various other technologies.
OBTAINING INFORMATION ABOUT THE APPLICATION
If you have questions pertaining to the selection, purchasing, installation or use of Kaspersky Administration Kit, you can quickly find answers for them. Kaspersky Lab offers many sources of information about the application. From them you can select the most convenient source, depending on the urgency or importance of your question.
Data sources for independent research..... 6 Contacting the Technical Support Service.... 7 Discussion of Kaspersky Lab's applications in web forum.... 8
DATA SOURCES FOR INDEPENDENT RESEARCH
You can view the following sources of information about the application: application page at the web site of Kaspersky Lab; application page at the web site of the Technical Support Server (in the Knowledge Base); online help system; documentation. Application page at Kaspersky Lab web site http://www.kaspersky.com/administration_kit On this page you can find general information about the application, its features and peculiarities. Application page at the web site of the Technical Support Server (in the Knowledge Base). http://support.kaspersky.com/remote_adm This page contains articles published by the experts of the Technical Support Service. The articles contain useful information, guidelines and answers to frequent questions pertaining to the purchase, installation and use of the application. The articles are sorted by subject, such as "License management", "Database updates", and "Troubleshooting". The articles may answer questions that are related not only to this particular application, but also to other Kaspersky Lab's products. They also may contain general Technical Support service news. Online help system The application package includes a full help file. Full help contains stepwise description of the features offered by the application. To open full help, select Kaspersky Administration Kit online help system in the Help menu of the console. If you have a question about a specific application window, you can use context help.
In order to open context help, press the Help button or <F1> key in the window you need help on. Documentation The documentation supplied with the application aims to provide all the information you will require. It consists of the following documents: Administrator's Guide describes the purpose, basic concepts, features and general schemes for work with Kaspersky Administration Kit. Deployment Guide contains a description of the installation procedures for the components of Kaspersky Administration Kit as well as remote installation of applications in computer networks using simple configuration. Getting Started guide contains a description of steps, which allow an anti-virus security administrator to start working with Kaspersky Administration Kit quickly and deploy anti-virus protection based on Kaspersky Lab's applications in the managed network. Reference Guide contains the purpose of Kaspersky Administration Kit and stepwise descriptions of the features it offers. Files containing the documents in PDF format are included in the distribution package of Kaspersky Administration Kit (installation CD). You can download the documentation files from the application page at the Kaspersky Lab's web site.

DISCUSSION OF KASPERSKY LAB'S APPLICATIONS IN WEB FORUM
If your question does not require an immediate answer, you can discuss it with the Kaspersky Lab's experts and other users in our forum at http://forum.kaspersky.com. In the forum you can view existing discussions, leave your comments, create new topics, use search.

PURPOSE OF THE DOCUMENT

This Guide contains a description of basic concepts and features of Kaspersky Administration Kit as well as general schemes for work with the product. Stepwise description of the procedures is provided in the Kaspersky Administration Kit Reference Guide. Features described in the Reference Guide are underlined in the text.

APPLICATION FEATURES

The application enables the corporate network administrator to: Perform remote installation and removal of Kaspersky Lab's applications across the network in a centralized manner. This feature enables the administrator to copy the required set of Kaspersky Lab's applications to a selected computer, and then install these applications remotely to the network computers. Remotely manage Kaspersky Lab's applications in a centralized manner. The administrator can create a multilevel anti-virus protection system, and manage the operation of all applications from his workstation. This is particularly important for larger companies whose local network consists of a large number of computers that may be located in several separate buildings or offices. This feature includes: creating the hierarchy of Administration Servers; joining hosts into administration groups based on the functions performed by the computers and on the set of applications installed on them; configuring the application settings in a centralized way by creating and applying policies; configuring the application settings for particular individual computers using the application settings; managing the operation of applications in a centralized manner by creating and running group tasks and tasks for specific computers and the Administration Server;
building individual patterns for the application's operation by creating and running tasks for a set of computers from different administration groups. Automatically update the anti-virus database and application modules on computers. This feature allows updating of the anti-virus databases for all installed Kaspersky Lab's applications in a centralized manner, rather than each computer accessing Kaspersky Lab's Internet updates server for each individual update. Updating can be performed automatically according to the schedule set up by the administrator. The administrator can monitor distribution of updates to client computers. Receive reports using a dedicated system. This feature allows collection of statistics about the operation of all installed Kaspersky Lab's applications in a centralized manner, and creation of reports based on the statistics. The administrator can create a cumulative network report about application operation, or reports about the operation of all applications installed on individual computers. Use events notification system. Delivery of notifications. The administrator can create a list of events which arise in the operation of applications about which he or she wants to be notified. The list of such events may include, for example, detection of a new virus, an error that occurred due to incorrect termination of the database updating on a computer, or detection of a new computer on the network. Manage licenses. This feature allows the administrator to install licenses to all installed Kaspersky Lab's applications in a centralized manner, to monitor the observance of the license agreement (that is, that the number of applications operating in the network is less than or equal to the number of licenses) and the expiration date.

WHAT'S NEW

Changes introduced in Kaspersky Administration Kit 8.0 as compared with Kaspersky Administration Kit 6.0: A simplified application installation mode has been introduced. Several accounts can be specified in a remote deployment task. The application kit now includes the distribution package of MS SQL 2005 Express: MS SQL 2005 Express is installed automatically if standard setup is selected. Support for SNMP monitoring of basic parameters of anti-virus protection in corporate LAN has been added. Opportunity to create a standalone installation package for Kaspersky Lab's applications has been added. Redesigned user interface: results pane, reports view, information panels (see section "Main window of the program" on page 27). Opportunity for collection of information about the applications installed on client computers has been added (applications registry). System of access rights has been redesigned and extended. Support for Microsoft NAP has been added. Opportunity to switch mobile clients between administration servers has been added. Criteria for switching of clients between the mobile and regular policies have been extended. Opportunities for automatic relocation of computers to administration groups have been extended. Opportunity to create the administration groups based on Active Directory has been added. New reports and an opportunity to create custom reporting systems have been added, and information displayed in reports has been extended. Opportunity to export reports to PDF and XML (Excel) formats has been added. Opportunity to collect detailed data during the creation of summary reports has been added. Data caching functionality for generation of summary reports including information from slave Administration Servers has been implemented. Added support for two sets of columns in the Kaspersky Administration Console and extended set of columns (see section "Results pane" on page 33). New columns for the list of computers have been added: "Restart", "Status description", "Network Agent version", "Protection version", "Database version", and "Turn-on time". Added new criteria used to assign individual computer statuses. New selections of computers created by default have been added, opportunity to create selections of computers using data from the slave Administration Servers has been added. Opportunity to maintain a list of administrator comments has been added. Opportunity to view the current user sessions on a computer and user contact information has been added. Graphical interface for the klbackup utility has been added.

CONCEPTS

storage of information about events; generation of reports on application operation; distribution of licenses to client computers, storage of license information; delivery of notifications about performance of tasks. Such notifications can inform, for example, about virus detection on a computer.
ADMINISTRATION SERVER HIERARCHY
Administration Servers can be arranged in hierarchy of the "master server slave server" type. Each Administration Server can have several slave Servers on the same or different nesting levels of the hierarchy. The nesting level for slave servers is not limited. The administration groups of the master Server then will include the client computers of all slave Servers. Thus, isolated and independent sections of computer networks can be controlled by different Administration Servers which are in turn managed by the primary Server. The opportunity to build a hierarchy of Servers can be employed to: decrease the load on Administration Server (compared to a single Server running in a whole network). decrease intranet traffic and simplify work with remote offices. There is no need to establish connections between primary Server and all network computers, which may be located, for example, in other regions. It is sufficient to install in each network segment a slave Administration Server, distribute computers among administration groups of slave Servers and establish connections between the slave Servers and primary Server over fast communication channels. distribute more precisely responsibilities between the anti-virus security administrators. All opportunities for centralized management and monitoring of anti-virus security in corporate networks remain available at that. Each computer included in the structure of administration groups can be connected to a single Administration Server only. Administrators must control correct connection of computers to Administration Servers using the features for computer search in administration groups of different Servers based on network attributes.

CLIENT COMPUTER. GROUP

Interaction between the Administration Server and the hosts is performed using the Network Agent. This interaction implies: delivery of the information about current status of applications; sending and receiving management commands; synchronization of configuration data; delivery of information about application events to Server; Update Agent operation. The Network Agent must be installed on all computers running the applications managed via Kaspersky Administration Kit. This component is installed on host computer as a service with the following set of attributes: under the name of Kaspersky Network Agent; using automatic startup type when the operating system starts;
using the Local System account. Network Agent is installed on target computer together with a plug-in for work with Cisco NAC. This plug-in is used if the computer has Cisco Trust Agent installed. The settings of joint operation with Cisco NAC are defined in the Administration Server properties. When integrated with Cisco NAC, the Administration Server acts as a standard Posture Validation Server (PVS) policy server, which an administrator may use to either allow a computer to access or prevent it from accessing the network, depending on the anti-virus protection condition. Computer, server or workstation with the installed Network Agent and the managed Kaspersky Lab's applications will be referred to as the client of corresponding Administration Server (or just client computer). Client computers can be distributed into administration groups in accordance with the organizational or territorial corporate structure, performed functions and the set of Kaspersky Lab's applications installed. This is done for convenient management of grouped computers as a whole. This distribution is performed using any combination of mentioned principles and also other administrator-defined signs. E.g., the upper level can be constituted by groups corresponding to departments. On the next level, computers within each department are combined in accordance with the functions they perform: one group of computers can include all workstations, another group - all file servers, etc. Administration group (hereinafter also referred to as the Group) is a set of client computers combined on the basis of a certain sign for the purpose of managing the grouped computers as a whole. All client computers within a group are configured to: use common application settings (defined in group policies); common mode of applications operation (established using group tasks, i.e. application features with a specified set of parameters, for example: creation and installation of a common installation package, update of the application databases and modules, on-demand computer scanning and real-time protection). A client computer can only be included in a single administration group. The administrator can create a hierarchy of Servers and groups with any nesting level if that can simplify the management of installed applications. A single hierarchy level can include slave Administration Servers, groups and client computers.

During the next step the administrator must create the structure of Administration Server folders by installing the appropriate software components of Kaspersky Administration Kit on corporate network computers, i.e.: 1. 2. 3. Install the Administration Server on computers within corporate network. Install Kaspersky Administration Console on the computers that will be used for management purposes. Decide who the administrators of Kaspersky Administration Kit will be, determine other categories of users allowed to work with the system and assign a list of performed functions to each category.
The system allows simultaneous work of different administrators with the same resources. System settings will use the latest applied values. In that case all operations that administrators perform must be coordinated. 4. Create user groups and provide to each group the access rights needed by its users for performance of their responsibilities.
Then you should create the hierarchy of Administration Servers, build for each server the hierarchy of administration groups and distribute computers into appropriate groups. During the next step you should deploy to client computers the Network Agent, the necessary Kaspersky Lab's applications, and install the corresponding application management plug-ins on the administrator's workstation. Remote installation on client computers is only possible for some (not all) of the Kaspersky Lab's applications that can be managed via Kaspersky Administration Kit. For details please refer to the Guides for the corresponding applications. When remote deployment is used, the Network Agent can be installed together with any application. When remote deployment is used, the Network Agent can be installed together with any application. During the last stage you have to configure the installed applications by defining and applying group policies (see section "Managing policies" on page 48) and creating the necessary tasks (see section "Local application settings" on page 52). The application allows creation of a centralized management system for anti-virus protection with the minimum required settings using the Quick Start Wizard (see section "Quick Start Wizard" on page 39). During the procedure the wizard creates the structure of administration groups identical to the domain structure of the Windows network, and builds the system of anti-virus protection using Kaspersky Anti-Virus for Windows Workstations 6.0 MP4. After creation of the Administration Server folders structure, installation and configuration of anti-virus protection, the administrators are advised to regularly perform network maintenance procedures (see section "Maintenance" on page 66).

SECURE CONNECTION TO THE ADMINISTRATION SERVER
Data exchange between client computers and Administration Server as well as Console connection to Administration Server can be performed using the SSL (Secure Socket Layer) protocol. It allows identification of the interacting parties, encrypt the transferred data and protect them against modification during transfer. SSL protocol used in secure connections is based on authentication of the interacting parties and data encryption using public keys.
ADMINISTRATION SERVER CERTIFICATE
Administration Server authentication during connection of Administration Console to it and data exchange with client computers is based on the Administration Server certificate. The certificate is also used for authentication between master and slave Administration Servers. Administration Server certificate is created during installation of the Administration Server component; it is stored on Administration Server in the Cert subfolder of the program folder. Administration Server certificate is created just once during installation. You are advised to use the setup wizard to preserve it during installation of the Administration Server. If an Administration Server certificate gets lost, its restoration requires reinstalling the Administration Server component and data recovery (see section "Backup copying and restoration of Administration Server data" on page 85).
ADMINISTRATION SERVER AUTHENTICATION DURING CLIENT

COMPUTER CONNECTION

At the first connection of a client computer to Server its Network Agent downloads the Administration Server certificate and saves it locally. If the Network Agent is installed locally, the administrator can select the Administration Server certificate manually. Downloaded copy of the certificate is used to verify the Administration Server rights and permissions during subsequent connections. After that the Network Agent requests the Administration Server certificate at each connection of the client computer to Server and compares it with the local copy. If the copies do not match, Administration Server access to client computer is not allowed. If connection is initiated by an Administration Server, then the request from the Administration Server for connection via a UDP port is checked first in the same manner.
ADMINISTRATION SERVER AUTHENTICATION DURING CONSOLE

CONNECTION

During first connection to Server after installation, the Administration Console requests the Administration Server certificate and saves it locally on the administrator's workstation. Downloaded certificate copy will be used during subsequent connections to the Administration Server with that name for Server authentication. If the Administration Server certificate does not match the copy stored on the administrator's workstation, a prompt appears with an offer to confirm connection to the Server with the specified name and download a new certificate. Upon successful connection, the Administration Console saves a copy of the new Administration Server certificate, which will be used to identify the Server after that.

Connection to the Administration Server.... 35 Granting rights...... 36 Viewing information about the computer network. Domains, IP subnets and Active Directory groups.. 37 Quick Start Wizard..... 39 Creating, viewing and editing the structure of administration groups... 39
CONNECTION TO THE ADMINISTRATION SERVER
The Administration Console can be used to connect the remote client computers to the Administration Server via Internet. After launching Kaspersky Administration Kit, the main program window displays the console tree that reflects the upper level of the hierarchy existing in the namespace of Kaspersky Administration Kit. To load the structure of Administration Server folders in the main window, add the appropriate object to the console tree Server and connect to the necessary Administration Server (see the figure below). You can connect the remote client computers to the Administration Server using the Administration Console via Internet.
The program retrieves information about the structure of folders from the Administration Server and displays it in the console tree.
Figure 9. Connecting to the Administration Server
Users who have insufficient rights for connection will be denied access to the Administration Server. Access rights are verified using the Windows network user authentication procedure. If there are several Administration Servers installed in a corporate network, you can work with each of them from the same administrator's workstation. To navigate to administration groups of another Server, you can connect to the necessary Server or add to the console tree several Servers and connect to each of them. You can work in parallel mode with several Administration Servers only if you are an operator or administrator of Kaspersky Administration Kit for each Server or if you have the necessary rights on all Servers.

GRANTING RIGHTS

After an Administration Server is installed, the rights to connect to the Server and work with it are granted to users included in (see section "Rights to access the Administration Server and its objects" on page 24) the KLAdmins and KLOperators groups. You can change the access rights for the KLOperators group, grant the rights to work with Server to other user groups and individual users registered on the computer where the Kaspersky Administration Console is installed.

QUICK START WIZARD

Kaspersky Administration Kit allows configuration of minimum required settings necessary to build a centralized management system for anti-virus protection using the Quick Start Wizard. The wizard will create: licenses which can be automatically distributed to computers within administration groups, by checking the box in the correspondent field; the settings for delivery of email and NET SEND notifications about events registered in the operation of the Administration Server and all other Kaspersky Lab's applications; For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers; the minimum set of policies and tasks of the top hierarchy level for Kaspersky Anti-Virus for Windows Workstations and Windows Servers 6.0 MP4, and also Administration Server tasks for downloading of updates and data backup. Policies for 6.0 MP4 versions of Kaspersky Anti-Virus for Windows Workstations are not created if policies for these applications already exist in the Managed computers folder. If group tasks for the Managed computers group, and the updates download / backup tasks of the Administration Server with such names already exist, these tasks will not be created at this time. The offer to launch the Quick Start Wizard is displayed at the first connection to Administration Server after its installation. Upon the wizard completion an offer to launch the Deployment Wizard is displayed.
CREATING, VIEWING AND EDITING THE STRUCTURE OF

ADMINISTRATION GROUPS

Structure of administration groups: the hierarchy of slave Administration Servers, the list and structure of administration groups are determined during the design stage. Administration groups are created in the main program window of Kaspersky Administration Kit, in a special Managed computers node (see the figure below) by creating the hierarchy of groups and adding client computers and slave Administration Servers to them. Immediately after Kaspersky Administration Kit setup the Managed computers folder contains no other objects; folders Administration Servers, Policies, Group tasks and Client computers are empty. When administrators create the structure of administration groups, they can add client computers and child groups to the Managed computers folder. Administration groups are displayed as folders. Each folder has a structure similar to that of the Managed computers node: during creation of each group the system automatically creates child folders Administration Servers, Policies, Group tasks and Client computers for storage of data about slave Administration Servers, policies and tasks of that group and operations with them; when client computers are added to a group, information about them is displayed as a table in the results pane of the child Client computers folder; when client computers are added to a group of clusters and server arrays, information about them is displayed as a table in the results pane of the child Clusters and server arrays folder;

CLIENT COMPUTERS

Adding a client computer to the group allows you to apply to it the policies and tasks created in the group. To add client computers to a group, use the Add computers link in the task pane of the group, to which the computer should be added. A wizard will start. Once the wizard completes successfully, the computers will be included in the group and will be displayed in the results pane of the Client computers folder under the names determined for them by the Administration Server (see the figure below). If the Administration Server has not for some reason detected the client computer, it is necessary to install the Network Agent to it and connect it to the Administration Server. The Administration Server will move this computer to the Unassigned computers node, where from you can move it to the required group.
Figure 14. Client computers within the group
Icons reflecting the status of client computers are displayed next to their names in the results pane. The icons and corresponding statuses are listed in appendix to the Reference Guide. Addition of client computers to administration groups can be configured to make the Administration Server include on its own all new computers detected in a network to the specified administration group. To do that, the appropriate settings must be defined in the Administration Server properties (see the figure below).
A computer can also be added in the main application window of Kaspersky Administration Kit by dragging the computer from the Unassigned computers folder and dropping it in the appropriate administration group folder, using the mouse.
Figure 15. Configuring automatic transfer of new computers to a group
You can move client computers from one group to another by excluding them from the administration groups, using either the standard context menu commands Cut / Paste and Delete or the corresponding items from the Action menu. Computers deleted from administration groups will be moved to the Unassigned computers node. The moving operation can also be performed using the mouse. There is an opportunity to transfer client computers from administration groups of one Server to the groups of another one. E.g., while adding a slave Administration Server, you can move client computers from the administration groups of primary Server to the groups of that slave Server. To do that, the client computers must be connected to the new Administration Server. You can connect a client computer to another Administration Server locally from that client computer. The operation is performed using the klmover.exe utility included in the distribution package of the Network Agent. After Network Agent installation the utility can be found in the root of the component's program directory. Client computer connection to another Administration Server is accomplished by creating and running the Change Kaspersky Administration Server task. You can create a task for selected hosts to transfer individual computers, or use a group task to move all client computers from specified administration group. As a result of the Server replacement task, the client computers that have completed the task will disconnect from the old Administration Server and appear in the Unassigned computers node of the new Server. Administration Console can be used to transfer client computers manually to the administration groups of new Server from the groups of an old Server.

In the in (min) field time during which the specified number of viruses was detected.
Figure 44. Viewing the Administration Server properties. The Virus outbreak tab
The Virus outbreak event is generated based on the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events in the operation of anti-virus applications. Therefore, for successful recognition of a virus outbreak all information about those events should be stored on Administration Server. To do that, appropriate settings must be selected in the policies for all anti-virus applications. In the properties window of the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events the On Administration Server for (days) box must be checked.
Figure 45. Configuring event registration
The procedure for notification about the Virus outbreak event is defined on the Administration Server within the Notification tab of the event properties (see the figure below). Automatic change of the current policy for applications can be configured as response to a virus outbreak. The set of policies for every type of virus outbreaks is defined in the Policy activation window that opens after clicking the Configure policies to activate on "Virus outbreak" event link on the Virus outbreak tab of the Administration Server settings window.
To count the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events, only information from the client computers of the master Administration Server is to be taken into account. For each slave Server the Virus outbreak event is configured individually.
Figure 46. Editing the settings for email notifications

UNPROCESSED FILES

Information about the files for which scheduled scanning and disinfection has been postponed, is available in the Unprocessed files folder of the Repositories node. The folder contains information about all such files within the Administration Servers and client computers. Postponed processing and disinfection are performed upon request or after a specified event. You can configure the settings for postponed disinfection of selected files.
BACKUP COPYING AND RESTORATION OF ADMINISTRATION SERVER DATA
Backup copying allows you to move an Administration Server from one computer to another without data losses and restore information in case of Administration Server database transfer to another host or upgrade to a newer version of the Kaspersky Administration Kit application. When an Administration Server is uninstalled from the computer, the Kaspersky Administration Kit always suggests making a backup copy.
During backup copying the following data is saved or restored: information database of the Administration Sever (policies, tasks, application settings and events saved on the Administration Server); configuration information about the structure of the administration groups and client computers; repository of the installation files for deployment of applications (content of the Packages, Uninstall, Updates folders); Administration Server certificate. Data restoration during migration to a later application version is supported beginning with Kaspersky Administration Kit 5.0 Maintenance Pack 3. If during the restoration of the Administration Server data, the path to the shared folder has changed, you should verify correct execution of tasks in which the folder is used (update, remote deployment tasks) and, if necessary, change the settings. Copying of the Administration Server data for backup and subsequent restoration can be performed by a backup task or manually using the klbackup utility included in the distribution package of Kaspersky Administration Kit. Data restoration is only performed using the klbackup utility. After Administration Server setup the klbackup utility is saved in the program folder specified during installation of the component. When started from the command line, it copies or restores data depending upon the selected options. The backup task is created manually; it is added to the Kaspersky Administration Kit tasks node. To perform actual data backup, you should configure the task. You can also create a backup task manually: select Kaspersky Administration Kit as the application for which the task will be created; and define Administration Server data backup as the task type.

GLOSSARY

ADMINISTRATION CONSOLE
Kaspersky Administration Kit component that provides user interface for the management services of the Administration Server and Network Agent.

ADMINISTRATION SERVER

Kaspersky Administration Kit component that centralizes the storage of information about Kaspersky Lab applications installed in the corporate network and about the management of those applications.
The certificate used for the Administration Server authentication during connection of Administration Consoles to it and data exchange with client computers. The Administration Server certificate is created during server installation; it is stored in the Cert subfolder of the program folder.
ADMINISTRATION SERVER CLIENT (CLIENT COMPUTER)
A computer, server or workstation running the Network Agent and managed Kaspersky Lab's applications.
ADMINISTRATION SERVER DATA BACKUP
Copying of the Administration Server data for backup and subsequent restoration performed using the backup utility. The utility allows restoring of: information database of the Administration Sever (policies, tasks, application settings, events saved on the Administration Server); configuration information about the structure of the logical network and client computers; repository of the installation files for deployment of applications (content of the Packages, Uninstall, Updates folders); Administration Server certificate.

ADMINISTRATION GROUP

A set of computers grouped together in accordance with the performed functions and the Kaspersky Lab's applications installed on those machines. Computers are grouped for their convenient management as one single entity. A group can include subgroups. A group can contain group policies for each application installed in it and appropriate group tasks.
Computer with the installed component that provides an application management interface. For anti-virus products it is the Anti-Virus Console, and for Kaspersky Administration Kit - the Administration Console. The administrator's workstation is used to configure and manage the server portion of the application; in Kaspersky Administration Kit - to build the system of centralized anti-virus protection for corporate LAN based on Kaspersky Lab's applications.
A specialized component that provides the interface for application management via the Administration Console. Each application that can be managed via Kaspersky Administration Kit has its own plug-in It is included in all Kaspersky Lab's applications that can be controlled using Kaspersky Administration Kit.

APPLICATION SETTINGS

Application settings general for all types of its tasks and regulating its operation in general, for example, application performance, logging, and Backup settings.

AVAILABLE UPDATE

A package of updates for the modules of a Kaspersky Lab's application including a set of urgent patches released during a certain time interval, and modifications to the application architecture.

BACKUP

Special repository for backup copies of objects created prior to their first disinfection or removal.
CENTRALIZED APPLICATION MANAGEMENT
Remote application management using the administration services provided in Kaspersky Administration Kit.

CURRENT LICENSE

The license installed and used at the moment to enable the functionality of a Kaspersky Lab's application. The license determines the duration of full product functionality and the applicable license policy. An application can have only one current license.

DATA BACKUP

Creation of a backup file copy prior to its disinfection or removal and placement of that copy in Backup with an opportunity for future restoration, for example, for file rescanning using updated databases.

DATABASES

Database maintained by the experts at Kaspersky Lab and containing detailed descriptions of all existing threats to computer security, methods of their detection and neutralization. The database is constantly updated at Kaspersky Lab as new threats emerge. To improve the quality of threat detection we recommend regular downloading of database updates from the Kaspersky Lab's update servers.
DIRECT APPLICATION MANAGEMENT
Application management via local interface.

EVENT SEVERITY

A property of an event encountered during the operation of a Kaspersky Lab's application. There exist four severity levels: Critical event. Error. Warning. Info. Events of the same type may have different severity levels depending on the situation in which the event occurred.

GROUP TASK

A task defined for an administration group and performed on all client computers within this group.

INCOMPATIBLE APPLICATION

Anti-virus application of another vendor or a Kaspersky Lab's application that does not support management via Kaspersky Administration Kit.

INSTALLATION PACKAGE

A set of files created for remote installation of a Kaspersky Lab's application using the Kaspersky Administration Kit remote administration system. An installation package is created based on special files with the.kpd and.kud extensions that are included in the application distribution package; it contains a set of parameters required for application setup and its configuration for normal functioning immediately after installation. Parameter values correspond to application defaults.

KASPERSKY LAB'S UPDATE SERVERS
List of Kaspersky Lab's HTTP and FTP servers from which applications download databases and module updates to your computer.

KEY FILE

File with the.key extension, which contains your personal product key necessary for work with a Kaspersky Lab's application. The key file is included in the distribution package, if you purchased it from Kaspersky Lab's distributors, or it arrives in email, if you bought the product online.

LOCAL TASK

A task defined and running on a single client computer.
LOGICAL NETWORK ADMINISTRATOR
The person managing the application operations via the Kaspersky Administration Kit system of remote centralized administration.

LOGICAL NETWORK OPERATOR

A user monitoring the status and operation of a protection system managed via Kaspersky Administration Kit.
LOGIN SCRIPT-BASED INSTALLATION
Method for remote installation of Kaspersky Lab's applications, which allows you to link the start of a remote setup task to specified user account(s). When the user logs in to domain, the system attempts to install the application on the corresponding client computer. This method is recommended for deployment of the company's applications to computers running Microsoft Windows 98 / Me operating systems.

NETWORK AGENT

Network Agent is a component of Kaspersky Administration Kit that coordinates interaction between the Administration Server and Kaspersky Lab's applications installed on a specific network node (a workstation or a server). This component
supports all Windows applications included in Kaspersky Lab's products. Separate versions of the Network Agent exist for Kaspersky Lab's Novell and Unix applications.
PERIOD OF LICENSE VALIDITY
Time period during which you can use full functionality of a Kaspersky Lab's application. Typically, a validity period of a license is one calendar year since its installation. After license expiry the application functionality becomes limited: you cannot update the application database.

POLICY

A set of application settings in an administration group managed via Kaspersky Administration Kit. Application settings can differ in various groups. A specific policy is defined for each application in a group. A policy includes the settings for complete configuration of all application features.

PROTECTION STATUS

Current protection status, which characterizes the level of computer security.

PUSH INSTALL

Method for remote installation of Kaspersky Lab's applications, which allows you to install software on the specified client hosts within a logical network. For successful push install completion, the account used for the task must have sufficient rights for remote execution of applications on client computers. This method is recommended for software deployment to computers running Microsoft Windows NT / 2000 / 2003 / XP operating systems and supporting that functionality or to computers running Microsoft Windows 98 / Me with the Network Agent installed.

KASPERSKY LAB

Kaspersky Administration Kit 6.0

Deployment Guide

KASPERSKY ADMINISTRATION KIT 6.0
Kaspersky Lab Ltd. Visit our website: http://www.kaspersky.com/ Revision date: February 2007.

Contents

CHAPTER 1. KASPERSKY ADMINISTRATION KIT.. 5 1.1. Purpose, structure and main functions... 5 1.2. Software and Hardware Requirements... 7 1.3. Distribution kit.... 9 1.4. Help desk for registered users... 9 1.5. The purpose of this document... 9 1.6. Conventions.... 10 CHAPTER 2. TYPICAL SCHEMES OF DEPLOYMENT OF ANTI-VIRUS PROTECTION... 11 2.1. Schemes of deployment of anti-virus protection on the computers within the logical network.... 11 2.2. Building a centralized anti-virus protection administration system.. 12 CHAPTER 3. INSTALLING KASPERSKY ADMINISTRATION KIT.. 14 3.1. Installing MSDE from the Kaspersky Administration Kit distribution package. 15 3.2. Installing the Administration Server and Administration Console on Local Host.... 17 3.3. Removing Kaspersky Administration Kit components.. 33 3.4. Updating the application version... 33 CHAPTER 4. INSTALLATION AND REMOVAL OF SOFTWARE ON THE COMPUTERS... 35 4.1. Remote software installation... 36 4.1.1. Creating an installation package... 37 4.1.2. Reviewing and configuring the installation package settings.. 40 4.1.3. Creating and configuring the Network Agent installation package. 45 4.1.4. Creating and Configuring Administration Server Installation Package. 49 4.1.5. Creating a task for distribution of the installation package on the slave Administration Servers.... 49 4.1.6. Distribution of the installation packages within a group using network agents... 51
Kaspersky Administration Kit
4.1.7. Creating a remote installation task... 53 4.1.8. Configuring the deployment task... 66 4.1.9. Deploying application to slave administration servers.. 68 4.1.10. Remote software removal... 70 4.2. Deployment wizard.... 71 4.3. Local software installation... 75 4.3.1. Local installation of the Network Agent... 76 4.3.2. Local installation of the application administration plugin.. 81 4.3.3. Installing applications in non-interactive mode.. 82 APPENDIX A. GLOSSARY... 84 APPENDIX B. KASPERSKY LAB... 91 B.1. Other Kaspersky Lab Products... 92 B.2. Contact Us.... 98
CHAPTER 1. KASPERSKY ADMINISTRATION KIT
1.1. Purpose, structure and main functions
Kaspersky Administration Kit is an application that is designed to provide a centralized solution for most important administration tasks associated with managing the corporate network anti-virus security system based on Kaspersky Labs applications included into Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite. Kaspersky Administration Kit supports all network configurations that use TCP/IP protocol. Kaspersky Administration Kit is a tool for corporate network administrators and anti-virus security officers. The application enables the administrator to: Deploy or remove Kaspersky Lab applications across a network connection to computers within the network. This feature enables the administrator to copy the required set of Kaspersky Lab's applications to a selected computer and then deploy these applications on the network computers. Ensure remote centralized management of Kaspersky Lab applications. This feature enables the administrator to create a multi-level anti-virus protection system and manage the operation of all applications from a single administrator's workstation. This is particularly important for larger companies that have a local network consisting of a large number of computers that may cover several separate buildings or offices. This feature enables the administrator to: group computers into administration groups based on the functions performed by such computers and the set of applications installed on them; configure the application settings in a centralized way by creating and applying group policies; configure individual settings of the application for individual computers using the application settings. manage the operation of the applications in a centralized way by creating and running group and global tasks.

Kaspersky Corporate Suites. Separate versions of Administration Agent exist for Kaspersky Lab Novell and UNIX applications. Administration Console provides a user interface to the administration services of the Administration Server and Network Agent. The management module is implemented as the extension of the Microsoft Management Console (MMC).
1.2. Software and Hardware Requirements
Administration Server Software requirements Microsoft Data Access Components (MDAC) version 2.8 and above MSDE 2000 SP 3 or MS SQL Server 2000 SP 31 or higher or MySQL version 5.0.22 (default code page UTF-8) or MS SQL 2-5 or higher or MS SQL 2005 Express or higher; Microsoft Windows 2000 SP 1 or higher; Microsoft Windows XP Professional SP 1 or higher; Microsoft Windows XP Professional x64 and higher, Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003x64 or higher Microsoft Windows NT4 SP 6a or higher, Microsoft Windows Vista, Microsoft Windows Vista x64.
Hardware requirements: Intel Pentium III processor, 800 MHz or faster 128 MB RAM
400 MB available space on hard drive Administration Console
You can install MSDE from the package included in the Kaspersky Administration Kit distribution package.
Software requirements: Microsoft Windows 2000 SP 1 or higher; Microsoft Windows XP Professional SP 1 or higher; Microsoft Windows XP Professional x64 and higher, Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003x64 or higher Microsoft Windows NT4 SP 6a or higher, Microsoft Windows Vista, Microsoft Windows Vista x64; Microsoft Management Console version 1.2 or higher When running under Microsoft Windows NT4 you need Microsoft Internet Explorer 6.0 installed.
Hardware requirements: Intel Pentium II processor, 400 MHz or faster At least 64 MB RAM
10 MB of available hard drive space Network Agent Software requirements: For Windows systems: Microsoft Windows 98; Microsoft Windows ME; Microsoft Windows 2000 SP 1 or higher; Microsoft Windows NT4 SP 6a or higher; Microsoft Windows XP Professional x64 or higher, Microsoft Windows XP Professional SP 1 or higher, and Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher, Microsoft Windows Vista, Microsoft Windows Vista x64; For Novell systems: Novell NetWare 6 SP or higher; Novell NetWare 6.5 SP3 or higher
Hardware requirements: For Windows systems:
Intel Pentium processor, 233 MHz or faster 32 MB RAM 10 MB available space on hard drive

For Novell systems:

Intel Pentium processor, 233 MHz or better 12 MB RAM
32 MB free (available) space on hard drive

1.3. Distribution kit

This software product is supplied free-of-charge with any Kaspersky Lab's application included into the package of Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite (retail box version) and also available for download from Kaspersky Lab's corporate website at www.kaspersky.com.

Note Attention

To perform an action: 1. 2. Step 1.
[modifier] modifier name.
Information messages and command line text
Command line modifier Text of configuration files, information messages and command line
CHAPTER 2. TYPICAL SCHEMES OF DEPLOYMENT OF ANTI-VIRUS PROTECTION
2.1. Schemes of deployment of antivirus protection on the computers within the logical network
There are two common scenarios that show how you can deploy reliable antivirus protection using Kaspersky Administration Kit: You can remotely install applications on client computers across the logical network from a single workstation. The installation and connection to the remote management system proceed automatically, requiring no interaction from the administrator and allowing to install the anti-virus software on any number of client computers. You can locally install applications on every networked computer. In this case, all required components and the administrator workstation are manually installed. Connection settings are set during the installation of the Network Agent. This deployment scenario is used only if centralized deployment is impossible.
Remote installation can be used for installation of any applications selected by the user. However, bear in mind that Kaspersky Administration Kit supports administration of only Kaspersky Lab's application the distribution package of which includes a specialized component - the application administration plugin.
2.2. Building a centralized anti-virus protection administration system
The first step to building a system of centralized management over an enterprise network through Kaspersky Administration Kit is to design a logical network. At this stage, you should make the following decisions: 1. Select isolated sections within the network and determine the number of Administration servers that must be installed. The use of hierarchy of administration servers will allow to considerably decrease the load on the communication channels and increase the system reliability. Which computers in the corporate network structure will function as the main Administration server, the slave servers administrator servers, administrator's workstations, and client computers. Note that all computers on which Kaspersky Lab applications are installed will act as client computers. Which criteria will be used to organize client computers in groups? What will be the group hierarchy? Which deployment scenario will be used: remote or local installation?

Host Running Administration Server 13000 TCP and UDP SSL protocol is used: to receive data from clients; to connect to update agents; to connect to slave Administration Servers; to receive notification of host shutdown.
Installing Kaspersky Administration Kit

Port Number 14000

Protocol TCP Used:

Description

to receive data from clients; to connect to update agents; to connect to slave Administration Servers.
Used by Administration Server to download data from a Cisco NAC authentication server.
Host Designated as Update Server TCP TCP Used by clients to connect. Use by client computers to connect if a host with Administration Server is designated as update agent. Used by clients to connect. Use by client computers to connect if a host with Administration Server is designated as update agent.

14000 14001

TCP TCP
Client Running Administration Agent 15000 UDP Use to receive requests to connect to Administration Server.
3.1. Installing MSDE from the Kaspersky Administration Kit distribution package
Before installing MSDE you must install Microsoft Data Access Components (MDAC) 2.8 or higher (the distribution package is available Microsoft website). Installation of MSDE from the Kaspersky Administration Kit distribution package to a computer is performed locally.
To install MSDE: 1. Run the executable file in the MSDE2KSP3 directory on the Kaspersky Administration Kit 5.0 installation CD. The installation wizard will then suggest that you configure settings and run the application. Follow the setup wizards instructions. First steps are common and include unpacking required files from the distribution package and copying them to the hard drive of your computer, verification of the required software, accepting the license agreement and providing information about the user and the company. Then define the following in the Installation folder dialog box: in the Application modules field - the folder for installation of the MSDE application files. The default folder is: <Disk:\Program Files\Microsoft SQL Server. If this folder does not exist, it will be created automatically. in the Database field - a folder that will be used to store the MSDE server database. The default folder is also <Disk:\Program Files\Microsoft SQL Server.
To select the folders use the Browse button. 4. After this, in the SQL server name dialog box (see Figure Figure 1) specify the name that will be assigned to this server. By default the name is not created and to address the server the name of the computer on which the server is installed will be used. If you wish to assign a different name, uncheck the By default box and enter a new name in the SQL server name.

If Administration Server Database is on another computer, you need to choose SQL server authentication mode when installing or updating an Administration Server.
Figure 9. SQL server authentication mode
For MySQL server indicate the account and the password (see Figure 10).
Figure 10. MySQL server authentication mode
10. After this (see Figure 11), specify the location to store the shared folder that will be used: to store files required for remote installation of applications (files will be copied to the Administration Servers when installation packages are created); to store the updates copied from the updates source to the Administration server.
This resource will be public to all users for reading only.
Figure 11. Creating a shared folder
You can select one of the following two options: Create new shared folder - to create a new folder; you will have to specify path to the folder in the field below. Select existing shared folder - in order to select a shared folder from the list of existing shared folders.
A public shared folder can be stored either locally, on the computer from which the installation is performed or remotely, on any of the computers included into the corporate network. A shared folder can be specified both using the Browse button, and manually by entering a UNC path (for example, \\server\KLShare) in the appropriate field.
By default a local folder KLShare will be created in the folder specified for installation of the Kaspersky Administration Kit application components. 11. Use the next wizard dialog to specify Administration Server address (cf. Figure 13) by setting: DNS name. This option is used when there is a DNS server on the network which clients can use to obtain Administration Server address. NetBIOS name. This option is used where clients obtain Administration Server address through the NetBIOS protocol or if there is a WINS server on the network. IP address. This option is used where the Administration Server has a static IP address which will not subsequently change.
If required, check Allow NetBIOS Name Service in Kaspersky Antivirus 6.0 Anti-Hacker. This will open UDP port 137 in Kaspersky Antivirus 6.0 Anti-Hacker installed on the host. This port is used to obtain Administration Server IP address.

A license key is not required as the installation package for Administration Server and Agent is being generated.
Figure 19. Creating an installation package. Selecting the license key
5. After this the required set of files for the installation of the specified application onto the client computers will be downloaded to shared folder on the Administration Server and a check whether the administration plugin for the selected application is installed on the administrator's workstation will be performed. If such plugin is not installed or its version is older than the version included into the distribution package, the new plugin will be installed and the old plugin will be replaced. Upon the completion of the wizard, the installation package created will be added to the Remote installation node and displayed in the results pane.
4.1.2. Reviewing and configuring the installation package settings
To review the properties of the installation package, change its name and settings:
in the console tree, expand the Remote Installation node, select the required installation package in the results pane and use the Properties command from the shortcut menu or the analogous command from the Action menu. This will open window Properties <Installation package name> see Figure 20) that consists of tabs General, Settings, Licenses and OS reboot. The General tab (see Figure 20) includes general information about the package: package name; name and version of the application for which installation the package has been created; package size; creation date.
The Settings tab (see Figure 21) contains the installation package settings for the application for which installation the package is created. These settings are created by default at the stage of the package creation and if required, you can modify them.
Figure 20. Installation package properties review window The General tab
Figure 21. Installation package properties review window The Settings tab
The License tab (see Figure 22) contains general information about the license for the application for which installation the package is created. The License tab is not available in the properties of the Network Agent or the Administration Server installation package properties.
Figure 22. Installation package properties review window The License tab
On the OS reboot tab (see Figure 23) you can determine actions to be performed if the computer must be restarted after the installation of the application. You can select one of the following options: Do not restart the operating system If required, restart the operating system automatically this will reboot the operating system only as needed. Prompt user for action - if this option is selected, you can:

create an information message that will be displayed in an entry field to notify the user that the operating system must be restarted. specify a frequency of notifications about the operating system restart if the user cancelled the restart, by checking the Repeat prompt every (min.) box and specifying the interval for the message to be displayed;
specify automatic restart of the computer's operating system if it is not performed by the user within the specified time interval starting with the moment the application has been installed. In order to do it, check the Force the restart in (min.) box and specify the time interval.
If a locked computer needs to be rebooted, check Close Running Applications Automatically. By default this option is unchecked.
Figure 23. Installation package properties review window The Operating System restart tab
4.1.3. Creating and configuring the Network Agent installation package
The installation package for the remote installation of the Network Agent does not have to be created manually. It is created automatically during the installation of Kaspersky Administration Kit and located in the Remote installation node.
If the package for the remote installation of the Network Agent has been deleted, then in order to create it again, select file klnagent.kpd located in the NetAgent folder of the Kaspersky Administration Kit distribution package to be used as the file that contains the description The settings of the Network Agent installation contain a minimum set of settings required to ensure the functioning of the component immediately following its installation. The values of the settings match the values of the default application settings. If required, these can be changed using the Settings and the Administration Group tabs of the installation package properties window. The Settings tab (see Figure 21) contains settings used by the Network agent after it is installed on the client computers to connect to the Administration Server (by default, values of the current server will be used during the creation). Address of the computer on which the Administration Server is installed. Number of port used for unsecured connection to the Administration Server. By default port 14000 is used. If this port is busy, you can change it. Number of port used for secure connection to the Administration Server using SSL protocol. By default port 13000 is used. Only decimal representation is allowed. Certificate file for authentication of the access to the Administration Server. The value of this setting is determined by the Use the Server Certificate box. If the box is not checked by default, the certificate file will be automatically obtained from the Administration Server when the Agent connects to it for the first time. If the Use Server Certificate box is checked, authentication will be performed based on the certificate file specified using the Browse button. This file has extension.cer and is located in the Cert folder of the Kaspersky Administration Kit installation folder. You can change the certificate file by selecting the file you need using the Browse button. Which port will be used by the Network Agent to connection to the Server: simple or secure. The value of this setting is determined by the Use SSL connection box. If the box is checked, the connection is performed via a secure port using SSL protocol, if the box is unchecked, the connection is performed via an unsecured port. The proxy server connection settings. If a proxy server is used by the Network Agent to connect to the Server, check the Use proxy server

box. After this press the Settings button and in the window that will open enter the proxy server address, user name and the password. Opening UDP Port 137 used to obtain Administration Server IP address in Kaspersky Antivirus 6.0 Anti-Hacker. Check Enable NetBIOS in Kaspersky Antivirus 6.0 Anti-Hacker. Adding a UDP port required by the Administration Agent to the Microsoft Windows firewall exceptions list. Check Open Administration Agent Ports on Microsoft Windows Firewall.
After the installation of the Network Agent you can change the values of the settings used to connect to the Administration Server using the policy and the application's settings. If you remotely reinstall the Network Agent on the client computer the values of the settings used to connect to the Server and the Administration server certificate will be replaced with new ones. The Administration Group tab (cf. Figure 25) is used to define a subgroup of the Network group into which computers will be added after the Network Agent has been installed on them. You can select of the following options: add computers to folders Corresponding to the computer position in the Windows network: domain or a work group (this option is selected by default); add all computers In group specified in the entry field. If you select this option, enter the name of the folder in the field below. If the Network group does not contain such folder, it will be created (you can also indicate the name of any existing folder in the Network group). This folder will be used to store all computers newly detected in the network; even if a computer had previously been detected by the Administration Server and put into the folder corresponding to its position within the network before the installation of the Network Agent. Computers detected in the network prior to the installation of the Network Agent will remain in their old positions in the Network group. After the installation of the Network Agent you can not change the folder to store the computers in the Network group as this setting is not included into the policy and the application settings.
Figure 24. Administration Agent Installation Package Properties Windows. Administration Group Tab

5. 6. 7.

Figure 42. Creating a list of slave administration servers
Then create the schedule to launch the task
Figure 43. Application Deployment to slave administration servers task. Settings tab.
4.1.9. Remote software removal
In order to remotely remove the software: Create a task similarly to creation of a deployment task (see section 0 on page 53); select Remote application removal as the task type and select the required Kaspersky Lab's application from the Application to be removed drop-down list in the Application window (see Figure 44). In order to remove a third-party application, check the Third-party application and select the application to be removed. The drop-down list contains the list of applications detected on the computers of the logical networks after the Network Agent had been installed on these computers.
Figure 44. Selecting an application to be removed
The task you created will be run according to the schedule.

4.2. Deployment wizard

You can use deployment wizard to install Kaspersky Lab's applications. This wizard allows performing application deployment using the forced installation method using installation packaged created or directly from the distribution package. The wizard performs the following: creation of an installation package to install the application (if such package has not been installed earlier). The package is stored in the Remote installation node under the name that matches the name and the version of the application and can be used to install the application later. creation and launching of global and group deployment tasks. The task created will be located in the Global tasks or Group tasks folder of the group for which the task was created and can be manually run later. The name of the task matches the name of the package for the application installation: Installation <Name of the selected installation package>.
In order to install application using the deployment wizard: 1. Connect to the required Administration Server. 2. In the console tree of the main Kaspersky Administration Kit application window select the node corresponding to the required Administration Server, open the shortcut menu and select the Deployment wizard command or use the analogous command in the Action menu. This will run the wizard. Follow its instructions. 3. In the window that will open (see Figure 45) specify the installation package that will be installed. If you are installing the application from a distribution package and/or if the installation package has not been created, create a new installation package. In order to do it press the New button; this will open the installation package creation wizard (see section 4.1.1 on page 37).

Figure 45. Selecting an installation package
4. In the next wizard window, if required, specify the Network Agent installation package to be jointly installed (details see section 0 on page 53). 5. In the wizard window (see Figure 46) determine on which computers the application will be installed. In order to do it, select one of the options:
Install the application onto selected computers, if you select this option, then after the wizard is complete a global application deployment task will be created. Install application onto computers in the administration group - as the result of the wizard's work, a group task will be created.
Figure 46. Selecting a task type
6. Then if you are creating a group task, specify a group on whose computers the application will be remotely installed (see Figure 47), or select computers for the installation. If the application must be installed on all client computers within the logical network, select the Groups group.
Figure 47. Selecting a group
7. Then determine under which account the deployment task will be run on the computers (details see section 0 on page 53).
Figure 48. Selecting a user's account
8. After this a window will open that will display the process of distribution and execution of the deployment task on the computers of the selected group (see Figure 49). You can switch to the final window of the wizard without waiting for the process to be completed. In order to do it, press the Next button. You can view detailed information about the results of the task execution on each computer using the History button.
Figure 49. Deployment task execution
4.3. Local software installation
The local software installation is performed individually on each computer. In order to perform local installation you must have the administrator's right for the local computer. Some applications that support administration using Kaspersky Administration Kit can be installed on computers only locally. Details see Guides to the corresponding applications. General procedure for the software installation during local deployment of the anti-virus protection system can be as follows: install the Network Agent and configure the connection between the client computer and the Administration Server (see section 4.3.1 on page 76);
install the required applications on the computer that will be included into the anti-virus protection system according to the description in the corresponding Guides; install the administration plugin for each of the installed Kaspersky Lab's applications into the administrator's workstation (see section 4.3.2 on page 81).

To generate a Kaspersky Administration Kit answer file: 1. Use the command line to go to the folder containing a Kaspersky Administration Kit distribution and run the executable with switches /r and /f1"<file path>\setup.iss"2 (for example, setup.exe /r /f1"C:\setup.iss"). 2. This will start the application installation wizard on the host computer. Follow the prompts offered by the wizard to configure application installation settings. For example, Administration Server or Console only may be selected for installation.
Once the installation is complete, the selected version of Kaspersky Administration Kit will have been installed on the host computer, and an answer file will have been generated and placed in the specified directory. The resulting answer file should be copied into the relevant installation package folder on the Administration Server. This will cause Kaspersky Administration Kit to install noninteractively using one of the methods above with the configuration specified in the answer file. An answer file may be used to update Kaspersky Administration Kit noninteractively. However, it can only be used to update the application version that had been utilized to generate the file.
The complete path to the answer file must be specified.

APPENDIX A. GLOSSARY

This Guide uses some specific terms related to anti-virus protection. Glossary is a list of definitions of these terms. The glossary entries are arranged in alphabetical order to facilitate using the glossary. A Available updates Service Packs that contain urgent updates accumulated over time and latest changes in the application architecture. Administration group Computers grouped in accordance with their functional and installed Kaspersky Lab applications. Grouping significantly facilitates the management process and allows the administrator to manage all computers as a single entity. A group might include other groups. Group policies and group tasks can be created for each application of installed on group members. Administration Console A Kaspersky Administration Kit component that provides user interface for the administrative services of the Administration Server and Network Agent. Anti-virus database A database created by Kaspersky Lab specialists that contains detailed definitions of all currently existing viruses and methods for their detection and disinfection. Anti-virus applications use the database to successfully detect and disinfect viruses. The anti-virus database available on the Kaspersky Lab websites is regularly updated as new virus threats appear. Registered users of Kaspersky Lab applications have access to database updates. To keep your computer constantly protected from viruses, we strongly recommend that you download updates on a regular basis. Administrator workstation A computer where the Administration Console of Kaspersky Administration Kit is installed. Using the Console, the administrator can build and manage the anti-virus protection system based on Kaspersky Lab applications. Anti-virus protection status Current status of anti-virus protection that characterizes the security level for your computer. Administration Server A Kaspersky Administration Kit component that centrally stores information about Kaspersky Lab applications installed on clients and manages these applications. Administration Server certificate A certificate used to authenticate the Administration Server upon connection of the Administration Console to the server and data transmission between the server and clients. The Administration Server certificate is created during the installation of the

Startup objects A set of programs that are necessary for launching and smooth operation of the operating system and other software installed on your computer. Your operating system launches these objects during each startup. Some viruses attempt to infect the startup objects and can cause a startup failure. Suspicious object An object that contains either a modified code of a well-known virus or a code reminiscent of a virus yet unknown to Kaspersky Lab specialists. Scan files by format In this scanning mode, the program analyzes the contents of a file, namely, the format identifier in the file header. Scan files by extension In the scanning mode, the program takes into account the scanned file extension. T Task An action that has a name performed by a Kaspersky Lab application. Third party application An anti-virus application by a third-party vendor or a Kaspersky Lab's application not supporting administration via Kaspersky Administration Kit. U Unknown virus A new virus that is not recorded in the anti-virus database. As a rule, Kaspersky Anti-Virus detects unknown viruses using an heuristic code analyzer and objects containing these viruses are identified as suspicious. Updating A function of Kaspersky Anti-Virus that updates/adds new files (anti-virus database or program modules) retrieved from Kaspersky Lab update servers. Updating agents - computers that act as intermediate centers for distributing updates and installation packages within the administration groups. V Virtual drives (RAM drives) A part of RAM emulating a normal physical disk of a personal computer. Virus activity threshold number of viruses detected for a specified time interval. When this number is exceeded, the situation is regarded as a Virus outbreak (virus attack). This parameter is important for defining virus epidemics because the administration can respond in a timely fashion to new threats and take preventive measures to protect his/her network.
APPENDIX B. KASPERSKY LAB
Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks. Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has representative offices in the United Kingdom, France, Germany, Japan, USA (CA), the Benelux countries, China, Poland, and Romania. A new company department, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky Lab's partner network incorporates more than 500 companies worldwide. Today, Kaspersky Lab employs more than 450 specialists, each of whom is proficient in anti-virus technologies, with 10 of them holding M.B.A. degrees, 16 holding Ph.Ds, and senior experts holding membership in the Computer AntiVirus Researchers Organization (CARO). Kaspersky Lab offers best-of-breed security solutions, based on its unique experience and knowledge, gained in over 14 years of fighting computer viruses. A thorough analysis of computer virus activities enables the company to deliver comprehensive protection from current and future threats. Resistance to future attacks is the basic policy implemented in all Kaspersky Lab's products. At all times, the companys products remain at least one step ahead of many other vendors in delivering extensive anti-virus coverage for home users and corporate customers alike. Years of hard work have made the company one of the top security software manufacturers. Kaspersky Lab was one of the first businesses of its kind to develop the highest standards for anti-virus defense. The companys flagship product, Kaspersky Anti-Virus, provides full-scale protection for all tiers of a network, including workstations, file servers, mail systems, firewalls, Internet gateways, and hand-held computers. Its convenient and easy-to-use management tools ensure advanced automation for rapid virus protection across an enterprise. Many well-known manufacturers use the Kaspersky Anti-Virus kernel, including Nokia ICG (USA), F-Secure (Finland), Aladdin (Israel), Sybari (USA), G Data (Germany), Deerfield (USA), Alt-N (USA), Microworld (India) and BorderWare (Canada). Kaspersky Lab's customers benefit from a wide range of additional services that ensure both stable operation of the company's products, and compliance with specific business requirements. Kaspersky Lab's anti-virus database is updated every hour. The company provides its customers with a 24-hour technical support service, which is available in several languages to accommodate its international clientele.

(ii) You accept all responsibility for the selection of this Software to meet your requirements. Kaspersky Lab does not warrant that the Software and/or the Documentation will be suitable for such requirements nor that any use will be uninterrupted or error free; (iii) Kaspersky Lab does not warrant that this Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus; (iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item; (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended or (c) use the Software other than as permitted under this Agreement; (vi) The warranties and conditions stated in this Agreement are in lieu of all other conditions, warranties or other terms concerning the supply or purported supply of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (v) have effect between the Kaspersky Lab and your or would otherwise be implied into or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care). 7. Limitation of Liability
(i) Nothing in this Agreement shall exclude or limit Kaspersky Labs liability for (i) the tort of deceit, (ii) death or personal injury caused by its breach of a common law duty of care or any negligent breach of a term of this Agreement, (iii) any breach of the obligations implied by s.12 Sale of Goods Act 1979 or s.2 Supply of Goods and Services Act 1982 or (iv) any liability which cannot be excluded by law. (ii) Subject to paragraph (i), the Supplier shall have no liability (whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue;