Kaspersky Endpoint Security 8 for Mac Administrator`s
Contents
1. Ge Figure 70 The Settings File Anti Virus window CONFIGURING VIRUS SCAN TASKS To view and edit the settings of a virus scan task 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab 2 Selecta virus scan task from the list and click the Properties button 3 Inthe task properties window that opens on the Settings tab see figure below edit the following settings e Inthe Security level section set the level at which the virus scan task should scan objects on a remote computer by moving the slider up or down the scale or click the Settings button to edit the current security level settings In the window that opens see figure below modify the security level settings e onthe General tab specify which file formats should be scanned by Kaspersky Endpoint Security when running virus scan tasks the File types section adjust the scan performance the Optimization section and select which compound files should be scanned for viruses the Compound files section e onthe Advanced tab configure using scan technology and resuming a stopped task the Advanced options section and using of the heuristic analyzer in virus scan tasks the Heuristic analyzer section e Inthe Action section select the action that Kaspersky Endpoint Security should carry out when an infected or potentially infected object is detected ADMINISTRATOR S GUIDE e Inthe O2. If you purchased Kaspersky Endpoint Security in an online store then an application installation package in zip format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the package contents Start the dedicated program for Network Agent installation To do this in the window with the distribution package contents open the Kaspersky Network Agent installation package Confirm the installation launch in the request window Then follow the Installation Assistant s instructions to install the application In the Introduction window click Continue In the Read Me window read the information about the application Make sure that the user s computer meets the minimum system requirements To print the information click the Print button To save the information as a text file click the Save button To proceed with the installation click Continue In the License window read through the text of the Kaspersky Endpoint Security License Agreement concluded by you and Kaspersky Lab The text of the agreement is available in several languages To print the text of the agreement click the Print button To save the agreement as a text file click the Save button If you agree with all the clauses in the agreement click Continue A window opens to request confirmation of your consent to the conditions of the licensing agreement You can perform the following actions e proceed with the installation
3. IN THIS SECTION Selecting malicious programs to DE MONITOLEM cece eee ceeeeee cece eeeeeee eee eeeeeeaaeeeeeeeaaaeeeeeeeaeeeeeesaaaeeeessaaeeeeessaaeeeessseneeeeeeaas 49 ele aruse ZONG E 5i SELECTING MALICIOUS PROGRAMS TO BE MONITORED Kaspersky Endpoint Security protects against various types of malware Regardless of your settings the application protects your computer against the most dangerous types of malware such as viruses Trojans and hacking tools These programs may cause significant damage to your computer To achieve a greater level of security for your computer you can expand the list of threats that the application will detect turning on monitoring of various potentially dangerous programs Malware and potentially dangerous programs against which Kaspersky Endpoint Security protects you are grouped as follows e Viruses worms Trojans hack tools This group contains the most common and dangerous categories of malware This is the minimum admissible security level In accordance with the recommendations of Kaspersky Lab experts Kaspersky Endpoint Security always monitors this group of malware e Spyware and Adware This group includes potentially dangerous software that may cause inconvenience to the user or even cause damage e Auto dialers This group includes programs which set up hidden dial up connections such as adult services auto dialers ADMINISTRATOR S GUIDE e Other programs This group i
4. Kaspersky Endpoint Security 8 for Mac Administrator s guide APPLICATION VERSION 8 0 CRITICAL FIX 2 Dear User Thank you for choosing our product We hope that this documentation will help you in your work and will provide answers regarding this software product Warning This document is the property of Kaspersky Lab and all rights to this document are reserved by the copyright laws of the Russian Federation and international treaties Illegal reproduction and distribution of this document or parts hereof will result in civil administrative or criminal liability by applicable law Any type of reproduction and distribution of any materials including translation thereof is allowed only with the written permission of Kaspersky Lab This document and graphic images related to it can be used exclusively for information non commercial or personal purposes Kaspersky Lab reserves the right to change the document at any time without notice You can find the latest version of this document at the Kaspersky Lab website at http www kaspersky com docs Kaspersky Lab assumes no liability for the content quality relevance or accuracy of any materials used in this document for which the rights are held by third parties or for any potential damages associated with the use of such documents This document contains registered trademarks and service marks which are the property of their respective owners Document revision dat
5. modify the conditions e Temporarily disable exclusion rule Select the exclusion rule in the list and uncheck the box next to it The exclusion rule will be disabled until the box is checked again e Delete exclusion rule Select the exclusion rule in the list and click the Modify button ail Creating an exclusion rule In the Exclusion rule window that opens specify the conditions for the exclusion rule in accordance with the following settings e Object All objects Specify a file folder or file mask see section Permissible file exclusion masks on page 156 as an exclusion object You can enter the name name mask of the object in the field manually or by clicking the Select button and selecting the object in the window that opens If the All objects option is selected all objects on your computer which are of the threat type specified in the field below will be excluded from scan ADVANCED APPLICATION SETTINGS e Threats type All threats The setting allows to exclude objects from scan based on the threat type assigned according to the Virus Encyclopedia classification To enter the name of the threat use the values in the dropdown list start with end with contain whole word and specify the corresponding fragment of the name in the field to the right of the list For example if the start with not a virus value is selected then legal but potentially dangerous programs will be excluded from scan Specifying the n
6. If the object being added contains subfolders that should also be scanned check the Include subfolders box in the file selection window If the object being added contains symbolic links to other objects requiring a scan check the Include symbolic links box in the file selection window that opens e Edit an object on the list only available for user added objects Select the object and click the Edit button Make the required changes in the window that opens e Temporarily disable scanning of object ADMINISTRATOR S GUIDE Select the object and uncheck the box next to it The virus scan task will not be executed for this object until the box is checked again e Delete an object only available for user added objects Select the object and click the button When creating user tasks see section Creating virus scan tasks on page 67 the same procedure is used to generate or modify the list of objects to scan Drag and drop one or more objects to scan M l All hard drives Edit a Figure 33 Creating a list of objects to scan To select one or several objects to scan while running the Virus Scan task 1 Open the main application window on page 32 and click the a button 2 Inthe menu that opens select the Virus scan task A window will open in which to create a list of objects see figure above Edit the list using the algorithm described above CONFIGURING VIRUS SCAN TASKS Tasks are executed on your
7. all objects located on the hard removable and network disk drives connected to your computer are protected You can perform the following actions e Add object to be scanned Click the button and in the window that opens select a folder or file e Edit an object on the list only available for user added objects Select the object and click the Edit button Make the required changes in the window that opens ADMINISTRATOR S GUIDE e Temporarily disable scanning of object Select the object and uncheck the box next to it File Anti Virus will not control this object until the box is checked again e Delete an object only available for user added objects Select the object and click the button General Protection scope Additional W _ All removable drives Mi E All hard drives W All network drives Edit Figure 25 File Anti Virus Creating a protection scope To limit the number of protected objects you can e specify only the folders disk drives or files you want to protect e create a list of objects that do not need protection see section Creating a trusted zone on page 51 e combine the first and second methods i e create a protection scope and exclude a number of objects from it CONFIGURING ADDITIONAL SETTINGS You can configure the following additional settings for File Anti Virus scan mode for file system objects iSwift to improve performance and the component s sc
8. and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thus forming a work based on the Program and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change INFORMATION ABOUT THIRD PARTY CODE b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty or else saying that you provide a warranty and that users may redistribute the program under these conditions and telling the user how to view a copy of this License Exception if the Program itself is interactive but does not normally print such an announcement your work based on t
9. e Green Your computer s protection is at the appropriate level This means that the databases have been recently updated File Anti Virus is enabled Kaspersky Endpoint Security is running with the settings recommended by Kaspersky Lab and either no malicious objects have been discovered by a virus scan or all detected malicious objects have been disinfected e Yellow Your computer s protection level is reduced This protection status indicates certain problems with the performance or settings of Kaspersky Endpoint Security Such problems include for example slight deviations from the recommended operation settings or the Kaspersky Endpoint Security databases have not been updated for several days e Red Your computer is at risk of infection This state indicates that there are problems which may lead to the infection of your computer and the loss of data Such problems include for example a failure in File Anti Virus s operation the Kaspersky Endpoint Security databases have not been updated for a long time malicious objects have been detected and urgently need to be disinfected or the application has not been activated lf there are problems in the protection system you are advised to fix them immediately To do this click the color indicator in the main window to launch the Security Assistant on page 42 ADMINISTRATOR S GUIDE SECURITY ASSISTANT Security Assistant is a service that allows users to analyze existing t
10. remotely using the SSH protocol see section Installing the application using the SSH protocol on page 115 or remotely via Kaspersky Administration Kit using an existing installation package see section Installing the application via Kaspersky Administration Kit on page 116 If Kaspersky Anti Virus for Mac is already installed on the computer you should remove it from them before installing Kaspersky Endpoint Security For more information see the Kaspersky Administration Kit Deployment Guide ADMINISTRATOR S GUIDE INSTALLING SOFTWARE REQUIRED FOR THE REMOTE ADMINISTRATION OF KASPERSKY ENDPOINT SECURITY To manage Kaspersky Endpoint Security remotely via Kaspersky Administration Kit you should install the following applications e Kaspersky Endpoint Security management plugin to the Kaspersky Administration Kit administrator s workspace where the Administration Console is installed e Network Agent on Mac computers in a corporate network IN THIS SECTION Installing the Kaspersky Endpoint Security management plugin cccceeeceeeeeeeeeeeeeeesaeeeeeeeeeeeeseeeeeseaeeeeseeeesaeeeeesaees 110 Local installation Of Network Agent 111 Installation of Network Agent using the SSH porotocol 112 Updating Network Agent via Kaspersky Administration kt 113 Uninstallation Or Network e E 114 INSTALLING THE KASPERSKY ENDPOINT SECURITY MANAGEMENT PLUGIN Before installing the Kaspersky Endpoint Securit
11. 2 Select the required task from the list and right click to open the required option Start or Stop or Select the required task from the list and click the Properties button On the General tab in the task properties window that opens start or stop the task run using the respective buttons CREATING TASKS When working with Kaspersky Endpoint Security via Kaspersky Administration Kit you can create the following types of tasks e local tasks defined for individual client computers e group tasks defined for client computers that belong to administration groups e tasks for computers that are defined for computers outside of administration groups e Kaspersky Administration Kit tasks are specific tasks for the Update Server update download tasks backup tasks and report sending tasks Computer group tasks are only performed on the selected set of computers A task will not be run for new client computers which are added to a group that includes computers for which a remote installation task has already been created You should create a new task or make corresponding changes to the settings of the existing one SW To create a local task 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab see figure above 2 Click the Add button The New task wizard opens on page 139 Follow the instructions to create a new task for the client computer To create a gro
12. ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT By default the time assigned to connect to an update server is one minute If a connection cannot be established after this period an attempt is made to connect to the next update source in the list This continues until a connection is successfully established or until all the available update servers have been tried Kaspersky Endpoint Security 8 for Mac applicatio General settings Licenses Events Iw Use proxy server fe Automatically detect the proxy server address Use custom proxy server settings Address Pork a0 IW Bypass proxy server For local addresses Specify authentication data User name Passmiord resist a Figure 67 Application settings window The Settings tab Network configuration MANAGING TASKS This section provides information about how to manage tasks for Kaspersky Endpoint Security A list of system tasks is created for each networked computer when the application is installed This list includes protection tasks File Anti Virus several virus scan tasks Full Scan Quick Scan and update tasks update of the application databases and modules and update rollback You can manage the schedule for system tasks and configure the settings for them System tasks cannot be deleted You can also create user tasks such as virus scan tasks application update tasks update rollbac
13. Events notification section see figure below check the Enable notifications box and proceed to the advanced configuration To do so click the Additional button In the window that opens you can configure the following types of notifications about the events listed above e Pop up message on screen which contains information about an event that has occurred To use this notification type check the box in the Balloon field next to the event you want to be notified of e Audio message If you want a notification to be accompanied by a sound file check the box in the Sound field next to the event name ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Kaspersky Endpoint Security amp for Mac application pi 2 x General Settings Licenses Events teraction with user Events notification M Enable notifications dditional Show application icon Ce In Menu Bar In Dock C Nowhere Events in Kaspersky Administatioan Kit Display language English e Reg e Figure 65 Application settings window The Settings tab Interaction with user ALSO SEE Notification windows and pop up messages cess eeeeeeeeceeeeseeeesseeeeseeeeseeesseesseeeeseeceseesessneetsneeeees 39 CONFIGURING THE KASPERSKY ENDPOINT SECURITY ICON DISPLAY By default the Kaspersky Endpoint Security icon is located in the Menu Bar You can edit the application settings so that the applicatio
14. Kaspersky Endpoint Security icon is displayed in the Dock panel or not displayed at all S To display the application icon in the Dock quick launch panel 1 Open the application preferences window on page 34 and select the Appearance section see figure below 2 Inthe Show application icon section select the In Dock option Toremove the application icon 1 Open the application preferences window on page 34 and select the Appearance section see figure below 2 Inthe Show application icon section select Nowhere APPLICATION INTERFACE Note that this modification will take place only after Kaspersky Endpoint Security is restarted Ane Preferences ZZ SN O Bea o Protection Virus Scan Threats Update Network Reports Service Appearance Events notification Y Enable notifications _ Additional Show application In Menu Bar icon O n Dock O Nowhere Option changes made will be applied at the next startup of the application it Click the lock to prevent further changes Figure 4 Application preferences window Appearance If you selected the option to display the application icon in the menu bar the icon will not appear in Dock when the application is started or the main window is opened The Command Tab key combination to switch to the application is also unavailable ADMINISTRATOR S GUIDE If the application icon is disabled the program will run in background mode To open the main application w
15. Kaspersky Endpoint Security starts up automatically when the computer is switched on or rebooted To disable automatic start up do the following 1 Open the application preferences window on page 34 select the Service tab see figure below ADMINISTRATOR S GUIDE 2 Inthe Autorun section uncheck the Launch application at computer startup box 4 EN EN Preferences 0370058 amp Protection Virus Scan Threats Update Network Reports Service Appearance Autorun W Launch application at computer startup Battery TN Disable scheduled scans while running on battery power Configuration You can save the current protection preferences to a configuration file or load previously saved preferences from the file o Click the lock to prevent further changes Figure 12 Application preferences window Service Disabling the automatic launch mode of Kaspersky Endpoint Security results in unprotected operation mode of your computer next time it is turned on which may expose it to a risk of being infected CONFIGURING THE POWER SAVING MODE By default Kaspersky Endpoint Security runs in power saving mode In this mode the virus scan task for which the schedule is set will not start if a computer is powered with a battery To disable the power saving mode 1 Open the application preferences window on page 34 select the Service tab see figure below 2 Inthe Battery section uncheck the Disable scheduled tasks whil
16. Managed computers folder select the folder with the name of the group that includes the required client computer 4 Inthe selected group select the Policies subfolder The console tree will contain all policies that have been created for this group IN THIS SECTION Creating eeler 147 FONG Oreation Wizard EE 148 COG AMIGO OUC SOR DEE 150 CREATING POLICIES When working with Kaspersky Endpoint Security via Kaspersky Administration Kit you can create policies for the application To create a policy carry out the following steps 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node 1 For more information see the Kaspersky Administration Kit Administrator Guide ADMINISTRATOR S GUIDE 3 Inthe Managed computers folder select the folder with the name of the group that includes the required client computer 4 Inthe selected group select the Policies subfolder The console tree will contain all policies that have been created for this group 5 Click the Create a policy link in the taskbar to run the Policy Creation Wizard on page 148 Follow the steps to create a new policy for Kaspersky Endpoint Security POLICY CREATION WIZARD You can add new policies to determine a uniform application and task configuration for client computers within an administration group by using the New policy wizard The wizard comprises a series of screens steps that you can naviga
17. Marks of the Rightholder and or its partners Trademarks You may use the Trademarks only insofar as to identify printed output produced by the Software in accordance with accepted trademark practice including identification of the Trademark owner s name Such use of any Trademark does not give you any rights of ownership in that Trademark The Rightholder and or its partners own and retain all right title and interest in and to the Software including without limitation any error corrections enhancements Updates or other modifications to the Software whether made by the Rightholder or any third party and all copyrights patents trade secret rights trademarks and other intellectual property rights therein Your possession installation or use of the Software does not transfer to you any title to the intellectual property in the Software and you will not acquire any rights to the Software except as expressly set forth in this Agreement All copies of the Software made hereunder must contain the same proprietary notices that appear on and in the Software Except as stated herein this Agreement does not grant you any intellectual property rights in the Software and you acknowledge that the License as further defined herein granted under this Agreement only provides you with a right of limited use under the terms and conditions of this Agreement Rightholder reserves all rights not expressly granted to you in this Agreement 9 2 You agree not to
18. On the administrator s workstation run the SSH client and establish the connection to a remote Mac computer 3 Connect the shared folder of Administration Server as a network drive on the remote computer To do this enter the following commands in the SSH terminal of the client mkdir Volumes KLSHARE mount smbfs lt admin_ login gt lt password gt lt AK server address gt KLSHARE Volumes KLSHARE Parameter description e lt admin_login gt name of the administrator account on Administration Server e lt password gt password of the administrator on Administration Server For more information see the Kaspersky Administration Kit Deployment Guide 1 For more information see the Kaspersky Administration Kit Reference Guide ADMINISTRATOR S GUIDE e lt AK_server_address gt IP address of the server on which Kaspersky Administration Kit is installed 4 Run the installation script To do this enter the following commands in the SSH terminal of the client cd Volumes KLSHARE Packages lt kes package folder gt sudo install sh where lt kes_package_folder gt is the folder in which the installation package for Kaspersky Endpoint Security is stored Administrator rights are required for executing this command 5 Disconnect the network drive on the remote computer To do this enter the following command in the SSH terminal of the client umount Volumes KLSHARE INSTALLING THE APPLICATION VI
19. One of the computers on the network retrieves the Kaspersky Endpoint Security update package from the Kaspersky Lab web servers or from Kaspersky Administration Kit Administration Server or from another web resource hosting the current set of updates The updates retrieved are placed in a shared folder Shared folder should be created in advance 2 Other computers on the network refer to the shared folder as the update source To enable the update distribution service do the following 1 Open the application preferences window on page 34 and select the Update tab see figure below ADVANCED APPLICATION SETTINGS 2 Inthe Update section click the Preferences button 4 Ae Preferences CO D Protection Virus Scan Threats Update Network Reports Service Appearance Run mode Automatically C Every 1 day at 12 00 AM C Edt Manually Update W Update application modules Action after update Rescan quarantine Rollback update If databases are corrupted you can roll back to the previous database version Rollback update T E Click the lock to prevent further changes Figure 43 Application preferences window Update A In the window that opens select the Additional tab in the window that opens see figure below Check the Copy updates to folder box and click the Select button 4 Inthe standard window that opens select a shared folder in which retrieved updates should be saved Kas
20. Recommended for experienced users and allows customizing installation of components ADMINISTRATOR S GUIDE KASPERSKY ENDPOINT SECURITY DEFAULT INSTALLATION To perform default installation of Kaspersky Endpoint Security on your computer 1 Open the contents of the Kaspersky Endpoint Security installation file To do this insert an installation CD into the disk drive If you purchased Kaspersky Endpoint Security in an online store then an application installation package in zip format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the package contents 2 Launch the Kaspersky Endpoint Security Installation Assistant To do this open the Kaspersky Endpoint Security installation package in the window containing the distribution package Follow the Installation Assistant s instructions to install the application 3 In the Introduction window click Continue 4 Inthe Read Me window read the information about the application Make sure that your computer meets the minimum system requirements To print the information click the Print button To save the information as a text file click the Save button To proceed with the installation click Continue 5 Inthe License window you can read the text of the Kaspersky Endpoint Security licensing agreement between you and Kaspersky Lab The text of the agreement is available in several languages To print the text of the agree
21. Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange or c Accompany it with the information you received as to the offer to distribute corresponding source code This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer in accord with Subsection b above The source code for a work means the preferred form of the work for making modifications to it For an executable work complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a desig
22. Tei Automatically C Every 1 day at 12 00 AM d Edit C Manually Update Fal Update application modules Action after update B Rescan quarantine Rollback update If databases are corrupted you can roll back to the previous database version Rollback update T Click the lock to prevent further changes 7 Figure 45 Application preferences window Update SELECTING AN UPDATE SOURCE The update source is a resource containing current files in the Kaspersky Endpoint Security anti virus databases and modules Update sources can be HTTP and FTP servers local or network folders The main update source is Kaspersky Lab s update servers These are special websites where updates of databases and internal modules for all Kaspersky Lab products are stored Kaspersky Administration Kit Administration Server is also employed as update source for Kaspersky Endpoint Security If you cannot access Kaspersky Lab s update servers for example there is no Internet connection contact Technical Support Service to receive the updates in ZIP format You can copy the updates and upload them to an FTP or HTTP site or save them in a local or network folder When ordering updates on removable media please specify if you want to receive the updates for internal Kaspersky Endpoint Security modules as well To select an update source for Kaspersky Endpoint Security 1 Open the application preferences window on page 34 and select the
23. To do this select the value that will define the frequency of the task run from the dropdown list and specify the time of the task run STEP 5 COMPLETING TASK CREATION The last window of the wizard will inform you that you have successfully created a task Click the Finish button to close the Assistant CONFIGURING TASK SETTINGS Adjusting the settings of a Kaspersky Endpoint Security task via the Kaspersky Administration Kit interface is similar to configuring the task via the local interface of the application The list of exceptions includes the user specific settings as well as the settings which are specific to Kaspersky Administration Kit such as settings that allow or block the user to manage the local virus scan task If a policy has been created for the application that prohibits redefining certain settings these settings cannot be edited when configuring tasks All tabs of the task properties window except for the Settings tab are standard for Kaspersky Administration Kit The Settings tab contains specific settings for Kaspersky Endpoint Security which may vary depending on the selected task type To view and edit the settings of a local task 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab 2 Select the required task from the list and click the Properties button The task properties window opens see figure below To view and
24. after which objects are automatically deleted from the storages ADMINISTRATOR S GUIDE CONFIGURING CONNECTION TO A PROXY SERVER If the remote client computer connects to the Internet through a proxy server the settings must be configured for it Kaspersky Endpoint Security uses these settings for updating anti virus databases and modules 7o configure the remote computer s connection to a proxy server 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Network settings item from the dropdown list in the top part of the window 5 Check the Use proxy server box see figure below and edit the following settings for connecting to a proxy server e the use of proxy server settings specified in the Mac OS X preferences or defined by the user of proxy server address and port e the option of using a proxy server when updating the application from a local or network folder e authentication settings for connection to a proxy server If you are downloading the update from an FTP server connection to the server is in passive mode by default If this connection fails it will attempt to connect in active mode
25. application has probably found in the file a sequence of code from an unknown virus or modified code from a Known virus By default all malicious objects undergo disinfection and all potentially infected objects are placed in Quarantine see section Quarantine on page 90 To select action which File Anti Virus needs to perform on detecting an infected or potentially infected object 1 Open the application preferences window on page 34 and select the Protection tab see figure below ADMINISTRATOR S GUIDE 2 Inthe Action section select the File Anti Virus action EN Ae Preferences WV oa ZO EI WW Protection Virus Scan Threats Update Network Reports Service Appearance General KA Enable File Anti Virus Security level gem Maximum protection Comprehensive protection Recommended for hostile environment Action Prompt for action Block access Disinfect V Delete if disinfection fails r re Click the lock to prevent further changes Figure 27 Application preferences window Protection Before disinfecting the object or deleting it Kaspersky Endpoint Security creates a backup copy and places it in the backup on page 92 in case the object needs to be restored or it becomes possible to disinfect it RESTORING DEFAULT FILE PROTECTION SETTINGS You can restore the File Anti Virus default settings at any time Kaspersky Lab considers these settings to be optimal and has used them in
26. as well as methods used for their detection and disinfection These databases are constantly updated by Kaspersky Lab as new threats appear EXCLUSION Exclusion is an object excluded from the scan by a Kaspersky Lab application You can exclude files of certain formats file masks a certain area for example a folder or a program application processes or objects by threat type according to the Virus Encyclopedia classification from the scan Each task can be assigned a set of exclusions F FALSE ALARM Situation when Kaspersky Lab s application considers a non infected object as infected due to its code similar to that of a virus FILE MASK Representation of a file name and extension using wildcards The two standard wildcards used in file masks are and where represents any number of any characters and stands for any single character Using these wildcards you can represent any file Note that the name and extension are always separated by a period G GROUP POLICY see Policy GROUP TASK A task defined for an administration group and performed on all client computers within this group GROWL TECHNOLOGY All purpose system for notifying the user of the Mac OS X operating system It supports customizable notification modes in addition to pop up notifications the system features voice SMS and email notifications The appearance of notifications generated using Growl can be configured in the Other section of the S
27. bat Microsoft Windows batch file cmd Microsoft Windows NT command file as bat file for DOS OS 2 dpl Borland Delphi packed library dil Microsoft Windows dynamic link library scr Microsoft Windows screen saver file cpl Microsoft Windows control panel module ocx Microsoft OLE Object Linking and Embedding object tsp Microsoft Windows program that works in time share mode drv driver for a Microsoft Windows device vxd driver for a Microsoft Windows virtual device pif Microsoft Windows file with information about a program Ink Microsoft Windows link file reg Microsoft Windows system registry key file APPENDIX ini Microsoft Windows initialization file cla Java class vbs Visual Basic script vbe BIOS video extension js jse JavaScript source text htm hypertext document htt Microsoft Windows hypertext template hta hypertext program for Microsoft Internet Explorer asp Active Server Pages script chm compiled HTML file pht HTML file with embedded PHP scripts php script embedded in HTML files wsh Microsoft Windows Script Host file wsf Microsoft Windows script the Microsoft Windows 95 desktop theme file hip help file in Win Help format eml Microsoft Outlook Express email message nws new Microsoft Outlook Express email message msg Microsoft Mail email message
28. computer according to the following settings e Security level The security level is a set of parameters that define the balance between the thoroughness and speed of scanning objects There are three preset security levels see section Selecting the security level on page 71 with settings developed by Kaspersky Lab e Action on detected object This action see section Selecting actions on objects on page 73 defines how Kaspersky Endpoint Security will react when an infected or potentially infected object is detected ADVANCED APPLICATION SETTINGS e Run mode Automatically running virus scan according to a schedule see section Configuring the virus scan task schedule on page 74 enables you to scan your computer for viruses in due time Only available for the Quick Scan Full Scan tasks and custom tasks e Launching task under user account Launching the task under a privileged user account See section Launching scan task under user account on page 75 enables you to perform a timely scan regardless of the rights of the current user Only available for the Quick Scan Full Scan tasks and custom tasks In addition you can set uniform values for the Security level and Action to be taken on detected objects for all virus scan tasks see section Assigning uniform values for all virus scan tasks on page 76 SELECTING THE SECURITY LEVEL Each scan task ensures objects are scanned at one of the following levels e Maxim
29. connection box e The Mac computer is added to the Managed computers group of Administration Server optional You can update Network Agent installed on a remote computer using Kaspersky Administration Kit by creating and launching the remote application installation task To create the task for remote installation of the application on a remote computer using Kaspersky Administration Kit 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node and select the Tasks for specific computers folder 3 Inthe taskbar click the Create Task link to run the Task Creation Wizard Follow its instructions to create the remote installation task 4 Inthe Task name window in the Name field enter the name of the task and click the Next button 5 Inthe Task type window select the Application deployment task for Kaspersky Administration Kit and click the Next button 6 Inthe Installation package window select an installation package for Network Agent and click the Next button For more information see the Kaspersky Administration Kit Deployment Guide For more information see the Kaspersky Administration Kit Reference Guide For more information see the Kaspersky Administration Kit Administrator Guide ADMINISTRATOR S GUIDE 10 11 12 SC 14 15 In the Installation method window select Push install as the remote installation method and click the Next butto
30. edit the settings of group tasks 1 Start Kaspersky Administration Kit Administration Console 19 For more information see the Kaspersky Administration Kit Reference Guide For more information see the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Expand the Administration Server node In the Managed computers folder select the folder with the name of the required group then select the Group tasks subfolder Select the required task from the console tree to view and edit its properties The taskbar will display comprehensive information about the task and links in order to manage the task run and edit its settings Further information about creating group tasks can be found in the Kaspersky Administration Kit Reference Guide To view and edit the settings for specific computers Kaspersky Administration Kit task 1 2 Start Kaspersky Administration Kit Administration Console Select the Tasks for specific computers folder Kaspersky Administration Kit tasks Select the required task from the console tree to view and edit its properties The taskbar will display comprehensive information about the task and links in order to manage the task run and edit its settings Further information about Kaspersky Administration Kit tasks for sets of computers can be found in the Kaspersky Administration Kit Reference Guide File Anti irus task properti
31. its Recommended security level To restore the default File Anti Virus settings 1 Open the application settings window on page 34 and select the Protection tab see figure below ADVANCED APPLICATION SETTINGS 2 Inthe Security level section click the Default button AA eC Preferences Go ena vi Protection Virus Scan Threats Update Network Reports Service Appearance General v Enable File Anti Virus Security level wm Y Maximum protection Comprehensive protection Recommended for hostile environment Action Prompt for action Block access Disinfect V Delete if disinfection fails E Click the lock to prevent further changes Figure 28 Application preferences window Protection FILE PROTECTION STATISTICS Summary statistics on File Anti Virus number of objects scanned since its most recent launch number of dangerous objects detected and disinfected name of the most recently scanned file are displayed in the bottom part of the main application window see section Main application window on page 32 Also Kaspersky Endpoint Security provides a detailed report of File Anti Virus operation To view the report 1 Open the main application window on page 32 and click the button 2 Inthe Running tasks section of the report window that opens select File Anti Virus If File Anti Virus is currently disabled you can view a detailed report on the results of its most
32. left 3 Inthe Security level section click the Preferences button In the window that opens see figure below configure the following settings e Inthe File types section specify file formats that should be scanned by Kaspersky Endpoint Security when running the virus scan tasks e Inthe Optimization section configure the scan performance and use of scan technology ADVANCED APPLICATION SETTINGS e Inthe Compound files section specify which compound files should be scanned for viruses e Inthe Heuristic analyzer section configure the use of the heuristic analyzer in virus scan tasks File types Scan all files Scan programs and documents by content Scan programs and documents by extension Optimization Ti Skip if scan takes longer than 30 5 V Do not scan archives larger than 100 ME Scan only new and changed files Wl Use iSwift technology Compound files V Scan archives Scan attachments Scan email format files Scan password protected archives Heuristic analyzer Wi Use heuristic analyzer Scan level _ S Optimal protection level i I Maximum performance Min Max Figure 35 Virus Scan Configuring scan settings SELECTING ACTIONS ON OBJECTS If a virus scan task reveals that an object is infected or potentially infected the subsequent behavior of Kaspersky Endpoint Security depends on the status of the object and the selected action When the scan i
33. modify or alter the Software in any way You may not remove or alter any copyright notices or other proprietary notices on any copies of the Software 10 Governing Law Arbitration 10 1 This Agreement will be governed by and construed in accordance with the laws of the Russian Federation without reference to conflicts of law rules and principles This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods the application of which is expressly excluded Any dispute arising out of the interpretation or application of the terms of this Agreement or any breach thereof shall unless it is settled by direct negotiation be settled by in the International Commercial Arbitration Court at the Russian Federation Chamber of Commerce and Industry in Moscow the Russian Federation Any award rendered by the arbitrator shall be final and binding on the parties and any judgment on such arbitration award may be enforced in any court of competent jurisdiction Nothing in this Section 10 shall prevent a Party from seeking or obtaining equitable relief from a court of competent jurisdiction whether before during or after arbitration proceedings 11 Period for Bringing Actions 11 1 No action regardless of form arising out of the transactions under this Agreement may be brought by either party hereto more than one 1 year after the cause of action has occurred or was discovered to have occurred except t
34. needs to be connected to the Internet If the Internet connection is established using a proxy server you should adjust the network settings See section Configuring connection to a proxy server on page 87 SELECTING THE UPDATE MODE AND OBJECTS When configuring the update settings of Kaspersky Endpoint Security it is very important to define the update object and run mode To configure the update task run schedule 1 Open the application preferences window on page 34 and select the Update tab see figure below 2 Inthe Run mode section select the update task run mode To allow the application to copy and install not only anti virus databases but also application modules when running the update 1 Open the application settings window on page 34 and select the Update tab see figure below 2 Inthe Update section check the Update application modules box ADVANCED APPLICATION SETTINGS If module updates are available during execution of the update task Kaspersky Endpoint Security retrieves and applies them after rebooting your computer The downloaded module updates will not be installed until the computer restarts If the next application update becomes available before the computer is restarted and the program module updates downloaded earlier are installed the databases are only updated EN EN CN Preferences J En 8 D Protection Virus Scan Threats Update Network Reports Service Appearance Run mode
35. number gt number of the port via which non encrypted connection to Administration Server will be established the port 14000 is used by default ps lt SSL port number gt number of the port via which encrypted connection to Administration Server will be established using the SSL protocol The port 13000 is used by default nossl use non encrypted connection to Administration Server if no key is specified connection between Network Agent and Administration Server will be established using the encrypted SSL protocol cert lt path to certificate file gt use the specified certificate file for authentication on a new Administration Server If this setting is not selected Network Agent will receive a certificate at the first connection to Administration Server silent run the utility in silent mode dupfix this setting is used if Network Agent has been installed using a method that differs from the usual one with the distribution package for example by recovering it from an ISO disk image You are advised to run the utility specifying the values of all of the settings ADMINISTRATOR S GUIDE CHECKING THE CONNECTION BETWEEN A CLIENT COMPUTER AND ADMINISTRATION SERVER MANUALLY UTILITY TOOL KLNAGCHK WS Tocheck the connection between a client computer and Administration Server activate the command line of the client computer to run the klnagchk utility tool included in the Network Agent distribution
36. of Network Agent by clicking the Agree button e return to the license agreement text by clicking the Read license button e stop the installation by clicking the Disagree button In the Preferences window in the Server field specify the IP address or DNS name of the server on which Kaspersky Administration Kit is installed then fill in the Port field to specify the number of the port for non encrypted connection to the server and then fill in the SSL port field to specify the number of the port for SSL connection to the server If you do not want to use the SSL for connection with the server uncheck the Use SSL box To proceed with the installation click Continue In the Installation Type window read the information about the drive on which the application will be installed To install the application using the recommended settings click the Install button and enter the administrator s password to confirm your choice To select a different drive for installation click the Change location button select a different drive and then click Continue The drive used to install the application must be bootable The minimum version or higher of the operating system specified in the system requirements see section Hardware and software requirements on page 18 must be installed on the hard drive Wait until the Kaspersky Endpoint Security Installation Assistant installs the application components ADMINISTRATOR S GUIDE 8 Inth
37. plg email message mbx extension for saved Microsoft Office Outlook message doc Microsoft Office Word document including doc Microsoft Office Word document docx Microsoft Office Word 2007 document supporting XML language docm Microsoft Office Word 2007 document supporting macros dot Microsoft Office Word document template including dot Microsoft Office Word document template dotx Microsoft Office Word 2007 document template dotm Microsoft Office Word 2007 document template supporting macros fom database program Microsoft Visual FoxPro start file rtf Rich Text Format document shs Shell Scrap Object Handler object dwg AutoCAD drawing database msi Microsoft Windows Installer package otm VBA project for Microsoft Office Outlook ADMINISTRATOR S GUIDE pdf Adobe Acrobat document swf Shockwave Flash package object jpg joeg png file in format for storing compressed images emf file in Enhanced Metafile format Next generation of Microsoft Windows metafile ico object icon file ov MS DOS executable files SI Microsoft Office Excel documents and files including xla Microsoft Office Excel extension xlc chart xlt document template xlsx Microsoft Office Excel 2007 workbook xltm Microsoft Office Excel 2007 workbook supporting macros xlsb Microsoft Office Excel 2007 workbook in binary not XML f
38. protection Recommended for hostile environment Virus Scan Preferences Action Prompt for action when the scan is complete Prompt for action during scan Do not prompt for action wi Disinfect iv Delete if disinfection fails Other tasks You can apply the specified options to all virus scan tasks preferences 6 o Click the lock to prevent further changes Figure 39 Application preferences window The Virus Scan task RESTORING DEFAULT SCAN SETTINGS You can restore the default virus scan settings at any time They are considered optimal recommended by Kaspersky Lab and grouped in the Recommended security level To restore the default scan settings do the following 1 Open the application preferences window on page 34 select the Virus Scan tab and then the name of the required task from the list on the left ADMINISTRATOR S GUIDE 2 Under Security level see figure below click the Default button This restores the recommended task settings a a a Preferences W va ZO EI WW amp Protection Virus Scan Threats Update Network Reports Service Appearance Quick Scan is Security level wm Maximum protection Full Scan Comprehensive protection s a Recommended for hostile environment Virus Scan Preferences Default Action ei Prompt for action when the scan is complete Prompt for action during scan Do not prompt for action wi Disinfect Vi D
39. rule or view and modify an existing one do the following 1 Open the application preferences window on page 34 and select the Threats tab see figure below Preferences o o en Protection Virus Scan Threats Update Network Reports Service Appearance Malware categories Di Viruses worms Trojans Rack tools Wl Spyware and Adware Wl Auto dialers Other programs understand that some legal programs can be classified as potentially unwanted software and want them to be recognized as a threats on this computer Exclusions Compose the list of trusted files processes and applications those should not be monitored and scanned Trusted zone rl E Click the lock to prevent further changes Figure 16 Application preferences window Threats ADMINISTRATOR S GUIDE 2 Under Exclusions click the Trusted zone button see figure above A window see figure below opens displaying a list of objects that Kaspersky Endpoint Security will not control when running Object Threat type ral Volumes UNTITLED eicar not a virus Edit Figure 17 The list of exclusion objects You can perform the following actions e Create new exclusion rule Click the D button and in the Exclusion rule window that opens see figure below set the conditions e Modify existing exclusion rule Select the exclusion rule in the list and click the Edit button In the Exclusion rule window that opens see figure below
40. section Installing software required for remote administration of Kaspersky Endpoint Security on page 110 It is also possible to remotely install Kaspersky Endpoint Security on the user s computer See section Remote installation of Kaspersky Endpoint Security on page 115 IN THIS SECTION Preparing ell te 9 eee ean ee nm en ee ne ee ee eee ere eee 19 Installing the application EE 19 Preparing for use after installation ccccccccccecccseeecceeeeceeeeceeeeceeeeeseeeeceeeeseaeeesaeesseeeeceeeeseaeessaeeesaeeeseuseseaeessaeessueeeseneesens 22 Deleting the application 22 PREPARING FOR INSTALLATION Before installing Kaspersky Endpoint Security on your computer follow these preparatory steps e Make sure that your computer meets the minimum system requirements see section Hardware and software requirements on page 18 e Check your computer s connection to the Internet Internet access is needed to activate the application using the activation code and to download updates e Delete any existing anti virus software to avoid system conflicts and maximize performance INSTALLING THE APPLICATION Two methods of Kaspersky Endpoint Security installation are available e Default installation see section Kaspersky Endpoint Security default installation on page 20 The default set of application components will be installed e Custom installation see section Kaspersky Endpoint Security custom installation on page 21
41. that the objects cannot be disinfected Objects are disinfected using the database records Part of the data may be lost during disinfection GLOSSARY OLE OBJECT An attached object or an object embedded into another file Kaspersky Lab application allows the scanning of OLE objects for viruses For example if you insert a Microsoft Office Excel table into a Microsoft Office Word document the table will be scanned as an OLE object P POLICY A set of application settings in an administration group managed by Kaspersky Administration Kit Application settings can differ in various groups A specific policy is defined for each application in a group A policy includes the settings for the complete configuration of all application features POTENTIALLY INFECTED OBJECT An object that contains modified code of a known virus or code that resembles code of a virus but is not yet known to Kaspersky Lab Potentially infected files are detected using heuristic analyzer PROTECTION The application s operating mode under which objects are scanned for the presence of malicious code in real time The application intercepts all attempts to open any object read write or execute and scans the object for threats Uninfected objects are passed on to the user objects containing threats or suspected of containing them are processed pursuant to the task settings they are disinfected deleted or quarantined PROTECTION STATUS The current s
42. to third parties or allow third parties access to the activation code and or license key which are deemed confidential data of Rightholder 5 4 You shall not rent lease or lend the Software to any third party 5 5 You shall not use the Software in the creation of data or software used for detection blocking or treating threats described in the User Manual 5 6 Your key file can be blocked in case You breach any of the terms and conditions of this Agreement 5 7 If You are using the trial version of the Software You do not have the right to receive the Technical Support specified in Clause 4 of this Agreement and You don t have the right to transfer the license or the rights to use the Software to any third party 6 Limited Warranty and Disclaimer 6 1 The Rightholder guarantees that the Software will substantially perform according to the specifications and descriptions set forth in the User Manual provided however that such limited warranty shall not apply to the following w Your Computers deficiencies and related infringement for which Rightholder s expressly disclaims any warranty responsibility x malfunctions defects or failures resulting from misuse abuse accident neglect improper installation operation or maintenance theft vandalism acts of God acts of terrorism power failures or surges casualty alteration non permitted modification or repairs by any party other than Rightholder or any other third parties or Y
43. will notify you of this If the application is not activated you can start the activation procedure see section Kaspersky Endpoint Security activation on page 27 If the trial version of the application is activated you can purchase the commercial license see section Purchasing a license on page 25 If your commercial license expires you can renew it see section Renewing a license on page 26 PURCHASING A LICENSE To purchase a new license 1 Open the main application window on page 32 and click the P button 2 Inthe window that opens see figure below click the Purchase button ADMINISTRATOR S GUIDE The web page that opens contains all the information on purchasing a key through Kaspersky Lab eStore or corporate partners On purchasing a license at Kaspersky Lab eStore an activation code for Kaspersky Endpoint Security see section About activation code on page 27 will be sent to the email address that you have specified in the order form Having a license allows you to use all the application s features and gives you access to application updates and technical support License not found Databases update is not available Please purchase a license to enable all features of the application Figure 2 Purchasing a license RENEWING A LICENSE The application license needs to be renewed when the current license expires In this case Kaspersky Endpoint Security keeps performing all of its operations but a
44. your computer for viruses perform updates handle reports and storages Besides that the context help file provides you with information about all windows of the application listing and describing the settings and tasks related to each of them To open the full help open the main application window on page 32 and click the button To open the context help open the required window or the tab and click the button ADMINISTRATOR S GUIDE If you cannot find a solution to your problem in the Knowledge Base in the Users forum in the help system or documentation we recommend that you contact Kaspersky Lab Technical Support Service see section Contacting Technical Support Service on page 152 KASPERSKY ENDPOINT SECURITY 8 Kaspersky Endpoint Security 8 for Mac hereinafter Kaspersky Endpoint Security is intended for use under the Mac OS X operating system to protect your computer from viruses and malware The following options are implemented in the application File Anti Virus Real time protection of the computer s file system interception and analysis of attempts to access the file system disinfection deletion of malicious objects and isolation of potentially infected objects for further analysis Virus Scan Search and deactivation of malicious code at the user s request search and analysis of malicious and potentially infected objects in the designated protection areas disinfection deletion or isola
45. 0 27 10 5 17 23 PM 10 27 10 5 18 36 PM CG 10 27 10 5 18 36 PM 10 27 10 5 19 18 PM 10 27 10 5 25 43 PM A 10 27 10 5 25 43 PM 10 27 10 5 28 36 PM 10 27 10 5 29 16 PM CS 10 27 10 5 29 16 PM 10 27 10 5 29 55 PM 10 27 10 5 30 00 PM 10 27 10 5 30 03 PM 10 27 10 5 30 05 PM 10 27 10 5 31 31 PM 10 27 10 5 31 35 PM 10 27 10 5 31 38 PM CG 10 27 10 5 31 40 PM H Event Protection of your computer is enabled Kaspersky Endpoint Security is not activate activate the application as soon as possible Protection of your computer is not running You are advised to resume protection Protection of your computer is enabled Protection of your computer is not running You are advised to resume protection Protection of your computer is enabled Protection of your computer is not running You are advised to resume protection Protection of your computer is enabled Some protection components are disabled You are advised to enable them Protection of your computer is disabled You are advised to enable protection Protection of your computer is enabled Some protection components are disabled You are advised to enable them Protection of your computer is disabled You are advised to enable protection Protection of your computer is enabled File Meicar SUSP Eicarl com detected modification of virus EICAR Test File File Meicar SUSP Eicarl com quarantined File Meicar CURE Eicar3 com detected virus EI
46. 35 p Seiler 147 148 150 161 FOES ge ln See 49 126 Q a nl ae eee ne en ee A ee ee eee een eee 90 R Remote NS UE 115 FS ae teers cct oneness E tec E A Se ib nse nev E seb ene E E 94 96 Kellen e a 47 91 93 S EE ee 69 143 ITEM A sec tees EE escesedie sate Ges A EE A EERS 32 41 42 Security level lant 57 V SE EE 71 Storages BS AG I EE 92 a e EA A E E E E E 90 T BEEN 135 139 leie 159 WPS AU OSS EE 49 Trusted zone geld er EN 51 126 U Update wl Ur LE 81 OS EE 87 rolling Dack TUNG last le EE 81 SCANNING files mCOuarantne ccccececceececeeseeecseneecceuscecceuseecsuseeeseucesseeeesseeeecsuuceesaecessaueeessseeessgesesseneeesseseessaes 92 e Eele o BD E 87 E e 88 TALS OD Cl acai verses rect Van ese A Wan wane ales bob er oenarestusn ast EE amoebae 84 CTA SO e 85 RTT AS Re 82 85 Update En EE 81 V NS SC EE 64 FVII NSN A E 72 Igel gf 0 21e 8 EE 69 OPET ON Ee 78 restoring default SCUINGS E T7 SCAN of compound les 72 SEENEN 72 EE 72 eieiei Eo RE ZA EI E 71 VIrUSeS 0 occ cccccccccecececcececececcneacuceceneaeaeuceneneaeaeuueneneaeaneneneaeaeaneneneaeaceneneaeaeaneneaeataeanentauatateneneatacenentaeaeaeeneneanaeenentatansnenentanares 49
47. A AE AANA E bodaencaacduhacacesiae peoenaesseenstusueniete 169 GCC 4 0 1 Copyright C 1987 1989 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 Free Software Foundation Inc GNU GENERAL PUBLIC LICENSE Version 2 June 1991 Copyright C 1989 1991 Free Software Foundation Inc 51 Franklin Street Fifth Floor Boston MA 02110 1301 USA ADMINISTRATOR S GUIDE Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public License is intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This General Public License applies to most of the Free Software Foundation s software and to any other program whose authors commit to using it Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead You can apply it to your programs too When we speak of free software we are referring to freedom not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and tha
48. A KASPERSKY ADMINISTRATION KIT Before installing Kaspersky Endpoint Security on a remote computer make sure that the following conditions are met e Kaspersky Administration Kit Administration Server is deployed in the corporate network e The Administration Console is installed on the Kaspersky Administration Kit administrator s workspace e Network Agent is installed on the Mac e Ani installation package for Kaspersky Endpoint Security is created and stored in the shared folder of Administration Server e Akey file for Kaspersky Endpoint Security is stored in the shared folder of Administration Server optional e The Mac computer is added to the Managed computers group of Administration Server optional Installation of Kaspersky Endpoint Security on a remote computer via Kaspersky Administration Kit involves creating and further running of the remote application installation task To create a task for remote installation of Kaspersky Endpoint Security on a remote computer via Kaspersky Administration kit 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node and select the Tasks for specific computers folder 3 Inthe taskbar click the Create Task link to run the Task Creation Wizard Follow its instructions to create a task for the remote installation of Kaspersky Endpoint Security 4 Inthe Task name window in the Name field enter the name of the task and click the Next butt
49. A ONG ALI ee 19 Kaspersky Endpoint Security default mstallaton 20 Kaspersky Endpoint Security custom installation cccccecccecseeeeeceeeeeeseeeeeeseeeesaeeeeeseeeeeeseeeeesaeeeeeseeeeeseeeeeeas 21 Preparing for use after installation ccccccccsscecceeeeecceeseecseueecceuececceececseueesssuseeesaeeessegeeessaecesseuseessageeessuesessaaeees 22 Deleng the ele lee EE ER Bieser EC H EE 24 PADOU Wen E 24 Viewing license information cccccccseececceeeccceueeecceuececseueeecseuececsuseeeseuececseueeecsuseeessececsegeeessauseeseeeessageeessgeessaags 25 P rchasing RTE 25 KONCNO Re 26 About End User License el EE 27 ADOUL EHS COUG eegene EE EEA EE 27 ADOUNC KOVI EE 27 Kaspersky Endpoint Security activation cccccccseccceeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeseeeeeeseeeeeeseeeeesaeeseeseeeeesseeeesaeeeessaeeeees 27 Activating the application With an activation code cccccecccecccceeeceeeeeeeeaeeeseeeeaeeeseeeseeesseeeseeeseeetseeesaeeseeetaeeesaes 28 Activating the application with a key nie 29 APPLICATION INTERFACE E 30 Kaspersky Endpoint Security con 30 Main application window Ae ce 32 Application preferences Window ccccccccsscccceeeecenceceececseeeeseeceseneeseaeeseeeeeseeeeseeessaeessaeeesaeeeseaeessasesseeeseeeseueessaees 34 Notification windows ANd POP UP messages 35 About notfcatons EE EE E E ET 35 Methods of receiving notifications cc ceccccceeeceeeeeeeeceeeeeeeaeeeeese
50. ACKAGE File package for updating the software It is downloaded from the Internet and installed on your computer KASPERSKY LAB Kaspersky Lab software is internationally renowned for its protection against viruses malware spam network and hacker attacks and other threats In 2008 Kaspersky Lab was rated among the world s top four leading vendors of information security software solutions for end users IDC Worldwide Endpoint Security Revenue by Vendor Kaspersky Lab is the preferred developer of computer protection systems among home users in Russia according to the COMCON survey TGl Russia 2009 Kaspersky Lab was founded in Russia in 1997 Today it is an international group of companies headquartered in Moscow with five regional divisions that manage the company s activity in Russia Western and Eastern Europe the Middle East Africa North and South America Japan China and other countries in the Asia Pacific region The company employs more than 2000 qualified specialists Products Kaspersky Lab s products provide protection for all systems from home computers to large corporate networks The personal product range includes anti virus applications for desktop laptop and pocket computers and for smartphones and other mobile devices Kaspersky Lab delivers applications and services to protect workstations file and web servers mail gateways and firewalls Used in conjunction with Kaspersky Lab s centralized ma
51. ASK The status command syntax kav status lt protile task _ name gt The statistics command syntax kav statistics lt proiileltask name gt Settings description The lt profile task_name gt setting can have one of the values specified for the start stop command see section Starting stopping a protection component or a task on page 103 WORKING WITH THE APPLICATION FROM THE COMMAND LINE If the status command is run without specifying the value of the lt profile task_name gt setting the current statuses of all tasks and application components will be displayed on the screen For the statistics command the value of the lt profile task_name gt setting is obligatory EXPORTING PROTECTION SETTINGS Command syntax kav export lt profile task name gt lt file name gt Settings description lt profile task_name gt one of the values listed for the start stop command is specified see section Starting stopping a protection component or a task on page 103 lt file_ name gt path to the file to which the application settings are being exported An absolute or a relative path may be specified IMPORTING PROTECTION SETTINGS Command syntax kav import lt file name gt Administrator rights are required for executing this command Settings description lt file_ name gt path to the file from which the application settings are being imported An absolute or a relative path may be specifi
52. ATION GROUP A set of computers grouped together in accordance with the performed functions and the Kaspersky Lab applications installed on those machines Computers are grouped for their convenient management as one single entity A group can include other groups A group can contain group policies for each application installed in it and the appropriate group tasks ARCHIVE File containing one or several other objects which may also be archives B BACKUP STORAGE Special storage designed to save backup copies of objects created before their first disinfection or deletion BLOCKING THE OBJECT Denying access to an object from external applications A blocked object cannot be read executed or changed D DANGEROUS OBJECT An object containing a virus You are advised not to access these objects because it may result in an infection of your computer Once an infected object is detected we recommend that you disinfect it using one of the Kaspersky Lab applications or delete it if disinfection is not possible DATABASE UPDATES One of the functions performed by a Kaspersky Lab application that enables it to keep protection current In doing so the databases are downloaded from the Kaspersky Lab update servers onto the computer and are automatically connected to the application GLOSSARY DATABASES Databases created by Kaspersky Lab s experts and containing a detailed description of all current threats to computer security
53. Brief statistics on the current update service release date of anti virus databases number of database records information about the actuality of databases are provided in the lower part of the main application window see section Main application window on page 32 If you have not previously updated Kaspersky Endpoint Security there will be no information about the most recent update Also Kaspersky Endpoint Security provides you with a detailed report on the update task run To view a report on the run of the current task 1 Open the main application window on page 32 and click the button 2 Inthe Running tasks section of the report window that opens select the Update task Information about the results of the latest updates can be viewed in the Completed tasks section ADVANCED APPLICATION SETTINGS Information about the progress of the current task or brief statistics on the results of the completed task are displayed in the lower part of the report window If the update is completed successfully the statistics include information about the size of the updates copied and installed the speed with which they were performed the start and completion time and the duration of the task If the operation fails make sure that the update settings are correct and that the update source is available Restart the update If the attempt also results in an error contact Kaspersky Lab Technical Support Service see section Con
54. CAR Test File File Meicar CURE Eicar3 com is still infected skipped by user File Meicar SUSP Eicar com detected modification of virus EICAR Test File File Meicar SUSP Eicar2 com quarantined File Meicar DELE Eicar2 com detected virus EICAR Test File File Meicar DELE Eicar2 com deleted File Meicar DELE Eicar3 com detected virus EICAR Test File File Meicar DELE Eicar3 com deleted Clear all a A Figure 54 The Kaspersky Endpoint Security report window e Reports Statistical information about dangerous objects detected and objects placed in Quarantine and Backup Storage and a list of events logged during operation All statistics are divided into subsections e Detected This is a list of all dangerous and suspicious objects detected by File Anti Virus and virus scan tasks To disinfect the dangerous objects immediately click the Disinfect all button To remove the records on detected objects from the report click the Clear button Note that this will not remove the dangerous and suspicious objects from your computer e Events List of all events logged during Kaspersky Endpoint Security operation To delete information from the list click the Clear all button e Quarantine A list of objects moved to Quarantine see section Quarantine on page 90 e Backup Storage A list of objects placed in Backup Storage on page 92 e Running tasks List of tasks being performed by Kaspersky Endpoint S
55. E E sumnoscaousstacasaabosseeesaacesamnosca cused cacasboacaceeeneces 64 Managing virus SCANMASKS sei acansineincad saacasaisaeseensdiernazanesatuunt aA EREE TARAR ATA AEAEE DEANE AEREA 65 Creating a list of objects to ecan 69 Configuring virus SCAN tasks cccccceecceceeeeeeeeeeeee eee ee ees e eee eae eee eA ae eeEA ASE eEEA AA SEeAA GA SeAGA GS eees aa Seesa aa etesaaeeesaaeeesaaeeeesaes 70 Restoring default scan settings ccccccsseccccescecceeececceuececseueeecsusceeseuseecseeeessuueeessueseesaueeesseueeessueseessuseesseneeess Tf NMS SC al ea setts cere ete enc se cee ce coe ee te ae eee eetrn ee E E dee edeceeaeeanceenteseeectee se 78 Updatng TING AD ONCATION E 80 Starting update 81 Rolling back the last update 81 Updating from a local source ee eeeee ee eeeee ee eeeeaeeeeeeaaeeeeseeeeeeeeeeeesseeeeeseeeeeeseeeeesseeeeesaneeesseeeees 82 Conigurnng the AUC EE 84 Bleser 88 Repons and Eeer 89 AN ANS ee E A 90 Set El Ree EE 92 Kei EE 94 Configuring reports ANd StOraGeS ccccccccssecccceseecceuececceueeecseeeecauseecseeeesseueeecsuucesseueeessageeesseeeeseueeessegeessaaes 96 WORKING WITH THE APPLICATION FROM THE COMMAND UNE 99 NUS le Le PIE I EE 100 NOU Ee EE 100 Updating the ele et te EE 102 Rolling back the last UDG E 103 Starting stopping a protection component OF a tASK cece ceeccceeccceeeeeceeeeceeeesaueeeaeeeeseeceseecesseesseeeseeeeseeeessneees 103 Statistics on a component s operation OF a
56. ER TO ADMINISTRATION SERVER MANUALLY UTILITY TOOL KLMOVER To connect a client computer to Administration Server activate the command line of the client computer to run the klmover utility tool included in the Administration Agent distribution package When Network Agent is installed this utility tool is stored in a folder named Library Application Support Kaspersky Lab kInagent Binaries Depending on the current settings it performs the following actions when run from the command line e connects Network Agent to Administration Server with the specified settings e logs the results of the operation into the specified file or displays them on the screen Before running the utility tool open the folder named Library Application Support Kaspersky Lab klnagent Binaries Utility command line syntax sudo klmover logfile lt file name gt address lt server address gt pn lt port number gt amer lt SSL port number gt nossl cert lt path to certificate file gt silenc dupfix The administrator rights are required to run the utility Parameter description logfile lt file name gt log the results of the utility run into the specified file if the setting is not selected results and error messages are displayed on the screen address lt server address gt address of Administration Server for connection you can specify the IP address or DNS name of the server as this address pn lt port
57. ES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program and you want it to be of the greatest possible use to the public the best way to achieve this is to make it free software which everyone can redistribute and change under these terms INFORMATION ABOUT THIRD PARTY CODE To do so attach the following notices to the program It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty and each file should have at least the copyright line and a pointer to where the full notice is found one line to give the program s name and an idea of what it does Copyright C yyyy name of author This program is free software you can redistribute it and or modify it under the terms of the GNU General Public License as published by the Free Software Foundation either version 2 of the License or at your option any later version This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE See the GNU G
58. Endpoint Security is one of the Kaspersky Lab products that can be administered via the interface of the application on page 30 command line see section Working with the application from the command line on page 99 or Kaspersky Administration Kit The Administration Console see figure below allows you to administer the application through Kaspersky Administration Kit It provides a standard MMC integrated interface and allows the administrator to perform the following functions e install Kaspersky Endpoint Security remotely on networked computers e configure Kaspersky Endpoint Security remotely on networked computers e update anti virus databases and application modules as well as roll back the last update e run virus scan tasks on networked computers e activate the application remotely using a key file e view statistics and create reports on the operation of Kaspersky Endpoint Security on networked computers ADMINISTRATOR S GUIDE A Kaspersky Administration Kit 2 0 x Fie Action View Help e Amx EB e m K Kaspersky Administration Fit ER Administration Server MACTEST El Managed computers ai Jh Reports and notifications E 93 Kaspersky Administration Kit tasks CS Tasks for specific computers H Event and computer selections Unassigned computers a Repositories Deployment Managed computers 2 Kaspersky Anti virus installed 1 computers O Install Kaspersky Anti Virus Protection P
59. F LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE INFO ZIP 5 51 Copyright C 1990 2007 Info ZIP For the purposes of this copyright and license Info ZIP is defined as the following set of individuals Mark Adler John Bush Karl Davis Harald Denker Jean Michel Dubois Jean loup Gailly Hunter Goatley Ed Gordon lan Gorman Chris Herborth Dirk Haase Greg Hartwig Robert Heath Jonathan Hudson Paul Kienitz David Kirschbaum Johnny Lee Onno van der Linden Igor Mandrichenko Steve P Miller Sergio Monesi Keith Owens George Petrov Greg Roelofs Kai Uwe Rommel Steve Salisbury Dave Smith Steven M Schweda Christian Spieler Cosmin Truta Antoine Verheijen Paul von Behren Rich Wales Mike White This software is provided as is without warranty of any kind express or implied In no event shall Info ZIP or its contributors be held liable for any direct indirect incidental special or consequential damages arising out of the use of or inability to use this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the above disclaimer and the following restrictions 1 Redistributions of source code in whole or in part must retain the above copyright notice definition d
60. INFORMATION ABOUT THIRD PARTY CODE 164 POC UN COGS EE 164 ADOBE ABI SAFE CONTAINERS E EN 165 BOOST Tog E 165 CURET T E 165 Me a E esse eee en ep eee cece eee 165 CONTENT SNE ase eg cree erste heise sce sec cs css ne vee gee ne ected gee ence sas Stee se este demic peice Snes cee dene A sgn ene taee sass E ST 166 CORONE TAa E 166 INEO NEE 167 HBPN O TA e E E E E E A A 167 BIR 167 LZMALIB AAS vce intnwasnandicssdananaiedadeboraesedewisacrabedagaascenedsdadetaescies saan sicdadaacesnedadadoroaseieuienaseaucodaeseehedadsduceaszieeianedss 168 Ns E 168 OR EE 168 RFC1321 BASED RSA FREE MD5 LIBRARY aannnannnnnnnnnnnnnnnnnrsnrnnnrrsnrrsnrnsrrrerrrenrrsrrnerrrerrnerrnnrrnnrrnnrrnnn 168 SPATE EE 168 EPOR TO E 169 TINY AME EE 169 ZUB AE e EE 169 RS elen ge e E 169 EL O 0 EE 169 ESCHER ee ee 173 ABOUT THIS GUIDE This document is a guide to the installation setup and operation of Kaspersky Endpoint Security 8 for Mac as well as for remote administration of the application through Kaspersky Administration Kit This document is intended both for a wide audience and for system administrators Users should have a basic knowledge of working with a Mac They should be familiar with the interface of the Mac OS X operating system have basic skills of working with it and be able to use email programs and the Internet The aim of the document is e to help users to install the application on the computer on their own and act
61. ION Ee Le Hl le EE 100 ENEE 100 Biest Viet Elei Met de xs cnzcccseccscect sence cedecnns cebenteceteccenceherneiceesee eect einweaaeseeaecbbindncaneceseccebienieetesnecteendecaseathsectbnneeatseeiecs 102 Rolling back the last update E 103 Starting stopping a protection component or a TASK 0 0 eee cc cecccceeceeeeeeeaeeeeceececeeeesaeeeeseeeeseeeeseeeesseeeeseeeeseeeesseetseeeses 103 Statistics on a component s operation OF a ASK cc cece ceecccecceceececeeeecee ceca eeeceeceseecesseeesseeeeseeceseeeesseeeeseeeeseueesseeetsneeeees 104 EXPONO Proteco se MNE E 105 Importing protection settings EE 105 reg UIA AD NIC ANON EE 105 Closing the application EE 106 Return codes ofthe command WING E 106 VIEWING HELP Use this command to view the application command line syntax kav help To get help on the syntax of a specific command you can use one of the following commands kav lt command gt kav help lt command gt VIRUS SCAN Command line modified to run the virus scan of a specified area has the following general appearance kav scan lt object scanned gt lt action gt lt file types gt lt exclusions gt lt report settings gt lt advanced settings gt To scan for viruses you can also use the tasks created in the application by starting the one you need from the command line see section Starting stopping a protection component or a task on page 103 The task will be run with the settings sp
62. ION VIA KASPERSKY ADMINISTRATION KIT A Trusted zone o x Exclusion rules Classification Comment Odd eicar Delete Description click underlined parameters to edit Object will nok be scanned if the Following conditions are met Object eicar Component selected Virus Scan File Anti Virus Figure 62 The Trusted zone window You can perform the following actions e Create new exclusion rule Click the Add button and in the Exclusion rule window that opens see figure below set the conditions e Modify existing exclusion rule Select the exclusion rule in the list and click the Edit button In the Exclusion rule window that opens modify the conditions e Temporarily disable exclusion rule Select the exclusion rule in the list and uncheck the box next to it The exclusion rule will be disabled until the box is checked again e Delete exclusion rule Select an exclusion rule from the list and click the Delete button Creating an exclusion rule In the Exclusion rule window that opens specify the conditions for the exclusion rule in accordance with the following settings e Object Check the Object box in the Settings field if a file folder or file mask has been specified as an exclusion object To specify the name name mask of an object click the Object link in the Description field to open the Object name window and enter the name of a file folder or file mask e Classifica
63. If your program is a subroutine library you may consider it more useful to permit linking proprietary applications with the library If this is what you want to do use the GNU Lesser General Public License instead of this License OTHER INFORMATION Additional information about third party code ADMINISTRATOR S GUIDE Agava C program library developed by OOO R Alpha is used to check digital signature The Software may include some software programs that are licensed or sublicensed to the user under the GNU General Public License GPL or other similar free software licenses which among other rights permit the user to copy modify and redistribute certain programs or portions thereof and have access to the source code Open Source Software If such licenses require that for any software which is distributed to someone in an executable binary format that the source code also be made available to those users then the source code should be made available by sending the request to source kaspersky com or the source code is supplied with the Software INDEX A ENEE EE 61 73 91 93 Activating the application VUE AO EE 29 Activating the application With an activation code cccceccceececeeceeeeeeeeeceeeeeeeseeeseeesaeeeseeeseeesaeeeseeeseeetseeeseeeseeeeaeeeseeees 28 PACTIN ei EE a 27 28 29 Activation E e ele TE E 27 28 Administration Oroupe eee ree 158 Administration Gerner cece eeeeeeeeseeeeeeeeeeeee
64. Inthe application properties window that opens see figure below select the General tab and click the Stop button to stop the application or the Start button to run it Wait until Kaspersky Administration Kit performs the action on the remote client computer After Kaspersky Endpoint Security is stopped on the remote computer it keeps functioning in unprotected mode which may lead to a risk of infection Plug in information Version number B 0 4 742 Installed 27 10 2010 14 15 34 Last software update Unknown Current statue Running Application database Database date 26 10 2010 19 26 00 Number of anti virus records 41 53428 Last update date Unknowne se aint _ Figure 59 Application settings window The General tab MODIFYING THE APPLICATION SETTINGS You can use the Settings tab of the application settings window to view and edit the application settings on the remote client computer see figure below ADMINISTRATOR S GUIDE The Licenses and Events tabs are standard in Kaspersky Administration Kit Kaspersky Endpoint Security for Mac application p x General settings Licenses Events rok eco m General M Enable protection M Launch application at computer startup Trusted zone Configure Malware categories hg Viruses worms Trojans hack tools Je Spyware and Adware Je Suto dialers M Other programs Additiona
65. Main application window on page 32 displays the latest information about Kaspersky Endpoint Security updates the release date of anti virus databases the number of records contained in the databases installed on your computer and information about their actuality The number of records in the databases reflects the number of currently known threats against which the computer is protected While using Kaspersky Endpoint Security you can run the application update at any moment To do so click the K button in the main window Detailed information about the execution of this task is displayed in the report window see section Reports on page 94 At the same time as updates are downloaded from the Kaspersky Lab servers or from Kaspersky Administration Kit Administration Server they will be copied to a local source see section Updating from a local source on page 82 given that the service is enabled ROLLING BACK THE LAST UPDATE Every time you run the application update Kaspersky Endpoint Security first creates a backup copy of the databases and modules in use and only after that starts updating them This operation procedure allows you to return to the previous version of the databases if necessary Update rollback feature may be useful in case a new version of the databases contain an invalid signature that makes Kaspersky Endpoint Security block a safe application In case of Kaspersky Endpoint Security database corruption it is re
66. ND RELATED CONTENT THROUGH THE SOFTWARE OR OTHERWISE ARISING OUT OF THE USE OF THE SOFTWARE OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS AGREEMENT OR ARISING OUT OF ANY BREACH OF CONTRACT OR ANY TORT INCLUDING NEGLIGENCE MISREPRESENTATION ANY STRICT LIABILITY OBLIGATION OR DUTY OR ANY BREACH OF STATUTORY DUTY OR ANY BREACH OF WARRANTY OF THE RIGHTHOLDER AND OR ANY OF ITS PARTNERS EVEN IF THE RIGHTHOLDER AND OR ANY PARTNER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES YOU AGREE THAT IN THE EVENT THE RIGHTHOLDER AND OR ITS PARTNERS ARE FOUND LIABILE THE LIABILITY OF THE RIGHTHOLDER AND OR ITS PARTNERS SHALL BE LIMITED BY THE COSTS OF THE SOFTWARE IN NO CASE SHALL THE LIABILITY OF THE RIGHTHOLDER AND OR ITS PARTNERS EXCEED THE FEES PAID FOR THE SOFTWARE TO THE RIGHTHOLDER OR THE PARTNER AS MAY BE APPLICABLE ADMINISTRATOR S GUIDE NOTHING IN THIS AGREEMENT EXCLUDES OR LIMITS ANY CLAIM FOR DEATH AND PERSONAL INJURY FURTHER IN THE EVENT ANY DISCLAIMER EXCLUSION OR LIMITATION IN THIS AGREEMENT CANNOT BE EXLUDED OR LIMITED ACCORDING TO APPLICABLE LAW THEN ONLY SUCH DISCLAIMER EXCLUSION OR LIMITATION SHALL NOT APPLY TO YOU AND YOU CONTINUE TO BE BOUND BY ALL THE REMAINING DISCLAIMERS EXCLUSIONS AND LIMITATIONS 8 GNU and Other Third Party Licenses 8 1 The Software may include some software programs that are licensed or sublicensed to the user under the GNU General Public License GPL or other similar fre
67. NG WITHOUT LIMITATION NONINFRINGEMENT OF THIRD PARTY RIGHTS MERCHANTABILITY SATISFACTORY QUALITY INTEGRATION OR APPLICABILITY FOR A PARTICULAR PURPOSE YOU ASSUME ALL FAULTS AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS AND FOR THE INSTALLATION OF USE OF AND RESULTS OBTAINED FROM THE SOFTWARE WITHOUT LIMITING THE FOREGOING PROVISIONS THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DISCLOSED TO THE RIGHTHOLDER 7 Exclusion and Limitation of Liability 7 1 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL THE RIGHTHOLDER OR ITS PARTNERS BE LIABLE FOR ANY SPECIAL INCIDENTAL PUNITIVE INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION FOR BUSINESS INTERRUPTION FOR LOSS OF PRIVACY FOR CORRUPTION DAMAGE AND LOSS OF DATA OR PROGRAMS FOR FAILURE TO MEET ANY DUTY INCLUDING ANY STATUTORY DUTY DUTY OF GOOD FAITH OR DUTY OF REASONABLE CARE FOR NEGLIGENCE FOR ECONOMIC LOSS AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES INFORMATON SOFTWARE A
68. NT OR A TASK The start command syntax kav start lt profile task name gt lt report settings gt The stop command syntax kav stop lt profile task name gt Administrator rights are required for executing this command ADMINISTRATOR S GUIDE Settings description lt report settings gt this parameter determines the format of the report on scan results You can use an absolute and relative path to the file If the setting is not defined scan results are displayed on screen and all events are shown The following values are possible r lt report_file gt only log important events in this file ra lt report_file gt log all events in this file You can use an absolute or relative path to the file If the setting is not defined scan results are displayed on screen and all events are shown The lt profile task_name gt setting can have one of the following values file_monitoring fm File Anti Virus scan_my_computer full full computer scan task scan_objects objects scan scan_quarantine quarantine scan scan_critical_ areas quick quick computer scan task updater update task rollback updates rollback task You can also specify the name of a user created virus scan task as the value of this setting Components and tasks started from the command prompt are run with the settings configured in the application interface STATISTICS ON A COMPONENT S OPERATION OR A T
69. OR LUCENT TECHNOLOGIES MAKE ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE GROWL 1 1 5 Copyright C 2004 The Growl Project Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of Growl nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION INFORMATION ABOUT THIRD PARTY CODE HOWEVER CAUSED AND ON ANY THEORY O
70. OUE E 27 Kaspersky Endpoint Security activation nnnannnnennenenneoenneornrnorrrrrsnrrrrrrrrsrrrrsnrrrsnrrrsnrrrstrrrsnrrrsnrrrsnrrrenrrrsnrrrstrrrenrrrsnrene 27 ABOUT LICENSE License this is the right to use Kaspersky Endpoint Security and the additional related services provided by Kaspersky Lab and its partners Each license is defined by its validity period and type License term a period during which the additional services are offered e technical support e update databases and application modules The services available depend on the type of license There are two types of license e Trial a free license with a limited validity period for example 30 days offered as an introduction to Kaspersky Endpoint Security Trial license can be used only once If you have a trial license you may contact Technical Support Service only if your question is about activating the product or purchasing a commercial license As soon as the trial license expires all Kaspersky Endpoint Security features become disabled To proceed with the application you should activate it see section Kaspersky Endpoint Security activation on page 27 e Commercial paid license with a limited validity period for example one year All functions and additional services are available during the validity period of a commercial license LICENSE MANAGEMENT As soon as a commercial license expires Kaspersky Endpoint Security
71. Storage on page 97 AAA Reports Kaspersky Endpoint Security REPORTS Detected Events Status Object Size Added A e disinfected virus EICAR Test F Meicar CURE Eicar3 com acaba deleted virus EICAR Test File Meicar DELE Eicar2 com fl deleted virus EICAR Test File Meicar DELE Eicar3 com RUNNING TASKS VS File Anti virus o COMPLETED TASKS All Last 20 Mr IIl Gi Delete __ Restore Clearall e Figure 53 Report window Backup Storage REPORTS Kaspersky Endpoint Security can provide a detailed report on its overall operation with a list of all events that occurred while it was running Besides that a dedicated detailed report will be created for each application component File Anti Virus see section File protection statistics on page 63 virus scan tasks see section Virus scan statistics on page 78 and update tasks see section Update statistics on page 88 To open the report window ADVANCED APPLICATION SETTINGS open the main application window on page 32 and click the button ry ry Fame REPORTS gt Detected E Quarantine Al Backup Storage RUNNING TASKS KS File Anti virus D COMPLETED TASKS All Last A0 The report window contains the following sections Reports Kaspersky Endpoint Security Time 10 27 10 5 11 31 PM 10 27 10 5 13 31 PM 10 27 10 5 16 07 PM 10 27 10 5 16 34 PM A 10 27 10 5 16 57 PM CS 10 27 10 5 17 08 PM 10 27 10 5 17 20 PM 1
72. TION VIA KASPERSKY ADMINISTRATION KIT To view and edit policies carry out the following steps 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node 3 Inthe Managed computers folder select the folder with the name of the group that includes the required client computer 4 Inthe selected group select the Policies subfolder The console tree will contain all policies that have been created for this group 5 Select the policy you need from the console tree in order to view and edit its properties The task panel will display comprehensive information on the policy and links for managing the policy status and configuring settings Policy Properties i 7 x General Events Settings M Enable protection M Launch application at computer startup Trusted zone EH Configure Malware categories le M Viruses worms Trojans hack tools M Spyware and Adware Iw duto dialers Other programs M Disable scheduled scans while running on battery power se tint _ Figure 75 The Policy Properties window The Settings tab CONTACTING TECHNICAL SUPPORT SERVICE If you have purchased Kaspersky Endpoint Security you can receive information from Technical Support Service either by phone or via the Internet Technical Support Service specialists will answer your questions on installing and using the application and if your computer has been inf
73. TOR S GUIDE UPDATING THE APPLICATION Keeping anti virus databases up to date is vital for the security of your computer As new viruses Trojans and malicious software emerge daily it is extremely important to update the application regularly to keep your data permanently protected Kaspersky Endpoint Security update means that the following components will be downloaded and installed on your computer e Anti virus databases The Anti virus databases protect the data on your computer File Anti Virus on page 53 and virus scan tasks see section Scanning for viruses on page 64 use them to find and deal with malicious objects on your computer Virus databases are updated hourly with new threats and ways to fight them so it s important to update them regularly e Application modules In addition to the databases you can update the internal modules of Kaspersky Endpoint Security Kaspersky Lab regularly releases update packages Main update sources of Kaspersky Endpoint Security are dedicated Kaspersky Lab update servers and Kaspersky Administration Kit Administration Server An Internet connection is required to download updates from the servers If the Internet connection is established using a proxy server adjust the network settings see section Configuring connection to a proxy server on page 87 If you cannot access the Kaspersky Lab update servers for example your Internet connection is down contact Kaspersky Lab Te
74. TRATOR S GUIDE MACTEST Properties x General Protection Applications Tasks All Kaspersky Lab applications installed on chent computer Kaspersky Endpoint Securty 8 for Mac Punning Network Agent Running Events Statistics Properties se lz Figure 58 The properties window of the client computer The Applications tab IN THIS SECTION Starting and Stopping the application 2 2 00 eeccceecceceececeeeeceeeeeaeeeeseecesee cess eeeseeeeseeeeseueesseeessueeeseeeeseeesaueessueeeseeeesens 122 Modifying the application settings cece 123 STARTING AND STOPPING THE APPLICATION You can run and stop Kaspersky Endpoint Security on a remote client computer using the General tab of the application settings window The top part of the window displays the name of the application information about the current version installation date date of last update current status whether it is run or stopped on the local computer and information about the status of the application databases To stop or run Kaspersky Endpoint Security installed on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 3
75. TY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE BOOST 1 39 0 Copyright C 2008 Beman Dawes CURL 7 19 3 Copyright C 1996 2009 Daniel Stenberg daniel haxx se COPYRIGHT AND PERMISSION NOTICE Copyright c 1996 2009 Daniel Stenberg lt daniel haxx se gt All rights reserved Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Except as contained in this notice the name of a copyright holder shall not be used in advertising or otherwise to promote the sale use or other dealings in this Software without prior written authorization of the copyright holder EXPAT 1 2 Copyright C 1998 2000 Thai Open Source Software Center Ltd ADMINISTRATOR S GUIDE Permission is hereby granted
76. The precise terms and conditions for copying distribution and modification follow TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereinafter translation is included without limitation in the term modification Each licensee is addressed as you Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running the Program is not restricted and the output from the Program is covered only if its contents constitute a work based on the Program independent of having been made by running the Program Whether that is true depends on what the Program does 1 You may copy and distribute verbatim copies of the Program s source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty
77. This section contains a detailed description of the installation of Kaspersky Endpoint Security onto a remote user computer as well as the installation of software required for remote administration of the application through Kaspersky Administration Kit This section discusses application deployment over the network and remote administration of the application through Kaspersky Administration Kit using tasks and group policies Contacting Technical Support Service This section contains instructions for contacting Kaspersky Lab support services Appendix This section includes reference information which complements the document text Glossary This section contains the list of terms used in the document and their definitions ADMINISTRATOR S GUIDE DOCUMENT CONVENTIONS The document conventions described in the table below are used in this Guide Table 1 Document conventions Warnings are highlighted in red and enclosed in frames Warnings contain Please note that important information for example on safety critical computer operations Notes are enclosed in frames Notes contain additional and reference It is recommended to use information Examples are given in section on a yellow background and under the heading Example A virus is New terms are marked in italics Command A Names of keyboard keys appear in a bold typeface Key names joined by a minus sign represent key combinations Names of inte
78. Update tab 2 Inthe Update section click the Preferences button 3 In the window that opens select the Update source tab see figure below Edit the list of update sources if necessary By default the list of update sources only contains Kaspersky Lab update servers and Kaspersky Administration ADMINISTRATOR S GUIDE Kit Administration Server When running an update Kaspersky Endpoint Security refers to this list for the address of the first server on it and attempts to download the updates from this server If the updates cannot be downloaded from the selected server the application tries to connect and retrieve the updates from the next server This continues until a connection is successfully established or until all the available update servers have been tried For subsequent updates the application first of all tries to access the server from which the most recent update was successfully made You can perform the following actions e Add anew update source to the list Click the button and select the most suitable option from the dropdown list Path for a local or network folder or URL for a HTTP or FTP server In the window that opens specify the location of the new update source e Change the update source Select the update source in the list and click the Edit button Make the required changes in the window that opens Note that such update sources as Kaspersky Lab update servers and Kaspersky Admi
79. a Kaspersky Lab Technical Support specialist Trace logs can occupy a significant amount of space on your hard drive When you are done with trace logs it is recommended that you disable the generation of new ones by unchecking the Enable trace logs box on the Reports tab After that restart Kaspersky Endpoint Security APPENDIX This section of the Guide contains reference information about the file formats of scanned files and permissible masks when configuring Kaspersky Endpoint Security IN THIS SECTION List of objects to scan Dy eviension antt rnEE EEEE ArEEOAAEEO EEEE AnEED Aner anEEo aneen ennn 154 Permissible file exclusion un EC 156 Allowed exclusion masks according to the Virus Encyclopedia classification ccccscccccsseeeeeeeeeeeeeeeeeeseeeeeeaeeeeesaaees 157 LIST OF OBJECTS TO SCAN BY EXTENSION During configuration of File Anti Virus see section Specifying the types of files to scan on page 58 or a virus scan task see section Specifying the types of files to scan on page 72 if you select Scan programs and documents by extension objects with the extensions below will be scanned for viruses com Microsoft Windows executable file of size not larger than 64 KB exe executable file Microsoft Windows self unpacking archive sys Microsoft Windows system file prg program text for dBase Clipper or Microsoft Visual FoxPro or a WAVmaker program bin Microsoft Windows binary file
80. after which the task selected from the list is deleted e Results Clicking this button opens the Task results window e Properties Clicking this button opens the View Task Settings window You can view the task settings and edit them if necessary ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT MACTEST Properties x General Protection Applicationg Tasks All tasks for the chent computer td A te AA ep Full Scan ep Quick Scan i Rollback upd i Update Running a Add Remove Results Properties se lz Figure 68 The properties window of the client computer The Tasks tab IN THIS SECTION Starting and stopping RE 137 ENEE 138 NONOR EE 139 Configuring task settings ccccceecce eee ee eee ee cece eee eee ne eee EAE EEE EAE EEE EAA EEEE AOE EEEA GE EEEA OA EEE A OS EEE GG SEEEG GG SEesa a eetsGaSeeta EEES EEEa nErenn EEE 140 STARTING AND STOPPING TASKS Tasks are only started on a remote computer if Network Agent is running If Network Agent stops running run of all active tasks is interrupted Tasks are started and stopped automatically according to a schedule or manually using the context menu commands and from the View Task Settings window To manually start or stop the task run 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab see figure above ADMINISTRATOR S GUIDE
81. age on page 92 e Ifa malicious code is detected in the file it is moved to a special storage area known as Quarantine on page 90 An attempt can be made later to cure it using the updated anti virus databases By default Kaspersky Endpoint Security is launched when the operating system starts and protects your computer during the entire session The Kaspersky Endpoint Security icon shows that File Anti Virus is running on page 30 If the icon is active your computer s protection is enabled if the icon is inactive protection is disabled IN THIS SECTION Ri lte ME EOS CUO EE 54 Restoring protection on your COMPUTER ccccsscecseseressseerenoneecccsneresosesreneueeescasenessaeetesoeesecaseresnaeeseneueesssanerensaeesenoueeees 56 Coniguring HEEN 57 Restoring default file protection set ngs 62 File 8 fois CHOR Sta E rne a a eee ee ee ee eee 63 DISABLING FILE PROTECTION Kaspersky Lab strongly recommends that you do not disable Anti Virus real time protection since this could lead to your computer becoming infected and loss of data Note that the icon indicates the protection status provided by File Anti Virus see section Anti virus protection of computer s file system on page 53 Disabling or pausing File Anti Virus does not impact the execution of virus scan tasks see section Scanning for viruses on page 64 or application updates see section Updating the application on page 80 There are several ways to disa
82. al languages To print the text of the agreement click the Print button To save the agreement as a text file click the Save button If you agree with all the clauses in the agreement click Continue A window opens to request confirmation of your consent to the conditions of the licensing agreement You can perform the following actions e Proceed with the installation of Kaspersky Endpoint Security To do so click the Agree button e Return to the text of the agreement To do this click the Read license button e Stop the installation To do so click the Disagree button 6 Inthe Installation Type window read the information about the drive on which the application will be installed and the volume of free disk space required To select a different drive for installation click the Change location button select a different drive and then click Continue The drive used to install the application must be bootable The minimum version or higher of the operating system specified in the system requirements see section Hardware and software requirements on page 18 must be installed on the hard drive Click the Customize button to select application components for custom installation 7 Inthe window that opens specify which components are to be installed on the computer Check the boxes next to the components that are not to be installed e Virus Scan Scans objects in the user defined scopes This component of Kaspersky Endpoint Sec
83. ame of the threat by mask see section Allowed exclusion masks according to the Virus Encyclopedia classification on page 157 is also admissible If the All threats value is selected then all objects specified in the Object field above will be excluded from scan regardless of the threat type assigned to them If both the exclusion object and the threat type are selected the rule will apply as follows e If you specify a certain file as the object and a certain status as the threat type the specified file will only be excluded if during the scan it is assigned the selected threat status e If you select an area or folder as the object and a status or a mask as the threat type objects with that status will be excluded from the scan only in that area or folder e Component All components Select the Kaspersky Endpoint Security components that should apply the rule being created File Anti Virus or Virus Scan If the All components option is selected then all virus scan tasks and File Anti Virus will use this rule EN CH CN Exclusion rule Exclude from the scan if all conditions are met Object volumes eicar Select Threats type start with not a virus Component File Anti Virus Figure 18 Creating an exclusion rule FILE ANTI VIRUS The computer s file system may contain viruses and other malicious programs that have persisted for years having initially penetrated the computer fro
84. an Federation 1 3 Computer s means hardware s including personal computers laptops workstations personal digital assistants smart phones hand held devices or other electronic devices for which the Software was designed where the Software will be installed and or used 1 4 End User You Your means individual s installing or using the Software on his or her own behalf or who is legally using a copy of the Software or if the Software is being downloaded or installed on behalf of an organization such as an employer You further means the organization for which the Software is downloaded or installed and it is represented hereby that such organization has authorized the person accepting this agreement to do so on its behalf For purposes hereof the term organization without limitation includes any partnership limited liability Company corporation association joint stock company trust joint venture labor organization unincorporated organization or governmental authority 1 5 Partner s means organizations or individual s who distributes the Software based on an agreement and license with the Rightholder 1 6 Update s means all upgrades revisions patches enhancements fixes modifications copies additions or maintenance packs etc 1 7 User Manual means user manual administrator guide reference book and related explanatory or other materials 2 Grant of License 2 1 You are given a non exclusive license to
85. ant Kaspersky Endpoint Security starts up automatically when installation is complete You do not have to restart the computer INSTALLING THE APPLICATION KASPERSKY ENDPOINT SECURITY CUSTOM INSTALLATION To perform custom installation of Kaspersky Endpoint Security on your computer 1 Open the contents of the Kaspersky Endpoint Security installation file To do this insert an installation CD into the disk drive If you purchased Kaspersky Endpoint Security in an online store then an application installation package in zip format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the package contents 2 Launch the Kaspersky Endpoint Security Installation Assistant To do this open the Kaspersky Endpoint Security installation package in the window containing the distribution package Follow the Installation Assistant s instructions to install the application 3 Inthe Introduction window click Continue 4 Inthe Read Me window read the information about the application Make sure that your computer meets the minimum system requirements To print the information click the Print button To save the information as a text file click the Save button To proceed with the installation click Continue 5 Inthe License window you can read the text of the Kaspersky Endpoint Security licensing agreement between you and Kaspersky Lab The text of the agreement is available in sever
86. application parameters The set of application parameters common for all task types makes up the application settings Application settings specific for each individual task type make up the corresponding task settings Application settings and task settings do not overlap The key feature of centralized administration is the grouping of remote computers on the network and managing them by creating and configuring group policies Policy is a collection of application settings for a group as well as collections of restrictions on modifying those settings when configuring the application or tasks on an individual client computer A policy includes settings for configuring all ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT the features of the application except for the settings that have been customized for a specific task type Schedule settings are an example Thus policies include the following settings e settings common to all task types application settings e settings common to all tasks of a single task type major part of task settings This means that a policy for Kaspersky Endpoint Security with protection and virus scan tasks includes all application settings required for running both task types however it includes neither for example a run schedule for virus scan tasks nor the settings that define the scan scope IN THIS SECTION Slalidard Eeler 109 Installing software required for the remote administ
87. at 12 00 AM Edit D rt Click the lock to prevent further changes Figure 32 Application preferences window The Full Scan task 3 Click We ea button under the list of virus scan tasks and in the window that opens select the Copy command 4 Enter the name of the new task in the window that opens and click OK A task with the name you have specified appears in the task list The new task inherits all the properties of the task from which it was created Therefore you may need to configure some additional settings e modify the list of objects to scan see section Creating a list of objects to scan on page 69 e specify the settings see section Configuring virus scan tasks on page 70 to be used to execute the task e create an automatic run schedule see section Configuring the virus scan task schedule on page 74 In addition to the pre set virus scan tasks Kaspersky Endpoint Security allows you to create up to six user scan tasks ADVANCED APPLICATION SETTINGS You can rename and remove scan tasks Only user tasks can be renamed or deleted To rename a created task do the following 1 Open the application preferences window on page 34 2 Select the task in the list to the left see figure above a Click the command button under the list of virus scan tasks and in the window that opens select the Rename 4 Enter the name of the task in the window that opens and click OK The task is re
88. ation Kit is installed 4 Run the installation script To do this enter the following commands in the SSH terminal of the client cd Volumes KLSHARE Packages lt klnagent package folder gt where lt kInagent_package_folders gt is the folder in which the Network Agent installation package is stored sudo install sh r lt server gt s lt action gt p port number gt 1 lt SSL port number gt Parameter description e lt action gt setting which defines if encryption will be used when establishing the connection between Network Agent and Administration Server If the value is 0 non encrypted connection will be used If the value is 1 the connection will be established via the SSL protocol default value e lt server gt IP address or DNS name of the server on which Kaspersky Administration Kit is installed e lt port numbers number of the port via which the non encrypted connection to Administration Server will be established The port 14000 is used by default e lt SSL port numbers number of the port via which the encrypted connection to Administration Server will be established using the SSL protocol By default port 13000 will be used For more information see the Kaspersky Administration Kit Deployment Guide For more information see the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Administrator rights are requi
89. ayed in the right hand part of the window OH OH OH Reports Kaspersky Endpoint Security REPORTS gt Detected mg CH Events Status Object sime Added H Added by user rest viruses CORR Eicar3 com 73 bytes October 2 MT 04 00 quarantined virus EICAR Test Meicar SUSP Eicar2 com 73 bytes October 2 MT 04 00 HN Backup Storage RUNNING TASKS File Anti Virus O COMPLETED TASKS All Last A0 Ill Delete 1 Restore Add Clear all Scanall Ge Figure 50 Report window Quarantine ACTIONS ON QUARANTINED OBJECTS Kaspersky Endpoint Security allows you to carry out the following actions on potentially infected objects e Manually move to Quarantine files that you suspect are infected but have not been detected by Kaspersky Endpoint Security To do this in the Quarantine window see figure below click the Add button and select the required file in the standard window that opens It is added to the list with the added by user status e Scan and disinfect all potentially infected quarantined objects using the current version of Kaspersky Endpoint Security databases To do this in the Quarantine window see figure below click the Scan all button Scanning and disinfecting any quarantined object may change its status to false positive or quarantined By default Kaspersky Endpoint Security automatically scans quarantined objects after each update see section Scan of Quarantine af
90. be construed as a waiver of any such provision or right 13 Rightholder Contact Information Should you have any questions concerning this Agreement or if you desire to contact the Rightholder for any reason please contact our Customer Service Department at Kaspersky Lab ZAO 10 build 1 E Volokolamsky Proezd Moscow 123060 Russian Federation Tel 7 495 797 8700 Fax 7 495 645 7939 E mail info kaspersky com Web site www kaspersky com 1997 2010 Kaspersky Lab ZAO All Rights Reserved The Software and any accompanying documentation are copyrighted and protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties CONTENT KASPERSKY LAB END USER LICENSE AGREEMENT nasnnannnnnnnnnsnnnnsnrnesnrnrsrrrrsrrrrsrrrrsrrrrsrrrrsrrrrsrrrrsrrrrsrrrrsrrrrsnrreerrene 3 ABOUT TAS CUIDE EE 12 MN OCONEE EE 12 DOCUMENT CONVENON EE 14 ADDITIONAL SOURCES OF INFORMATION 15 KASPERSKY ENDPOINT SECURITY d cic tiicacaicendentuse secsatwendagscedlscasaiaeidanisnns sada sieedectice dina dabuanden tana seadaleeedanateeeasanacsdenaase 17 ES TRIO NOR EE 18 Hardware and software system requirements ccccseecceceeeeeeeeeeeeeeeeeeeseeeeeeeeeeeesseeeeeseeeeesseeeeesseeeesseeeesseeeessaeeeees 18 INSTALLING THE APPLICATION asc darctte eneaid sence seee asec aclacacacelsenosadteeecinan eandaaneme saacabseadactantseacsrerndenneeedaseeenne cates 19 Frepanng TOR IS FA OM EE 19 HESE
91. ber of this License you may choose any version ever published by the Free Software Foundation 10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 INNO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAG
92. bjects to scan section specify the objects that should be scanned by Kaspersky Endpoint Security when running the task You can add an object to scan to the list temporarily disable scanning of an object on the list or remove an object Quick Scan task properties SI General settings Account Schedule Notification Security level S _ Recommended Optimal protection T 4opropriate for most users S Options Default level Action Prompt for action when the scan is complete Prompt for action during scan M Disinfect M Delete if disinfection Fails Objects to scan O Documents Add G Desktop 9 Downloads Deele kl iS LibraryitCaches Figure 71 The Quick Scan task properties window The Settings tab ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 4 Settings Quick Scan Ioj sl General Additional File by pes e Scan all files Scan programs and documents by content Scan programs and documents by extension Optimization M Scan only new and changed files Skip if scan takes longer than Skip if object is larger than Compound Files M Scan archives M Scan embedded OLE objects Scan email Format Files Scan password protected archives Figure 72 The Settings Quick Scan window CONFIGURING THE UPDATE TASK To view and edit the update task settings 1 Open the properties window on the c
93. ble File Anti Virus However before doing so you should know why you want to disable the component There is likely to be a different solution to the problem change the security level see section Setting the security level on page 57 or disable protection only for certain files by creating an exclusion rule see section Creating a trusted zone on page 51 For example if you are working with a database that you believe is free from viruses just specify the folder containing its files as an exclusion You may need to stop File Anti Virus temporarily if Kaspersky Endpoint Security conflicts with other programs installed on your computer ADVANCED APPLICATION SETTINGS The following methods can be used to disable File Anti Virus e Click the Kaspersky Endpoint Security icon on page 30 and select Turn Protection Off from the context menu see figure below La te B44 T Kaspersky Endpoint Security Protection On Turn Protection Off Quick Scan Update Preferences Quit Figure 19 Disabling File Anti Virus e Open the application preferences window on page 34 select the Protection tab and uncheck the Enable File Anti Virus box see figure below EN A ON Preferences WV oa ZO EI WW amp Protection Virus Scan Threats Update Network Reports Service Appearance General V Enable File Anti Virus Security level gg Maximum protection l Comprehensive protection Recommended for hostile environm
94. cceeccccseecceeeeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeseaeeeeeeeeeeseeeeeeseeeeesseeeeesaeeeeseeeesseeeeesaaees 124 Configuring the automatic startup of Kaspersky Endpoint Security cccccecceccseeeeeeeeeeeeeeeeeeseeeeeeseeeeeeseeeeesaeeeeesaeeeees 125 Creating EIERE EIERE eebe EEGENEN 126 Selecting malicious programs to DE monttored cc ceccecceeeeeeceeeeeeeeeeeeeaeeeeeseeeeeeseeeeeeseeeeeseeeeeesaeeeesseeeeesseeeesaeeeesaeeeees 128 Configuring the power saving mode 129 Configuring File Antp vus eee eee eee ee eee ee eee e ene eee AGE EeE AGA EEEE AGA SeESA OE EeEE AS SEEsA GA SeAsa ae eetsaeeeesaaaetesaaeeetaaaeeees 142 STEP 5 ADJUSTING THE VIRUS SCAN SETTINGS In the Virus Scan window adjust the default settings that should be applied to virus scan tasks ALSO SEE CORTOUMING virus Scan TASKS a cscs toes tacos actucne riie inienn P e raa Aa eA Ei aaea RAe ESA EEE AAE AERE ka EEEE RA 143 STEP 6 CONFIGURING UPDATE SETTINGS In the Update window specify the default settings that should be applied to update tasks ALSO SEE Configuring the update task ccccccccccssececceeeccceseeccsuseecseuececseeeeseeeecseueeessaueeessuececseueeeseuseeessuesesseueeessugeeessuesessaneness 145 STEP 7 NETWORK CONFIGURATION In the Network settings window enter the settings to be used for connection to a proxy server If you do not want to use a proxy server to connect to the Internet while updating anti virus databases and applicatio
95. ce These articles provide useful information recommendations and answers to frequently asked questions related to the purchase installation and use of Kaspersky Endpoint Security 8 They are grouped by topics for example Troubleshooting Configuring the update or Configuring File Anti Virus The articles may answer questions which are related not only to Kaspersky Endpoint Security 8 but also to other Kaspersky Lab products they also may contain Technical Support Service news Ta To switch to the Knowledge Base open the main application window on page 32 click the button and click the Technical Support Service button in the window that opens Users forum If your question does not require an urgent answer you can discuss it with Kaspersky Lab specialists and other users in our forum http forum kaspersky com It is also a separate section on the Technical Support Service website and contains Kaspersky Endpoint Security 8 users questions feedback and requests In this forum you can view existing topics leave comments create new topics and use the search engine Ta To go to this resource open the main application window on page 32 click the button and in the window that opens click the Forum button Help system The application includes the full help and context help files The full help file contains information about how to manage the protection of your computer view the protection status scan various areas of
96. cense key s expiration date Click the Finish button to close the Activation Assistant LICENSE MANAGEMENT ACTIVATING THE APPLICATION WITH A KEY FILE Use this option to activate the application with an existing key file If you have selected the activation using a key file no Internet connection is required We recommend that you use this method of application activation if the Internet connection cannot be established or if it is temporarily unavailable To activate the application with an existing key file 1 Open the main application window on page 32 and click the P button 2 In the window that opens click the Activate button This launches the Activation Assistant Follow these steps to activate the application 3 Inthe Activation method window select Use existing key file 4 Inthe Select key file window click the Select button and select the key file in the window that opens Information about the current key will be displayed in the bottom part of the window including the key number the key type commercial or trial and the license key expiration date 5 Inthe Key file information window the Activation Assistant notifies you of the successful completion of the activation process In addition information about the installed key is displayed including the key number key type and the license key s expiration date Click the Finish button to close the Activation Assistant APPLICATION INTERFACE T
97. cense to Use the Software is limited to the period of time as specified in Clauses 3 2 or 3 3 as applicable and the remaining period can be viewed via means described in User Manual 3 6 If You have acquired the Software that is intended to be used on more than one Computer then Your License to Use the Software is limited to the period of time starting from the date of activation of the Software or license key file installation on the first Computer 3 7 Without prejudice to any other remedy in law or in equity that the Rightholder may have in the event of any breach by You of any of the terms and conditions of this Agreement the Rightholder shall at any time without notice to You be entitled to terminate this License without refunding the purchase price or any part thereof 3 8 You agree that in using the Software and in using any report or information derived as a result of using this Software you will comply with all applicable international national state regional and local laws and regulations including without limitation privacy copyright export control and obscenity law 3 9 Except as otherwise specifically provided herein you may not transfer or assign any of the rights granted to you under this Agreement or any of your obligations pursuant hereto 4 Technical Support 4 1 The Technical Support described in Clause 2 5 of this Agreement is provided to You when the latest Update of the Software is installed except for a trial v
98. chnical Support Service see section Contacting Technical Support Service on page 152 to receive the Kaspersky Endpoint Security updates on disk in ZIP format Updates can be downloaded in one of the following modes e Automatically Kaspersky Endpoint Security regularly checks for an update package in the update source During a virus outbreak the frequency of the checks may increase and decrease afterwards If Kaspersky Endpoint Security detects new updates it downloads them in the background and installs on the computer This is the default mode e By schedule Kaspersky Endpoint Security is automatically updated according to a schedule e Manually In this case you launch the Kaspersky Endpoint Security update manually During an update the application modules and anti virus databases are compared with the ones currently available at the update source If the most recent version of the databases and modules are installed on your computer the bottom part of the main application window see section Main application window on page 32 displays a message that the anti virus databases are up to date If the bases and modules differ from those currently available at the update source only the missing components of the update will be installed on your computer Databases and modules are not copied in their entirety which allows increasing update speed and reducing Internet traffic Prior to updating the databases and modules Kaspersky Endpoin
99. commended to run the update task to download a valid set of databases for up to date protection To rollback the anti virus databases do the following 1 Open the application preferences window on page 34 and select the Update tab see figure below 2 Inthe Roll back update section click the Roll back update button ADMINISTRATOR S GUIDE You can view the results of the rollback in the report window see section Virus scan statistics on page 88 EN A ON Preferences g a FOG p Protection Virus Scan Threats Update Network Reports Service Appearance Run mode ei Automatically Every 1 day at 12 00 AM ron 9 C Manually Update W Update application modules Action after update Rescan quarantine Rollback update If databases are corrupted you can roll back to the previous database version o Rollback update E Click the lock to prevent further changes Figure 42 Application preferences window Update UPDATING FROM A LOCAL SOURCE If several computers are connected via a local network there is no need to download Kaspersky Endpoint Security updates for each of them separately since this would significantly increase the network traffic You can use the update distribution service to locally update the Kaspersky Endpoint Security anti virus databases and modules used by the application on other computers thereby reducing Internet traffic To do so set up update distribution as follows 1
100. curity installation package are run according to the settings recommended by Kaspersky Lab experts User tasks created on their basis inherit all the settings You can not only modify the settings see section Configuring virus scan tasks on page 70 of each task separately but assign uniform values for all virus scan tasks The Security level and Action settings in the Virus Scan task assigned to scan a particular object are used as a basis To assign uniform scan settings for all tasks 1 Open the application preferences window on page 34 and select the Virus Scan tab see figure below 2 Inthe list to the left select the Virus Scan task see figure below 3 Select the security level see section Selecting the security level on page 71 that most closely matches your requirements modify the settings see section Specifying the types of objects to scan on page 72 and select the action to take on infected or potentially infected objects see section Selecting actions on objects on page 73 ADVANCED APPLICATION SETTINGS 4 Inthe Other task preferences section click the Apply button Kaspersky Endpoint Security applies the values of the Security level and Action preferences to other virus scan tasks including custom ones EN A amp Preferences W APFOOQOE WW v Protection Virus Scan Threats Update Network Reports Service Appearance Quick Scan Security level zt Maximum protection Full Scan Comprehensive
101. d at the next startup of the application Skin Select o E Click the lock to prevent further changes Figure 8 Application preferences window Appearance The tabs in the top part of the window provide quick access to the following options of the application e configuration of File Anti Virus e configuration of virus scan tasks e configuration of application updates e selection of malicious programs to control and creation of a trusted zone e service settings of Kaspersky Endpoint Security APPLICATION INTERFACE To fine tune certain settings you will need to open the second and third level settings windows fi To prevent unauthorized users from modifying the Kaspersky Endpoint Security settings click the d button in the bottom part of the window You will need to enter the administrator s username and password to remove the restrictions on modifying the settings The button provides access to the Kaspersky Endpoint Security help system with a description of the settings for the current application window NOTIFICATION WINDOWS AND POP UP MESSAGES Different events can occur during the operation of Kaspersky Endpoint Security They may be of an informative nature or contain important information For example an event may notify the user of a successful update or of an error in File Anti Virus or during a virus scan that requires urgent attention The application will inform you of new events with n
102. detected object resembles a malicious program in terms of its structure but Kaspersky Endpoint Security does not contain any records similar to it It is quite possible that this is a new type of threat so Kaspersky Endpoint Security classifies that object as a potentially infected object Potentially infected objects can be detected and placed in Quarantine by File Anti Virus see section File Anti Virus on page 53 or during a virus scan see section Scanning for viruses on page 64 Additionally you can move an object to Quarantine manually by clicking the Quarantine button in a special notification see section What to do when the application s notifications appear on page 48 that appears on the screen when a potentially infected object is detected When Kaspersky Endpoint Security moves a potentially infected object to Quarantine it deletes it from the current folder and saves it in the Quarantine folder Files in Quarantine are stored in a special format and are not dangerous VIEWING THE CONTENTS OF QUARANTINE You can view the contents of Quarantine in the Quarantine section in the report window see figure below To view the contents of Quarantine do the following 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens ADVANCED APPLICATION SETTINGS 2 Inthe left part of the report window select Quarantine The contents of Quarantine are displ
103. download the product from the Kaspersky Lab website which includes this documentation You will be sent a key file or activation code by email once payment has been made HARDWARE AND SOFTWARE SYSTEM REQUIREMENTS For the proper functioning of Kaspersky Endpoint Security a computer should meet the following minimum requirements e Intel based Mac computer PowerPC processor not supported e 1 GB RAM e 500 MB of free hard drive space e Mac OS X 10 4 11 operating system or higher or Mac OS X Server 10 6 To install Network Agent required for remote administration of Kaspersky Endpoint Security through Kaspersky Administration Kit the user s computer must meet the following minimum requirements e Intel based Mac computer PowerPC processor not supported e 512 MB RAM e 30 MB free hard drive space e Mac OS X 10 4 11 operating system or higher or Mac OS X Server 10 6 INSTALLING THE APPLICATION This section contains instructions that will help you to install the application on the computer locally This section also describes the application uninstall procedure The Kaspersky Endpoint Security installation package includes the Installation Assistant and the Uninstall Assistant Remote administration of Kaspersky Endpoint Security through Kaspersky Administration Kit requires the Kaspersky Endpoint Security plugin to be installed on the administrator s workstation and Network Agent to be installed on the user s computer see
104. e ADVANCED APPLICATION SETTINGS Backup Storage is a dedicated storage area containing backup copies of dangerous objects that have been processed or deleted The main function of Backup is the ability to restore an original object at any time Files in Backup are saved in a special format and are not dangerous for the operating system VIEWING THE CONTENTS OF BACKUP You can view the contents of Backup Storage in the Backup Storage section of the report window see figure below To view the contents of Backup do the following 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens 2 Inthe left part of the report window select the Backup Storage section The contents of Quarantine are displayed in the right hand part of the window The following information is provided for each backup copy the full name of the object with the path to its Original location the time when it was moved the status assigned after the scan and its size EN ON ON Reports Kaspersky Endpoint Security REPORTS Detected Status Object Size Added Events N disinfected virus EICAR Test F Meicar CURE Eicar3 com deleted virus EICAR Test File Meicar DELE Eicar2 com NI deleted virus EICAR Test File Meicar DELE Eicar3 com RUNNING TASKS File Anti Virus O COMPLETED TASKS All Last 20 T C Delete Restore Clear all Figure 52 Report window Bac
105. e 12 24 2010 1997 2010 Kaspersky Lab ZAO All Rights Reserved http www kaspersky com http support kaspersky com KASPERSKY LAB END USER LICENSE AGREEMENT IMPORTANT LEGAL NOTICE TO ALL USERS CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT BEFORE YOU START USING THE SOFTWARE BY CLICKING THE ACCEPT BUTTON IN THE LICENSE AGREEMENT WINDOW OR BY ENTERING CORRESPONDING SYMBOL S YOU CONSENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT SUCH ACTION IS A SYMBOL OF YOUR SIGNATURE AND YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT AND AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY YOU IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT CANCEL THE INSTALLATION OF THE SOFTWARE AND DO NOT INSTALL THE SOFTWARE IF LICENSE CONTRACT OR SIMILAR DOCUMENT ACCOMPANIES SOFTWARE TERMS OF THE SOFTWARE USE DEFINED IN SUCH DOCUMENT PREVAIL OVER CURRENT END USER LICENSE AGREEMENT AFTER CLICKING THE ACCEPT BUTTON IN THE LICENSE AGREEMENT WINDOW OR AFTER ENTERING CORRESPONDING SYMBOL S YOU HAVE THE RIGHT TO USE THE SOFTWARE IN ACCORDANCE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT 1 Definitions 1 1 Software means software including any Updates and related materials 1 2 Rightholder owner of all rights whether exclusive or otherwise to the Software means Kaspersky Lab ZAO a company incorporated according to the laws of the Russi
106. e Summary window read the information about the installation process and click the Close button to exit the Installation Assistant INSTALLATION OF NETWORK AGENT USING THE SSH PROTOCOL Before installing Network Agent on a remote computer using the SSH protocol make sure that the following requirements are met e Kaspersky Administration Kit Administration Server is deployed in the corporate network e The Administration Console is installed on the Kaspersky Administration Kit administrator s workspace e The Network Agent installation package is created and stored in the shared folder of Administration Server To perform the installation of Administration Agent on a remote computer using the SSH protocol 1 Enable the Remote enter service on your Mac 2 On the administrator s workstation run the SSH client and establish the connection to a remote Mac computer 3 Connect the shared folder of Administration Server as a network drive on the remote computer To do this enter the following commands in the SSH terminal of the client mkdir Volumes KLSHARE mount smbfs lt admin_ login gt lt password gt lt AK server address gt KLSHARE Volumes KLSHARE Parameter description e lt admin_login gt name of the administrator account on Administration Server e lt password gt password of the administrator on Administration Server e lt AK_server_address gt IP address of the server on which Kaspersky Administr
107. e generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License 8 If the distribution and or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 9 The Free Software Foundation may publish revised and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Program does not specify a version num
108. e running on battery power box 509A Preferences W a ZO EI Ka amp Protection Virus Scan Threats Update Network Reports Service Ka Autorun V Launch application at computer startup Battery W Disable scheduled scans while running on battery power Configuration You can save the current protection preferences to a configuration file or load previously saved preferences from the file ri E Click the lock to prevent further changes Figure 13 Application preferences window Service COMPUTER PROTECTION STATUS Your computer s protection state gives you a summary of your computer s overall security level These threats include malicious programs outdated databases the disabling of File Anti Virus the use of minimum Kaspersky Endpoint Security protection settings etc The Security Assistant lets you review all the current threats and begin to eliminate them IN THIS SECTION Assessing the Computer s protection status 41 Eeer 42 ASSESSING THE COMPUTER S PROTECTION STATUS The computer s protection status is displayed in the main application window see section Main application window on page 32 in the form of a traffic light color scheme Depending on the situation the color scheme of the window will change If any security threats are detected the change of the color is supplemented by a text message The main application window s color acting as a security indicator can take the following values
109. e software licenses which among other rights permit the user to copy modify and redistribute certain programs or portions thereof and have access to the source code Open Source Software If such licenses require that for any software which is distributed to someone in an executable binary format that the source code also be made available to those users then the source code should be made available by sending the request to source kaspersky com or the source code is supplied with the Software If any Open Source Software licenses require that the Rightholder provide rights to use copy or modify an Open Source Software program that are broader than the rights granted in this Agreement then such rights shall take precedence over the rights and restrictions herein 9 Intellectual Property Ownership 9 1 You agree that the Software and the authorship systems ideas methods of operation documentation and other information contained in the Software are proprietary intellectual property and or the valuable trade secrets of the Rightholder or its partners and that the Rightholder and its partners as applicable are protected by civil and criminal law and by the law of copyright trade secret trademark and patent of the Russian Federation European Union and the United States as well as other countries and international treaties This Agreement does not grant to You any rights to the intellectual property including any the Trademarks or Service
110. e uninstallation of Kaspersky Endpoint Security from a client computer via Kaspersky Administration kit 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node and select the Tasks for specific computers folder 14 For more information see the Kaspersky Administration Kit Deployment Guide ADMINISTRATOR S GUIDE 3 Inthe taskbar click the Create Task link to run the Task Creation Wizard Follow its instructions to create a task for the remote installation of Kaspersky Endpoint Security 4 Inthe Task name window in the Name field enter the name of the task and click the Next button 5 Inthe Task type window select Kaspersky Administration Kit and Product deinstallation task from the list in the Advanced folder Click the Next button 6 Inthe Settings window select Kaspersky Endpoint Security 8 for Mac from the dropdown list and click the Next button 7 Inthe Remote uninstall method window select Forced uninstall as the application uninstallation method and click the Next button 8 Inthe Settings window adjust the settings for the remote uninstallation of the application and click the Next button 9 Inthe Restart window select the Do not restart the computer option and click the Next button You don t need to restart computer after removing Kaspersky Endpoint Security 10 In the Client computers window specify the computers for which a task of remote uninstallation o
111. eating an exclusion rule See section Creating a trusted zone on page 51 SOLVING TYPICAL TASKS WHAT TO DO IF YOU SUSPECT AN OBJECT OF BEING INFECTED WITH A VIRUS If you suspect an object of being infected first scan it for viruses See section How to scan a file folder or disk for viruses on page 44 lf the virus scan performed by Kaspersky Endpoint Security reveals that the object is not infected though you suspect the opposite move the object to Quarantine Objects once moved in Quarantine are stored as archives thus causing no risk to your computer After the databases are updated Kaspersky Endpoint Security will probably be able to clearly identify and eliminate the threat To move an object to Quarantine 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens 2 Inthe left part of the report window select Quarantine The contents of Quarantine are displayed in the right hand part of the window 3 Click the Add button and in the window that opens select the required file It is added to the list with the added by user status HOW TO RESTORE AN OBJECT THAT HAS BEEN DELETED OR DISINFECTED BY THE APPLICATION We recommend that you avoid restoring deleted and disinfected objects unless it is extremely necessary because they may threaten your computer Sometimes it is not possible to save objects in their entirety during the disinfection proces
112. ecified in the Kaspersky Endpoint Security interface Settings description lt object to scan gt this parameter gives the list of objects that are scanned for malicious code The parameter may include several space separated values from the list provided lt files gt list of paths to the files and or folders to be scanned You can enter an absolute or relative path to the file Items on the list are separated by a space Comments WORKING WITH THE APPLICATION FROM THE COMMAND LINE e ifthe name of an object or the path to it includes the space or special characters such as amp it should be put in single quotes or the character being excluded should be separated with the backslash on its left side e if reference is made to a specific folder all files and folders in this folder are scanned all full computer scan remdrives all removable drives fixdrives all local drives netdrives all network drives quarantine objects moved to Quarantine lt filelist lst gt path to a file containing a list of objects and folders to be scanned The file should be in text format and each scan object must be listed on a separate line Only an absolute path to the file is allowed to be entered If no list of objects to be scanned is specified Kaspersky Endpoint Security starts the Virus Scan task with the settings selected in the application interface lt action gt this parameter determ
113. ected they will help you to remove the problem To view information about the ways you can receive support for Kaspersky Endpoint Security open the main application window on page 32 and click the button Before contacting Technical Support please read the support rules http support kaspersky com support rules If you encounter a problem when using Kaspersky Endpoint Security first of all check to see if a solution can be found in the documentation help system Knowledge Base on the Kaspersky Lab Technical Support Service website or on the users forum see section Additional sources of information on page 15 If you do not find a solution to your problem we recommend that you contact Kaspersky Lab Technical Support Service Please note that you must be a registered user of the commercial version of Kaspersky Endpoint Security to use this service No support is provided to users of trial versions If you activate Kaspersky Endpoint Security using an activation code registration of the user will be carried out by the Activation Assistant see section Kaspersky Endpoint Security activation on page 27 If you activate Kaspersky Endpoint Security using a key file go through the registration procedure on the Technical Support Service website http support kaspersky com Following registration you will receive a Customer ID and password that are required to access your Personal Cabinet on the Technical Support Service websi
114. ecurity 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Protection item from the dropdown list in the top part of the window 5 Inthe General section see figure above uncheck the Launch application at computer startup box and click the Apply button Disabling the automatic launch mode of Kaspersky Endpoint Security results in your computer operating in unprotected mode next time it is turned on which increases its risk of becoming infected CREATING A TRUSTED ZONE To create a new exclusion rule or view and modify an existing rule for Kaspersky Endpoint Security installed on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Protection item from the dropdown list in the top part of the window 5 Inthe Trusted zone section see figure above click the Configure button The Trusted zone window see figure below opens displaying a list of objects that Kaspersky Endpoint Security will not control when running ADMINISTERING THE APPLICAT
115. ecurity at the moment If no task is active and File Anti Virus is disabled the list will be empty e Completed tasks This a list of completed tasks You may view all completed tasks or the twenty most recent ones To clear the list click the tt all completed tasks command button in the bottom left corner of the report window and select the Delete From the report window you can manage the operation of File Anti Virus virus scans and update tasks start and stop them To do so use the corresponding buttons in the component or task report window Kaspersky Endpoint Security allows saving the operation report in text format This may be required if File Anti Virus or another task returned a runtime error that cannot be deleted by the user In such case you can contact Kaspersky Lab ADMINISTRATOR S GUIDE Technical Support Service see section Contacting Technical Support Service on page 152 In this case you need to send a text report to Technical Support Service so that our specialists can study the problem in detail and fix it as quickly as possible To export a report on the operation of Kaspersky Endpoint Security to a text file 1 Select the required report or task in the report window 2 Inthe bottom left corner of the window click the Se button select the Export command and in the window that opens specify the filename and the folder in which it will be saved CONFIGURING REPORTS AND STORAGES On the R
116. ecurity con 30 CONFIGURING THE REPORT SETTINGS To configure the settings for creating and saving reports on the operation of Kaspersky Endpoint Security installed on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Reports and Storages item from the dropdown list in the top part of the window 5 Inthe Reports section see figure below configure the following settings e Allow informational events to be logged As a rule these events are not important for security To log these events in the report check Log non critical events box e Save only important events in the report that occurred during the most recent task This saves disk space by reducing the size of the report If the Keep only recent events box is checked the information in the report will be updated every time you restart the task in this case important information such as records about malicious objects detected will be saved and non critical information will be overwritten e Set the storage period for reports The default storage duration for reports is 30 days Then the reports will be deleted You can change the
117. ed ACTIVATING THE APPLICATION Kaspersky Endpoint Security can be activated using the key file Command syntax kav addkey lt file name gt Administrator rights are required for executing this command Settings description lt file_ name gt key file for the application with the key extension ADMINISTRATOR S GUIDE CLOSING THE APPLICATION Command syntax kav exit Administrator rights are required for executing this command RETURN CODES OF THE COMMAND LINE The general codes may be returned by any command from the command line The return codes include general codes as well as codes specific to a certain task General return codes e 0Q operation completed successfully e 1 invalid setting value e 2 unknown error e 3 task completion error e 4 task cancelled Virus scan task return codes e 101 all dangerous objects processed e 102 dangerous objects detected ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Kaspersky Administration Kit is a system designed for centralized management of key administrative tasks in the domain of corporate network security systems This system is based on the applications included in Kaspersky Open Space Security Kaspersky Administration Kit supports all network configurations that use the TCP IP protocol The application is a tool for corporate network administrators and anti virus security officers Kaspersky
118. ed versions 4 Info ZIP retains the right to use the names Info ZIP Zip UnZip UnZipSFX Wiz Pocket UnZip Pocket Zip and MacZip for its own source and binary releases LIBPNG 1 2 8 Copyright C 2004 2006 2009 Glenn Randers Pehrson LIBUTF Copyright C 2002 Lucent Technologies ADMINISTRATOR S GUIDE Permission to use copy modify and distribute this software for any purpose without fee is hereby granted provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software THIS SOFTWARE IS BEING PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY IN PARTICULAR NEITHER THE AUTHORS NOR LUCENT ECHNOLOGIES MAKE ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE LZMALIB 4 43 MD5 H Copyright C 1999 Aladdin Enterprises MD5 H Copyright C 1990 RSA Data Security Inc License to copy and use this software is granted provided that it is identified as the RSA Data Security Inc MD5 Message Digest Algorithm in all material mentioning or referencing this software or this function License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security Inc MD5 Message Digest Algorithm in all material mentioning
119. eeeeaeeeeesseeeeeseeeeesaeeeeesaaeeesseeeeesaaeeeesaeeeeaaeseesaes 35 Configuring receipt of notifications ce ecccccecceeceeeeeceeeeees ee eeeeaeeeeeeeeeeeeseeeeeeaaeeeesaaeeeeseaeeessaeeesaaeeesseeeesaeeeeesaes 36 About pop up Ba Ne 37 Configuring the Kaspersky Endpoint Security mterface 37 STARTING AND STOPPING THE APPLICATION s sannnnnnnnnnnnnnsnnnnsnnnnnnrnnsnrrrsrrrrsrrrrsrrrrsrrrrsrrresrrrrsrrrrsrrresrrrrsrrererrrrerrnne 39 Closing Kaspersky Endpoint Security cccccccecseeceeeeeeeeeeee cesses eeeeeeeeeeeeeeeeeseeeeeeseeeeesseeeeeseeeeeeseeeeessaeeeesaeeeesseeeeees 39 Configuring the automatic startup of Kaspersky Endpoint Security ccccccccsecccceececeeeeceeeeeeeeeeeeceseeetaeeetseeeees 39 Configuring the power saving mode 40 COMPUTER PROTECTION STATUS 1 0 0 cccccccccccseececsceceeseeeeeeseeeeeeseeeeseaeeeeseaeeesseeeessaeeeeseaseeseaueesseaseessegeeesaneeessaaeeess 41 Assessing the Computer s protection status 41 CONTENT EIERE 42 SOLVING TYPICAL RE 43 How to perform a full scan of your computer for viruses 43 How to perform a quick scan of your Computer cece eeeeeeeeseecessuceseueesseeeeseeesseesseeeseeeseeeensnees 44 How to scan a file folder or disk for viruses 0 0 00 cece ccc eeceeceeceeceeceseeeeeeeceeeaeceeeeeeeeaesaeeeeeeeeeeaeeaeeeeeeseeaeeeeeeeeeaesaeeaeees 44 How to configure a scheduled scan of your computer 44 How to purchase or renew lcense 45 How to update applicatio
120. eeeeeeeseeeeeaeeeeseeeeseeesseeeseeeeeseecesseessueeeseeeeseeeesaneesseeeaes 158 Mei 58 72 B Se Elek tee e EE 92 C CUSTOM SST AN e EE 21 D Re 80 81 84 automatic update aaneenennennennrinernenirrrirtrrtrrsrrtirtrrrrr srren rrt rrr rrn rrn AEn E ESEE S EESAN EEESEES EENEN EEESEES EEEn EEEE nnr n rrene nn 84 87 la ele EE 81 84 Derat NS Te WAIN E 20 Reie unn EE 109 F File Anti Virus enabling CIS AP MING EE 54 56 124 PET SUO Ay E 60 protection SCODE erence te meee eee N EEEE EEEE EEEE EE E E 59 restoring default settnge 62 scan EE MES aaah ee ee kne r eee ene ee eee ee eee eee oe eee eee 58 scan optimization ee 58 IR CANO e UE 60 SSC I SS EEN 57 statistics on component operation ese cccciacrdnescednaseciaierttescetanteatnacbnessehnancsactt eebe eege eege ege eeeet enge eege 63 Importing exporting the settings cccccccsecccssseecceesccccenececseseeeceuscecseeeessuseeesseceeseueeecsuueeeseaeeessegeeessueeesseueeesseneessages 45 Infected obiect A 160 Installation CUS OM NEE 21 EE 20 KEREN 115 K E lee 27 29 L Launch automatic launch Of the application ce ecccceecccaeeceeeececeeeeceeeeseueeeseeeeseeeeeseeesseeeeseeceseueesseesseeesgeeesneesanees 39 125 ll 65 ADMINISTRATOR S GUIDE Be in EE 24 SEENEN 158 M Main application WIC OW E 32 Oe Tel LS IOC AINA EE 49 Management plugin IAS Ve e EE 110 N Network EO E 87 Network FAO CIN EN 162 et de E 111 112 BS TO eege 114 KOU AU ONS EE
121. elete if disinfection fails Other tasks You can apply the specified options to all virus scan tasks preferences Apply e US Click the lock to prevent further changes Figure 40 Application preferences window The Virus Scan task VIRUS SCAN STATISTICS A brief summary on the execution of every current task in percentages is provided in the main application window see section Main application window on page 32 Also Kaspersky Endpoint Security provides you with a detailed report of virus scan tasks run To view a report on the run of the current task 1 Open the main application window on page 32 and click the button 2 Inthe Running tasks section of the report window that opens select the name of the required task If the task is already complete information about the results are provided in the Completed tasks section Information about the progress of the current task or brief statistics on the results of the completed task are displayed in the lower part of the report window It contains information on the number of objects scanned the number of malicious ADVANCED APPLICATION SETTINGS objects detected and the number of objects to be processed Scan start time estimated completion time and duration are also displayed If any errors occur during the scan run the task again If the attempt to re run the task also results in an error contact Kaspersky Lab Technical Support Service see section Contac
122. eneral Public License for more details You should have received a copy of the GNU General Public License along with this program if not write to the Free Software Foundation Inc 51 Franklin Street Fifth Floor Boston MA 02110 1301 USA Also add information on how to contact you by electronic and paper mail If the program is interactive make it output a short notice like this when it starts in an interactive mode Gnomovision version 69 Copyright C year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY for details type show w This is free software and you are welcome to redistribute it under certain conditions type show c for details The hypothetical commands show w and show c should show the appropriate parts of the General Public License Of course the commands you use may be called something other than show w and show c they could even be mouse clicks or menu items whatever suits your program You should also get your employer if you work as a programmer or your school if any to sign a copyright disclaimer for the program if necessary Here is a sample alter the names Yoyodyne Inc hereby disclaims all copyright interest in the program Gnomovision which makes passes at compilers written by James Hacker signature of Ty Coon 1 April 1989 Ty Coon President of Vice This General Public License does not permit incorporating your program into proprietary programs
123. ent Action Prompt for action Block access Disinfect Vi Delete if disinfection fails o d Click the lock to prevent further changes Figure 20 Application preferences window Protection If you have disabled File Anti Virus it will not be turned on automatically when Kaspersky Endpoint Security restarts You will need to enable file system protection manually see section Enabling file system protection on page 56 ADMINISTRATOR S GUIDE RESTORING PROTECTION ON YOUR COMPUTER If File Anti Virus is disabled it can be enabled only manually at the user s request In this case File Anti Virus will not be automatically enabled after the system or Kaspersky Endpoint Security restarts The following methods can be used to enable File Anti Virus e Click the Kaspersky Endpoint Security icon on page 30 and select Turn Protection On from the context menu see figure below Lae tO s Bc T Kaspersky Endpoint Security Protection Off Turn Protection On Quick Scan Update Preferences Quit Figure 21 Enabling File Anti Virus e Open the application preferences window on page 34 select the Protection tab and check the Enable File Anti Virus box see figure below kifi Preferences WV a ZO EI WW Protection Virus Scan Threats Update Network Reports Service Appearance General v Enable File Anti Virus Security level wm F Maximum protection Comprehensive protection Reco
124. eports tab of the application preferences window see section Application preferences window on page 34 you can adjust the settings for the creation and storage of reports as well as set the maximum storage time for objects in Quarantine and Backup Storage CONFIGURING THE REPORT SETTINGS 7o configure the settings for creating and saving reports do the following 1 Open the application preferences window on page 34 and select the Reports tab see figure below 2 Inthe Reports section adjust the following settings e Allow informational events to be logged As a rule these events are not important for security To log these events in the report check Log non critical events box e Save only important events in the report that occurred during the most recent task This saves disk space by reducing the size of the report If the Keep only recent events box is checked the information in the report will be updated every time you restart the task in this case important information such as records about malicious objects detected will be saved and non critical information will be overwritten e Set the storage period for reports ADVANCED APPLICATION SETTINGS The default storage duration for reports is 30 days Then the reports will be deleted You can change the maximum storage period or remove this restriction EN EA CN Preferences YV a ZO EI Protection Virus Scan Threats Update Network Reports Service Appea
125. ersion of the Software Technical support service http support kaspersky com 4 2 User s Data specified in Personal Cabinet My Kaspersky Account can be used by Technical Support specialists only during processing User s request 5 Limitations 5 1 You shall not emulate clone rent lend lease sell modify decompile or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non waivable right granted to You by applicable legislation and you shall not otherwise reduce any part of the Software to human readable form or transfer the licensed Software or any subset of the licensed Software nor permit any third party to do so except to the extent the foregoing restriction is expressly prohibited by applicable law Neither Software s binary code nor source may be used or reverse engineered to re create the program algorithm which is proprietary All rights not expressly granted herein are reserved by Rightholder and or its suppliers as applicable Any such unauthorized use of the Software shall result in immediate and automatic termination of this Agreement and the License granted hereunder and may result in criminal and or civil prosecution against You 5 2 You shall not transfer the rights to use the Software to any third party KASPERSKY LAB END USER LICENSE AGREEMENT 5 3 You shall not provide the activation code and or license key file
126. es by their mask see Permissible file exclusion masks on page 156 a particular area for example a folder or program application processes or objects by the type of threat in accordance with the Virus Encyclopedia http www securelist com An exclusion object will not be scanned when the disk or folder where it is located is being scanned However if you select that object specifically the exclusion rule will not be applied to it Threat type is the status that Kaspersky Endpoint Security assigns to an object during the scan The status is assigned based on the classification of malware and riskware listed in the Kaspersky Lab Virus Encyclopedia Riskware does not have any malicious features but can be used as an auxiliary component by malicious software since such programs can contain holes and errors This category includes for example remote administration programs IRC clients FTP servers various utilities for stopping processes or hiding them keyloggers password macros and auto dialers Such programs are classified in not a virus group They can be divided into several types such as Adware Joke and Riskware for detailed information about unwanted programs detected by Kaspersky Endpoint Security see the Virus Encyclopedia http www securelist com Such programs may be blocked after the scan Since several of them are popular with users you have the option of excluding them from the scan To create a new exclusion
127. es x General settings Notification M Enable File Anti Virus Security level Recommended Optimal protection Appropriate for most users Options Deraule level Action C Prompt for action M Disinfect M Delete if disinfection Fails Figure 69 The File Anti Virus task properties window The Settings tab ADMINISTRATOR S GUIDE CONFIGURING FILE ANTI VIRUS To view and edit File Anti Virus settings 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab 2 Select File Anti Virus task from the list and click the Properties button 3 Inthe task properties window that opens on the Settings tab see figure above edit the following settings e Enable or disable File Anti Virus on the remote computer using the corresponding box e Inthe Security level section set the protection level for the file system of the remote computer by moving the slider up or down the scale or click the Options button to edit the settings of the current security level In the Settings File Anti Virus window that opens see figure below edit the file protection settings e onthe General tab specify which object formats should be scanned for viruses by Kaspersky Endpoint Security when they are opened run or saved the File types section adjust the scan performance and select a scan technology the Optimization section then select which compound
128. ettings that define the use of the settings configuration file WORKING WITH THE APPLICATION FROM THE COMMAND LINE c lt configuration_file_name gt defines the path to the configuration file that contains the application preferences for the update You can enter an absolute or relative path to the file If this parameter is not defined the values set in the application interface are used Example Update the application databases from the default source logging all events in the report Kay update raievoases upd TxE Update the Kaspersky Endpoint Security modules using the settings of updateapp ini configuration file kav update app on c updateapp ini ROLLING BACK THE LAST UPDATE Command syntax kav rollback lt r port settangs gt Administrator rights are required for executing this command Settings description lt report settings gt this parameter determines the format of the report on scan results You can use an absolute and relative path to the file If the setting is not defined scan results are displayed on screen and all events are shown r lt report_file gt only log important events in this file ra lt report_file gt log all events in this file You can use an absolute or relative path to the file If the setting is not defined scan results are displayed on screen and all events are shown Example kav rollback ra rollback te STARTING STOPPING A PROTECTION COMPONE
129. f the application will be created Click the Next button 11 In the Account window click the Next button 12 In the Task scheduling settings window select a task run mode manually or by a schedule To do this select the value that will define the frequency of the task run from the dropdown list and specify the time of the task run Click the Next button 13 The last window of the wizard will inform you that you have successfully created a task Click the Finish button to close the Assistant The task that you have created will appear in the console tree in the Tasks for specific computers folder MANAGING NETWORK AGENT Network Agent can be managed using the command line on the user s computer Kaspersky Administration Kit allows you to connect a client computer to Administration Server manually using the klmover utility tool and to check the connection between a client computer and Administration Server using the kInagchk exe utility tool You can also pause the operation of Network Agent and then resume it IN THIS SECTION Connecting a client computer to Administration Server manually Utility tool klmover ccc ccc eeeeeeeeeeeeeeeaeeeeeaeeeeees 11 Checking the connection between a client computer and Administration Server manually Utility tool kInagchk 120 Starting stopping Network Agent on a Client computer 121 ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT CONNECTING A CLIENT COMPUT
130. failures in File Anti Virus operation or corruption of Kaspersky Endpoint Security databases If you close the Security Assistant without eliminating all serious threats the color indicator in the main application window will signalize that there is a problem If you postpone the elimination of some threats they will not be present in the list of active threats when Security Assistant is opened for the next time However you can still return to view and eliminate postponed threats by clicking the View postponed threats button in the last window of the Security Assistant SOLVING TYPICAL TASKS This section describes the tasks encountered by the most users when working with the application as well as the procedures developed for carrying out these tasks IN THIS SECTION How to perform a full scan of your computer for viruses eee cceecececeeeeeseeeeeeeeeeesaeeeeeseeeeeesaeeeesseeeeeseeeesseeeeesaeeeesaeeeees 43 How to perform a quick scan Of your Computer 44 How to scan a file folder or disk Tor viruses ccccc cece ecceeeceeeceeeaeeeeceeeeeaueceeeueeeaeeeeeeegeeaeeeeceueeeaeeteeugeeaueeeesueeeaueteeeueesens 44 How to configure a scheduled Scan Of your computer 44 How to purchase or renew license cccceecccesecccsececeucecesecssuecenseceseucessuecseecensueessueessueeseecessasesseessueeenseseneasensaeesseesenes 45 How to update application databases and modules 45 How to export the application prefe
131. fications If Growl is enabled it is used to display onscreen messages ADMINISTRATOR S GUIDE CONFIGURING RECEIPT OF NOTIFICATIONS To receive notifications about events do the following 1 Open the application preferences window on page 34 and select the Appearance section see figure below a Ae Preferences W a oO EI vi Protection Virus Scan Threats kee Network Reports Service neal Events notification Y Enable notifications Additional Show application ei In Menu Bar icon O In Dock 7 Nowhere Option changes made will be applied at the next startup of the application ri T Click the lock to prevent further changes Figure 9 Application preferences window Appearance 2 Check the Enable notifications box in the Events notification section and switch to advanced settings To do so click the Additional button In the window that opens see figure below you may configure the following types of notifications about events listed above e Pop up message on screen which contains information about an event that has occurred To use this notification type check the box in the Balloon field next to the event you want to be notified of e Audio message APPLICATION INTERFACE If you want this notification to be accompanied by a sound file check the box in the Sound field next to the event name Event Balloon Sound All notifications Critical events Detec
132. files should be scanned for viruses and set a restriction on the scan of large sized objects the Compound files section e onthe Protection scope tab specify disks or folders that should be controlled by File Anti Virus By default all objects located on the hard removable and network disk drives connected to your computer are protected You can add an object to scan modify an object on the list temporarily disable scanning of an object on the list or remove an object e onthe Advanced tab select a triggering operating mode for File Anti Virus the Scan mode section enable a scheduled pause of File Anti Virus and configure the schedule the Pause task section then configure the usage of the heuristic analyzer by File Anti Virus the Heuristic analyzer section e Inthe Action section select the action that File Anti Virus should carry out if an infected or potentially infected object is detected ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 4 Settings File Anti Virus Il x Protection scope Additional File types Scan all Files f Scan programs and documents by content Scan programs and documents by extension Optimization M Use iSwift technology M Scan new and changed Files only Compound Files Scan archives Scan installation packages iW Scan embedded OLE objects Je Postpone extracting if archive larger than M Do not process archives larger than oe SC
133. free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT INNO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE FMT H Copyright C 2002 Lucent Technologies Permission to use copy modify and distribute this software for any purpose without fee is hereby granted provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software THIS SOFTWARE IS BEING PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY IN PARTICULAR NEITHER THE AUTHORS N
134. hat an action for infringement of intellectual property rights may be brought within the maximum applicable statutory period 12 Entire Agreement Severability No Waiver 12 1 This Agreement is the entire agreement between you and Rightholder and supersedes any other prior agreements proposals communications or advertising oral or written with respect to the Software or to subject matter of this Agreement You acknowledge that you have read this Agreement understand it and agree to be bound by its terms If any provision of this Agreement is found by a court of competent jurisdiction to be invalid void or unenforceable for any reason in whole or in part such provision will be more narrowly construed so that it becomes legal and enforceable and KASPERSKY LAB END USER LICENSE AGREEMENT the entire Agreement will not fail on account thereof and the balance of the Agreement will continue in full force and effect to the maximum extent permitted by law or equity while preserving to the fullest extent possible its original intent No waiver of any provision or condition herein shall be valid unless in writing and signed by you and an authorized representative of Rightholder provided that no waiver of any breach of any provisions of this Agreement will constitute a waiver of any prior concurrent or subsequent breach Rightholder s failure to insist upon or enforce strict performance of any provision of this Agreement or any right shall not
135. he Technical Support Service website e Email address Technical Support Service will send an answer to your query at this email address A Technical Support Service specialist will reply to your query in your Personal Cabinet and at the email address you have specified in your request Technical support telephone service If you encounter a problem which requires an urgent assistance you can call your nearest Technical Support office Before contacting specialists at the Russian speaking http support kaspersky ru support support_local or international http support kaspersky com support international Technical Support please have all relevant information to hand http support kaspersky com support details regarding your computer and the anti virus application installed on it This will help our support staff solve your problem more quickly Creating a trace file During Kaspersky Endpoint Security runtime errors may arise most likely due to conflicts between Kaspersky Endpoint Security and software installed on your computer Kaspersky Lab Technical Support specialists may ask you to create a trace file to help diagnostics and to resolve your problem To create a trace file 1 Open the application settings window and select the Reports tab 2 Inthe Traces section check the Enable trace logs box 3 Restart Kaspersky Endpoint Security to start the tracing process You should only use this option when instructed to do so by
136. he Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Program and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Program the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Program In addition mere aggregation of another work not based on the Program with the Program or with a work based on the Program on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may copy and distribute the Program or a work based on it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following a Accompany it with the complete corresponding machine readable source code which must be distributed under the terms of
137. he folders Documents Applications and the file named my test exe kav scan Documents Applications my test exe Scan the objects listed in the file object2scan txt using the configuration file scan_setting txt for the job Use the scan_settings txt configuration file When the scan is complete create a report to log all events kay opan Ob Sci s2 Scan AE EE Serbings txt batscancilog A sample configuration file netdrives ob ects2scan txt retscan log UPDATING THE APPLICATION The syntax for updating the application modules and anti virus databases from the command line is as follows kav update lt update source gt app lt onlort gt lt r port settings gt lt advanced settings gt Settings description lt update_source gt HTTP FTP server or network or local folder for downloading updates If a path is not selected the update source will be taken from the application update settings app lt onloff gt enable disable application modules update lt report settings gt this parameter determines the format of the report on scan results You can use an absolute or relative path to the file If the setting is not defined scan results are displayed on screen and all events are shown The following values are possible r lt report_file gt only log important events in this file ra lt report_file gt log all events in this file lt advanced settings gt s
138. he task that you have created will appear in the console tree in the Tasks for specific computers folder UNINSTALLATION OF NETWORK AGENT To uninstall Network Agent from your computer 1 Open the content of the Network Agent installation package To do this insert an installation CD into the disk drive If you purchased Kaspersky Endpoint Security in an online store then an application installation package in zm format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the package contents Start the Network Agent Uninstallation Assistant To do this select Kaspersky Network Agent Uninstaller in the window with the distribution package contents Follow the Uninstaller s instructions In the Introduction window click Continue In the Information window read the important information To start the uninstallation procedure click the Delete button and enter the administrator s password to confirm Wait until the application removal is complete In the Completion window read the information about the uninstallation process termination and click the Finish button to exit the Uninstall Assistant ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT REMOTE INSTALLATION OF KASPERSKY ENDPOINT SECURITY You can use the following methods to install Kaspersky Endpoint Security onto a user s computer e locally see section Installing the application on page 19 e re
139. hedule RW To configure additional settings of File Anti Virus do the following 1 Open the application preferences window on page 34 and select the Protection tab 2 Inthe Security level section click the Preferences button ADVANCED APPLICATION SETTINGS 3 In the window that opens select the Additional tab see figure below and configure the following settings e Select File Anti Virus operation mode in the Scan mode section e Inthe Performance section select a scan technology e Inthe Pause task section enable the scheduled pausing of File Anti Virus and configure the schedule e Inthe Heuristic analyzer section configure the use of the heuristic analyzer by File Anti Virus Scan mode Lei Smart mode O On access and modification On access On execution Performance v Use iSwift technology Pause task On schedule Schedule Heuristic analyzer E Use heuristic analyzer Scan level m Optimal protection level Min Max Figure 26 File Anti Virus Configuring additional settings SELECTING ACTIONS ON OBJECTS If a virus scan reveals that a file is infected or potentially infected the subsequent behavior of File Anti Virus depends on the status of the object and the selected action When the scan is complete the object may be identified as e malicious for example a virus or Trojan e potentially infected when the scan cannot determine whether the object is infected or not The
140. his section contains description of the basic GUI components of the application icon and context menu main application window settings window and notification windows IN THIS SECTION Kaspersky Endpoint Security ICOM wisinsscscisctsessavassaaassbonnesncaectssieiectscusanttsoubeacawdnadeaebassGaeeancatedhoucboenateauends lanbbecesanaentaneebbents 30 Maim GID DIIGATION WINDOW EE 32 Application preferences WiINdOW nnsnneoenneornrrornrrrrrrerrnrrrsnrrrsnrrrsntrrtnt1rtntrntttrrattr antt st EEDSEEE At EEnanrEDanEEn annene n renen rrn nerne 34 Notification windows and pop up messages ao Configuring the Kaspersky Endpoint Security interface ccccccceeececeeeeeeeeeeeeeseeeeeeseeeeesaeeeeeseeeeesseeeeesaaeeeesaeeeessaeeeesaes 37 KASPERSKY ENDPOINT SECURITY ICON Immediately after Kaspersky Endpoint Security is installed its icon appears in the Menu Bar This icon is an indicator of the application s operation If the icon is active it means that real time protection against malware is enabled for the computer s file system The inactive icon indicates that the protection is disabled In addition the icon s context menu provides access to the basic commands in Kaspersky Endpoint Security enabling and updating the computer s file system protection launching update task or anti virus scan opening the settings window etc By default the icon is located on the Menu Bar You can modify the application s preferences so that the
141. hnical Support Service specialist of Click the lock to prevent further changes Figure 56 Application preferences window Reports WORKING WITH THE APPLICATION FROM THE COMMAND LINE You can manage Kaspersky Endpoint Security using the command line Command prompt syntax kav lt command gt parameters The following commands can be used as a lt command gt e help helps with command syntax and list of commands e scan scans objects for malware e update starts the application update e rollback rolls back the most recent update of Kaspersky Endpoint Security administrator rights are required for executing this command e start starts a component or a task e stop stops a component or a task administrator rights are required for executing this command e status displays the current status of a component or a task e statistics displays the operation statistics for a component or a task on the screen e export exports the settings of a component or a task e import imports the settings of a component or a task administrator rights are required for executing this command e addkey activates the application using a key file administrator rights are required for executing this command e exit closes the application administrator rights are required for executing this command Each command has its own range of settings ADMINISTRATOR S GUIDE IN THIS SECT
142. hreats and troubleshoot them see figure below To launch the Security Assistant click the color indicator in the main application window see section Main application window on page 32 Databases are out of date he databases that the application uses to protect your computer are out of date It means that protection of your data may be inadequate You A re advised to update the application databases as PT as possible Update databases Figure 14 Security Assistant interface a e Cancel To browse the list of existing threats click the Continue or Go Back buttons A detailed description is provided for each threat and the following actions are available e Eliminate threat immediately To eliminate a threat click the button with the recommended action For example if infected objects have been detected on the computer the recommended action will be Disinfect infected objects If the anti virus database used by the application are out of date the recommended action is Update databases Detailed information about threats can be found in the report window see section Reports on page 94 e Postpone threat elimination If you do not want to eliminate the threat immediately for some reason you can postpone the action and return to it later To do so use the Postpone button Note that this feature does not cover such dangerous threats as persistence of malicious objects that have not been processed
143. htholder publishes them on its website or through other online services Any Updates that you may receive become part of the Software and the terms and conditions of this Agreement apply to them Technical Support via the Internet and Technical Support telephone hotline 3 Activation and Term 3 1 If You modify Your Computer or make changes to other vendors software installed on it You may be required by the Rightholder to repeat activation of the Software or license key file installation The Rightholder reserves the right to use any means and verification procedures to verify the validity of the License and or legality of a copy of the Software installed and or used on Your Computer 3 2 If the Software was acquired on a physical medium the Software can be used upon your acceptance of this Agreement for the period that is specified on the package commencing upon acceptance of this Agreement 3 3 If the Software was acquired via the Internet the Software can be used upon your acceptance of this Agreement for the period that was specified during acquisition 3 4 You have the right to use a trial version of the Software as provided in Clause 2 1 without any charge for the single applicable evaluation period 30 days from the time of the Software activation according to this Agreement provided that the trial version does not entitle You Updates and Technical support via the Internet and Technical support telephone hotline 3 5 Your Li
144. hts granted herein You are not responsible for enforcing compliance by third parties to this License ADMINISTRATOR S GUIDE 7 If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would not permit royalty free redistribution of the Program by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have mad
145. ies x General settings Account Schedule Notification Update parameters Settings Action after update E Rescan quarantine o Figure 73 The Update task properties window The Settings tab 4 Update Settings Il x Update source Additional l Add sky strat uke Elit Delete iW Select region do nok use autodetection Figure 74 The Update Settings window ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT MANAGING POLICIES Setting up policies allows you to apply universal application and task settings to client computers that belong to a single administration group This section provides information about how to create and configure policies for Kaspersky Endpoint Security When creating and configuring a policy you can fully or partially block the settings from being edited in the policies of nested groups task settings and application settings To do this click the EN button It should change to a for settings that are locked You can carry out the following actions on policies e create policies e configure policies e copy and move policies from one group to another as well as remove policies using the context menu e import and export policy settings To open the list of policies created for Kaspersky Endpoint Security 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node 3 Inthe
146. ies i viru ses worms Trojans hack tools Wl Spyware and Adware Wl Auto dialers Other programs understand that some legal programs can be classified as potentially unwanted software and want them to be recognized as a threats on this computer Exclusions Compose the list of trusted files processes and applications those should not be monitored and scanned Trusted zone E Click the lock to prevent further changes Figure 15 Application preferences window Threats Kaspersky Lab does not recommend disabling monitoring of spyware adware and auto dialers If Kaspersky Endpoint Security classifies a program which you do not consider to be dangerous as unwanted you can configure an exclusion rule for it see section Creating a trusted zone on page 51 ADVANCED APPLICATION SETTINGS CREATING A TRUSTED ZONE Trusted zone is a user created list of objects that Kaspersky Endpoint Security does not monitor The user creates a trusted zone with regard to the objects he she works with and the programs installed on the computer You might need to create such an exclusion list if for example Kaspersky Endpoint Security blocks access to an object or program which you know is safe Exclusion rules are sets of conditions under which Kaspersky Endpoint Security does not scan objects It is possible to exclude from a scan files of a certain format see section List of objects scanned by their extension on page 154 fil
147. ile system protection provided by File Anti Virus See section File Anti Virus on page 53 in real time mode it is extremely important to scan your computer for viruses This is required to stop the spread of malicious programs that have gone undetected by File Anti Virus because for instance the level of protection selected is low Kaspersky Endpoint Security comprises the following integrated virus scan tasks Virus Scan Scan individual items for viruses such as files folders disks plug and play devices ADVANCED APPLICATION SETTINGS E Search for viruses on your computer with a thorough scan of all hard drives Full Scan ECH e Quick Scan Scans only critical areas of the computer for viruses including folders with operating system files and system libraries By default these tasks are executed using the recommended settings You can edit these settings see section Configuring virus scan tasks on page 70 or create a schedule for running virus scan tasks see section Configuring the virus scan task schedule on page 74 N THIS SECTION Managing virus scan EE 65 Creating aliSt Of opjecis e SCAN EE 69 Configuring virus scan TASKS EE 70 Restoring Bel TEE e E if NBS Sean Stal OS eege 78 MANAGING VIRUS SCAN TASKS You can run virus scan tasks manually see section Launching pausing virus scan task on page 65 or automatically by a schedule see section Configuring the virus scan task
148. indow on page 32 click the Kaspersky Endpoint Security icon on the list of applications installed on the computer LO ZG ZE mit I Kaspersky Endpoint Security Protection On Turn Protection Off Quick Scan Update Preferences Quit Figure 5 Context menu of the Kaspersky Endpoint Security icon in the Menu Bar wv amp Kaspersky Endpoint Security amp Protection On Turn Protection Off Security Assistant Quick Scan Update Preferences Keep in Dock Open at Login Show in Finder Hide Quit Figure 6 Context menu of the Kaspersky Endpoint Security icon in the Dock MAIN APPLICATION WINDOW To open the main application window click the Kaspersky Endpoint Security icon in the Menu Bar or in the Dock see figure above and u select Kaspersky Endpoint Security from the context menu that opens APPLICATION INTERFACE The basic task of the Kaspersky Endpoint Security main window see figure below is to inform the user of the computer s protection status and any related problems to provide information about software components File Anti Virus Virus Scan and Update task and to ensure access to the main tasks and the settings window ADAM Kaspersky Endpoint Security 8 Protection enabled Ka Ad Figure 7 Kaspersky Endpoint Security 8 main window There are three possible protection status values see section Protection status overview on page 41 which use a traffic lignt colo
149. ines what action will be taken with malicious objects detected during the scan If this parameter has not been defined the default action is the one with the value for i8 The following values are possible i0 take no action on the object simply record information about it in the report i1 treat infected objects and if disinfection is impossible skip i2 disinfect infected objects if disinfection is impossible delete do not delete containers except the containers with an executable header sfx archives i3 treat infected objects and if disinfection fails delete Delete all compound objects completely if infected parts cannot be deleted i4 delete infected objects Delete all compound objects completely if the infected parts cannot be deleted i8 prompt the user for action if an infected object is detected This is the default setting i9 prompt the user for action at the end of the scan lt file types gt this parameter defines the file types that are subject to an anti virus scan By default if this parameter is not defined only infected files by contents are scanned The following values are possible fe only scan infected files by extension fi only scan infected files by content by default fa scan all files lt exclusions gt this parameter defines objects that are excluded from the scan You can enumerate several parameters from the list below separating them wi
150. ing this task the application performs virus scan of critical areas of your computer such as folders containing operating system files and system libraries which may when infected with malware cause corruption of your operating system To launch a full computer scan do the following 1 Open the main application window on page 32 and click the a button 2 Inthe menu that opens select Quick scan You can view the scan results in the report window see section Virus scan statistics on page 78 HOW TO SCAN A FILE FOLDER OR DISK FOR VIRUSES If you want to scan an individual object such as a hard drive folder file or removable device for viruses use the integrated Virus Scan task Toscan an individual object for viruses do the following 1 Open the main application window on page 32 and click the a button A 2 Inthe menu that opens select the q Virus Scan task A window opens to select objects to be scanned 3 Create a list of objects to be scanned see section Creating a list of objects to scan on page 69 and click the Start button to run the virus scan You can view the scan results in the report window see section Virus scan statistics on page 78 You can launch a virus scan of any object on your computer from the Finder application if the Finder Contextual Menu application component has been installed see section Kaspersky Endpoint Security custom installation on page 21 To do this
151. ion window on page 32 and click the P button 2 Inthe window that opens click the Purchase button The eStore web page opens where you can purchase a license To renew a license 1 Open the main application window on page 32 and click the P button 2 Inthe window that opens click the Renew button The eStore web page opens where you can renew a license HOW TO UPDATE APPLICATION DATABASES AND MODULES Kaspersky Lab updates anti virus databases and modules of Kaspersky Endpoint Security using dedicated update servers and Kaspersky Administration Kit Administration Server Kaspersky Lab s update servers are Kaspersky Lab s Internet sites to which the Kaspersky Endpoint Security updates are uploaded on regular bases An Internet connection is required to download updates from the servers By default Kaspersky Endpoint Security periodically checks for updates on Kaspersky Lab s servers If Kaspersky Endpoint Security detects new updates it downloads them in the background and installs on the computer To launch Kaspersky Endpoint Security update manually open the main application window on page 32 and click the Q button You can view the scan results in the report window see section Virus scan statistics on page 88 HOW TO EXPORT THE APPLICATION PREFERENCES TO KASPERSKY ENDPOINT SECURITY INSTALLED ON ANOTHER COMPUTER Kaspersky Endpoint Security allows to export and import its settings This is useful if for exa
152. isclaimer and this list of conditions 2 Redistributions in binary form compiled executables and libraries must reproduce the above copyright notice definition disclaimer and this list of conditions in documentation and or other materials provided with the distribution The sole exception to this condition is redistribution of a standard UnZipSFX binary including SFXWiz as part of a self extracting archive that is permitted without inclusion of this license as long as the normal SFX banner has not been removed from the binary or disabled 3 Altered versions including but not limited to ports to new operating systems existing ports with new graphical interfaces versions with modified or added functionality and dynamic shared or static library versions not from Info ZIP must be plainly marked as such and must not be misrepresented as being the original source or if binaries compiled from the original source Such altered versions also must not be misrepresented as being Info ZIP releases including but not limited to labeling of the altered versions with the names Info ZIP or any variation thereof including but not limited to different capitalizations Pocket UnZip WiZ or MacZip without the explicit permission of Info ZIP Such altered versions are further prohibited from misrepresentative use of the Zip Bugs or Info ZIP e mail addresses or the Info ZIP URL s such as to imply Info ZIP will provide support for the alter
153. ith absolute file paths e dir or dir all files in the dir folder e dir zip all files with the zip extension in dir folder e dir zi all files with the zi extension in the dir folder where can represent any single character e dir test all files with the test name in the dir folder and all subfolders 3 Masks with relative file paths APPENDIX e dir or dir all files in all folders called dr e dir zip all files with the zip extension in all dir folders e dir zi all files with the zi extension in all dr folders where can represent any single character e 6 dir test all files with the test name in all dir folders and all subfolders The exclusion mask can only be used if you also assign a threat type to exclude using the nomenclature of the Virus Encyclopedia The result is that the application will not look for the specified threat in any objects Using this mask without selecting a threat type essentially disables monitoring ALLOWED EXCLUSION MASKS ACCORDING TO THE VIRUS ENCYCLOPEDIA CLASSIFICATION When adding a new threat exclusion using the Virus Encyclopedia classification you can specify e Full name of the threat as stated in the Virus Encyclopedia on www securelist com www securelist com eg not a virus RiskWare RemoteAdmin RA 311 or Flooder Win32 Fuxx e The threat name by mask For example e not a virus exclude legal but potentiall
154. ivate and configure it with regard to their needs e to help an administrator in solving problems related to remote administration of the application through Kaspersky Administration Kit e to provide a quick search of the information on application related issues e to tell users about additional sources of information about the application and explain how to contact Kaspersky Lab Technical Support Service IN THIS SECTION inthis CU FAS EE 12 Risen SL CON YS Le E 14 IN THIS DOCUMENT The user guide for Kaspersky Endpoint Security 8 is comprised of the following sections Additional sources of information This sections lists sources of additional information about the application and Internet resources where you can discuss it share your ideas ask questions and receive answers Kaspersky Endpoint Security 8 This section contains a description of the application s new features and brief information on its components and functionality It shows the function of each part of the package supplied and a range of services available to registered users of the application This section contains hardware and software requirements which the computer must meet for the installation of Kaspersky Endpoint Security Installing the application This section contains instructions that will help you to install the application on the computer locally This section also describes the application uninstall procedure License management Thi
155. jects and in separate columns how many objects out of the total number scanned are archives how many are dangerous how many have been disinfected how many have been placed in Quarantine etc e The Preferences tab lists the main settings used by File Anti Virus To configure a component quickly click the Change preferences button A EN EN Reports Kaspersky Endpoint Security REPORTS detected Detected MIAE Preferences E a Time Path Status Reason l 10 27 10 5 39 35 PM File Meicar DELE Eicar1 com detecte est File Sea 10 27 10 5 39 37 PM File Mei a EE 10 27 CR File Meicar DELE Eicarl com not disinfected skipped by user J Gachun Storage 10 27 10 5 39 47 PM File Meicar DELE Eicar3 com detecte est File RUNNING TASKS 10 27 10 5 39 49 PM File Meicar DELE Eicar3 com not disinfected skipped by user G CG 10 27 10 5 39 56 PM File Meicar CURE Eicar3 com detecte est File 10 27 10 5 39 57 PM File Meicar CURE Eicar3 com not disinfected skipped by user COMPLETED TASKS 10 27 10 5 40 05 PM File Meicar DELE Eicar com detecte est File All 10 27 10 5 40 06 PM File Meicar DELE Eicar com not disinfected skipped by user Last 20 Result Dangerous objects detected Scanned 19 Start 10 27 10 5 39 26 PM Detected 4 Duration 00 00 47 Untreated 4 ER ill 7 Start Stop Clearall Rb Figure 29 Report window File Anti Virus VIRUS SCAN In addition to the f
156. k tasks and the key file installation task You can take the following actions on user tasks e adjust the settings of a task e track the execution of a task 16 For more information see the Kaspersky Administration Kit Administrator Guide 1 For more information see the Kaspersky Administration Kit Reference Guide ADMINISTRATOR S GUIDE copy and move tasks from one group to another or delete tasks using the context menu import and export tasks To view the list of tasks created for a client computer 1 2 Start Kaspersky Administration Kit Administration Console Expand the Administration Server node In the Managed computers folder select the folder with the name of the group that contains the client computer and then select the Client computers subfolder In the results panel on the right select the computer on which Kaspersky Endpoint Security is installed Right click the area to open the context menu select the Properties item The properties window on the client computer will open Select the Tasks tab see figure below to view the complete list of tasks created for the client computer The following control buttons are located under the list of tasks e Add Clicking this button opens the New task wizard on page 139 You can create a new task for Kaspersky Lab applications installed on the computer e Delete Clicking this button opens a window that requests confirmation of the action
157. kup Storage ACTIONS ON BACKUP COPIES Kaspersky Endpoint Security allows you to carry out the following actions on backup copies of objects e Restore selected backup copies from Quarantine To do this in the Backup Storage window see figure below select the backup copy of the required object from the list and click the Restore button Confirm the action The object is restored to its original location with its original name If there is an object with the same name in the original location this situation is possible when restoring an object with a copy created prior to disinfection a warning will pop up on screen You can change the location of the object being restored or rename it ADMINISTRATOR S GUIDE We recommend that you scan the object for viruses immediately after restoring it It is possible that the object will be disinfected using the updated databases without losing its integrity We do not recommend that you restore backup copies of objects unless absolutely necessary This could lead to an infection on your computer e Delete backup copies of objects in Quarantine We recommend that you periodically view Quarantine and clear it To delete an object select it in the Quarantine window see figure below and click the Delete button To clear Backup completely click the Clear all button You can also configure automatic deletion of the oldest objects in Backup Storage see section Configuring Quarantine and Backup
158. l M Disable scheduled scans while running on battery power ze zm _ Figure 60 Application settings window The Settings tab Protection If a policy which prohibits redefining specific settings has been created for the application those settings cannot be edited when adjusting the application settings ENABLING AND DISABLING FILE PROTECTION Kaspersky Lab strongly recommends that you do not disable real time protection ensured by File Anti Virus on a remote computer because this may lead to infection and to loss of data To disable File Anti Virus on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select Protection from the dropdown list in the top part of the window 1 For more information see the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 5 Inthe General section see figure below uncheck the Enable protection box and click the Apply button To enable File Anti Virus on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Application
159. l application settings enabling and disabling the protection of the computer s file system configuring the display of the Kaspersky Endpoint Security icon configuring the settings for reports and storages To proceed to the application settings 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node 3 Inthe Managed computers folder select the folder with the name of the group that contains the client computer and then select the Client computers subfolder 4 Inthe results panel on the right select the computer on which Kaspersky Endpoint Security is installed 5 Right click the area to open the context menu select the Properties item The properties window on the client computer will open 6 On the Applications tab see figure below in the list of all Kaspersky Lab applications installed on the computer select Kaspersky Endpoint Security 8 for Mac The following control buttons are located under the list of applications e Events Clicking this button opens the Events window which displays the list of events that have occurred on the client computer and logged on the Administration Server e Statistics Clicking this button opens the Statistics window which displays the actual statistical data on the application s operation e Properties Clicking this button opens the application settings window see section Modifying the application settings on page 123 ADMINIS
160. lient computer see section Managing the application on page 121 on the Tasks tab 2 Select the required task from the list and click the Properties button 3 Inthe task properties window that opens on the Settings tab see figure below edit the following settings e Inthe Update parameters section specify if the application update process should cover both anti virus databases and application modules To do this check the Update program modules box You can also select an update source and configure the distribution of updates into a local source To do this click the Settings button The Update Settings window opens see figure below here you can e onthe Update source tab specify the source where updates for the anti virus databases and application modules should be downloaded By default the update is carried out from the Administration Server and Kaspersky Lab update servers You can add a new update source to the list change the update source temporarily disable the retrieval of updates from the source and remove the update source from the list e onthe Additional tab enable the service of update copying to a local source and specify the path to a shared folder in which all retrieved updates will be stored e Inthe Action after update section specify if the Kaspersky Endpoint Security should run a scan of objects moved to Quarantine after the application is updated ADMINISTRATOR S GUIDE Update task propert
161. m a removable disk drive or from the Internet and never causing any trouble File Anti Virus is the component that monitors the computer s file system in real time mode By default it is launched during startup of the operating system persists continuously in RAM and scans all files that are opened started or saved on your computer and all associated disk drives File Anti Virus works with files in the following manner 1 The component intercepts every attempt by the user or by any program to access any file 2 File Anti Virus scans the iSwift see section Configuring additional settings on page 60 database for information about the file A decision is made whether to scan the file based on the information retrieved 3 The file is analyzed for viruses Malicious objects are detected using the Kaspersky Endpoint Security databases These databases contain descriptions of all the currently known malicious programs along with instructions to neutralize them ADMINISTRATOR S GUIDE Depending on the results of the analysis the following options of Kaspersky Endpoint Security are available e f no malicious code is detected in the file it will immediately become accessible e f malicious code is detected in a file File Anti Virus blocks the file and attempts to disinfect it After successful disinfection the file will become accessible If disinfection fails the file will be deleted A copy of the file will be moved to Backup Stor
162. maximum storage period or remove this restriction ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Kaspersky Endpoint Security 3 for Mac application p x General settings Licenses Events Reports and Storages Reports E Log non critical events E Keep only recent events iW Delete reports after Quarantine and Backup Storage M Delete objects after 30 days aie Figure 66 Application settings window The Settings tab Reports and storage areas CONFIGURING QUARANTINE AND BACKUP STORAGE You can set a time limit on the storage of objects in Quarantine and Backup Storage on a remote computer By default the storage period is 30 days after which objects are deleted You can change the maximum storage period for objects or remove this restriction To configure the settings for storing objects do the following 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button In the application settings window that opens select the Settings tab Select the Reports and Storages item from the dropdown list in the top part of the window In the Quarantine and Backup Storage section see figure above check the Delete objects after box and specify the period
163. ment click the Print button To save the agreement as a text file click the Save button If you agree with all the clauses in the agreement click Continue A window opens to request confirmation of your consent to the conditions of the licensing agreement You can perform the following actions e Proceed with the installation of Kaspersky Endpoint Security To do so click the Agree button e Return to the text of the agreement To do this click the Read license button e Stop the installation To do so click the Disagree button 6 Inthe Installation Type window read the information about the drive on which the application will be installed and the volume of free disk space required To install the application using the recommended settings click the Install button and enter the administrator s password to confirm your choice To select a different drive for installation click the Change location button select a different drive and then click Continue The drive used to install the application must be bootable The minimum version or higher of the operating system specified in the system requirements see section Hardware and software requirements on page 18 must be installed on the hard drive Wait until the Kaspersky Endpoint Security Installation Assistant installs the application components 7 Inthe Summary window read the information about the installation process and click the Close button to exit the Installation Assist
164. mmended for hostile environment Action Prompt for action Block access Disinfect V Delete if disinfection fails r d Click the lock to prevent further changes Figure 22 Application preferences window Protection ADVANCED APPLICATION SETTINGS e Use the Security Assistant see section Security Assistant on page 42 You significantly increase the risk of infecting your computer if you pause or stop protection therefore this threat is immediately logged by the Security Assistant CONFIGURING FILE ANTI VIRUS File Anti Virus is controlled using the following settings e Security level The security level is a set of parameters that define the balance between the thoroughness and speed of scanning objects There are three predefined security levels see section Selecting the security level on page 57 with settings developed by Kaspersky Lab e Action on detected object This action see section Selecting actions on objects on page 61 defines how Kaspersky Endpoint Security will react when an infected or potentially infected object is detected SELECTING THE SECURITY LEVEL File Anti Virus provides protection for your computer s file system at one of the following levels e Maximum protection provides the most complete scan of the files you open save or start e Recommended contains the settings recommended by Kaspersky Lab e Maximum Speed this level enables you to comfortably use other applications tha
165. motely using the SSH protocol see section Installing the application using the SSH protocol on page 115 e remotely via Kaspersky Administration Kit see section Installing the application via Kaspersky Administration Kit on page 116 This section also describes the application uninstall procedure via Kaspersky Administration Kit see section Removing the application via Kaspersky Administration Kit on page 117 IN THIS SECTION Installing the application using the SSH protocol cc cecccccecccceececeeeeceeeeeaeeeeeeeeeseecesseceseueeeseeeeseucesseesseeeseesesseeensees 115 Installing the application via Kaspersky Administration kt 116 Removing the application via Kaspersky Administration ki 117 INSTALLING THE APPLICATION USING THE SSH PROTOCOL Before installing Kaspersky Endpoint Security on a remote computer make sure that the following conditions are met e Kaspersky Administration Kit Administration Server is deployed in the corporate network e The Administration Console is installed on the Kaspersky Administration Kit administrator s workspace e An installation package for Kaspersky Endpoint Security is created and stored in the shared folder of Administration Server e A key file for Kaspersky Endpoint Security is stored in the shared folder of Administration Server optional To install Kaspersky Endpoint Security on a remote computer using the SSH protocol 1 Enable the Remote enter service on your Mac 2
166. mple when the application is installed both on your home and office computers You can configure the application in a convenient mode at home save those settings in a special configuration file on a disk and then import them quickly onto your office workstation The settings are stored in a special configuration file ADMINISTRATOR S GUIDE To save the current Kaspersky Endpoint Security settings to a file Endpoint Security 1 Open the application preferences window on page 34 and select the Service tab 2 Inthe Configuration section click the Save button The Save window opens 3 Inthe Save as field enter the file name and select the folder in which it will be saved To import the Kaspersky Endpoint Security settings from a configuration file 1 Open the application preferences window on page 34 and select the Service tab 2 Inthe Configuration section click the Load button and in the window that opens select the file containing the Kaspersky Endpoint Security settings WHAT TO DO IF FILE ACCESS IS BLOCKED Kaspersky Endpoint Security blocks access to a file or program if File Anti Virus on page 53 suspects the object of being infected or potentially infected by a malicious program and the Block access option has been selected To process the dangerous objects listed on the Detected tab of the report window 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report
167. n 3 Inthe Activation method window select Activate using activation code 4 Inthe Enter activation code window enter the activation code that you received when you purchased Kaspersky Endpoint Security The activation code is a sequence of numbers and letters delimited with hyphens in four groups of five symbols without spaces for example 11AA1 11AAA 1AA11 1A111 Please note that the activation code should only be entered in Latin characters 5 Inthe Obtaining key file window wait until the Activation Assistant establishes connection with Kaspersky Lab servers and sends data for verification If the activation code is verified the Assistant downloads and installs the key file Kaspersky Endpoint Security does not download a physical key file with key extension from the server but receives the relevant information to save in the operating system To obtain a real key file you should go through the registration procedure on the Kaspersky Lab website http support kaspersky com If the activation code is not verified the Assistant will display this information on the screen In this case contact the software vendor you purchased Kaspersky Endpoint Security from for details 6 Inthe Key file information window the Activation Assistant notifies you of the successful completion of the activation process In addition information about the installed key is displayed including key number key type commercial or trial and the li
168. n In the Settings window click the Next button In the Restart window select the Do not restart the computer option and click the Next button You do not have to restart the computer after Network Agent is updated In the Computer relocation window select the group into which Kaspersky Administration Kit should relocate the user s computer after Network Agent is updated If the computer does not need to be relocated into another administration group select Do not move computers automatically Click the Next button In the Select target computers window select the option for choosing the most appropriate computers for the application installation You can install the application e based on data obtained using Windows Networking e based on addresses of computers entered manually Click the Next button In the Client computers window specify the computers for which the remote application installation task should be created according to the option selected at the previous step Click the Next button In the Account window click the Next button In the Task scheduling settings window select a task run mode manually or by a schedule To do this select the value that will define the frequency of the task run from the dropdown list and specify the time of the task run Click the Next button The last window of the wizard will inform you that you have successfully created a task Click the Finish button to close the Assistant T
169. n modules uncheck the Use proxy server box If this box is checked you can modify the following settings for connecting to a proxy server e the use of proxy server settings specified in the Mac OS X preferences or defined by the user of proxy server address and port e the option of using a proxy server when updating the application from a local or network folder e authentication settings for connection to a proxy server ALSO SEE Configuring CONNECTION tO a Proxy server 134 ADMINISTRATOR S GUIDE STEP 8 CONFIGURING USER INTERACTION SETTINGS In the Interaction with user window specify how the user will interact with Kaspersky Endpoint Security on a remote computer You can configure delivery of notifications to the user and change the appearance of the Kaspersky Endpoint Security icon on a remote computer ALSO SEE Configuring receipt of notifications neeeneeeeneeeenneetrnestrrrstrrtsrtitstrtttttrtsttrt arrr SAEEESAEEESAEESAEEESEEEESEEEESEEEEA EEEE a EEEren reene eee 130 Configuring the Kaspersky Endpoint Security icon display 131 STEP 9 CONFIGURING REPORTS AND STORAGES In the Reports and Storages window configure the settings for creating reports and storage as well as the settings for items in Quarantine and Backup Storage ALSO SEE CONMOUMING INE repor El e CN 132 Configuring Quarantine and Backup Giorage 133 STEP 10 COMPLETING CREATION OF A POLICY The last window in the wizard
170. n databases and modules nnnnnnunnennennnnneennrrnsnrrrrrnrrrrsnrrrnnrrrrrsrrnnrrrrrsrrsnrnnrrnrrerrenenne 45 How to export the application preferences to Kaspersky Endpoint Security installed on another computer 45 What to do if file access is blocked oe ceccccecccceececeeeecaeeeeaeeeeseeeeceuceesueesaeeeeseecesseesseeessueeeseecessueessneetseeeseeeeaees 46 What to do if you suspect an object of being infected with a vrus 47 How to restore an object that has been deleted or disinfected by the application cccccccceecceseeeeceeeeeeeeeeaeees 47 How to view the report on the application s operaton 48 What to do when the application s notifications appear cece ececccceeccceeeeceececeececeececeueeeseeeeseecesseessueesseeeeseeeesanes 48 ADVANCED APPLICATION GEIIINGS 49 Creating a protection scope rrt nrre riren rr Errn ErEnAEEE EEEn EEEn EErEE EEn nEr enere neren erene eeni 49 Selecting malicious programs to be monitored ceccceseeeeeceeeeeeceeeeeeaeeeeeeaeeeeeseeueeeseeeeeeseeeeesaaeeeeseeeeessaeeeesaaes 49 67 get 1019 8 a tuS Ed ZONE eiriaa aE eer E A E E i a i 51 FIGA S a E E O E eectamng eae nnseese 53 Disabling file NOUS CUOIN EE 54 Restoring protection on your Computer 56 Configuring File Anti Virus EE 57 Restoring default file protection settings cccccsseccccssececeeseeccaeececcescecseueeessuueeessseecseueeesseseeesseseessueeessageeess 62 File PROTECTION EE e 63 VUS E eaa a
171. n icon is displayed in the Dock of the remote computer or not displayed at all To display the application icon in the Dock quick launch panel 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Interaction with user item from the dropdown list in the top part of the window 5 Inthe Show application icon section see figure above select the In Dock option ADMINISTRATOR S GUIDE To disable the display of the application icon on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Interaction with user item from the dropdown list in the top part of the window 5 Inthe Show application icon section see figure above select the Nowhere option Note that this modification will only take place after Kaspersky Endpoint Security is restarted ALSO SEE Kaspersky Endpoint S
172. n the application preferences window on page 34 and select the Virus Scan tab see figure below 2 Select the task in the list to the left 3 Inthe Security level section click the Preferences button ADMINISTRATOR S GUIDE 4 Inthe window that opens modify the settings see section Defining the types of objects to scan on page 72 and click OK to save the changes HAM Preferences W APFOOQOE WW amp Protection Virus Scan Threats Update Network Reports Service Appearance QuickScan tw Security level zl 1 Maximum protection Full Scan Comprehensive protection ht Recommended for hostile environment Virus Scan Preferences Action Prompt for action when the scan is complete Prompt for action during scan Do not prompt for action wi Disinfect wi Delete if disinfection fails Other tasks You can apply the specified options to all virus scan tasks preferences a o Click the lock to prevent further changes Figure 34 Application preferences window The Virus Scan task SPECIFYING THE TYPES OF OBJECTS TO SCAN By specifying the types of objects to scan you define the size and format of the files that Kaspersky Endpoint Security will scan when the task is executed To specify the types of objects to scan during the virus scan task do the following 1 Open the application preferences window on page 34 and select the Virus Scan tab 2 Select the task in the list to the
173. nagement system these solutions ensure effective automated protection for companies and organizations against computer threats Kaspersky Lab s products are certified by the major test laboratories are compatible with the software of many suppliers of computer applications and are optimized to run on many hardware platforms Kaspersky Lab s virus analysts work around the clock Every day they uncover hundreds of new computer threats create tools to detect and disinfect them and include them in the databases used by Kaspersky Lab applications Kaspersky Lab s Anti Virus database is updated hourly and the Anti Soam database every five minutes Technologies Many technologies that are now part and parcel of modern anti virus tools were originally developed by Kaspersky Lab It is no coincidence that many other developers user the Kaspersky Anti Virus kernel in their products including SafeNet USA Alt N Technologies USA Blue Coat Systems USA Check Point Software Technologies Israel Clearswift UK CommuniGate Systems USA Critical Path Ireland D Link Taiwan M86 Security USA GFI Malta IBM USA Juniper Networks USA LANDesk USA Microsoft USA NETASQ France NETGEAR USA Parallels Russia SonicWALL USA WatchGuard Technologies USA ZyXEL Communications Taiwan Many of the company s innovative technologies are patented Achievements Over the years Kaspersky Lab has won hundreds of awards for its service
174. named To delete a created task do the following 1 Open the application preferences window on page 34 2 Select the task in the list to the left see figure above 3 Click the a button under the list of virus scan tasks and in the window that opens select the Delete command Confirm the action The task is deleted from the list CREATING A LIST OF OBJECTS TO SCAN The pre set Full Scan and Quick Scan tasks already contain lists of objects to scan The Full Scan task allows you to scan all files stored on all hard drives of your computer While running the Quick Scan task Kaspersky Endpoint Security only scans vulnerable objects folders containing operating system files and system libraries The Virus scan task requires you to create a list of objects to scan files folders drives removable devices To view the list of objects to scan during execution of the Full Scan and Quick Scan tasks or edit it 1 Open the application preferences window on page 34 and select the Virus Scan tab 2 Inthe list to the left select the task name Full Scan or Quick Scan 3 To the right under Objects to scan click the Edit button A window will open containing the list of objects see figure below Edit the list of objects if necessary You can perform the following actions e Add an object to the list Drag an object into the window click the D button and select a more suitable option File or folder All drives Quarantine etc
175. nated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except as expressly provided under this License Any attempt otherwise to copy modify sublicense or distribute the Program is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 5 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Program or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rig
176. ncludes programs that are not malicious or dangerous but which under certain circumstances could be used to cause harm to your computer To select the groups of malware against which Kaspersky Endpoint Security will protect your computer 1 Open the application preferences window on page 34 and select the Threats tab see figure below 2 Inthe Malware categories section check the boxes next to the names of the malware groups against which Kaspersky Endpoint Security should protect your computer Kaspersky Endpoint Security always protects your computer against viruses worms Trojans and hack tools Therefore it is not possible to uncheck the box for this group Depending on the selected groups Kaspersky Endpoint Security will fully or partially use the anti virus databases while File Anti Virus is running see section File Anti Virus on page 53 and during virus scans see section Scanning for viruses on page 64 lf all groups of malware are selected Kaspersky Endpoint Security provides the maximum level of anti virus protection for your computer If only protection against viruses worms Trojans and hacking tools is selected Kaspersky Endpoint Security does not control potentially dangerous programs and other malware that may be installed on your computer and could cause moral or material damage af EN Preferences 9 Ff E Protection Wirus Scan Threats Update Network Reports Service Appearance Malware categor
177. ndpoint Security in an online store then an application installation package in zm format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the INSTALLING THE APPLICATION package contents 2 Launch the Kaspersky Endpoint Security Uninstaller To do this select the Kaspersky Endpoint Security Uninstaller in the window that contains the contents of the installation file Follow the steps to uninstall the application 3 Inthe Introduction window click Continue 4 Inthe Information window read the important information To start the uninstallation procedure click the Delete button and enter the administrator s password to confirm Wait until the application removal is complete 5 Inthe Summary window read the information about the uninstallation process termination and click the Finish button to exit the Uninstall Assistant There is no need to reboot the computer after the Kaspersky Endpoint Security uninstall process LICENSE MANAGEMENT This section contains information regarding the basic concepts used in the context of the application licensing This section describes how to activate the application where to view information about the current license and how to purchase and renew a license IN THIS SECTION ADOULICOI E 24 Viewing license ATO MAUI EE 25 POr Da NG te en 25 PSS WING e 26 About End User License Agreement 27 About the activation code E 21 A
178. nistration Kit Administration Server cannot be edited or deleted e Temporarily disable retrieval of updates from the source Select the update source in the list and uncheck the box next to it Kaspersky Endpoint Security will not be updated from this source until the box is checked again e Delete update source Select the update source in the list and click the button Update source ral Kaspersky Lab s update servers wi Kaspersky Administration Server Edit Figure 46 Selecting an update source ADVANCED APPLICATION SETTINGS CONFIGURING SCHEDULED UPDATE TASK LAUNCH By default Kaspersky Endpoint Security is updated automatically You can select another update run mode manual or scheduled To configure the launch of the scheduled update task for Kaspersky Endpoint Security 1 Open the application preferences window on page 34 and select the Update tab 2 Inthe Run mode section select the option to run a scheduled update and click the Edit button 3 In the window that opens see figure below set the frequency with which the task will be launched Frequency Days Schedule Every 1 day wl Time 5 20 PM B Run skipped task Figure 47 Configuring the update task schedule CONFIGURING CONNECTION TO A PROXY SERVER If your computer connects to the Internet through a proxy server configure the settings for it Kaspersky Endpoint Security uses these settings for updating anti
179. nnection to the server results and error messages are displayed on the screen Sp display the password which is used to authenticate the user on the server on the screen or record it into a log file this setting is used if the connection to Administration Server involves a proxy server By default this setting is not used savecert lt file name gt save the certificate for authentication on Administration Server in the specified file restart restart Network Agent after the utility stops running ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT STARTING STOPPING NETWORK AGENT ON A CLIENT COMPUTER You can stop and start Network Agent again on the user s computer by using the command line To stop Network Agent activate the command line of the client computer to run the launchctl utility tool with the unload command Command syntax launchctl unload Library LaunchDaemons com kaspersky klnagent plist To start Network Agent activate the command line of the client computer to run the launchctl utility tool with the load command Command syntax launchctl load Library LaunchDaemons com kaspersky klnagent plist Administrator rights are required to stop and start Network Agent ADMINISTERING THE APPLICATION Kaspersky Administration Kit provides you with the option of remotely running and stopping Kaspersky Endpoint Security on an individual client computer as well as adjusting the genera
180. nt Security are available except the retrieval of updates The application can be updated only once after installation IN THIS SECTION Activating the application With an activation code cccccceccceeeceeeeeeeceeeeeeeeaeeeseeeeaeeeseeeseeesseeeseeeseeessueeseeeseeesseeeseeeseeesaees 28 Activating the application with a key nie 29 ADMINISTRATOR S GUIDE ACTIVATING THE APPLICATION WITH AN ACTIVATION CODE Use this activation option if you have been provided with an activation code when purchasing the application Using this activation code you will obtain a key file which provides access to the functionality of Kaspersky Endpoint Security throughout the license validity period If you have been provided with an activation code for the trial version of the application you will receive a free key with a term of validity limited to the trial license You can activate the trial version of the application only if this version of Kaspersky Endpoint Security has never been installed on your computer Your computer must be connected to the Internet If the Internet connection is currently unavailable you can activate the trial version later To activate the application with your activation code do the following 1 Open the main application window on page 32 and click the P button 2 In the window that opens click the Activate button This launches the Activation Assistant Follow these steps to activate the applicatio
181. nti virus databases are no longer updated To renew your current license 1 Open the main application window on page 32 and click the P button 2 Inthe window that opens see figure below click the Renew button The web page that opens contains all the information on license renewal through Kaspersky Lab eStore or corporate partners On renewing a license at Kaspersky Lab eStore an activation code for Kaspersky Endpoint Security see section About activation code on page 27 to the email address that you have specified in the order form Kaspersky Lab regularly organizes special pricing offers on license renewals for our products Check for special offers at Kaspersky Lab website in the Products Sales and special offers section Having a license allows you to use all the application s features and gives you access to application updates and technical support OF9 0003F4 O83FC9AC Commercial key for 15 computers 9 Your license will expire on 7 15 11 3 59 59 AM Remain 260 days Figure 3 License management LICENSE MANAGEMENT ABOUT END USER LICENSE AGREEMENT End User License Agreement is an agreement between a natural or legal person lawfully in possession of a copy of Kaspersky Endpoint Security and Kaspersky Lab The EULA is included in each Kaspersky Lab application It provides detailed information on the rights and usage restrictions of Kaspersky Endpoint Security ABOUT THE ACTIVATION CODE Acti
182. ock to prevent further changes Figure 36 Application preferences window The Full Scan task Before disinfecting the object or deleting it Kaspersky Endpoint Security creates a backup copy and places it in the backup on page 92 in case the object needs to be restored or it becomes possible to disinfect it CONFIGURING THE VIRUS SCAN TASK SCHEDULE All virus scan tasks on your computer can be run manually see section Launching pausing virus scan tasks on page 65 In addition the Quick Scan and Full Scan tasks and user created tasks can be run in Kaspersky Endpoint Security according to a pre defined schedule To configure the startup of the Quick Scan and Full Scan tasks as well as custom virus scan tasks upon a schedule 1 Open the application preferences window on page 34 and select the Virus Scan tab 2 Inthe list to the left select the name of a virus scan task and enable the scheduled task run in the Run mode section Click the Edit button to configure the task settings ADVANCED APPLICATION SETTINGS 3 In the window that opens see figure below set the frequency with which the task will be launched y Frequency Weeks Schedule Mon Tue Wed Thu C Fri VI Sat C Sun dl Time 5 20 PM gl Run skipped task gt Run as Kaspersky Lab Figure 37 Configuring a virus scan task schedule RUNNING SCAN TASKS UNDER USER ACCOUNT The application allows the user to run vir
183. oint Security when they are opened run or saved e Inthe Optimization section set the scan performance ADVANCED APPLICATION SETTINGS e Inthe Compound files section select which compound files should be scanned for viruses and set a restriction on the scan of large sized objects General Protection scope Additional File types _ Scan all files ei Scan programs and documents by content Scan programs and documents by extension Optimization Iw Scan only new and changed files Compound files Scan archives Scan installation packages IW Scan embedded objects vI Postpone extracting if archive larger than D MB Wl Do not process archives larger than 8 ME Figure 24 File Anti Virus Configuring scan settings CREATING A PROTECTION SCOPE By default File Anti Virus scans all files at the moment they are accessed regardless of the media they are stored on whether it is a hard disk drive a CD DVD ROM or a flash card To create a list of objects covered by the protection scope do the following 1 Open the application preferences window on page 34 and select the Protection tab 2 Inthe Security level section click the Preferences button 3 Select the Protection scope tab in the window that opens see figure below The tab displays a list of objects that will be scanned by File Anti Virus By default
184. on 5 Inthe Task type window select the Application deployment task for Kaspersky Administration Kit and click the Next button 6 Inthe Installation package window select an installation package for Kaspersky Endpoint Security and click the Next button 11 For more information see the Kaspersky Administration Kit Deployment Guide 12 For more information see the Kaspersky Administration Kit Reference Guide 13 For more information see the Kaspersky Administration Kit Administrator Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 7 Inthe Installation method window select Push install as the remote installation method and click the Next button 8 Inthe Settings window configure the remote installation of the application and click the Next button 9 Inthe Advanced window specify an additional installation package for joint installation of the applications if required Click the Next button 10 In the Restart window select the Do not restart the computer option and click the Next button You don t need to restart the computer after installing the application 11 In the Select target computers window select the option for choosing the most appropriate computers for the application installation You can install the application e based on data obtained using Windows Networking e based on addresses of computers entered manually Click the Next button 12 In the Client computers window specify
185. on Creating a protection scope on page 59 specify the drives or folders that are to be checked by File Anti Virus ADMINISTRATOR S GUIDE e onthe Additional tab see section Configuring additional settings on page 60 set the run mode of the component 4 Click OK to save changes kiki Preferences voa enoEb vi Protection Virus Scan Threats Update Network Reports Service Appearance General V Enable File Anti Virus Security level wm S Maximum protection Comprehensive protection Recommended for hostile environment Action _ Prompt for action Block access Disinfect Delete if disinfection fails L Click the lock to prevent further changes Figure 23 Application preferences window Protection SPECIFYING THE TYPES OF FILES TO SCAN By specifying the types of files to scan you define which files by format and size File Anti Virus will scan for viruses when they are opened used and saved You can also set the scan performance To specify the type of objects to be scanned by File Anti Virus and set the scan performance 1 Open the application preferences window on page 34 and select the Protection tab 2 Inthe Security level section click the Preferences button 3 In the window that opens select the General tab see figure below and configure the following settings e Inthe File types section specify which formats of objects should be scanned for viruses by Kaspersky Endp
186. once it has completed its work use the Finish button To stop the wizard at any stage use the Cancel button To open the New task wizard 1 Open the properties window on the client computer see section Managing the application on page 121 on the Tasks tab 2 Click the Add button STEP 1 ENTERING GENERAL DATA ON THE TASK In the Task name window in the Name field specify the name of the task being created STEP 2 SELECTING AN APPLICATION AND DEFINING THE TASK TYPE In the Task type window select the Kaspersky Lab application for which the task is created Kaspersky Endpoint Security 8 for Mac or Network Agent then select the type of the task to be created The following types of tasks can be created for Kaspersky Endpoint Security e Update retrieves and installs update packages for the application e Roll back update rolls back the last update of the application e Virus Scan task of scan of the user specified areas for viruses e Key file installation task of installation of a new license key file The Change Administration Server task can be created for Network Agent STEP 3 CONFIGURING SETTINGS FOR THE SELECTED TASK TYPE Depending on the task type selected during the previous step the contents of the settings window may vary Virus Scan In the Virus Scan window carry out the following actions 1 Create a list of objects to scan for the virus scan task If necessary you can add objects to
187. open the context menu of the object and select Scan for viruses HOW TO CONFIGURE A SCHEDULED SCAN OF YOUR COMPUTER Timely virus scans ensure your computer is kept secure You can create a scheduled virus scan using the tasks Quick scan and Full scan In accordance with set mode the application will automatically perform a scan of the whole computer or the most critical areas of its file system WS 7o configure a scheduled Quick Scan or Full Scan task 1 Open the application preferences window on page 34 and select the Virus Scan tab 2 Inthe list to the left select a task name and enable scheduled run of the task in the Run mode section To edit the startup schedule click the Edit button 3 In the window that opens set the frequency with which the scan task will run In Mac OS X operating systems version 10 6 or earlier the startup procedure may differ SOLVING TYPICAL TASKS You can view the task completion results in the report window see section Virus scan statistics on page 78 HOW TO PURCHASE OR RENEW LICENSE If you have installed Kaspersky Endpoint Security without a license you can purchase one after installation When your current license expires you can renew it When purchasing or renewing a license you receive an activation code that you should use to activate the application see section Kaspersky Endpoint Security activation on page 27 To purchase a license 1 Open the main applicat
188. or referencing the derived work RSA Data Security Inc makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose It is provided as is without express or implied warranty of any kind These notices must be retained in any copies of any part of this documentation and or software RFC1321 BASED RSA FREE MDS LIBRARY Copyright C 1999 2002 Aladdin Enterprises INFORMATION ABOUT THIRD PARTY CODE STLPORT 5 2 1 Copyright C 1994 Hewlett Packard Company Copyright C 1996 1999 Silicon Graphics Computer Systems Inc Copyright C 1997 Moscow Center for SPARC Technology Copyright C 1999 2003 Boris Fomitchev This material is provided as is with absolutely no warranty expressed or implied Any use is at your own risk Permission to use or copy this software for any purpose is hereby granted without fee provided the above notices are retained on all copies Permission to modify the code and to distribute modified code is granted provided the above notices are retained and a notice that the code was modified is included with the above copyright notice TINYXML 2 5 3 Copyright C 2000 2006 Lee Thomason ZLIB 1 0 8 1 2 3 Copyright C 1995 2010 Jean loup Gailly and Mark Adler DEVELOPMENT TOOLS Third party development tools and other resources were used during the application development IN THIS SECTION SO Aachen AEEA
189. ormat xltx Microsoft Office Excel 2007 template xlsm Microsoft Office Excel 2007 template supporting macros xlam Microsoft Office Excel 2007 add in supporting macros pp Microsoft Office PowerPoint documents and files including pps Microsoft Office PowerPoint slide ppt presentation pptx Microsoft Office PowerPoint 2007 presentation pptm Microsoft Office PowerPoint 2007 presentation supporting macros potx Microsoft Office PowerPoint 2007 presentation template potm Microsoft Office PowerPoint 2007 presentation template supporting macros ppsx Microsoft Office PowerPoint 2007 slide show ppsm Microsoft Office PowerPoint 2007 slide show supporting macros ppam Microsoft Office PowerPoint 2007 add in supporting macros md Microsoft Office Access documents and files including mda Microsoft Office Access workgroup mdb database etc sldx Microsoft Office PowerPoint 2007 slide sldm Microsoft Office PowerPoint 2007 slide supporting macros thmx Microsoft Office 2007 theme The actual file format may differ from that indicated in the file extension PERMISSIBLE FILE EXCLUSION MASKS There are several ways to create file masks when creating file exclusion lists 1 Masks without file paths e zip all files with the zip extension e zi all files with the zi extension where can represent any single character e test all files named test 2 Masks w
190. osn IL ze Clear all Figure 49 Report window Update REPORTS AND STORAGES Kaspersky Endpoint Security allows you to move potentially infected objects to Quarantine create copies of infected objects in Backup Storage before disinfection or deletion and create detailed reports on any application component s operation ADMINISTRATOR S GUIDE IN THIS SECTION HERE 90 Seel e 92 Helen eee oe nee ne ee ee eee ee eee eee eee eee 94 Configuring reports ANd storages ccccssececcsececceseeecseuceccauscecceuececseneeessuuceesaececsaueeessauseessuseeesaueeessageeessueeeessgeeesseneeenas 96 QUARANTINE Quarantine is a special repository containing the objects that are potentially infected with viruses Potentially infected objects are objects suspected by Kaspersky Endpoint Security of being infected with viruses or their modifications The potentially infected status can be assigned to an object in the following cases e The code of the object being analyzed resembles a known threat but is partially altered Kaspersky Endpoint Security anti virus databases contain threats that have been already analyzed by Kaspersky Lab specialists If the databases do not yet contain any information about this modification of a malicious program Kaspersky Endpoint Security recognizes objects infected with this modification as potentially infected ones and finds a threat that seems the most similar to this type of infection e The code of the
191. otification windows and pop up messages IN THIS SECTION eier nette Le qs eae eee emer ane en aa ee eae ee ee a 35 Methods of receiving notifications EE 39 Configuring receipt of MOUMGAIONS p siczacsentaiest ee eenegen Eegeregie 36 ele geeint KYA ABOUT NOTIFICATIONS When active Kaspersky Endpoint Security notifies you of new events of the following types e Critical events are events of critical importance notifications about which should be received since they indicate problems in the operation of Kaspersky Endpoint Security operation or vulnerabilities in the protection of your computer for example application databases are out of date or license expired e Functional failure events that disable Kaspersky Endpoint Security for example application databases corrupted e Important events are events that should be paid attention to since they reflect important situations in the operation of Kaspersky Endpoint Security for example protection is disabled or the computer has not been scanned for viruses for a long time e Information events are reference type messages for example all dangerous objects disinfected To keep track of events that occur during operation of Kaspersky Endpoint Security use the notification service METHODS OF RECEIVING NOTIFICATIONS Notifications can delivered using one or both of the following e pop up messages on screen e audio message Kaspersky Endpoint Security supports Growl noti
192. our actions or causes beyond Rightholder s reasonable control y any defect not made known by You to Rightholder as soon as practical after the defect first appears and z incompatibility caused by hardware and or software components installed on Your Computer 6 2 You acknowledge accept and agree that no software is error free and You are advised to back up the Computer with frequency and reliability suitable for You 6 3 The Rightholder does not provide any guarantee that the Software will work correctly in case of violations of the terms described in the User Manual or in this Agreement 6 4 The Rightholder does not guarantee that the Software will work correctly if You do not regularly download Updates specified in Clause 2 5 of this Agreement 6 5 The Rightholder does not guarantee protection from the threats described in the User Manual after the expiration of the period specified in Clauses 3 2 or 3 3 of this Agreement or after the License to use the Software is terminated for any reason 6 6 THE SOFTWARE IS PROVIDED AS IS AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE EXCEPT FOR ANY WARRANTY CONDITION REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY CONDITION REPRESENTATION OR TERM EXPRESSED OR IMPLIED WHETHER BY STATUTE COMMON LAW CUSTOM USAGE OR OTHERWISE AS TO ANY MATTER INCLUDI
193. package When Network Agent is installed this utility tool is stored in a folder named Library Application Support Kaspersky Lab kInagent Binaries Depending on the current settings it performs the following actions when run from the command line e displays the values of the settings which are selected for the connection established between Network Agent installed on the client computer and Administration Server or log them into the specified file e logs the operational statistics of Network Agent since the last startup of the component and the results of the utility run into the specified file or displays the information on the screen e makes an attempt to establish connection between Network Agent and Administration Server e if no connection can be established sends an ICMP packet to check the status of the computer on which Administration Server is installed Before running the utility tool open the folder named Library Application Support Kaspersky Lab klnagent Binaries Utility command line syntax sudo klnagchk logfile lt file name gt sp savecert lt path to certificate file gt restart The administrator rights are required to run the utility Settings description logfile lt file name gt log the values of the settings of connection between Network Agent and Administration Server and the results of the utility run into the specified file if this setting is not selected the settings of the co
194. pause the scan until you start the task again manually or it starts again automatically according to the schedule To restart the scan click the Start button A window opens in which Kaspersky Endpoint Security offers you to resume the scan that has been interrupted or start it from the beginning A AOC REPORTS gt Detected Events Quarantine Al Backup Storage RUNNING TASKS a Va File Anti Virus COMPLETED TASKS All Last 20 Reports Kaspersky Endpoint Security Time 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM CO 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM OO 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM 10 27 10 5 35 30 PM Now scanning Location Scanned Detected Untreated File File File File File File File File File File File File File Detected Path Meicar CURE Eicarl com Meicar DELE Eicarl com Meicar Eicarl com Meicar CURE Eicarl com Meicar DELE Eicarl com Meicar Eicarl com Meicar Eicar3 com Meicar Eicar2 com Meicar Eicar3 com Meicar SUSP Eicar3 com Meicar Eicar2 com Meicar SUSP Eicar3 com Meicar SUSP Eicar3 com SUSP Eicars com Meicar 12 Start 6 Duration 6 Completion Ill aan aen Figure 31 Report window Virus Scan CREATING VIRUS SCAN TASKS Slee Statistics Preferences Status de
195. persky Endpoint Security only retrieves its own exclusive update package from Kaspersky Lab update servers or Kaspersky Administration Kit Administration Server Update source Additional wl Copy updates to folder Users Shared Updates Figure 44 Configuring settings for the update distribution service ADMINISTRATOR S GUIDE CONFIGURING THE UPDATE Kaspersky Endpoint Security is only updated in accordance with the following settings e Run mode The choice of update mode determines whether the update is launched automatically recommended by Kaspersky Lab manually or scheduled If the latter option is selected you should create an update task launch schedule see section Configuring scheduled update task launch on page 87 e Update object The update object determines what is to be updated only the anti virus databases or the application databases and the modules Kaspersky Endpoint Security databases are always updated and the application modules are only updated if the corresponding box is checked see section Selecting the update mode and objects on page 84 e Update source Update source is a resource that contains actual files of anti virus databases and modules for Kaspersky Endpoint Security Update sources can be HTTP and FTP servers local or network folders e Network settings To download updates from Kaspersky Lab s update servers or sources other than local or network folders your computers
196. r containing the skin files AA CN Preferences 0 0E Protection Virus Scan Threats Update Network Reports Service Appearance Events notification W Enable notifications Additional Show application Q In Menu Bar con C In Dock C Nowhere Option changes made will be applied at the next startup of the application of Click the lock to prevent further changes Figure 11 Application preferences window Appearance STARTING AND STOPPING THE APPLICATION This section provides you with information about how to launch the application and close it The application launches immediately after the installation and the Kaspersky Endpoint Security icon on page 30 appears in the Menu Bar IN THIS SECTION Closing Kaspersky Endpoint Security E 39 Configuring the automatic startup of Kaspersky Endpoint Security 39 Configuring the power saving mode 40 CLOSING KASPERSKY ENDPOINT SECURITY If you need to close Kaspersky Endpoint Security for any reason click the Kaspersky Endpoint Security icon on page 30 in the Mac OS Menu Bar or in the Dock and in the menu that opens select the Quit command The application s operation will be stopped the process will be discarded from the computer s RAM After Kaspersky Endpoint Security shuts down the computer will continue to operate in unprotected mode and may be at risk of infection CONFIGURING THE AUTOMATIC STARTUP OF KASPERSKY ENDPOINT SECURITY By default
197. r scheme The color of the main window indicator shows the current protection status Green indicates that your computer s protection is at an optimal level while yellow and red warn of the presence of various problems related to Kaspersky Endpoint Security configuration or operation For more detailed information on these problems and how to fix them use the Security Assistant see section Security Assistant on page 42 that opens when you click on the color indicator In addition to the color indicator the left part of the main window contains a block of text which describes the protection status and lists any security threats logged by the Security Assistant If a virus scan or update task is running information on their progress percentage completion will also be displayed in the left part of the main window The lower part of the window displays summary statistics on the operation of File Anti Virus and information about the databases used by the application You can update Kaspersky Endpoint Security start a user defined virus scan and switch to the license management area from the main window To do so use the following buttons Cl Launch Kaspersky Endpoint Security update At the end of the update the report window see section Reports on page 94 will show detailed information about the task execution d Switch to virus scan tasks Quick Scan Full Scan and Virus Scan in an area specified by the user as well as all custom viru
198. rance Reports Log non critical events Keep only recent events wl Delete reports after 20 days Quarantine and Backup V Delete objects after 20 days Storage Traces Enable trace logs Attention This option should be used only under the direction of Kaspersky Lab Technical Support Service specialist A E Click the lock to prevent further changes Figure 55 Application preferences window Reports CONFIGURING QUARANTINE AND BACKUP STORAGE By default the storage term for objects in Quarantine and Backup is 30 days when it expires objects are deleted You can change the maximum storage period for objects or remove this restriction at all To configure the settings for storing objects do the following 1 Open the application preferences window on page 34 and select the Reports tab see figure below ADMINISTRATOR S GUIDE 2 Inthe Quarantine and Backup Storage section check the Delete objects after box and specify the period after which objects in storage are automatically deleted EA EA EN Preferences W o oO EI Protection Virus Scan Threats Update Network Reports Service Appearance Reports Log non critical events Keep only recent events Wi Delete reports after 30 days Quarantine and Backup V Delete objects after 30 days Storage Traces Enable trace logs Attention This option should be used only under the direction of Kaspersky Lab Tec
199. ration of Kaspersky Endpoint Security cccccccseceeeeeeeeeeeeeeees 110 Remote installation of Kaspersky Endpoint Security cccccccccceeceeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeseaseeeseeeeseaeeeeseeeeesaeeeeesaaeees 115 Managing Network AGGIN wiscescissennisucsrarsbinsoeassounnoteeasireneuauncadebinideccsanesetheusbbenavaedeeaniesbensaaunsadieubiwaudedsgpaneastecoanensedacaubons 118 Administering TG application osc secs ecxeteecedvsvarexceessieeesda Voce cenn Vextedaevactesees dates da avehcustenbxcualiacenoseedeeyeie var EUs ENEN A arinkiri L OT Te le re BEE 135 Managing DOlICIES siarsio a a ea aai a aaa 147 STANDARD DEPLOYMENT SCHEME Take the following steps to manage Kaspersky Endpoint Security via Kaspersky Administration Kit 1 Deploy Administration Server in the network 2 Install Administration Console and the Kaspersky Endpoint Security management plugin see section Installing the Kaspersky Endpoint Security management plugin on page 110 on the Kaspersky Administration Kit administrator s workstation 3 Install Network Agent and Kaspersky Endpoint Security on Mac computers e Network Agent can be installed locally see section Local installation of Network Agent on page 111 or remotely using the SSH protocol see section Installation of Network Agent using the SSH protocol on page 112 e Also you can install Kaspersky Endpoint Security locally see section Installing the application on page 19
200. recent launch in the Completed tasks section If File Anti Virus returns an error when closing view the report and try to restart the component If you cannot solve the problem on your own please contact Kaspersky Lab Technical Support Service see section Contacting Technical Support Service on page 152 Detailed information about File Anti Virus is provided in the report window to the right on the following tabs e The Detected tab lists all dangerous objects detected by File Anti Virus For each object the name and path to the folder where it is stored are displayed as well as the status it has been assigned by File Anti Virus If the malicious program that has infected the object is revealed the object is assigned the corresponding status for example virus Trojan etc lf the type of malicious effect cannot be established precisely the object is assigned the suspicious status The action taken on the object is also specified next to the status detected disinfected ADMINISTRATOR S GUIDE e The Events tab provides a full list of events logged during operation of File Anti Virus specifying the time name status and cause of each event The events can have the following statuses e information for example object not processed skipped by type e warning for example a virus is detected e comment for example archive is password protected e The Statistics tab provides information about the total number of scanned ob
201. red for executing this command 5 Disconnect the network drive on the remote computer To do this enter the following command in the SSH terminal of the client umount Volumes KLSHARE 6 Check if Network Agent is operable on the remote computer To do this enter the following commands in the SSH terminal of the client cd Library Application Support Kaspersky Lab klnagent Binaries sudo klnagchk If the check is successful Network Agent functions properly UPDATING NETWORK AGENT VIA KASPERSKY ADMINISTRATION KIT Before launching the update of Network Agent installed on a remote computer make sure that the following requirements are met e Kaspersky Administration Kit Administration Server is deployed in the corporate network e The Administration Console is installed on the Kaspersky Administration Kit administrator s workspace e Network Agent is installed on the Mac e The installation package for updating Network Agent is created and stored in the shared folder of Administration Server In the installation package properties window on the Connection tab you should specify the IP address or DNS name of Administration Server in the Server address field the number of the port for non encrypted connection to the server in the Port number field and the number of the port for connection to the server using SSL in the SSL port number field If you do not want to use SSL for connection to the server uncheck the Use SSL
202. remains a full featured application but the anti virus databases are not updated As before you will be able to scan your computer for viruses and use the protection components but using only the anti virus databases you had when the license expired To protect your computer from infection with new viruses we recommend that you renew your application license After you have activated the application with the commercial license you can purchase the additional license for Kaspersky Endpoint Security and activate it In this case when the active license expires the additional license will automatically replace it thus allowing the application to keep running without any changes Only one additional license can be activated for Kaspersky Endpoint Security VIEWING LICENSE INFORMATION To view information about your current license open the main application window on page 32 and click the P button License number and type commercial or trial maximum number of hosts expiration date and time and days remaining until the expiration are all displayed in the window that opens see figure below Having a license allows you to use all the application s features and gives you access to application updates and technical support OF92 0003F4 083FC9AC Commercial key for 15 computers CA Your license will expire on 7 15 11 3 59 59 AM Remain 260 days Figure 1 License management If there is no license Kaspersky Endpoint Security
203. rences to Kaspersky Endpoint Security installed on another computer 45 What to do if file ACCESS is blocked 0 00 eee ecccecceccc cece cece ceceeeueeeeeeeeeeueeeeceeeeeaeeeeceeaeeseeeeueeeeeeeseeeeeesuceteeueeeaeeeeeeeeeeaeeteeeneens 46 What to do if you suspect an object of being infected with a vireg cece cecccceececceeeeceeeeeeeeeeeeeeeseeeeseaeesseeeeseeeeseneetaeees 47 How to restore an object that has been deleted or disinfected by the application 47 How to view the report on the application s operation cccccceccceeccseeeaeeeceeeeeeeseeeseeeseeeeseeeseeeseeeeseeeseeesseeeseeesseesseeeaeees 48 What to do when the application s notifications appear cece ceecccceccecececeeeeeaeeeeeeeeeceeeceesessueeeseeeessueesseeeeseeeesneesaneees 48 HOW TO PERFORM A FULL SCAN OF YOUR COMPUTER FOR VIRUSES The full scan task created by default is included in Kaspersky Endpoint Security While running this task the application scans all hard drives for viruses To launch a full computer scan do the following 1 Open the main application window on page 32 and click the a button 2 Inthe menu that opens select the Ca Full Scan task You can view the scan results in the report window see section Virus scan statistics on page 78 ADMINISTRATOR S GUIDE HOW TO PERFORM A QUICK SCAN OF YOUR COMPUTER The quick scan task created by default is included in Kaspersky Endpoint Security While runn
204. rface components for example input fields menu commands buttons etc are indicted in bold To configure a task schedule Instructions are marked by the arrow symbol Introductory phrases to introductions are marked in italics kav update Text in the command line or text of messages displayed on screen has a special font lt IP address of your computer gt Variables are enclosed in angle brackets Instead of a variable the corresponding value is placed in each case and the angle brackets are omitted ADDITIONAL SOURCES OF INFORMATION You can refer to the following sources of information about the application e application page at the Kaspersky Lab website e application page at the Technical Support Service website Knowledge Base e Kaspersky Lab products users forum e help system Application page at the Kaspersky Lab website The application web page hitp www kaspersky com endpoint security mac will provide you with general information about Kaspersky Endpoint Security 8 its features and options You can purchase Kaspersky Endpoint Security 8 or extend your license in our eStore Application page at the Technical Support Service website Knowledge Base Knowledge Base is a separate section of the Technical Support Service website http support kaspersky com kes8mac which provides recommendations for using Kaspersky Lab products This page contains articles published by Technical Support Servi
205. rotection is running D Edit protection policy for Windows Workstations D Edit protection policy for Windows Servers View computers Getting started Computer management Managed computers 2 Unassigned computers discovered 1223 D View managed computers structure Virus Scan Virus scan runs on schedule D Edit virus scan task for Windows Workstations D Edit virus scan task for Windows Servers Update Monitoring Updates repository last updated 17 Critical events registered on Administration minutes ago Server O D Modify update settings D View protection status D Edit notification settings View events gt Introduction gt Getting started Extended gt InterFace How To gt Help Figure 57 Kaspersky Administration Kit Administration Console The appearance of the Kaspersky Administration Kit main window depends on the version of the operating system installed on the administrator s computer Concepts and terms When working via Kaspersky Administration Kit Kaspersky Endpoint Security is administered using the policy settings task settings and application settings adjusted by the administrator Named action performed by the application is referred to as task The following task types exist in accordance with the functions that a task performs e scanning for viruses e updating the application e rolling back the last update e installing a key file Each task is assigned a set of
206. s If a disinfected file contained important information that is partly or completely inaccessible following disinfection you can attempt to restore the Original object from its backup copy To restore an object that has been deleted or modified by the application 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens 2 Inthe left part of the report window select the Backup Storage section The right part of the window displays the contents of Backup in the form of a list of copies of objects 3 Select the copy of the object you require in the list and click the Restore button Confirm the action The object is restored to its original location with its original name If there is an object with the same name in the original location this situation is possible when restoring an object with a copy created prior to disinfection a warning will pop up on screen You can change the location of the object being restored or rename it We recommend that you scan the object for viruses immediately after restoring it It is possible that the object will be disinfected using the updated databases without losing its integrity ADMINISTRATOR S GUIDE HOW TO VIEW THE REPORT ON THE APPLICATION S OPERATION Information about events that occur during the operation of File Anti Virus see section File Anti Virus on page 53 during a virus scan see section Scanning for viruse
207. s on page 64 or during an update see section Updating the application on page 80 is displayed in the reports window see section Reports on page 94 To open the report window open the main application window on page 32 and click the E button WHAT TO DO WHEN THE APPLICATION S NOTIFICATIONS APPEAR Application notifications see section Notification windows and pop up messages on page 35 in the form of pop up on screen messages inform you of events that occur during the application s operation that require your attention If such notification is displayed on the screen you should select one of the suggested options Optimum option is the one recommended by Kaspersky Lab experts by default ADVANCED APPLICATION SETTINGS This section provides detailed information about each application component and describes the operation and configuration algorithms for each component IN THIS SECTION Creating a protection SCOpe E 49 PEATE VIS EEN 53 NOUNS CA EE 64 Vpodatng the AD OM CAMO EE 80 Reports and Storages spartaesesc natin aasuannancouseteonesncoutanasl pansemednaneosasaucnscau saneoussoeaieinaauaspnnigormnennedienooeuanieahoniseteneasasuteneteeenct 89 CREATING A PROTECTION SCOPE The scope of protection for your computer is defined by the following settings e the list of malware programs which the application protects against e list of objects in the trusted zone which are excluded from the protection scope
208. s complete the object may be identified as e malicious for example a virus or Trojan e potentially infected when the scan cannot determine whether the object is infected or not The application has probably found in the file a sequence of code from an unknown virus or modified code from a Known virus By default all malicious objects undergo disinfection and all potentially infected objects are placed in Quarantine see section Quarantine on page 90 To select the action that Kaspersky Endpoint Security should perform if an infected or potentially infected object is detected 1 Open the application preferences window on page 34 select the Virus Scan tab and the name of the task in the list to the left see figure below ADMINISTRATOR S GUIDE 2 Inthe Action section select an action to be performed by Kaspersky Endpoint Security A CN Preferences g a ZO EI RW amp Protection Virus Scan Threats Update Network Reports Service Appearance Quick Scan its Objects to scan You can create a new list of objects to scan GRIES or edit the existing list Virus Scan Security level em Recommended Optimal protection Appropriate for most users Preferences Default Action Prompt for action when the scan is complete Prompt for action during scan Do not prompt for action wi Disinfect iV Delete if disinfection fails Run mode Every 1 day at 12 00 AM soe 6 Click the l
209. s in combating computer threats For example in 2010 Kaspersky Anti Virus received several top Advanced awards in a test administered by A V Comparatives a respected Austrian anti virus laboratory But Kaspersky Lab s main achievement is the loyalty of its users worldwide The company s products and technologies protect more than 300 million users and its corporate clients number more than 200 000 Kaspersky Lab official site http www kaspersky com Virus Encyclopedia http www securelist com en Anti Virus Lab mailto newvirus kaspersky com only for sending potentially infected files in archives http support kaspersky ru virlab helpdesk html LANG en for sending requests to virus analysts Kaspersky Lab web forum http forum kaspersky com INFORMATION ABOUT THIRD PARTY CODE Third party code was used during the application development IN THIS SECTION PrOD LIC wiel 164 Re einen e e EG 169 tg elt e EEN 173 PROGRAM CODE Third party program code was used during the application development IN THIS SECTION ADOBE ABI SAFE CONTAINERS 18 165 BOOST 1300 165 CURL 7 19 3 ccecccccssessecsecsecsesscsecsecsecsessessesucsucsuceesarsucsucsecsesarsuesucsucsucersussussucsussesarsussatsucesarsucsarsecsecersacsassucsessesarsatsaceeeeeee 165 EXPAT ae ne tT Tne A ee ere 165 EMTH 166 GROWL 118 166 INFO ZIP 5 514 cccccceccecsecsecsesecsucsucsecsesecsersucsucsuseesucsacsussucssarsursucsuceesersarsussucsessesarsutsecses
210. s scan tasks if any of them have been created At the end of the update the report window see section Reports on page 94 will show detailed information about the task execution P Switch to the window that displays information about the current license ADMINISTRATOR S GUIDE The top part of the main window contains a navigation panel with the following buttons Open the report window see section Reports on page 94 of Kaspersky Endpoint Security and obtain access to Quarantine see section Quarantine on page 90 and Backup see section Backup Storage on page 92 Open the application preferences window on page 34 Open the Kaspersky Endpoint Security help system fy Open the Technical Support window see section Contacting Technical Support Service on page 152 APPLICATION PREFERENCES WINDOW The Kaspersky Endpoint Security preferences window see figure below can be opened as follows e by clicking the button in the main application window see section Main application window on page 32 e by selecting Preferences in the context menu that opens on clicking the Kaspersky Endpoint Security icon on page 30 in the Dock or Menu Bar EA EA E Preferences eo enobib vii Protection Virus Scan Threats Update Network Reports Service Appearance Events notification Y Enable notifications Additional Show application ei In Menu Bar een CO In Dock C Nowhere Option changes made will be applie
211. s section contains information regarding the basic concepts used in the context of the application licensing This section describes how to activate the application where to view information about the current license and how to purchase and renew a license ABOUT THIS GUIDE Application interface This section contains description of the basic GUI components of the application icon and context menu main application window settings window and notification windows Starting and stopping the application This section provides you with information about how to launch the application and close it Computer protection status This section contains information about how to know whether your computer is protected at the moment or if its security is under threat as well as how to eliminate emerging threats with the help of Security Assistant Solving typical tasks This section describes the tasks encountered by the most users when working with the application as well as the procedures developed for carrying out these tasks Advanced application settings This section provides detailed information about each application component and describes the operation and configuration algorithms for each component Working with the application from the command line This section contains description of the use of the application and its components involving the command line Administering the application via Kaspersky Administration Kit
212. s tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Protection item from the dropdown list in the top part of the window 5 Inthe General section see figure below check the Enable protection box and click the Apply button Kaspersky Endpoint Security 3 for Mac application pre x General settings Licenses Events M Enable protection M Launch application at computer startup Trusted zone Configure Malware categories M Viruses worms Trojans hack tools M Spyware and Adware Iw duto dialers lw Other programs Additional M Disable scheduled scans while running on battery power zen zm _ Figure 61 Application settings window The Settings tab Protection ALSO SEE FEA RUS E 53 CONFIGURING THE AUTOMATIC STARTUP OF KASPERSKY ENDPOINT SECURITY By default Kaspersky Endpoint Security is started automatically on a remote computer when it is turned on or after the operating system is restarted ADMINISTRATOR S GUIDE To disable the automatic start up of Kaspersky Endpoint Security installed on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint S
213. schedule on page 74 You also have the option of creating user tasks in Kaspersky Endpoint Security see section Creating virus scan tasks on page 67 LAUNCHING PAUSING VIRUS SCAN TASK SW To start a virus scan task manually do the following 1 Open the main application window on page 32 and click the a button ADMINISTRATOR S GUIDE 2 Inthe window that opens see figure below select the required task Full Scan Quick Scan or Virus Scan If you have selected the Virus Scan task Kaspersky Endpoint Security offers you to specify the scan scope In addition to the pre set tasks included in the application the menu displays the user virus scan tasks see section Creating virus scan tasks on page 67 that have been created NAN Kaspersky Endpoint Security 8 Figure 30 Virus scan tasks Information on currently running tasks is displayed in the left part of the main window and also in the Running tasks section of the reports window see section Reports on page 94 Information about executed tasks is displayed in the Completed tasks section of the report window see figure below To pause a virus scan task do the following 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens ADVANCED APPLICATION SETTINGS 2 Inthe Running tasks see figure below section select the name of the virus scan task and click the Stop button This will
214. se entitles you to install and use the Software on such a number of Computers as is specified in Clauses 2 2 and 2 3 ADMINISTRATOR S GUIDE 2 2 If the Software was acquired on a physical medium You have the right to use the Software for protection of such a number of Computer s as is specified on the Software package 2 3 If the Software was acquired via the Internet You have the right to use the Software for protection of such a number of Computers that was specified when You acquired the License to the Software 2 4 You have the right to make a copy of the Software solely for back up purposes and only to replace the legally owned copy if such copy is lost destroyed or becomes unusable This back up copy cannot be used for other purposes and must be destroyed when you lose the right to use the Software or when Your license expires or is terminated for any other reason according to the legislation in force in the country of your principal residence or in the country where You are using the Software 2 5 From the time of the Software activation or after license key file installation with the exception of a trial version of the Software You have the right to receive the following services for the defined period specified on the Software package if the Software was acquired on a physical medium or specified during acquisition if the Software was acquired via the Internet Updates of the Software via the Internet when and as the Rig
215. section Protection status overview on page 41 to make sure that Kaspersky Endpoint Security is set at the right protection level e Update Kaspersky Endpoint Security see section How to update databases and application modules on page 45 It is important to keep the Kaspersky Endpoint Security databases up to date so that the application is able to detect and deal with malware e Runa full computer virus scan see section How to perform a full computer virus scan on page 43 If you encounter any problems or errors in the operation of the application open the Kaspersky Endpoint Security operation report window see section Reports on page 94 The cause may be described in the report If you cannot solve the problem on your own please contact Kaspersky Lab Technical Support Service see section Contacting Technical Support Service on page 152 DELETING THE APPLICATION By uninstalling Kaspersky Endpoint Security you will expose your computer to a serious risk of infection Before uninstalling the application we recommend that you process all objects stored in Quarantine and Backup Storage All stored objects that have not been processed will be deleted without any opportunity to restore them in the future To remove Kaspersky Endpoint Security from your computer 1 Open the contents of the Kaspersky Endpoint Security installation file To do this insert an installation CD into the disk drive If you purchased Kaspersky E
216. sesersutsatsceesetsateatseseeeseseneveeaeeeess 167 ES IN I2 rece ee Ee 167 LUpUTE hkkk a akeh k enk L kk ank E k EAA L AA EAA AAEE ALAA EEA ALAA EEA AA AEE ALEEA AALA E EEA AEAEE A EAA EEAS E EAEE A EEEE EE AEEA EE AE EEE EEEE rrn 167 LZMALIB AA 168 MDSH OO 168 IUD ME 168 RFC1321 BASED RSA FREE MD5 LIBRARY ssssssssssiisssakikktahkkkktn hkkk keen k Aken n LAAk EE AAE EEE AE EEE EEE EE EELEE AEE EEEE EEn rani 168 ETNE oa ID 168 STEPORT E 169 TINYXML A 169 ZUBID8123 169 INFORMATION ABOUT THIRD PARTY CODE ADOBE ABI SAFE CONTAINERS 1 0 Copyright C 2005 Adobe Systems Incorporated Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVEN SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILI
217. sky Endpoint Security you will be provided with complete information support application returns messages on the protection status and offers detailed guidance Security Assistant on page 42 included in the application package provides a complete picture of the computer s current protection status and troubleshooting options ADMINISTRATOR S GUIDE IN THIS SECTION PTS CUT ON AEN 18 Hardware and software system requirements n nnnannn1nnnniinrrnnniesrirrrirsrrrsrrrsrrrsnrrsrrrerirenrrsnrrenrrenrntnrnenrnenrnnrnnnnnnnrennnn 18 DISTRIBUTION KIT You can purchase Kaspersky Endpoint Security boxed edition from our resellers or in an online store Such as www kaspersky com eStore section If you buy the boxed version of the program the package will include e A sealed envelope containing the installation CD containing the program files and documentation in PDF format e The end user license agreement EULA In addition the package may include e A printed User Guide if this item was included in the order or a Product Guide e The program activation code attached to the installation CD envelope e Registration card with product serial number Before breaking the seal on the installation disk envelope carefully read through the License Agreement By unsealing the envelope with the installation CD you accept all the provisions of the License Agreement When purchasing Kaspersky Endpoint Security online you
218. store load install execute and display to use the Software on a specified number of Computers in order to assist in protecting Your Computer on which the Software is installed from threats described in the User Manual according to the all technical requirements described in the User Manual and according to the terms and conditions of this Agreement the License and you accept this License Trial Version If you have received downloaded and or installed a trial version of the Software and are hereby granted an evaluation license for the Software you may use the Software only for evaluation purposes and only during the single applicable evaluation period unless otherwise indicated from the date of the initial installation Any use of the Software for other purposes or beyond the applicable evaluation period is strictly prohibited Multiple Environment Software Multiple Language Software Dual Media Software Multiple Copies Bundles If you use different versions of the Software or different language editions of the Software if you receive the Software on multiple media if you otherwise receive multiple copies of the Software or if you received the Software bundled with other software the total permitted number of your Computers on which all versions of the Software are installed shall correspond to the number of computers specified in licenses you have obtained provided that unless the licensing terms provide otherwise each acquired licen
219. t 116 Removing the application via Kaspersky Administration hit 117 Managing Network Agent EE 118 Connecting a client computer to Administration Server manually Utility tool Klmover 119 Checking the connection between a client computer and Administration Server manually Utility tool lieler LEE 120 Starting stopping Network Agent on a Client computer 121 Administering the appicaton 121 Starting and Stopping the application c ccc cccccceecccsececeeeeeeeeeeceeceseeeeseeeeeseeeeseeeesseeesseeesseeeeseeeeseeeessneetaneeees 122 Modifying the application settings cccccccccseecceseeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeseeeeeeseeeeeeseeeeseeeeeeseeeeessaneeessaeeessaeeeees 123 WAN AGING TASKS cxcintanauncacasnedetsenneotaesanedstiaanvoctananadusaaanotesnasedeicesataween ound efsdaaavesnnaedudenanyornenaneivisnannueneinaedatsnartacheneas 135 Starting KE Ise elei ne 137 Eege 138 KS E 139 Conniguring task SEINS ee EE 140 Managing Baier 147 PS ATI Gh POl E S ea E E eeatecctnteeia ede 147 P lhcy Creation Wiza EE 148 Configuring DEER Eeer 150 CONTACTING TECHNICAL EE e 152 A Gal el LD EE 154 List of objects to SCAN Dy extension ccccccssecccceseecceescecceuececseueeecsuscecseuececsuueeecsuececseueeessaueeeseuecesseseeessuseessaaeees 154 Permissible file E e Ee nun EE 156 Allowed exclusion masks according to the Virus Encyclopedia dasettcaton 157 TR AR n ae oie a neo RN ene eee E One ee eee een ee 158 FASPER RT EE 163
220. t Security creates backup copies of them in case you need to rollback Update rollback feature see section Rolling back the last update on page 81 may be useful if a new version of the databases contains an invalid signature that makes Kaspersky Endpoint Security block a safe application In case of Kaspersky Endpoint Security database corruption it is recommended to run the update task to download a valid set of databases for up to date protection At the same time as updating Kaspersky Endpoint Security you can copy the downloaded updates to a local source see section Updating from a local source on page 82 The service allows you to update Kaspersky Endpoint Security databases and modules used by the application locally on other computers to reduce Internet traffic ADVANCED APPLICATION SETTINGS IN THIS SECTION Saning OC E 81 FS NMI VS Dack the Ee e ics ethane tu Ske kt det lana cc a Cle daca Fda eae dein ena eid icin Corsica math RERAN 81 Updating from alOCal SOURCE ececcsccricngeceteccstcct santa ceeesmnssebeacdesedectenoshb anne eeeeiadaccbbinneseienes necbhtams ainia rac hini i rriren aiderait 82 Conngunng he UO CAC EE 84 Biest E e 88 STARTING UPDATE Updating Kaspersky Endpoint Security in a timely manner keeps your computer protected at a due level If the anti virus databases and modules are not updated the information on your computer is at serious risk The bottom part of the main application window see section
221. t opens select the Settings tab 4 Select the Protection item from the dropdown list in the top part of the window 5 Inthe Malware categories section see figure below check the boxes next to the names of the malware groups against which Kaspersky Endpoint Security should protect your computer ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Kaspersky Endpoint Security protects your computer against viruses worms Trojans and hacking tools Therefore it is not possible to uncheck the box for this group Kaspersky Lab does not recommend disabling monitoring of spyware adware and auto dialers If Kaspersky Endpoint Security classifies a program which you do not consider to be dangerous as unwanted you can configure an exclusion rule for it see section Creating a trusted zone on page 126 Kaspersky Endpoint Security amp for Mac application pre x General settings Licenses Events M Enable protection M Launch application at computer startup Trusted zone Configure Malware categories hg Viruses worms Trojans hack tools Je Spyware and Adware lw Suto dialers M Other programs Additional M Disable scheduled scans while running on battery power Eed zen zm _ Figure 64 Application settings window The Settings tab Protection ALSO SEE Selecting malicious programs to be monttored ue 49 CONFIGURING THE POWER SAVING MODE By defa
222. t require significant system resources since the range of files scanned is smaller By default File Anti Virus uses the Recommended security level You can increase or decrease the level of file system protection by selecting Maximum protection or Maximum speed accordingly or by modifying the current settings SW To change the defined security level do the following 1 Open the application preferences window on page 34 and select the Protection tab see figure below 2 Inthe Security level section move the slider bar to the required position Modifying the security level changes the balance between the scan speed and the total number of files scanned the fewer files scanned for viruses the higher the scan speed If none of the preset security levels meets your needs you can customize the scan settings You are advised to select the level closest to your requirements as a basis and then modify its settings This will change the name of the security level to Custom To modify the settings for the current security level do the following 1 Open the application preferences window on page 34 and select the Protection tab see figure below 2 Inthe Security level section click the Preferences button 3 In the window that opens edit the file protection settings e onthe General tab see section Specifying the types of files to scan on page 58 specify the types of files to be scanned e onthe Protection scope tab see secti
223. t you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone understands that there is no warranty for this free software If the software is modified by someone else and passed on we want its recipients to know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all
224. tASK cccccecccceecccseeeeceeeeceeeeeaeeeeseececeeeessnecsaeeeeseeeessueesaueeeseeeseeeesanees 104 ADMINISTRATOR S GUIDE Exporting protection settings E 105 Importing protection SOTUINGS is cccnsnncravercisaxtaenevareesstetheimmetaaensd rand yncietOnnsssbectenamnouititd ent iauie statis iusbuameieidieeidmTeineds 105 Activating the application EE 105 Closing the applicator EE 106 Return codes of the command me 106 ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT 0 0 0 cccecccceeeeeeeeeeeeseeeeeeneeeeeeees 107 Standard deployment scheme n nnsnenneoennenenneornrrornrrrrnrrorrrrrrnrrornrrrrnrrotnttotnttornttn tntto tntto antro rntEo antro tnrro rnern enero ennen 109 Installing software required for the remote administration of Kaspersky Endpoint Gecurttv 110 Installing the Kaspersky Endpoint Security management plugin cceccccceeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeesseeeeesaeees 110 Local installation of Network Agent 111 Installation of Network Agent using the SSH porotocoOl 112 Updating Network Agent via Kaspersky Administration kt 113 Uninstallation of Network Agent 114 Remote installation of Kaspersky Endpoint Security cccccccccseeeceeeeeeeeseeeeeseeeeeseeeeeeseeeeeseeeeeeeeeesseeeeesseeensaaees 115 Installing the application using the SSH orotocol cece eeccceececceeeeceeeeeeeeeeeeeeeeeeeeseecesseeeeseeeeseeeesseeessneeeees 115 Installing the application via Kaspersky Administration hi
225. tacting Technical Support Service on page 152 Detailed information about the execution of virus scan tasks is provided in the report window to the right on the following tabs e The Events tab lists all operations performed during the update process in sequence with the names of the updated objects the paths to the folders in which they are stored and the time taken to access them e The Preferences tab lists the main settings used to perform the update To configure a component quickly click the Change preferences button SCH CN EN CHOCO Reports Kaspersky Endpoint Security REPORTS Events Preferences ka Detected 2 E Goen Event Object name Time Traffic EE CG Task started 10 26 10 2 30 44 PM ee Update source is selected http dnl test kaspersky labs com test emu 10 26 10 2 30 44 PM H Backup storage Proxy server is in use proxy avp ru 3128 10 26 10 2 30 44 PM RUNNING TASKS File download is in progress ijndex u0607g xml dif 10 26 10 2 30 44 PM File Anti virus D File downloaded index u0607g xml dif 10 26 10 2 30 44 PM 3 6 KB Creating the list of files to dow 10 26 10 2 30 44 PM COMPLETED TASKS Task completed Databases are up to date 10 26 10 2 31 02 PM All Last 20 KS File Anti virus Q ig Update KS File Anti virus KS File Anti virus Result Update is not required Update size 3 6 KB Start 10 26 10 2 30 44 PM Transfer rate 356 45 Kb s Duration 00 00 18 Completion 10 26 10 2 31 02 PM e b
226. tatus of protection summarizing the degree of a computer s security Q QUARANTINE A specific folder where all possibly infected objects are placed which were detected during scans or by real time protection R RECOMMENDED LEVEL Level of security based on the application settings recommended by Kaspersky Lab experts to provide the optimal level of protection for your computer This level is set to be used by default RESTORATION Moving an original object from Quarantine or Backup Storage to the folder where it was originally found before being moved to Quarantine disinfected or deleted or to a different folder specified by the user S SUSPICIOUS OBJECT An object that contains modified code of a known virus or code that resembles code of a virus but is not yet known to Kaspersky Lab Suspicious objects are detected using the heuristic analyzer ADMINISTRATOR S GUIDE T TASK FOR A SET OF COMPUTERS A task assigned for a set of client computers from arbitrary administration groups within a logical network and performed on those hosts U UNKNOWN VIRUS A new virus about which there is no information in the databases Generally unknown viruses are detected by the application in objects using the heuristic analyzer and those objects are classified as potentially infected UPDATE The procedure of replacing adding new files databases or application modules retrieved from the Kaspersky Lab update servers UPDATE P
227. te In your Personal Cabinet you can take the following actions e send requests to Technical Support Service before registration e exchange messages with Technical Support Service without using email e monitor requests in real time e view a complete history of all your queries e obtain a backup copy of the key file Email query to Technical Support Service To contact Technical Support open the web form available at the Helpdesk http support kaspersky com helpdesk html On the Technical Support Service page that opens enter your Personal Cabinet and fill in the form You can send your query in Russian English German French or Spanish To send your query by email specify the Customer ID and password that you received during registration at the Technical Support Service website Describe the problem you have encountered in the web form providing as much detail as possible Specify the following in the required fields CONTACTING TECHNICAL SUPPORT SERVICE e Type of query Select the subject that best matches the problem you have encountered such as Product installation uninstallation problem or Virus scan removal problem If you have not found an appropriate topic select General question e Application product name and version number e Text of query Describe the problem in as much detail as possible e Customer ID and password Enter the Customer ID and password you received during registration on t
228. te using the Back and the Next buttons to close the wizard once it has completed its work use the Finish button To stop the wizard at any stage use the Cancel button STEP 1 ENTERING GENERAL DATA ON THE POLICY In the Policy name window in the Name field specify the name of the policy to be created STEP 2 SELECTING AN APPLICATION In the Application window select the Kaspersky Lab application that the policy has been created for Kaspersky Endpoint Security 8 for Mac STEP 3 SELECTING A POLICY STATUS In the Create a policy window select a status of the policy that will be assigned to it after creation The following statuses can be assigned to a policy e active policy e inactive policy e policy for mobile user Several policies can be created for a group of computers for a single application but only one of them can be the current active policy STEP 4 CONFIGURING WEB TRAFFIC SETTINGS In the Protection window enable or disable the protection components that will be used by the policy All protection components are enabled by default To disable any of the components uncheck the appropriate box To configure advanced settings for a protection component select it from a list and click Settings For more information see the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT ALSO SEE Enabling and disabling file protection ccccc
229. tec detec detec not d not d not d detec detec not d detec not d not d detec File File File ected ected ected File File ected File ected ected File Reason postponed postponed postponed postponed postponed postponed 10 27 10 5 35 30 PM 00 00 00 unknown Clear all To scan objects in your computer for viruses not only can you use the virus scan tasks integrated into Kaspersky Endpoint Security but also create your own custom tasks New tasks are created by modifying existing ones To create a new virus scan task please do the following 1 Open the application preferences window on page 34 e ADMINISTRATOR S GUIDE 2 Select the Virus Scan tab in the list to the left see figure below and select Quick Scan task or Full Scan task whose settings most closely match your requirements CO CH CH Preferences W APFOOQOE WW v Protection Virus Scan Threats Update Network Reports Service Appearance Quick Scan Objects to scan You can create a new list of objects to scan Full Scan or edit the existing list Virus Scan Security level ja Recommended Optimal protection Appropriate for most users Preferences Default Action Prompt for action when the scan is complete Prompt for action during scan Do not prompt for action wi Disinfect wi Delete if disinfection fails Run mode Every 1 day
230. ter update on page 92 e Restore files to the folder specified by the user or the folder from which they were moved to Quarantine by default To restore an object select it in the Quarantine window see figure below and click the Restore button Confirm the action When restoring objects quarantined from archives mail databases or mail format files you should also specify the directory in which they will be restored We recommend that you only restore objects with the fa se positive status since restoring objects with different statuses may lead to your computer becoming infected e Delete any object in Quarantine ADMINISTRATOR S GUIDE Only delete objects that cannot be disinfected To delete an object select one in the Quarantine window see figure below and click the Delete button To clear Quarantine storage click the Clear all button You can also configure automatic deletion of the oldest objects in Quarantine see section Configuring Quarantine and Backup Storage on page 97 ry fy ry Reports Kaspersky Endpoint Security REPORTS gt Detected ZEN Status Object Size Added Added by user test viruses CORR Eicar3 com 73 bytes October 2 MT 04 00 EEE quarantined virus EICAR Test Meicar SUSP Eicar2 com 73 bytes October 2 MT 04 00 RUNNING TASKS VS File Anti virus k COMPLETED TASKS All Last 20 ER ill 7 Delete Restore Add Clear all Scan all EA Figure 51 Report
231. th the space e a do not scan archives e b do not scan email databases e m do not scan emails in text format e lt mask gt do not scan objects by mask see section Permissible file exclusion masks on page 156 e lt seconds gt skip objects that are scanned for longer than the time specified in the lt seconds gt parameter ADMINISTRATOR S GUIDE es lt size gt skip objects with size that exceeds the specified value in MB lt report settings gt this parameter determines the format of the report on scan results You can use an absolute or relative path to the file for saving the report If the setting is not defined scan results are displayed on screen and all events are shown r lt report_file gt only log important events in this file ra lt report_file gt log all events in this file lt advanced settings gt settings that define the use of anti virus scanning technologies and of the settings configuration file iSwift lt on off gt enable disable the use of iSwift technology c lt configuration_file_name gt defines the path to the configuration file that contains the application preferences for the virus scan task You can enter an absolute or relative path to the file If the parameter is not specified the values set in the application interface are used together with the values already specified in the command line Example Run the scan of t
232. the computers for which the remote application installation task should be created according to the option selected at the previous step Click the Next button 13 In the Account window click the Next button 14 In the Task scheduling settings window select a task run mode manually or by a schedule To do this select the value that will define the frequency of the task run from the dropdown list and specify the time of the task run Click the Next button 15 The last window of the wizard will inform you that you have successfully created a task Click the Finish button to close the Assistant The task that you have created will appear in the console tree in the Tasks for specific computers folder REMOVING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT Removing Kaspersky Endpoint Security from a remote computer may lead to a risk of infection Before removing Kaspersky Endpoint Security from a remote computer make sure the following conditions are met e Kaspersky Administration Kit Administration Server is deployed in the corporate network e The Administration Console is installed on the Kaspersky Administration Kit administrator s workspace e Network Agent and Kaspersky Endpoint Security are installed on the Mac computer You can remove Kaspersky Endpoint Security from a client computer via Kaspersky Administration Kit by creating and further running a task for remote application uninstallation WS To create a task for remot
233. the list and remove them Click the Next button to proceed with the configuration 2 Specify the action that Kaspersky Endpoint Security should perform if an infected or potentially infected object is detected Update In the Update window you should specify the source from which updates will be downloaded to run the update task for anti virus databases and application modules By default the update is carried out from the Administration Server and Kaspersky Lab update servers Edit the list of update sources if necessary 18 For more information see the Kaspersky Administration Kit Reference Guide ADMINISTRATOR S GUIDE Roll back update The rollback update task contains no specific settings Installing a key file In the License management window click the Browse button and specify the path to a key file in the standard window that opens If the key file is added as a key file for an additional license check the Add key file as backup one box The backup license takes effect when the active license key expires Information about the installed key file key number key type and expiration date is displayed below Changing the Administration Server In the Settings window specify the settings that Network Agent installed on client computers should use to connect to a new Administration Server STEP 4 CONFIGURING A SCHEDULE In the Task scheduling settings window select a task run mode manually or by a schedule
234. ting Technical Support Service on page 152 Detailed information about the execution of virus scan tasks is provided in the report window to the right on the following tabs e The Detected tab lists all the dangerous objects detected while the task was running For each object the name and path to the folder where it is stored are displayed as well as the status it has been assigned by Kaspersky Endpoint Security If the malicious program that has infected the object is revealed the object is assigned the corresponding status for example virus Trojan etc If the type of malicious effect cannot be established precisely the object is assigned the suspicious status The action taken on the object is also specified next to the status detected disinfected e The Events tab keeps a full list of events that occur while the virus scan task is running with the time name status and cause of each event The events can have the following statuses e information for example object not processed skipped by type e warning for example a virus is detected e comment for example archive is password protected e The Statistics tab provides information about the total number of scanned objects and in separate columns how many objects out of the total number scanned are archives how many are dangerous how many have been disinfected how many have been placed in Quarantine etc e The Preferences tab lists the main settings used to run the
235. tion Check the Classification box in the Settings field to exclude objects from the scan based on the type of threat as listed in the Virus Encyclopedia To specify the name name mask of a threat click the ADMINISTRATOR S GUIDE Classification link to open the Classification window and enter the name or mask of a threat as listed in the Virus Encyclopedia e Feature To specify the features of Kaspersky Endpoint Security that should be covered by the rule being created click the Feature link in the Description field to open the Excluding features tasks and check the boxes next to the names of the features File Anti Virus or Virus Scan A Exclusion rule xj Options C Classification Comment Rule description click underlined parameters to edit Object will nok be scanned if the Following conditions are met Object specify Component any Figure 63 The Exclusion rule window ALSO SEE Creating a trusted ZONE EE Sl SELECTING MALICIOUS PROGRAMS TO BE MONITORED To select the groups of malware against which Kaspersky Endpoint Security will protect a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 In the application settings window tha
236. tion of objects for further analysis The most useful virus scan tasks are included in the Kaspersky Endpoint Security package full computer scan and quick scan of critical areas Update Updating of databases and modules of Kaspersky Endpoint Security from Kaspersky Lab s update servers and from Kaspersky Administration Kit Administration Server creation of backup copies of all the updated files to allow a future roll back copying of updates into a local source to allow other networked computers to access them thereby reducing Internet traffic Quarantine Moving potentially infected objects to Quarantine storage of potentially infected objects in the Quarantine folder further scan using updated databases restoration of objects from the storage upon the user s request Backup Storage Creation of a copy of each infected object to store in Backup Storage before disinfecting or deleting it so that it can later be restored or further analyzed for investigation Reports Compilation of a detailed report on the performance of each Kaspersky Endpoint Security component Notifications Notification of the user about certain events which occur during the operation of Kaspersky Endpoint Security You can select the notification for each event type whether an audio or pop up message You can change the appearance of the Kaspersky Endpoint Security by using various graphic elements and selected color solutions When working with Kasper
237. tion of viruses worms Trojans hack tools Detection of possibly infected object Disinfection impossible License validity period has expired Databases are obsolete Functional failure License is missing corrupted or blacklisted Update error Task can not be executed Databases are missing or corrupted O Important events Detection of adware spyware etc A License validity period expires soon Other important events CH a ess A LRARAAAACOARAAAAAAAAA LIA A 4 A A A A A A A A A A A AL LA Fan Figure 10 Configuring receipt of notifications ABOUT POP UP MESSAGES Pop up messages are displayed on the screen by Kaspersky Endpoint Security to inform you of events that do not require the obligatory selection of an action Pop up messages appear under the application icon in the Menu Bar and automatically disappear from the screen shortly after CONFIGURING THE KASPERSKY ENDPOINT SECURITY INTERFACE You can change the appearance of Kaspersky Endpoint Security by creating and using various graphics and color schemes All the colors fonts icons and texts used in the application interface can be changed To enable the graphics shell do the following 1 Open the application preferences window on page 34 and select the Appearance section see figure below ADMINISTRATOR S GUIDE 2 In the Skin section click the Select button and in the window that opens select the folde
238. ult Kaspersky Endpoint Security runs in power saving mode In this mode the virus scan task for which the schedule is set will not start if a computer with the application installed on it is powered with a battery To disable the power saving mode on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab ADMINISTRATOR S GUIDE 4 Select the Protection item from the dropdown list in the top part of the window 5 Inthe Additional section see figure above uncheck the Disable scheduled tasks while running on battery power box CONFIGURING RECEIPT OF NOTIFICATIONS To configure the receipt of notifications of events that occur on a remote computer 1 Open the properties window on the client computer see section Managing the application on page 121 on the Applications tab 2 Select Kaspersky Endpoint Security 8 for Mac from the list of all Kaspersky Lab applications installed on the computer and click the Properties button 3 Inthe application settings window that opens select the Settings tab 4 Select the Interaction with user item from the dropdown list in the top part of the window 5 Inthe
239. um protection the most complete scan of the entire computer or individual disks folders or files We recommend this level if you suspect that your computer is infected with a virus e Recommended contains the settings recommended by Kaspersky Lab e Maximum Speed this level enables you to comfortably use other applications that require significant system resources since the range of files scanned is smaller By default virus scan tasks are executed at the Recommended security level You can increase or decrease the thoroughness of the scan by selecting Maximum protection or Maximum speed accordingly or by modifying the current settings To modify the security level of a virus scan task do the following 1 Open the application preferences window on page 34 and select the Virus Scan tab see figure below 2 Select the task in the list to the left 3 Inthe Security level section move the slider bar to the required position Changing the security level changes the balance between the scan speed and the total number of files scanned the fewer files scanned for viruses the higher the scan speed If none of the preset security levels meets your needs you can customize the scan settings You are advised to select the level closest to your requirements as a basis and then modify its settings This will change the name of the security level to User To modify the settings for the current security level do the following 1 Ope
240. up task carry out the following steps 1 Start Kaspersky Administration Kit Administration Console 2 Expand the Administration Server node 3 Inthe Managed computers folder select the folder with the name of the group containing the computers for which you want to create a task then select the Group tasks subfolder 4 Click the Create Task link in the taskbar to open the New task wizard Follow its instructions to create a new group task The specifics of creating group tasks are covered in the Kaspersky Administration Kit Reference Guide Sg To create a task for specific computers Kaspersky Administration Kit task 1 Start Kaspersky Administration Kit Administration Console 2 Select the Tasks for specific computers folder Kaspersky Administration Kit tasks 3 Click the Create Task link in the taskbar to open the New task wizard Follow its instructions to create a new task for specific computers or a task for Kaspersky Administration Kit The specifics of creating Kaspersky Administration Kit tasks or tasks for specific computers are covered in the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT NEW TASK WIZARD You can create new tasks from Kaspersky Lab applications installed on a separate client computer using New task wizard The wizard comprises a series of screens steps that you can navigate using the Back and the Next buttons to close the wizard
241. ur computer M MAXIMUM PROTECTION Security level for your computer corresponding to the most complete protection that the application can provide At this protection level all files on the computer removable storage media and network drives are scanned for viruses if connected to the computer N NETWORK AGENT Component of Kaspersky Administration Kit that coordinates interaction between Administration Server and Kaspersky Lab applications installed on a network node a workstation or a server This component supports all Windows applications included in Kaspersky Lab products Dedicated versions of the Network Agent exist for Kaspersky Lab s Novell Unix and Mac applications NETWORK PORT TCP and UDP parameter that determines the destination of data packets in IP format that are transmitted to a host over a network and makes it possible for various programs running on a single host to receive data independently of each other Each program processes data received via a certain port this is sometimes referred to as the program listening to that port For some common network protocols there are usually standard port numbers for example web servers usually receive HTTP requests on TCP port 80 however generally a program can use any protocol on any port Possible values 1 to 65535 O OBJECT DISINFECTION The method used for processing infected objects which results in the complete or partial recovery of data or the decision
242. urity is always installed by default e File Anti Virus Scans all objects opened executed or saved in real time ADMINISTRATOR S GUIDE e Finder Context Menu Scans objects displayed in Finder Scans are started from the object context menu e Connector for Network Agent Necessary for remote administration of the program through Kaspersky Administration Kit Once the components are selected click the Install button and enter the administrator s password to confirm the installation To return to the default installation settings see section Kaspersky Endpoint Security default installation on page 20 click the Standart installation button Wait until the Kaspersky Endpoint Security Installation Assistant installs the selected application components 8 Inthe Summary window read the information about the installation process and click the Close button to exit the Installation Assistant Kaspersky Endpoint Security starts up automatically when installation is complete You do not have to restart the computer PREPARING FOR USE AFTER INSTALLATION After Kaspersky Endpoint Security has been installed we recommend that you take the following actions e Activate Kaspersky Endpoint Security see section Kaspersky Endpoint Security activation on page 27 Using a licensed version will let you update the application s databases on a regular basis and access Technical Support Service e Assess the current protection status see
243. us scan tasks under a different user account This ensures that the computer is scanned in due time regardless of the rights of the current user For example you might need access rights to a certain object during a scan By using this feature you can configure tasks to run under a user account with the necessary privileges This service is disabled by default so that tasks are started under the current account under which you have been logged in the operating system You can configure the Quick scan and Full scan tasks under a privileged user account as well as user virus scan tasks created on their basis To specify an account under which virus scan tasks should be started 1 Open the application preferences window on page 34 select the Virus Scan tab 2 Inthe list to the left select the name of a virus scan task and enable the scheduled task run in the Run mode section Click the Edit button to configure the task under a user account ADMINISTRATOR S GUIDE 3 In the window that opens see figure below in the Run as section select the account under which the task will be started from the dropdown list Frequency Weeks S Schedule Mon Tue Wed Thu Fri VI Sat M Sun WV Time 5 20 PM Run skipped task Runas Kaspersky Lab Figure 38 Configuring a virus scan task schedule ASSIGNING UNIFORM SCAN SETTINGS TO ALL TASKS By default virus scan tasks included in the Kaspersky Endpoint Se
244. vation code is a code supplied with Kaspersky Endpoint Security commercial license This code is required for application activation The activation code represents a sequence of Latin characters and digits divided by hyphens into four groups of five symbols without spaces For example 11111 11111 11111 11111 ABOUT THE KEY FILE The availability of Kaspersky Endpoint Security is ensured by a key file You are provided with a key file on the basis of the activation code see section About the activation code on page 27 obtained when purchasing the application it entitles you to use the latter starting from the day of activation The key file contains information about the license the type date of expiry and number of hosts KASPERSKY ENDPOINT SECURITY ACTIVATION Before activating Kaspersky Endpoint Security make sure that the current system date value on your computer matches the actual date and time The activation procedure consists of installing a key file see section About the key file on page 27 that Kaspersky Endpoint Security applies to verify the rights for the use of the application and define the term of its use The application is activated using the Activation Assistant Follow these steps to activate the application At any stage in the Activation Wizard you can click the Cancel button to interrupt the activation The Activation Wizard will close If the application has not been activated all options of Kaspersky Endpoi
245. virus databases and modules To configure a connection to a proxy server do the following 1 Open the application settings window on page 34 and select the Network tab see figure below 2 Inthe General section check the Use proxy server box ADMINISTRATOR S GUIDE 3 Inthe Proxy server section configure the proxy server a EA E Preferences W vi SO EI Protection Virus Scan Threats Update Network Reports Service Appearance General Fal Use proxy server If you are using a proxy server for your Internet connection select the corresponding checkbox and specify its preferences below Proxy server Use system proxy server preferences Use specified proxy server preferences Address Port 8O Wl Bypass proxy server for local addresses Use authentication User name Password TTT fi E Click the lock to prevent further changes Figure 48 Application preferences window Network If you are downloading the update from an FTP server connection to the server is in passive mode by default If this connection fails it will attempt to connect in active mode By default the time assigned to connect to an update server is one minute If a connection cannot be established after this period an attempt is made to connect to the next update source in the list This continues until a connection is successfully established or until all the available update servers have been tried UPDATE STATISTICS
246. virus scan task To configure a component quickly click the Change preferences button f 1 I 1 Reports Kaspersky Endpoint Security EC 4 Detected MIAE Preferences a Time Path Status Reason N 10 27 10 5 35 30 PM File Meicar CURE Eicarl com derer Elei BN Backup Storage 10 27 10 5 35 30 PM File Meicar DELE Eicarl com derer Elei 10 27 10 5 35 30 PM File Meicar Eicarl com detec File RUNNING TASKS 10 27 10 5 35 30 PM File Meicar CURE Eicarl com not d ected postponed Q 10 27 10 5 35 30 PM File Meicar DELE Eicarl com not d ected postponed File anti virus 10 27 10 5 35 30 PM File Meicar Eicarl com not d ected postponed 10 27 10 5 35 30 PM File Meicar Eicar3 com derer Elei COMPLETED TASKS 10 27 10 5 35 30 PM File Meicar Eicar2 com detec File All 10 27 10 5 35 30 PM File Meicar Eicar3 com not d ected postponed Last 20 10 27 10 5 35 30 PM File Meicar SUSP Eicar3 com detec File 10 27 10 5 35 30 PM File Meicar Eicar com not d ected postponed 10 27 10 5 35 30 PM File Meicar SUSP Eicar3 com not d ected postponed 10 27 10 5 35 30 PM File Meicar SUSP Eicar3 com detec File Now scanning 5U5P Eicar3 com Location Meicar Scanned 12 Start 10 27 10 5 35 30 PM Detected 6 Duration 00 00 00 Untreated 6 Completion unknown ER ill 7 Start Stop Clear all Figure 41 Report window Virus Scan ADMINISTRA
247. will inform you that you have successfully created a policy Click the Finish button to close the Assistant The policy that you have created will be displayed in the console tree in the Policies folder for the corresponding administration group You can edit the settings of the policy created and restrict modifications to these settings using the EN and a buttons for each group of settings If the a icon is displayed the user of the client computer will not be able to edit the settings Settings marked with the a icon can be edited by the user The policy will be applied to client computers after the first synchronization of the clients with Administration Server CONFIGURING POLICY SETTINGS Kaspersky Administration Kit allows you to make changes to the policy created and block any modifications to its settings in the policies of nested groups application settings and task settings The policy settings can be edited in the policy properties window on the Settings tab see figure below All tabs in the policy properties window except for the Settings tab are standard for Kaspersky Administration KIC The policy settings for Kaspersky Endpoint Security include the application settings see section Modifying the application settings on page 123 and task settings see section Configuring task settings on page 140 For more information see the Kaspersky Administration Kit Administrator Guide ADMINISTERING THE APPLICA
248. window Quarantine SCAN OF QUARANTINE AFTER UPDATE Each package of anti virus database updates contains new records to protect your computer from the most recent threats Kaspersky Lab specialists recommend that you scan potentially infected objects stored in Quarantine immediately after update see section Quarantine on page 90 Quarantine stores objects whose contents include malware that was not properly identified by File Anti Virus or during a virus scan task After the databases are updated Kaspersky Endpoint Security will probably be able to clearly identify and eliminate the threat By default Kaspersky Endpoint Security scans quarantined objects after each update Kaspersky Endpoint Security will not be able to scan quarantined objects immediately after updating the databases if you are using Quarantine at that moment You can disable scan of quarantined objects after each update of the application by unchecking the corresponding box on the Update tab of the application preferences window BACKUP STORAGE Sometimes it is not possible to save objects in their entirety during the disinfection process If a disinfected file contained important information that is partly or completely inaccessible following disinfection you can attempt to restore the original object from its backup copy Backup copy is a copy of the original dangerous object that is created when first disinfecting or deleting the object and saved in Backup Storag
249. window opens 2 Inthe left part of the report window select Detected The right part of the window displays a list of dangerous objects that have been detected with their status 3 Press the Disinfect all button After each object is processed a notification will appear on screen to prompt for further action If you check the Apply to all box in the notification window the selected action will be applied to all objects with the same status To process potentially infected objects in Quarantine 1 Open the main application window on page 32 and click the button The Kaspersky Endpoint Security report window opens 2 Inthe left part of the report window select Quarantine The contents of Quarantine are displayed in the right hand part of the window 3 Click the Scan all button to scan and cure all potentially infected objects in Quarantine using the current Kaspersky Endpoint Security databases 4 Click the Restore button to restore the files to the folder specified by the user or the folder from which they were moved to Quarantine by default We recommend that you only restore objects with the false positive status since restoring other objects can lead to your computer becoming infected 5 Click the Delete or Clear all button to delete the selected object from Quarantine or clear Quarantine completely If you are confident that the objects being blocked by File Anti Virus are safe include them in a trusted zone by cr
250. y dangerous programs from the scan as well as joke programs e Riskware exclude riskware from the scan e RemoteAdmin exclude all remote administration programs from the scan You can view examples of threat names in the report window on the Detected tab Quarantine Backup Storage and pop up on screen messages see section Notification windows and pop up messages on page 35 informing you of detected dangerous objects GLOSSARY A ACTIVATING THE APPLICATION Conversion of the application into full function mode The user should use a license to activate the application ACTIVE LICENSE The license currently used for the operation of a Kaspersky Lab application The license defines the expiration date for full functionality and the license policy for the application The application cannot have more than one license with the active status ADDITIONAL LICENSE A license that has been added for the operation of a Kaspersky Lab application but has not been activated The additional license enters into effect when the active license expires ADMINISTRATION SERVER Kaspersky Administration Kit component that centralizes the storage of information about Kaspersky Lab applications installed in the corporate network and about the management of those applications ADMINISTRATION SERVER CLIENT CLIENT COMPUTER A computer server or workstation with Network Agent and managed Kaspersky Lab applications installed ADMINISTR
251. y management plugin you should close Administration Console on the Kaspersky Administration Kit administrator s workstation To install the Kaspersky Endpoint Security management plugin on the administrator s workstation 1 Open the contents of the Kaspersky Endpoint Security installation file To do this insert an installation CD into the disk drive In the window with the contents of the installation package open the AdminKit Deployment folder If you purchased Kaspersky Endpoint Security in an online store then an application installation package in zm format will be available to download on the Kaspersky Lab website Extract it and run the dmg file to view the package contents 2 Open the AdminKit Console Plugin folder and the subfolder with the application version in the required localization language 3 Open the executable file kicfginst exe Wait until the application is installed After the installation is complete the Kaspersky Endpoint Security management plugin will be added to the list of plugins installed for managing applications For more information see the Kaspersky Administration Kit Reference Guide ADMINISTERING THE APPLICATION VIA KASPERSKY ADMINISTRATION KIT LOCAL INSTALLATION OF NETWORK AGENT To perform the local installation of Network Agent on a user s computer 1 Open the contents of the Network Agent distribution package To do this insert an installation CD into the disk drive
252. ystem Preferences panel into which Growl is automatically integrated after installation H HEURISTIC ANALYZER Threat detection technology for threats that cannot be detected using Kaspersky Lab databases It allows detecting objects suspected of being infected with an unknown virus or a new modification of known viruses The use of a heuristic analyzer detects up to 92 of threats This mechanism is fairly effective and very rarely leads to false positives Files detected by the heuristic analyzer are considered suspicious ADMINISTRATOR S GUIDE INFECTABLE OBJECT An object which due to its structure or format can be used by intruders as a container to store and distribute a malicious object As a rule they are executable files for example files with the com exe dl extensions etc The risk of activating malicious code in such files is fairly high INFECTED OBJECT Object containing a malicious code It is detected when a section of the object s code completely matches a section of the code of a known threat Kaspersky Lab does not recommend using such objects since they may infect your computer K KASPERSKY ADMINISTRATION KIT ADMINISTRATOR The person managing the application operations via the Kaspersky Administration Kit system of remote centralized administration KASPERSKY LAB UPDATE SERVERS A list of Kaspersky Lab HTTP and FTP servers from which the application downloads databases and module updates to yo
Download Pdf Manuals
Related Search