
the Administration Server and when they were last visible in the network. If a computer last connected long
ago, it is likely to be just powered off, and old databases are not an issue for it. The issue is of concern if
there are computers that have connected recently, but their databases are out of date.
10. Update the computers manually. Start an update task on them for this purpose. The update task may need to
be created first
11. If there are computers in the selection, select all of them, then right-click any one of them and select All
Tasks | Run a Task
12. In the task list, select the Update task and click OK
13. Wait for the task to complete and look through the results; if errors are encountered, contact the technical
support of Kaspersky Lab
56 KASPERSKY LAB™
Protection health check
Objective
You need to understand whether there are computers in the company where protection does not work. You should
also find out whether threats have been detected lately that were not neutralized for some reason.
A bit of theory
The theory is simple. For Kaspersky Endpoint Security to be useful, it must be installed and running. If it is not
installed or not running on some computers, it must be installed and started. Unprotected computers can be detected
with the help of reports and selections. To install and start Kaspersky Endpoint Security, use tasks.
It is logical to expect that Kaspersky Endpoint Security will detect threats occasionally. In most cases, this does not
require administrator’s attention, because the detected threats are typically blocked immediately. But it may happen
that a threat is not blocked and the user or the administrator needs to take some action to neutralize it.
The administrator needs to be able to spot these situations on the computers and take the necessary actions.
Procedure
Let’s start with finding out whether protection is working:
2. Select the Administration Server node on the tree and open the Reports tab. Select the Protection status
report and click Show report. If everything is OK, the report will be empty except for the “Number of
unprotected computers:0” record. If the report is not empty, study it.
3. Look for the following statuses: Kaspersky Anti-Virus is not installed, Kaspersky Anti-Virus is not running
and Protection is off. (Kaspersky Anti-Virus = Kaspersky Endpoint Security). If any of these statuses are
found in the table, you need to address them.
4. If the Kaspersky Anti-Virus is not installed status is found, open the Computer selections node on the tree,
then click the Computers in this selection drop-down list, and choose the Kaspersky Anti-Virus is not
installed selection. It contains the computers where Kaspersky Endpoint Security is missing.
To correct this, either run remote installation, or find these computers in the office and install the product
locally. To install the application remotely, select the target computers in the selection. Click the Perform
action button, then Install application. For further steps, consult the “Installing Kaspersky Endpoint
Security over the network” procedure. For local installation, “Local installation of Kaspersky Endpoint
Security”.
5. If the Kaspersky Anti-Virus is not running or Protection is off statuses are found, open the Computer
selections node, then on the Computers in this selection drop-down list, choose the Protection is off
selection. After that, select the target computers, and create (unless already created) and run the task that
will start Kaspersky Endpoint Security.
5.1. Click the Perform action button and then Create a task
5.2. In the list of tasks, expand the Advanced node and select the Start or stop application task
5.3. Select the Kaspersky Endpoint Security for Windows application and the Start application
command
5.4. Leave the Manually schedule
5.5. Type Start Kaspersky Endpoint Security for the name
5.6. Select the Run task after Wizard finishes check box on the last page of the wizard
6. Later, you will need to click Run a task instead of Create a task, and select the Start KES task
7. After the task is completed, wait for up to 20 minutes and refresh the selection contents.
57
58 KASPERSKY LAB™
2.4 Settings
Configuring real-time protection exclusions
Objective
Sometimes, Kaspersky Endpoint Security erroneously considers a program to be malicious. Such situations are very
rare, because all signatures are thoroughly tested on an extensive database of programs in Kaspersky Lab.
Additional protection is provided by the Kaspersky Security Network database, which stores data about more
programs than are used for testing. If a program is widely used, it is likely to be added to Kaspersky Security
Network and marked to be legitimate.
False positives are probable for the programs that are not widespread. For example, tailor-made software or some
proprietary programs. If this happens, you may need to configure an exclusion.
It may also happen that a program calls the drive too often, and Kaspersky Endpoint Security intercepts all related
operations and slows it down. In this case you can also configure an exclusion.
A bit of theory
When a false positive happens, employees begin complaining that they are not able to work with a program. It may
happen after Kaspersky Endpoint Security is installed or after an update.
With the default settings, Kaspersky Endpoint Security will not notify the user. To correctly understand what has
happened, open the Kaspersky Endpoint Security window on the computer of the complaining employee, open
the reports and look for events concerning the program in question. Usually, false positives are caused by the File
Anti-Virus or System Watcher.
To eliminate a false positive, create an exclusion for the program so that Kaspersky Endpoint Security will not treat
it as malware and will not check its actions.
Let’s tell you how to create a comprehensive exclusion for a program. Technically, it will be necessary to create two
exclusions: one for Kaspersky Endpoint Security not to scan the program file, and the other for Kaspersky Endpoint
Security not to block the program’s actions.
Procedure
First of all, you need to find and write down the full path to the executable file that was blocked by mistake. Then do
the following:

2. Select the Managed computers node and switch to the Policies tab
3. Open the Kaspersky Endpoint Security for Windows policy and switch to the General Protection Settings
section
4. In the Exclusions and trusted zone area, click the Settings button
5. On the Scan exclusions tab, click the Add button
6. Click the select file or folder link and enter the full name of the executable file of the necessary program
7. Save the exclusion
8. Switch to the Trusted applications tab and click the Add button
9. Type the name of the executable file (process) of the program in question
10. Select the Do not scan opened files, Do not monitor application activity, Do not inherit restrictions of
the parent process, and Do not monitor child application activity check boxes
11. Save the exclusion, close the Trusted zone window and save the policy
59
60 KASPERSKY LAB™
Blocking program start

All employees have their tasks. To perform some of them, a computer and the programs installed on it are necessary.
Usually, the programs necessary for work are not numerous: a browser for visiting web sites, a mail client, an instant
messenger, an office suite to work with documents, and maybe some professional programs (accounting,
development)—anyway, a couple of dozen programs, not hundreds.
If employees start some other programs, they are likely to be distracted from their work. Kaspersky Endpoint
Security for Business enables the administrator to generate a report about the programs installed on the computers
and create the rules that will block unnecessary programs.
The decision about what to block is usually made by the head of the company (department) after reviewing
the report provided by the administrator. For example, they may ask the administrator to prohibit all games.
The administrator can easily do it using Kaspersky Endpoint Security.
To block some programs, you need to specify the conditions to be met by those programs. This set of conditions is
saved to a category and then you can create a blocking rule for this category.
Conditions can include the file name, the folder where the file is located, file checksum, and also file type according
to Kaspersky Lab classification.
If your task is broad, for example, to block all games, it cannot be solved with file names or checksums. Of course,
the administrator can select games from the list of installed programs, create a condition by file name and folder for
each game and prohibit starting programs that match those conditions. But it will not help to block other games
the users will install or start from external media.
This task can be solved with the help of program classification by Kaspersky Lab, called KL categories. Kaspersky
Lab experts analyze existing programs day after day, define their types and add them to the Kaspersky Security
Network database. It is sufficient to create only one condition: programs belonging to the “Games” KL category—
and Kaspersky Endpoint Security will block all programs included in this category. New games are quickly
classified by Kaspersky Lab experts and information about this promptly gets on the computers via Kaspersky
Security Network and planned updates. The administrator creates just one condition to block all games, existing and
those that will be developed in future.
The administrator can use file name or location conditions to make a rule more precise or add exclusions. For
example, to prohibit all games except for Solitaire.
Startup Control can also help to reinforce protection. It is common knowledge that old versions of browsers and
mail clients contain more vulnerabilities through which viruses may get on the computer. The administrator can
prohibit starting obsolete versions of these programs. Alternatively, the administrator can allow only the Microsoft
Office Outlook mail client and watch it to be frequently updated, and prohibit other mail clients with unknown
vulnerabilities.
Application Startup Control allows implementing sophisticated scenarios, which are to be explored by
the customer’s administrator, if the company managers are interested in this functionality.
61
62 KASPERSKY LAB™
Procedure
2. Expand the Advanced | Application management node and select the Application categories folder
3. Create a category for games:
3.1. Click Create a category
3.2. On the page with three square buttons, click the uppermost to manually specify the conditions
3.3. Type a name for the category, for example, Games
3.4. Click the down arrow on the Add button and select KL category
3.5. Expand the Entertainment node and select the Games category
3.6. Do not specify exclusions
4. Select the Managed computers node
5. In the right pane, switch to the Policies tab
6. Open the properties of the Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for
Windows policy
7. Create a block rule for the Games category:
7.1. Switch to the Application Startup Control section
7.2. Enable Application Startup Control
7.3. Click Add
7.4. Select the Games category
7.5. In the Users and / or groups that are denied permission field, specify Everyone
7.6. Save the rule (ignore the warning)
8. Close the policy

63
64 KASPERSKY LAB™
Blocking removable drives

External devices may become a source of threats (malware) and a channel of confidential data leakage. If external
devices are prohibited, the risk of infections and leakages is reduced.
On the other hand, removable devices are very useful—you can take a presentation on a business trip, bring
someone else’s presentation from a business trip, load music, movies, books, etc. to the phone. Small companies
rarely pursue a draconian internal policy, and external devices are rarely prohibited. However, it depends on
the company and the business.
A bit of theory
Kaspersky Endpoint Security can block devices by types (removable drives, printers, modems, etc.) and by
connection methods (USB, FireWire, infrared port, PCMCIA, etc.). The settings configured for device types have a
higher priority than the settings specified for connection methods. If removable drives are allowed, they will be
usable regardless of whether USB ports are allowed.
To configure this is incredibly easy. Literally a couple of clicks. You only need to open the console and the policy
properties and then block the necessary device.
Device control allows the administrator to create exclusions for individual devices or individual users. You can
allow access only for reading or only during business hours or, vice versa, after hours. You can block various device
types, for example, external modems, to prevent users from establishing their own Internet access channels.
Procedure
Let’s learn how to block devices through the example of removable drives:
3. Open the properties of the Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for
Windows policy
4. Switch to the Device Control section
5. Find Removable drives in the list, right-click them and select Block
6. Save the policy

65
66 KASPERSKY LAB™
Blocking online shops
Objective
The task is simple: restrict employees’ access to the web resources that are not related to their work. For example,
job search, online shopping, social networks, etc. The idea behind this is to help the employees focus on work. Also,
some unwanted sites are highly dangerous from the fraud or malware viewpoints. The objective is to prevent
employees from accessing the specified resources at least during business hours.
A bit of theory
Just like in the Application Startup Control, web sites are classified by Kaspersky Lab experts, and Kaspersky
Endpoint Security receives this data with signature updates, and also from Kaspersky Security Network.
The administrator just selects the categories of web sites to be blocked.
Also, the administrator can specify the blocking schedule. For example, prohibit online shopping from 09:00 to
18:00 and allow it the rest of the time. Also, some employees can be prohibited from visiting some sites, while
others are allowed. For example, job searching can be blocked for ordinary employees, and allowed to the employee
responsible for hiring.
Just like in the Application Startup Control, KL categories of web sites help the administrator. The administrator
does not need to search for addresses of all popular online shops or react to the users’ visiting new unwanted sites.
All they need to do is to block a category on the list, and Kaspersky Lab experts ensure correct recognition of sites
of this category.
Just like for application categories, they continuously analyze web sites and categorize their contents.
The information about this is delivered to the computers via KSN and planned updates. The administrator just makes
several clicks, and the rest of the job is done by Kaspersky Lab experts and programs.
Procedure
We will create a rule that blocks online shopping Monday thru Friday from 9am to 6pm:
3. Open the properties of the Kaspersky Endpoint Security 10 Service Pack 1 for Windows policy and switch
to the Web Control section
4. Create the rule:
4.1. Click the Add button

4.2. Type Online shops for the name
4.3. In the Filter content field, select By content categories
4.4. On the list of categories, select Electronic commerce
4.5. In the Action field, select Block
4.6. Click the Settings button next to the Rule schedule field
4.7. Deselect all, then select Monday to Friday 9am to 6pm
4.8. Click the Save as button and type Business hours for the name
4.9. Save the schedule, save the blocking rule
5. Save the policy

67
68 KASPERSKY LAB™
2.5 Virus Scanning Demonstration

Often a prospective customer already has a solution that provides protection against viruses and other threats. If
the customer is looking for another solution, they are not very satisfied with the current one. But it does not mean
that they are ready to change it. The partner can drive the customer towards the purchase by visually demonstrating
the advantages of Kaspersky Endpoint Security.
A typical demonstration is to install Kaspersky Endpoint Security and run virus scanning on the customer’s
computers to find malware that their current Anti-Virus failed to detect.
Kaspersky Endpoint Security for Business Core consists of several programs:
— Kaspersky Endpoint Security for Windows

— Kaspersky Endpoint Security for Linux
— Kaspersky Endpoint Security for Mac
— Kaspersky Security Center
To demonstrate virus scanning, you will need Kaspersky Endpoint Security for Windows. The probability of
detecting overlooked viruses is higher on a Windows computer than on Linux or Mac, and Kaspersky Security
Center is not necessary at all for one-time virus scanning.
Kaspersky Endpoint Security for Business includes several programs, which consists of components. We studied
them in the previous chapter. The good news is that you do not need to know how to configure these components to
demonstrate protection efficiency.
To scan a computer, you need only the virus scan task and the update task; the other components even need not be
installed. We will guide you through a simple installation where almost nothing is to be configured.
Procedure
You will need an installer of Kaspersky Endpoint Security for Windows. It can be downloaded directly to
the computer from the Kaspersky Lab web site, but the program is large enough: 270 MB. You had better download
it beforehand and take along on a USB flash drive.
1. Start the installer of Kaspersky Endpoint Security for Windows

2. On the welcome page of the wizard, click Next
3. Change the unpack path to C:\kes10.
If you do not specify an unpack path, the installer will extract the installation files to the same folder from
which the installer was started. For example, if you start the installer from the desktop, it can extract
installation files directly to the desktop, which is not always desired
4. Wait for unpacking to complete and click Finish

5. Open the folder where the files were unpacked and run setup.exe; then click Next
6. Accept the license agreement and click Next
7. Agree to the use of KSN and click Next
8. Agree to the Standard installation and click Next
For a virus scanning demonstration, we will need only one the program core and scan tasks. All other
components can be deselected. We decided not to complicate the procedure and install the default
components. To install only what is strictly necessary, select the Custom installation check box and click
Next; on the subsequent page, disable all the components except for the scan tasks.
9. Click Install
If other protection solutions are installed on the computer, the Kaspersky Endpoint Security installer will
detect them and offer to uninstall.
69
10. If a window with an incompatible application name opens, click Next.
Thus you give your consent for the installer to uninstall the incompatible Anti-Virus.
Windows User Account Control may prompt to confirm program uninstallation and Kaspersky Endpoint
Security installation. In both cases, click Yes.
11. After the installation, Kaspersky Endpoint Security activation window opens. Select Activate trial version
and click Next
12. If prompted for the activation type, select Standard installation and click Next
13. Wait for the activation to complete and click Next
14. On the last page of the installation wizard, click Finish
The installer may prompt for computer restart. Unless in a hurry, reboot the computer. If you do not want to
do it, clear the Restart the computer check box before clicking the Finish button. It will not impact
the virus scan demonstration.
15. Wait for the Kaspersky Endpoint Security for Windows icon to appear in the notification area (next to
the clock) and click it. (If it won't appear, launch Kaspersky Endpoint Security for Windows from the Start
menu.)
70 KASPERSKY LAB™
16. In the main window of Kaspersky Endpoint Security for Windows, click the Tasks area
17. Right-click the Critical Areas Scan task and select Start scanning on the shortcut menu
18. Wait for the scanning to complete (progress percentage is displayed next to the task name)
19. Right-click the Critical Areas Scan task once again and select Reports on the shortcut menu
20. Look through the report to check whether viruses were found
21. If the Critical Areas Scan task found nothing, repeat steps 17-20 with the Full scan task
2.6 Summary
We discussed how to deploy the protection system, assess its status, and adjust the settings. All these actions are
very easy, do not require special technical skills and may be performed during a brief visit to the customer.
What next?
As a result of the described procedures, we have an operational protection system and the administrator who is more
or less aware of how to maintain it. Chances are that in a year the customer will still be glad with the purchase and
buy a license renewal.
When discussing the renewal, it might be worthwhile to talk about extending the license. In the next chapter we will
describe several possible development directions for the created protection system.
71
72 KASPERSKY LAB™
Chapter 3. KES for Business: Extended Features

Now the customer has an operational protection system based on Kaspersky Endpoint Security for Business. This
system can be easily upgraded depending on the customer’s growing requirements. In this chapter we will describe
possible upgrade directions:
— Protection for mobile devices / Mobile device management

— Data protection (encryption)
— Systems management
— Anti-spam protection / centralized protection for the mail system
3.1 Mobile Device Management
Deployment Plan
Let’s first describe mobile device management. We will discuss the role of mobile devices in business, the benefits
and issues involved. Afterwards, we will tell how Kaspersky Lab helps to solve these issues, which products are
available, what they do, and how they are licensed.
Objective
Nowadays, employees regularly use at least one, and often several mobile devices—smartphones, tablets and their
variations. On the one hand, these are almost full-fledged computers that are used for communication and work
with documents. Employees use smartphones and tablets for business correspondence, viewing and storing work
documents as a matter of course.
On the other hand, those are often personal devices of the employees. It means that they are all different, they are
unpredictably upgraded or replaced, they may be accessed by the employees’ relatives and friends, and may be sold
to strangers—all without the administrator’s knowledge or consent.
All things considered, allowing the employees to access work documents via mobile devices is not safe. At the same
time, companies, especially small, often have neither the will nor the way to prevent this. As a result, they have to
look for ways to minimize losses.
Mobile devices, whether personal or corporate, are easy to lose: leave in a bar, drop in a taxi, fell victim to
a pickpocket. It is a real issue if corporate data is stored on the device. There should be the capability to clear that
data from the device remotely if it falls into unwanted hands.
Let’s not forget that the amount of malware is rocketing in the mobile device sector. They may become a channel of
important data leakage, and a source of various issues. Mobile devices need protection similarly to desktops.
73
74 KASPERSKY LAB™
Bring your own device

The fact that employees prefer working from their personal phones and tablets is, on the one hand, good.
The company does not need to pay for devices, and benefits from the employees’ increased accessibility and ability
to work on the go, at lunch, and in other situations, not only at their workstations.
In order to actually benefit from that, employees’ smartphones need to be connected to the company resources:
configured to receive corporate e-mail and connect to the office wireless (Wi-Fi) network; certificates for secure
connections to the company servers (e-mail, for example) must be downloaded on them, etc.
It is called enablement, and the administrator has to do that with every new personal device. The capability to install
the management agent on the device and then transfer all the necessary settings through it would be very useful.
On the other hand, and we talked about this already, employees play games on their smartphones, give them to their
children, can easily leave the smartphone in a bar or drop in a taxi. Such smartphones should have an unlock
password, and one more password for accessing the corporate data. It would be perfect to be able to define
the device coordinates and to send an erase command to the smartphone as a last resort to delete all corporate data.
The issue is aggravated by the fact that employees have different smartphones. Some of them have Apple, some—
Blackberry, some—Nokia running Windows Phone, and some—Samsung running Android. All these devices need
to be connected and protected.
The mobile device management tools attempt to put a harness around the chaos. They enable the administrator to
control various employees’ devices. Specifically, they can require the employees to set an unlock password, can
lock or wipe a device if it is lost. The degree of control varies for different devices.
Some management tools allow users to manage their devices (to some extent) through a self-service portal. They can
connect their devices to the management system there, and later lock a device if it is lost and unlock when found.
Range of technologies
In Kaspersky Lab products, mobile device management is a part of Kaspersky Security Center. It is not just one
technology; it is a set of several technologies that embrace various device types.
Kaspersky Security Center possesses the following technologies:
— Apple MDM (Apple Push Notification service)—enables the administrator to manage only Apple devices
(iPhone, iPad)
— Exchange ActiveSync—allows managing smartphones and tablets via the Microsoft Exchange mail client.
It covers all popular mobile platforms, but with limited control capabilities
— Kaspersky Endpoint Security for Mobile—an application for smartphones (and tablets) that protects against
threats and enables the administrator to manage the device via Kaspersky Security Center; supports
the majority of the mobile platforms
Let’s describe these technologies in more detail.

75
76 KASPERSKY LAB™
Apple MDM
In the Apple world, things are somewhat more complicated for third-party developers than in the Microsoft and
Android worlds. For example, viruses are declared forbidden in the Apple world. It does not mean that they do not
exist, but it means that third-party developers may not create Anti-Virus programs for iOS. That is why Kaspersky
Endpoint Security for Mobile for iOS (Kaspersky Safe Browser) neither searches for malware nor blocks it; it only
blocks malicious and phishing sites thus protecting the device as far as possible.
iPhone and iPad devices still need control, because employees can read corporate e-mail on them, store and view
documents, etc. Unless a lost iPhone is properly protected, anyone can read e-mail or documents of the employee.
Mobile device control guarantees basic protection for smartphones. At least the use of an unlock password.
Apple developed their own mobile management framework that third-party developers may use. And many do,
including Kaspersky Lab.
Apple MDM is good because it does not require installing any additional programs on the smartphone (or tablet).
The smartphone connects to the management system using a so-called profile. But it is not an application; profiles
are supported by the operating system.
However, at the same time, Apple MDM lacks some important features: it does not protect against threats, and does
not support program containerization (that is, the programs that access corporate data cannot be separated from other
applications).
Fortunately, Kaspersky Endpoint Security for Mobile (Safe Browser) does possess these advantages, and that is why
Apple MDM should be used together with Kaspersky Endpoint Security for Mobile. More so because it does not
involve extra cost: the Kaspersky Endpoint Security for Business Select license allows a customer to use all three
mobile device management technologies.
Microsoft ActiveSync
Essentially, it is a technology by Microsoft that works independently of Kaspersky Security Center. The key
requirement of this technology for the company infrastructure is the availability of a Microsoft Exchange server. If
this requirement is met, the company can control the devices that get e-mail from this server.
ActiveSync Device Control allows enforcing the device access password or encryption requirements, prohibiting
the use of networks or program installation. If necessary, the administrator can remotely wipe the device if
the employee reports that the smartphone is lost.
While this is not a complete list of Exchange ActiveSync capabilities; only devices running Windows Mobile
support these capabilities to the full extent, but the majority of devices on the market run Android and iOS. These
operating systems support only some of the ActiveSync capabilities, most important of which are password,
encryption, and remote wipe.
Kaspersky Security Center integrates with Microsoft Exchange Server and enables the administrator to control
mobile devices from the same console as typical computers. While this is important in large companies, where
responsibilities can be divided among multiple administrators, it is also important for small companies, where one
administrator can be responsible for everything.
ActiveSync technology is attractive because it does not require installing additional programs on the devices.
The management is performed via the e-mail program, which is often a system program pre-installed on
the smartphone. Since ActiveSync provides only basic management capabilities on most devices, we recommend
using Kaspersky Endpoint Security for Mobile together with ActiveSync.
Is this technology interesting for small companies? On the one hand, small companies rarely use Microsoft
Exchange for e-mail. It is neither the simplest nor the cheapest solution. On the other hand, the Microsoft Small
Business Server offer is designed for small businesses. Some versions of SBS include Microsoft Exchange Server.
These companies would undoubtedly be interested in mobile device management via Exchange ActiveSync.
77
78 KASPERSKY LAB™
Kaspersky Endpoint Security for Mobile

This is the technology that will be of great interest to small businesses. It does not require any infrastructure except
for Kaspersky Security Center and is installed easily.
To make mobile devices manageable, it is necessary to install Kaspersky Endpoint Security for Mobile on them. It
will provide not only management capabilities, but also protection from typical threats (mobile malware,
unauthorized network activity of the programs, etc.)
Capabilities
Kaspersky Endpoint Security for Mobile does good for the user and for the company: from antivirus protection to
control over the smartphone access settings, protection against theft, SMS filter, etc. Let’s briefly describe the main
capabilities:
— Anti-Virus protection—a counterpart of computer Anti-Virus, watches which files are saved on
the smartphone and which programs are started. Also scheduled scans of files on the smartphone. If they
match malware signatures, KESM blocks them.
— Anti-Theft protection—if a smartphone is lost, one would first, want it found and returned and second,
corporate e-mail and other important data to be inaccessible to strangers. Kaspersky Endpoint Security for
Mobile can transfer GPS coordinates of the device, lock it until a complex one-time code is entered,
completely lock the smartphone if the SIM card is replaced, and, as a last resort, wipe all data from
the smartphone.
— Network protection—can block inbound connections (Wi-Fi, etc.) to decrease malware infection risk,
block inbound and outbound connections to prevent unauthorized network activity of programs, also block
access to web sites similar to Web control in Kaspersky Endpoint Security, i.e.: prohibit social networks.
— Application Control—you can restrict installation and start of the specified programs, can install programs
in a special mode (container), when a password will need to be specified to start the program and
the program data can be deleted separately from other programs’ data.
— Compliance control—the administrator can specify requirements for the smartphones' settings, and
Kaspersky Endpoint Security for Mobile will check whether the smartphone meets them; if non-compliance
is detected, it can notify the administrator, lock the smartphone, block applications, etc. For example,
the administrator can prohibit installing some applications, or require that the smartphone must not be
jailbroken (rooted).
— Hardware control—you can completely disable Wi-Fi, Bluetooth or camera, enforce the use of a device
access password and code
— SMS and call filters—employees can configure blocking of unwanted messages and calls, and also can
hide calls and SMS to the specified numbers
These capabilities can be used either separately or all together; the Anti-Theft protection capabilities are useful for
companies of any size.
Support of various smartphones and tablets
The mobile device control issue is complicated by the fact that there are many various types of mobile devices on
the market. At this writing, smartphones (and tablets) running iOS and Android are the most wide-spread. The share
of Windows Phone is growing, but still small.
All these operating systems are as different as Windows, Linux and Mac OS X. They possess different capabilities,
are vulnerable to different threats and Kaspersky Endpoint Security for Mobile works differently on them.
79
Android, the most widespread platform, is supported best of all. Almost everything Kaspersky Endpoint Security for
Mobile is capable of—protection against malware and network attacks, actions that can be taken for lost and stolen
devices, application control and containerization—is applicable to Android smartphones and tablets.
iOS is supported to a lesser degree, mainly because of Apple marketing requirements. Some important technologies,
such as program containerization and network protection, are implemented for iPhone and iPad.
Windows Phone devices are even less supported. However, Kaspersky Endpoint Security for Mobile has handy
tools for them too: for example, Web filtering.
80 KASPERSKY LAB™
Self Service Portal

Starting with Kaspersky Security Center 10 Service Pack1, the Kaspersky Endpoint Security for Mobile solution
comprises a Self Service Portal. The administrator can enable the users to connect their devices to the management
system there. After a device is connected, the user can send the following commands through the Self Service
Portal:
— Lock
— Unlock
— Locate
— Alarm
This way, the users take charge of tracking the devices, locking them if lost, searching for them by coordinates or by
setting off alarm, and need not bother the administrator about that.
Summary
Mobile device management is, at least, a way to require an unlock password. It is important, because smartphones
and tablets can easily fall into hands of strangers.
A good MDM solution is much more than just a required password. It supports various mobile platforms (Android,
iOS, etc.), protects devices against threats (viruses, phishing), allows taking some actions for lost or stolen devices,
and allows separating corporate from personal data and programs.
MDM by Kaspersky Lab is a good MDM solution because it embraces several technologies:
— Management via Kaspersky Endpoint Security for Mobile—provides protection against threats,
containerization (separation of corporate and private data), protection from theft; supports various platforms
— Management via Exchange ActiveSync—provides detection of corporate devices, minimum security on

numerous platforms, and anti-theft protection
— Management via Apple MDM—provides enhanced management capabilities for iOS devices, simplifies
deployment of Kaspersky Endpoint Security for Mobile on them
Advantages of mobile device management by Kaspersky Lab:
— The use of world best protection against viruses and other threats
— Containerization—separation of corporate programs and data from private
— Management from a single console—computers, smartphones and tablets are managed via Kaspersky
Security Center
— Support of numerous mobile platforms
Mobile device management is available within the framework of Kaspersky Endpoint Security for Business Select
bundle and can also be purchased separately as a Targeted Security solution.
81
82 KASPERSKY LAB™
3.2 Encryption
Deployment Plan
The anti-threat protection system can be supplemented with a system that protects data by encrypting. In this chapter
we will discuss in which cases this protection is effective, and some of their limitations. We will also describe
offerings by Kaspersky Lab, the capabilities of the corresponding products, and how they are licensed.
Objective
If an employee loses a USB flash drive or a notebook, anyone who finds it can easily read the files stored on
the device. This can be extremely undesirable for the company.
In some ways, it is even a more serious issue than a lost smartphone or tablet since a notebook is a far more
functional tool and more work documents are usually stored on it. Even if the system is password-protected, the data
from the notebook can be read by detaching its hard drive and connecting it to another computer.
To prevent such threats, you need to protect not only logging on to the system, but also the stored data, so that it
cannot be read without a password or some other authentication, even if the drive is connected to another computer.
Such protection is implemented in encryption.
Encryption has been used for protecting secret data since the dawn of time. For example, the Caesar cipher is one of
the simplest encryption methods that was used by the very same Caesar. Over the last 2000 years, various methods
of cipher breach were invented, as well as new encryption methods. During the last 100 years, mathematicians
invented encryption methods that will take more time to breach than the universe has existed, even if all of
the computers in the world were used.
Encryption is a technology that ensures that a file cannot be read without effort. Unless you know the password,
encrypted files are not just hard to read, they are incredibly hard to read, almost impossible. With the password, they
can be read as easily as non-encrypted. But since a stranger does not typically know the password, encryption
reliably protects data on lost or stolen devices.
To provide high reliability, modern encryption methods are used, specifically, AES-256 encryption. You do not
need to know any implementation details to be able to use encryption. You just need to remember your password
and enter it when prompted. Encryption programs, for example, Kaspersky Endpoint Security for Windows, will
take care of the rest. After entering the password, the user works with encrypted files as usual. Without
the password, these files will look like nonsense.
83
84 KASPERSKY LAB™
Encryption in Kaspersky Lab products

Kaspersky Lab offers data encryption within the framework of the Kaspersky Endpoint Security for Business
Advanced bundle.
The data is encrypted by Kaspersky Endpoint Security program; additionally, for the network users to be able to
exchange encrypted data, the Kaspersky Security Center console is necessary.
The administrator can use Kaspersky Endpoint Security to encrypt data on various data carriers and at various
access levels. All in all, there are three encryption modes; we will describe each of them:
— Disk encryption
— Encryption of files and folders
— Encryption of removable drives
All three modes use the same encryption algorithm, AES-256. It is an industry standard mentioned in ISO
documents and used in most encryption tools on the market. Unlike anti-threat protection tools, where
manufacturers compete by offering similar, but different technologies, encryption tools use the same technology and
compete in flexibility and usability.
AES-256 encryption algorithm is described in FIPS-197 standard. The AES-256 implementation in Kaspersky
Endpoint Security 10 Service Pack 1 for Windows is certified according to this standard and is listed as FIPS
approved on page http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html
Disk encryption
The encryption technology can be used differently. One of the methods is to encrypt the whole drive completely.
A huge advantage of this method is that you need not bother about where important files are stored on the notebook.
Wherever they are, everything will be encrypted and the administrator does not need to configure anything other
than just enabling encryption on the computer where Kaspersky Endpoint Security is installed.
A drawback of this method is that if a notebook’s drive is encrypted, an access password has to be entered before
Windows can boot. This additional step is unusual for people, and typically anything unusual is not desirable.
Sometimes people are afraid that if the user forgets the password, the encrypted data is very difficult to recover. It is
not entirely true. Kaspersky Endpoint Security together with Kaspersky Security Center offers the administrator
several methods for recovering encrypted data even from damaged drives. If the user just forgets the password, it is
not a problem at all.
After the encryption password is entered, the user has nothing to worry about. Kaspersky Endpoint Security for
Windows decrypts the data being read from the drive and encrypts the data being saved to the drive seamlessly and
imperceptibly to the user. If criminals get hold of such a drive, they will not be able even understand which files are
stored on the drive and whether they are stored there at all, let alone read them. An encrypted drive with files looks
the same as an empty encrypted drive, unless you enter the password.
85
86 KASPERSKY LAB™
Encryption of files and folders

Another encryption method is to encrypt files and folders according to the specified conditions. For example, all
files in the user’s home folder, all Microsoft Office documents, and local e-mail archives. The advantage of this
approach is that an employee does not perceive encryption. The access password is the Windows logon password.
The drawback is that the administrator has to draw up the list of conditions according to which files and folders are
encrypted. The administrator cannot control the users. They may save important documents elsewhere, and these
files will not be encrypted. Meaning, there is the risk that encryption will not be as efficient as it could be.
Encryption of removable drives

Unlike hard drives, which are rarely detached from computers to be connected to another computer, removable
drives are designed specifically for this. They help to carry documents from work to home and back, store
presentations, etc.
Encrypted data can be easily read on the computers connected to Kaspersky Security Center. But if the USB flash
drive is lost, strangers will not be able to read its files on their computers.
To be able to read protected data on the computers that are not connected to Kaspersky Security Center, for
example, at home or at a conference, use a special portable encryption mode in Kaspersky Endpoint Security. It
allows decrypting files on any computer with the password.
What encryption cannot protect from

Encryption prevents strangers from accessing data. If someone finds or steals an encrypted device, they will not be
able to read the data.
At the same time, encryption cannot prevent employees from transferring important data to a stranger accidentally
or deliberately. Or, in marketing terms, encryption is not a DLP (Data Loss Prevention or Data Leakage Prevention)
solution. It can undoubtedly be a part of it, one of the technologies implemented in a DLP solution. But by itself and
in the way it is implemented in Kaspersky Endpoint Security or any other product for mobile data protection,
encryption cannot guarantee comprehensive protection from data leakage.
Conclusion
Encryption is mainly designed for protecting mobile data (data on laptops or media that may be lost or stolen).
An encrypted device reliably protects data from strangers. At the same time, encryption is not a full-fledged DLP
solution able to protect from data leakage in general. Encryption should not be regarded as universal protection from
data leakage.
Data encryption can be organized in several ways, which differ in the balance of protection, the administrator’s
effort and the user’s convenience. Disk encryption provides the best protection, does not require special setup by
the administrator, but changes the logon procedure for the user and adds work to the administrator if the user forgets
the password or a computer has to be given to another user.
Encryption of files and folders, alternatively, is seamless for the user and easy to maintain, but requires thoughtful
setup and is not as reliable as disk encryption in the long run.
Most encryption tools available on the market use the same encryption methods (algorithms). Almost all of them are
based on the standard (today and for the near future) AES-256 algorithm.
A distinctive feature of encryption implemented in Kaspersky Endpoint Security for Business is the ease of
deployment and use both for the administrator and employees. Competitive solutions try to match requirements of
different market segments, and therefore are more complicated and less friendly to small businesses.
Kaspersky Endpoint Security for Business Advanced license is necessary for using encryption in Kaspersky
Endpoint Security.
87
88 KASPERSKY LAB™
3.3 Systems Management
Outline
Another way to extend the capabilities of Kaspersky Endpoint Security for Business is to use Kaspersky Security
Center for general computer management as well as protection. Considering the fact that there is only one
administrator in the network, any help in network management is welcome.
In this chapter we will describe how Kaspersky Lab can help the administrators in their work, which products can be
used for this purpose and which licenses are necessary for that.
Specifically, we will study the tools available within the framework of the Systems Management functionality of
Kaspersky Security Center:
— Vulnerability and patch management

— Software management
— Operating system deployment
— Network access control
— License management
— Hardware inventory
We will tell you about the benefits provided by the Systems Management in general, and what would be of interest
to small businesses.
89
90 KASPERSKY LAB™
Objective
The general task of Systems Management in Kaspersky Security Center is to help the administrator cope with
the tasks other than protecting the network from various threats. And improve protection as well.
The administrator has lots of work to do apart from protection:
— Purchase new computers and upgrade old ones

— Prepare computers for work
— Install, activate, update and uninstall programs for employees
— Configure network access for employees and visitors
— Etc.
Many of these operations are routine and the same for all computers. Such operations are just asking for automation
and Kaspersky Security Center provides it.
Systems Management in Kaspersky Security Center helps with the following tasks:
— Inform which devices are installed on the computers (how much memory, which processors, etc.)
— Inform which programs are installed on the computers
— Install and uninstall programs
— Inform if the installed programs need to be updated
— Inform if there are vulnerabilities in programs or operating systems
— Automatically download and install vulnerability fixes and program updates
— Quickly install operating system and programs from an image prepared beforehand
— Capture an image from any computer or Windows distribution
— Tell which devices (computers and other equipment) are found in the corporate network
— Block network access for unknown or non-protected computers
Kaspersky Security Center is solely responsible for this information, not Kaspersky Endpoint Security, which is not
even required.
The Kaspersky Endpoint Security for Business Advanced license is necessary for Kaspersky Security Center to be
able to manage systems.
Vulnerability and patch management

Programs have errors. Some of them simply annoy users, and others can be used by criminals, for example, to infect
a computer with a Trojan. These types of errors are called vulnerabilities.
Fixing vulnerabilities is an important part of network protection. If a vulnerability persists on the computer, it will,
in all likelihood, be attacked by malware, which potentially can get past the Anti-Virus. If a vulnerability is fixed,
the whole class of the corresponding malware, both existing and yet to be written, ceases to be dangerous for
the computer.
The first step in fixing vulnerabilities is detecting them. Kaspersky Lab maintains an extensive database of
vulnerable programs and uses it for scanning the computers. As a result of scanning, a list of vulnerable programs is
drawn up for each computer.
Vulnerabilities are fixed by installing updates. When the manufacturer is informed about a program vulnerability,
they release a special update that replaces program files, or a new version to be installed.
91
Armed with the vulnerability list, the administrator then has to find new program versions or patches and install
them on the network computers. Most of the current solutions available on the market cannot help much with these
tasks.
Systems Management in Kaspersky Security Center not only detects vulnerabilities, but can also fix them
automatically. The Kaspersky Lab vulnerability database contains information about where to download the fix or
the new program version and how to install it silently. Kaspersky Security Center automatically downloads
the necessary files and installs them on the vulnerable computers according to the schedule specified by
the administrator.
The administrator can adjust aspects of this process, for example, prohibit installation of an update or enable
automatic installation of non-critical updates. Typically, the default settings are sufficient.
92 KASPERSKY LAB™
Software management
Vulnerability fixing tools can also be used for other purposes. After scanning the computers, Kaspersky Security
Center can inform the administrator about all installed programs rather than just the vulnerable ones.
The administrator can use Kaspersky Security Center to centrally uninstall unnecessary programs. Kaspersky
Security Center can inform the administrator if the users try to install these programs again.
Information about new program versions from the vulnerability database can be used for installing programs on
the computers. To install, for example, Adobe Reader, the administrator just selects it from the list of supported
programs in Kaspersky Security Center, and the latest version will be automatically downloaded from the Internet
and installed on the selected computers.
All together, it is called software management: gathering information about the installed programs, centralized
installation, update and uninstallation of programs.
In addition to software management, Kaspersky Security Center has license monitoring, which will be described
later.
Operating system deployment
Objective
When a new employee joins the company, the administrator prepares a computer: installs the operating system and
all the programs necessary for work. If traditional methods are employed, it will take several hours.
Kaspersky Security Center allows preparing a computer in considerably less time, and unattended. The administrator
just starts the process, and can deal with other tasks.
How it works
In order to quickly and automatically install an operating system and programs on a computer, it is necessary to
prepare a so-called disk image. You will need a computer where everything required is already installed. At
the administrator’s command, Kaspersky Security Center captures the computer’s image, which then can be used for
installation on other computers.
Another approach is also possible. The administrator can create an image from a Windows installation disc. It will
be a 'clean' operating system image without any programs. The administrator can add the Network Agent installation
to the image in its settings, and then deploy the necessary programs, including Kaspersky Endpoint Security,
through the Agent.
The prepared image can be installed even on a new computer without a system. It is sufficient to connect it to
the network. Kaspersky Security Center will detect and display it, and the administrator will be able to start
the installation.
It works best when the computers are identical. But even if the computers are different, operating system
deployment can also be used.
93
94 KASPERSKY LAB™
Network access control
Objective
There are usually shared folders for document exchange in the corporate network. At the same time business rules
require that visitors (customers, partners, contractors, etc.) are provided with Internet access, as a courtesy, to be
able to work with their e-mail.
In small companies, networks are usually organized simply. Everyone can connect to everyone. While it is easy to
configure, you can easily suffer from that approach. Visitors might bring malware, which will try to attack
the network computers. Some visitors may try to steal documents from shared folders or internal web resources.
This should be prevented.
Network access control implemented in Kaspersky Security Center allows the administrator to monitor
the computers connected to the network, and restrict their access to internal resources. Fortunately the network will
not need to be reconfigured for this.
Typical scenarios
Explaining how it works involves too many technical details. Let’s just say that network access control in Kaspersky
Security Center does not require additional devices for traffic interception, does not require switching network
devices to special modes and in general does not require any changes to be made to the network settings.
Instead of technical details, let us study the main reasons for using network access control.
Suppose the administrator comes to work and notices that there have been many infection attempts in the network,
which were fortunately blocked by Kaspersky Endpoint Security. If there is an infected computer in the network, it
may download new virus modifications from the Internet. You better find the threat source and neutralize it.
The administrator can use network access control to view which computers are connected to the network. In a small
company, the administrator may know all computer names. If an unfamiliar name shows on the list of network
computers, the administrator can manually block this computer. Kaspersky Security Center will take care of
the computer so that it cannot connect to other network computers.
To protect the network from similar cases in future, the administrator can create a rule where unknown computers
will not receive network access unless approved by the administrator. Or a rule where unknown computers will be
able to access only the Internet rather than the network computers.
It may also turn out that one of the internal computers has become a source of infection. There can be old databases
on it, or Kaspersky Endpoint Security is disabled, and so it got infected and began attacking other computers.
To prevent this, the administrator can create a rule where a computer with a bad protection status (outdated
databases, Kaspersky Endpoint Security not running) cannot connect to other computers and access the Internet; it
will only be able to connect to the Administration Server.
Usually, network access control is required in large companies where it is difficult to monitor numerous visitors,
employees and their requirements. However, a considerable advantage of Kaspersky Security Center is that
configuring network access control requires minimal effort and nothing needs to be changed in the network settings.
Such network access control can be easily employed in a small company.
95
Inventory and license control

We already mentioned inventory in the section devoted to programs management. We stated that the administrator
can receive a list of installed programs and then uninstall or install others.
If licensed programs are used in the company, the administrator has to monitor the number of activated licenses to
avoid exceeding the limit. The administrator can specify in Kaspersky Security Center how many licenses
the company purchased for each program, and Kaspersky Security Center will inform the administrator about
upcoming license expiration or exceeded limit.
In addition to the list of programs, the administrator receives the list of hardware—which processors are installed in
the computers, which drives, how much memory, etc. This list can be used to plan purchases of new computers and
retirement of old ones. It is easier than gathering this data from each computer individually.
96 KASPERSKY LAB™
Small business benefits

We described, in general, the capabilities of Systems Management in Kaspersky Security Center. Some may ask:
"Who could benefit from these?"
First, those companies who seek to improve their protection system. Thanks to detecting and fixing
the vulnerabilities and network access control, infection probability decreases, as well as probable harm.
Second, those companies that regularly prepare new computers or recover systems from images. For example, large
companies where there are many employees or high turnover. A certification or training center, school, cybercafé or
other similar organization, where the operating system and applications often have to be reset to their original state.
Third, Systems Management can be useful for the companies that need to observe license terms. Kaspersky Security
Center helps to monitor the installed programs and the use of licenses.
Finally, Systems Management comes in handy if the company needs to adhere to an internal security policy.
Network access control allows enforcing this policy on employees and visitors.
While all of this (high security requirements, strict processes, the necessity to monitor the use of software) is rather
typical of large companies, it does not mean that small companies cannot benefit from using Systems Management.
First, enhanced security is beneficial for any company, regardless of the size. Fixing vulnerabilities is a very
effective weapon against many threats, including new ones.
Second, in a small company, the typical administrator needs more help than in a large company. In large companies,
the administrators have their specializations and split responsibilities—e-mail, protection, network equipment, etc.
In a small company, the administrator is responsible for everything and any time-saving tool comes in handy: help
in setting up a new computer, installing programs or updates, or any other.
Third, Systems Management in Kaspersky Security Center enables small companies to use traditionally complex
technologies without all of the complexities. Network access control, vulnerability and patch management, programs
management, operating system deployment—everything is available in a single protection management console and
is considerably easier to use than traditional tools.
Conclusion
Systems Management in Kaspersky Security Center is a set of tools for routine, time-consuming network
maintenance administrative tasks:
— Vulnerability and patch management

— Software and license management
— Operating system deployment
— Network access control
— Hardware inventory
Systems Management simplifies the administrator’s work. The more computers the company has, the more useful
Systems Management is. Additionally, Systems Management improves the company’s protection against threats.
Traditionally, all of the Systems Management components were separate and complex solutions. Kaspersky Lab
offers a new approach to the old issues—complex technologies without traditional complexities.
All tools are available through a single protection management console—Kaspersky Security Center, and do not
require any special knowledge. Vulnerability fixing can be completely automatic. Setting up access control in
the whole network is no more difficult than configuring a personal firewall.
To be able to use Systems Management by Kaspersky Lab, you only need Kaspersky Security Center and
the Kaspersky Endpoint Security for Business Advanced license.
97
98 KASPERSKY LAB™
3.4 Kaspersky Security for Microsoft Exchange
Outline
Speaking of the protection system enhancement, let’s discuss antivirus and anti-spam protection and data leakage
prevention for Microsoft Exchange mail systems. Small companies may use Microsoft Exchange as a part of
Microsoft Small Business Server, and therefore they may be interested in Kaspersky Security for Microsoft
Exchange Server.
We will describe which capabilities this product has, how it is licensed, and what is required of the administrator.
Objective
The viruses sent by e-mail can eventually be caught by File Anti-Virus, however, just like in real life, a disease is
easier to cure at early stages. When viruses are deleted from messages by the Mail Anti-Virus component, it expends
fewer resources and is more efficient.
However, malicious messages can be deleted even sooner, on the mail server. This saves even more resources and is
even more transparent to the employees.
In addition to viruses, there is spam. While it does not necessarily harm the computer, it can impact work. For this
reason, the sooner you get rid of it, the better. Spam, just like viruses, is far more efficiently countered on the mail
server than on the employees’ computers.
And finally, important information that the company would rather not spread may get emailed. This is data leakage,
which companies try to prevent wherever possible. Filtering outgoing e-mail is one of the solutions.
Mail servers belong to various e-mail systems. For example, Microsoft Exchange, Lotus Notes, Sendmail, Postfix,
etc. Anti-spam protection is typically built into online e-mail services such as Google Mail.
A small company is unlikely to purchase Microsoft Exchange. They would rather have Microsoft Small Business
Server, of which many editions contain Microsoft Exchange. However, this situation will not likely last long, since
Microsoft is discontinuing support of Small Business Server, and small companies will be offered Office 365 online
service instead.
Until this happens, and small companies are still using Microsoft Exchange, they may be interested in protecting
the mail from malware and spam and preventing data leakage. Kaspersky Lab offers these companies Kaspersky
Security for Microsoft Exchange Server.
Licensing
Kaspersky Security for Microsoft Exchange Server is licensed by the number of inboxes on the server.
The Kaspersky Endpoint Security for Business Core, Select and Advanced licenses do not include this protection.
Kaspersky Total Security for Business does cover it, but might be cost prohibitive.
A small company would typically buy an additional license for inbox protection.
A license that allows a customer to use data leakage prevention is more expensive than a license that only provides
protection against viruses and spam.
99
100 KASPERSKY LAB™
Antivirus protection
Antivirus protection in Microsoft Exchange is somewhat more complicated than the Mail Anti-Virus implemented
in Kaspersky Endpoint Security for Windows. The received messages are intercepted and scanned against
the malware database. If a message is infected, it will be blocked and prevent delivery to the addressee. The settings
are minimal, and you only need to monitor that the signature database is updated regularly. The updates are set to
work automatically so the administrator should only check for errors from time to time.
To improve reliability and eliminate false positives, Kaspersky Security for Microsoft Exchange Server uses
Kaspersky Security Network.
Anti-spam protection
Anti-spam protection is a bit more complicated. The general principle is the same: the messages received on
the server are scanned for spam.
The complexity is that spam is sometimes difficult to distinguish from advertisement or commercial messages.
Sometimes the difference can be revealed only after thorough analysis of the message text. Sometimes it is
necessary to check where the message comes from, or if the message contains images it is necessary to check what
is on these images or where they are published on the Internet (if a message contains links to images instead of
files).
Spam can be detected by various checks. Each check influences the total probability of a message being
an unwanted spam message. However, in general, e-mailing is organized so that it is hard to tell whether a message
is spam. Criminals use trapdoors in e-mail protocols to conceal spam message sources and the mere text of
the message is not enough to reliably detect spam.
As a result, efficiency of Anti-Spam filtering is lower than that of Anti-Virus regardless of the Anti-Spam program
installed. Some part of spam messages will pass the filter periodically, or the filter will block some legitimate
messages.
In Kaspersky Security for Microsoft Exchange, the administrator can adjust the spam threshold. With stricter
settings, spam is blocked better, but legitimate email may suffer. If less strict, legitimate messages are rarely
detained, but more spam is let through the filter.
In addition to general sensitivity, the administrator can modify many scan settings. There are considerably more of
them than in the Anti-Virus settings. However, in a small company the administrator rarely needs to do this,
considering the fact that the Anti-Spam filter works very efficiently with the default settings.
Data leakage prevention

Data leakage prevention is also based on content filtering. Kaspersky Security for Microsoft Exchange Server
analyzes outgoing messages (text and attachments) for specific words and phrases.
Drawing up a comprehensive list of “prohibited” phrases is a difficult task. Extensive built-in dictionaries and
categories help the administrator to select, for example, accounting data, and Kaspersky Security will scan messages
for accounting documents or fragments. If nonstandard data is to be intercepted, the administrator can supplement
the built-in dictionaries or create custom ones.
Conclusion
For small companies who want to protect e-mail on Microsoft Small Business Server, Kaspersky Security for
Exchange is the answer. It does not require special setup, and meets the requirements for products for small
businesses.
101
3.5 Summary
In this chapter we discussed what you can offer a satisfied customer when renewal time comes. Depending on
the customer’s business, you can offer data encryption, protection, management for smartphones and tablets,
extended computer management and anti-spam protection.
Conclusion
Today, we got more acquainted with the Kaspersky Endpoint Security for Business product line and obtained
experience in deploying basic solutions. This should help when talking to prospects and customers, turning those
prospects into new customers, and new customers into repeat customers.
103
0. Conclusion
5.2

KL 019.10 Student Guide V5-Ing-Mx

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL 019.10 Student Guide V5-Ing-Mx

Uploaded by

Copyright:

Available Formats

SP2 Version 5.

Chapter 2. KES for Business: Installation, Setup, Troubleshooting ............................ 32

Chapter 3. KES for Business: Extended Features ....................................................... 72

Conclusion .................................................................................................................. 102

— Help small partners gain buyers’ interest in Kaspersky Lab products

So, the course outline is as follows:

Chapter 1. Kaspersky Endpoint Security for

— Kaspersky Endpoint Security for Business Core

Kaspersky Endpoint Security for Business Core2

— Kaspersky Endpoint Security for Windows Workstations

Kaspersky Endpoint Security for Business Select

Kaspersky Endpoint Security for Business Advanced

All these components will be described in Chapter 3.

Targeted Security solutions

— For Mail Server

1.2 Requirements of Small Businesses

1.3 Description of Kaspersky Endpoint Security for

Kaspersky Endpoint Security components

The following components search for malware and neutralize it:

These components protect against threats propagating over the network:

Each of the control components has a special purpose:

— Application Privilege Control

Finally, encryption components protect data at two levels:

Web Anti-Virus intercepts web requests and does the following:

Disabling Web Anti-Virus makes the user vulnerable to phishing attacks.

Network Attack Blocker

BadUSB Attack Prevention

Kaspersky Security Network

In the following chapter we will describe most typical installation scenarios.

Application Privilege Control

Application Startup Control

— Games and other entertainment programs—to improve productivity

Web Control is a kind of Parental Control in the business context.

— The administrator can quickly spot issues in the centralized reports

Chapter 2. KES for Business: Installation, Setup,

In this chapter we will also cover the following situations:

— Installation of the Administration Server

— Uninstalling 3rd-party protection tools

— Scanning the computer for malware

2.1 Basic Installation Sequence

Installing the Administration Server

— Kaspersky Security Center centralized console

The skeleton of the deployment plan is as follows:

1. Install the centralized console of Kaspersky Security Center

At the second step, several actions are actually performed:

2.1. Searching for target computers

Plan B for the error-prone steps is:

— 1.4 GHz processor

After that, you will need to click a few buttons to:

— Start the installation

1. Welcome page—no decision-making, just click Next

3. E-mail notification—you can ignore this and just click Next

4.2. Trusted zone—just click OK to create the recommended exclusions

Installing Kaspersky Endpoint Security over the network

There are several remote installation prerequisites:

The remote installation procedure is as follows:

1. Start the Administration Console

14. On the Starting installation page, click Next

Local Installation of Kaspersky Endpoint Security

The procedure is as follows:

1. Start the Administration Console

2. Go to the Administration Server node, Monitoring tab

5. Select the package named Kaspersky Endpoint Security 10 for Windows