Kaspersky Administration Kit 8.0

ADMINISTRATOR'S GUIDE

APPLICATION VERSION: 8.0
Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers regarding this software product. All materials may only be duplicated, regardless of form, or distributed, including in translation, with the written permission of Kaspersky Lab. This document and graphic images related to it can be used exclusively for information, non-commercial or personal purposes. The document can be modified without prior notification. For the latest version of this document refer to Kaspersky Lab's website at http://www.kaspersky.com/docs. Kaspersky Lab shall not be liable for the contents, quality, frequency of updates, or accuracy of materials used in this document that belong to other individuals or entities, including liability for any potential losses associated with the use of these materials. This document involves the registered trademarks and service marks which are the property of their respective owners. Revision date: 9/14/09 1997-2009 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com/

CONTENTS

KASPERSKY ADMINISTRATION KIT..... 5 Distribution package.... 5 Services for registered users..... 5 Obtaining information about the application.... 6 Data sources for independent research.... 6 Contacting the Technical Support Service.... 7 Discussion of Kaspersky Lab's applications in web forum... 8 Purpose of the document..... 8 Application features..... 8 Application structure.... 9 Hardware and software requirements..... 9 What's new..... 12 BASIC CONCEPTS...... 14 Administration Server. Administration groups.... 14 Administration Server Hierarchy.... 15 Client computer. Group..... 15 Administrator's workstation.... 16 Application configuration plug-in.... 16 Policies, application settings and tasks.... 17 Relation between policies and local application settings... 18 KASPERSKY ADMINISTRATION KIT OPERATION CONCEPT... 20 Deployment of the anti-virus protection system.... 20 Compatibility with Cisco Network Admission Control (NAC)... 20 Compatibility with Microsoft Network Access Protection (NAP).... 21 Creation of the centralized management system for anti-virus protection... 21 Connection of client computers to Administration Server.... 22 Secure connection to the Administration Server.... 23 Administration Server certificate.... 23 Administration Server authentication during client computer connection.. 23 Administration Server authentication during Console connection... 24 Authentication of client computers on Administration Server... 24 Rights to access the Administration Server and its objects... 24 User interface concept.... 26 Configuring interface..... 26 Launching the application.... 27 Main program window.... 27 Console tree...... 28 Task pane..... 30 Results pane..... 33 Context menu..... 34 MANAGEMENT OF NETWORK COMPUTERS.... 35 Connection to the Administration Server.... 35 Granting rights..... 36 Viewing information about the computer network. Domains, IP subnets and Active Directory groups. 37
Quick Start Wizard..... 39 Creating, viewing and editing the structure of administration groups... 39 Groups..... 42 Client computers..... 43 Slave Administration Servers..... 45 REMOTE MANAGEMENT OF APPLICATIONS.... 48 Managing policies..... 48 Local application settings..... 52 Managing the operation of applications..... 52 UPDATING THE DATABASE AND PROGRAM MODULES.... 59 Downloading of updates to the Administration Server repository... 59 Distribution of updates to client computers... 62 Updating of slave Servers and their client computers.... 63 Distribution of updates via Update Agents.... 64 MAINTENANCE...... 66 Renewing your license.... 67 Quarantine and Backup..... 68 Event logs. Event selections..... 70 Reports..... 74 Detecting computers..... 77 Computer selections..... 79 Application registry.... 81 Control of virus outbreaks.... 82 Unprocessed files..... 85 Backup copying and restoration of Administration Server data... 85 GLOSSARY...... 87 KASPERSKY LAB..... 92 INDEX...... 93
KASPERSKY ADMINISTRATION KIT
The Kaspersky Administration Kit provides centralized solution for managing corporate network anti-virus security systems that are based on Kaspersky Lab's applications included in Kaspersky Open Space Security products. Kaspersky Administration Kit supports all network configurations that use the TCP/IP protocol. The application is a tool for corporate network administrators and anti-virus security officers.

IN THIS SECTION

Distribution package...... 5 Services for registered users..... 5 Obtaining information about the application..... 6 Purpose of the document..... 8 Application features..... 8 Application structure...... 9 Hardware and software requirements..... 9 What's new...... 12

Files of policies and groups tasks are distributed using multi-address IP delivery. Use Wake On LAN functionality is also available for clients in subnetworks other than the Administration Server subnet in the event of manual task launch. Restart settings for client computers can be specified in the properties of a remote deployment task. The algorithm used for restriction of the number of notifications sent within specified time unit has been modified; now the restrictions are calculated independently for each event type. Functionality for searching for groups and slave Administration Servers by Server hierarchy has been added. Statistics of Update Agents has been extended. The task for removal of external applications now allows removing several applications at once. Utility has been developed for preparation of computers included in a workgroup for remote deployment. Functionality for retrieval of updates necessary for an application immediately after the creation of its installation package has been implemented. Opportunity to take into account the applications connected to slave Administration Servers while downloading the required updates has been implemented. Classification of possible errors returned by the application deployment subsystem has been introduced and guidelines for troubleshooting of typical problems have been added. Functionality for automatic application of patches for the modules of the administration system components has been added.

BASIC CONCEPTS

This section explains the basic concepts used in Kaspersky Administration Kit. Definitions of these concepts and some terms are listed in the Glossary.
Administration Server. Administration groups.... 14 Administration Server Hierarchy.... 15 Client computer. Group..... 15 Administrator's workstation..... 16 Application configuration plug-in.... 16 Policies, application settings and tasks..... 17 Relation between policies and local application settings.... 18
ADMINISTRATION SERVER. ADMINISTRATION GROUPS
Components of Kaspersky Administration Kit allow remote management of Kaspersky Lab's applications within a corporate network. Computers with the installed Administration Server component will be further referred to as Administration Servers (or Servers). The whole variety of computers in the corporate network can be subdivided into groups arranged into a certain hierarchical structure. We shall refer to such groups as administration groups. The structure of administration groups is displayed in the console tree within the Administration Server node. Administration Server is installed on host computer as a service with the following set of attributes: under the name of Kaspersky Administration Server; using automatic startup type when the operating system starts; using to log on the Local System account or user account selected during component installation. Functions performed by an Administration Server or, more specifically, by the Administration Server component installed on it are as follows: storage of the administration groups structure; storage of configuration data copies for client computers; organization of repositories for distribution packages of Kaspersky Lab's applications; remote deployment and removal of applications from computers; updating databases and application modules; management of policies and tasks on client computers;

SECURE CONNECTION TO THE ADMINISTRATION SERVER
Data exchange between client computers and Administration Server as well as Console connection to Administration Server can be performed using the SSL (Secure Socket Layer) protocol. It allows identification of the interacting parties, encrypt the transferred data and protect them against modification during transfer. SSL protocol used in secure connections is based on authentication of the interacting parties and data encryption using public keys.
ADMINISTRATION SERVER CERTIFICATE
Administration Server authentication during connection of Administration Console to it and data exchange with client computers is based on the Administration Server certificate. The certificate is also used for authentication between master and slave Administration Servers. Administration Server certificate is created during installation of the Administration Server component; it is stored on Administration Server in the Cert subfolder of the program folder. Administration Server certificate is created just once during installation. You are advised to use the setup wizard to preserve it during installation of the Administration Server. If an Administration Server certificate gets lost, its restoration requires reinstalling the Administration Server component and data recovery (see section "Backup copying and restoration of Administration Server data" on page 85).
ADMINISTRATION SERVER AUTHENTICATION DURING CLIENT

COMPUTER CONNECTION

At the first connection of a client computer to Server its Network Agent downloads the Administration Server certificate and saves it locally. If the Network Agent is installed locally, the administrator can select the Administration Server certificate manually. Downloaded copy of the certificate is used to verify the Administration Server rights and permissions during subsequent connections. After that the Network Agent requests the Administration Server certificate at each connection of the client computer to Server and compares it with the local copy. If the copies do not match, Administration Server access to client computer is not allowed. If connection is initiated by an Administration Server, then the request from the Administration Server for connection via a UDP port is checked first in the same manner.

TASK PANE

The task pane is an area within the window containing the set of links for operations with the Administration Server objects and the Administration Server itself. There are two conventional views of task panes: standard and extended.
Extended task pane (see the figure below) is available for most nodes and objects of the console tree. It is an HTML page containing links for various operations, navigation to other Administration Server objects and brief information about the current object or node. A single node can have several task panes, which appear as tabs with their names displayed in the upper part of the informational pane. For convenient browsing between Administration Server nodes and objects, the upper part of the task pane offers a navigation chain: Getting started <node name>. <folder name> <object name>. Groups of links can be combined into blocks for more convenient arrangement in the pane.
Figure 5. Extended view of the task pane. The Managed computers node
For some objects of the console tree the task pane can display summarized information about an object, for example, the results of policy enforcement (see the figure below). In that case the extended pane also functions as the results pane (see section "Results pane" on page 33).
Figure 6. Policy task pane
For some nodes that have no extended task pane, the standard task pane is provided. It is represented by a set of links in the left part of the results pane (see the figure below). Links of the standard task pane, similarly to the extended pane, are used to proceed to performing various operations, viewing or editing object properties. The results pane including the task pane is available on a tab under the name of a corresponding node or folder.
Figure 7. Standard task pane for the Client computers node
In the Kaspersky Administration Kit documentation the term "task pane" means extended task pane. When references to the standard task pane are used, its items are described as part of the results pane.

RESULTS PANE

Results pane is a window area that displays different information: a list of computers, policies or tasks created using the specified templates, etc. There are two views of results panes: standard and extended, which are available on the identically named tabs. For generated reports the results pane contains diagrams as well as summarized and detailed information presented in tables (see the figure below). Results pane can consist of informational panels (see the figure below), each of them being a separate page. Data in the informational panels can be displayed as a table or (pie or bar) chart. Administrators can change the selection of pages and informational panels as well as the data and method of their presentation:

Remove child groups and client computers from groups. Add slave Administration Servers in order to decrease the load on the master Server, minimize intranet traffic and increase the reliability of remote management system. Move client computers from administration groups of one Server to the groups of another server.

GROUPS

Kaspersky Administration Kit provides an opportunity to create custom groups. To add a new group, use the Create a subgroup link on the results pane. A new folder with specified name will appear in the Managed computers node of the console tree (see the figure below). In the folder the system automatically creates the following subfolders: Policies. Group tasks. Client computers. Administration Servers. The Administration Servers folder will be displayed in the created folder, if the Display slave Administration Servers box is checked in the interface settings. They will be filled during definition of group policies, creation of group tasks and addition of slave Administration Servers.
Figure 13. Viewing the structure of Administration Server folders
You can add to a group client computers and child groups making up the next hierarchy level. You can configure the display of inherited policies and group tasks in child groups. You can also determine, which Kaspersky Lab's applications will be installed automatically on all client computers newly added to the group.
To automatically install Kaspersky Lab's applications on new computers running the Microsoft Windows 98 / ME operating systems, install the Network Agent on these computers in advance. In the future you can change the name of the group, move it to another group or delete it. A group is moved together with all child groups, slave Administration Servers, client computers, group policies and tasks. The system will apply to it all the settings corresponding to its new position in the hierarchy of administration groups. Groups are moved using the standard Cut / Paste commands of the context menu or the corresponding items from the Action menu or with the mouse. While moving groups, the requirement for a unique group name within a single hierarchy level must be observed. To resolve possible name conflicts, you should change the name before relocation. If a group name is not unique, then it will be supplemented with suffix_1, _2, and so on. You cannot rename the Managed computers folder because it is an in-built element of the Administration Console. A group can be deleted from the Administration Server folders if it contains no slave Administration Servers, child groups and client computers and there are no group tasks and policies associated with it. A selected group can be deleted using the Delete command from the context menu or the corresponding item from the Action menu.

REMOTE

MANAGEMENT OF APPLICATIONS
Later, you can modify or lock the policy settings for nested groups or application settings (see the figure below).
Figure 17. The policy properties window
Policy settings that can be "locked" are marked with the icon. To lock a setting, click the icon, and it will change to. Such parameters are not allowed for modification in the application settings, task settings or policies of child groups and slave Administration Servers. There is an opportunity to unlock modification of the settings for inherited policies. A policy has a higher priority compared with the local settings only if it prohibits modification of parameters (are locked ).
After creation, a policy is added to the Policies folder (see the figure below) of the corresponding group; it appears in the console tree and the system applies it to all nested groups and slave Administration Servers as an inherited policy.
Figure 18. Viewing the list of policies
You can delete, copy, export, and import the existing policies from one group to another using the commands of the context menu for the policy selected in the results pane. To import a policy from an external fie, use the link Import policy from a file in the task pane of the Policies node. Use the displayed dialog to specify the path to a file with the *.klp extension containing policy settings. Several group policies can be created for each application, but only one policy can be active at a time. The Active policy option must be selected in the settings of such policy. A policy can be activated upon the Virus outbreak event. Then return to the previous policy has to be performed manually. You can also create a policy for mobile users, which will be enforced immediately after computer disconnection from the Administration Server. You can configure the criteria for policy activation for mobile users using the Network Agent profiles. By default, a computer is considered to be disconnected from the Administration Server after three failed connection attempts. The time interval between attempts is defined in the Network Agent settings and in the Synchronization interval (min), and by default, it is set to 15 minutes. You can view the results of policy enforcement in Administration Console using the policy settings window (see the figure below). Local parameters are modified automatically based on the settings enforced when a policy is first applied to a client computer, i.e.: when clients are added to the policy area; when a policy is made active; when an anti-virus application associated with an existing policy is installed on the client computer. After a policy is deleted or revoked, the application will continue working with the settings specified in the policy. The settings may subsequently be modified manually.

MANAGING THE OPERATION OF APPLICATIONS
Managing the operation of applications installed on client computers is accomplished through creation and launch of tasks performing all basic functions: installation of applications, installation of licenses, scanning of files, updates of database and application modules, etc. The created tasks are displayed in the appropriate folder of the console tree. Icons reflecting the status of tasks are displayed next to their names. The icons and corresponding statuses are listed in the Reference Guide.
Kaspersky Administration Kit supports work with all types of tasks provided for local operations with an application. It also allows remote start and stop of applications using corresponding management tasks for the Network Agent. Detailed descriptions of task types for each Kaspersky Lab's application can be found in their respective Guides. In Administration Console remote application start and stop are accomplished using the corresponding tasks. An application task can only be created if the management plug-in for that application is installed on the administrator's workstation. To ensure network protection, administrators can create any number of various tasks (except for the tasks that can exist in one instance only) for all applications that can be managed via Kaspersky Administration Kit. E.g., to scan client computers functioning as workstations for the presence of malware, an on-demand scan task must be created for Kaspersky Anti-Virus for Windows Workstations. Applications management features and general service operations are implemented as tasks of the Administration Server and Network Agent components of Kaspersky Administration Kit. For those components the following task types are defined: Change Kaspersky Administration Server; Start/stop Kaspersky Lab's products on remote computer; Application deployment; Product deinstallation task; Manage client computer; Message; Packages retranslation task; Report Delivery; Administration Server data backup; Download updates to repository. Creation and launch of the tasks listed above have a number of peculiarities. For detailed description of work with them please see the Kaspersky Administration Kit Reference Guide. You can create group and local tasks, tasks for specific computers and Kaspersky Administration Kit tasks belonging to these task types. Remote deployment task supports creation of group tasks and tasks for specific computers. Updates download tasks, backup, and reports delivery tasks only support creation of Administration Server tasks. The updates download task and the task of the Administration Server data backup can be created in a single instance only, and they are executed for one host only - the computer running the Administration Server. Group tasks are stored in the Group tasks subfolders of the corresponding groups (see the figure below). To create a group task, open in the console tree the Group tasks folder of the target group and use the link to Create a new task in the task pane. Tasks for specific computers are stored in the corresponding node of the console tree Tasks for specific computers. To create a task for specific computers, choose the Tasks for specific computers node in the console tree and use the link to Create a new task in the task pane.

Figure 36. Viewing Kaspersky Administration Kit event log
For simpler viewing and data search information in the Events node is distributed among selections. By default, the following selections are available: Recent events, Critical events, Functional failures, Warnings, Informational events, and Audit events. A selection allows the search and ordered presentation of information about registered events, since, after a selection is applied, only the data matching its settings remains available. This is very important since the Server stores a considerable amount of information. There is an opportunity to create more selections, change the set of displayed columns and save event selection to a txt-file.
To create a selection, use the Create / New selection command from the context menu of the Events node. As a result, a folder with the name you have specified for the selection will appear in the Events node of the console tree. It will contain all events and task results. To change the data displayed, configure the selection (see the figure below).
Figure 37. Customizing an event selection. The Events tab
Logged events are deleted automatically (when the storage time defined in the policy elapses) or manually using the Delete command of the context menu. You can delete an individual event selected in the results pane, all events, or events matching the specified conditions.
You can check the list of events registered in the application operation for each client computer in the Events window (see the figure below), that can be accessed using the Events context menu command. The window displays information from Kaspersky Administration Kit event log stored on Administration Server. To search necessary information, you can use events filter.
Figure 38. Viewing events stored on the Administration Server

REPORTS

You can receive reports about the status of anti-virus protection based on the information stored on Administration Server. You can trace the anti-virus protection status of the client computer using the data written into the system registry by the Network Agent. Reports can be generated for the following objects: the whole system of anti-virus protection; computers of a specific administration group; a set of client computers from different administration groups; the system of anti-virus protection corresponding to slave Administration Servers. The following types of reports are supported: Protection status: Protection status report contains information about client computers that have insufficient level of antivirus security.
Errors report contains information about errors (functional failures), registered in the operation of applications installed on client computers. Event report contains a list of application events for the selected group. The system only adds to the list events that have been specified during report creation. Report on Update Agents activity contains the statistics of Update Agents operation in the selected administration groups. Slave Administration Servers report contains information about the slave administration servers, included in the selected administration groups. Deployment: License usage report contains information about the status of licenses used by Kaspersky Lab's applications and observance of the restrictions provided for in those licenses. Kaspersky Lab software version report contains information about the versions of Kaspersky Lab's antivirus applications installed on client computers. Incompatible applications report contains information about the anti-virus applications of other vendors installed on client computers or Kaspersky Lab's applications that do not support management via Kaspersky Administration Kit. Protection coverage report contains a list of network computers and information about the anti-virus applications installed on those hosts. Update: Anti-virus database usage report contains information about the database versions used by the applications. Kaspersky Lab applications versions updates report contains summarized information about the versions of installed updates to the program modules, the number of installed updates and the number of computers and groups where they have been installed. Anti-virus statistics: Viruses report provides information about the results of anti-virus scanning of client computers. Most infected computers report includes information about client computers, the scanning of which has revealed the largest number of suspicious objects. Network attack report provides information about the network attacks registered on client computers. Summary Report on Workstation and File Server Protection Applications contains detailed information about the installed anti-virus applications for protection of workstations and file servers as well as information about the infected objects revealed by applications of that type and appropriate actions. Summary Report on Mail System Protection Applications contains detailed information about the installed anti-virus applications for protection of mail servers as well as information about the infected objects revealed by applications of that type and appropriate actions. Summary Report on Perimeter Defense Applications contains detailed information about the installed anti-virus applications for perimeter defense as well as information about the infected objects revealed by the applications of that type and appropriate actions. Summary Report on Installed Application Types contains information about the types of anti-virus applications installed on client computers and the information about the infected objects revealed by applications of that type and appropriate actions. Users of infected computers report contains information about the most dangerous network users.

Figure 43. Configuring a computer selection. The General tab

APPLICATION REGISTRY

This section is disabled by default. To enable the Applications registry, check the corresponding box in the interface settings of the Administration Server. To view the registry of applications installed on network computers, open the Applications registry folder of the Repositories node. Information about applications is provided from the system registry of client computer in LAN; it is summarized in a table containing the following fields: Name application name; Version application version; Manufacturer vendor name; Number of computers the number of network hosts where the application is installed; Comments brief application description; Technical Support Service web site address of the Technical Support Service;
Technical Support phone number phone number of the Technical Support Service. The Comments, Technical Support Service and Technical Support phone number fields can be empty if an application manufacturer has not provided the opportunity to add the corresponding data to system registry during application setup. You can use a filter to view information about the applications matching certain criteria. The system allows viewing the list of computers where an application is installed for the listed software.
CONTROL OF VIRUS OUTBREAKS
Kaspersky Administration Kit allows control over virus activity on client computers using the Virus outbreak event registered in the Administration Server operation. This feature is very important during the periods of virus outbreaks since it enables administrators to react in a timely manner to occurring virus attack threats. The criteria used to register a Virus outbreak event are defined in the Administration Server settings, on the Virus outbreak tab (see the figure below). An event can be registered for several types of applications. To enable recognition of virus outbreaks, check the boxes next to the necessary types of applications: Anti-virus for workstations and file servers. Perimeter defense anti-virus. Mail system anti-virus. Set the virus activity threshold for each application type which when exceeded will trigger a Virus outbreak event: In the Viruses field the number of viruses found within by the applications of that type.

LOCAL TASK

A task defined and running on a single client computer.
LOGICAL NETWORK ADMINISTRATOR
The person managing the application operations via the Kaspersky Administration Kit system of remote centralized administration.

LOGICAL NETWORK OPERATOR

A user monitoring the status and operation of a protection system managed via Kaspersky Administration Kit.
LOGIN SCRIPT-BASED INSTALLATION
Method for remote installation of Kaspersky Lab's applications, which allows you to link the start of a remote setup task to specified user account(s). When the user logs in to domain, the system attempts to install the application on the corresponding client computer. This method is recommended for deployment of the company's applications to computers running Microsoft Windows 98 / Me operating systems.

NETWORK AGENT

Network Agent is a component of Kaspersky Administration Kit that coordinates interaction between the Administration Server and Kaspersky Lab's applications installed on a specific network node (a workstation or a server). This component
supports all Windows applications included in Kaspersky Lab's products. Separate versions of the Network Agent exist for Kaspersky Lab's Novell and Unix applications.
PERIOD OF LICENSE VALIDITY
Time period during which you can use full functionality of a Kaspersky Lab's application. Typically, a validity period of a license is one calendar year since its installation. After license expiry the application functionality becomes limited: you cannot update the application database.

POLICY

A set of application settings in an administration group managed via Kaspersky Administration Kit. Application settings can differ in various groups. A specific policy is defined for each application in a group. A policy includes the settings for complete configuration of all application features.

PROTECTION STATUS

Current protection status, which characterizes the level of computer security.

PUSH INSTALL

Method for remote installation of Kaspersky Lab's applications, which allows you to install software on the specified client hosts within a logical network. For successful push install completion, the account used for the task must have sufficient rights for remote execution of applications on client computers. This method is recommended for software deployment to computers running Microsoft Windows NT / 2000 / 2003 / XP operating systems and supporting that functionality or to computers running Microsoft Windows 98 / Me with the Network Agent installed.

REMOTE INSTALL

Installation of Kaspersky Lab's applications using the services provided by Kaspersky Administration Kit.
REPOSITORY FOR BACKUP COPIES
Special folder for storage of Administration Server data copies created using the backup utility.

RESERVE LICENSE

The license installed for the operation of a Kaspersky Lab's application, which has not been activated. A reserve license is activated when the current license expires.

RESTORATION

Relocation of the original object from Quarantine or Backup to its original folder where the object had been stored before it was quarantined, disinfected or deleted, or to a user-defined folder.
RESTORATION OF ADMINISTRATION SERVER DATA
Restoration of Administration Server data from the information saved in backup copy using the backup utility. The utility allows restoring: information database of the Administration Sever (policies, tasks, application settings, events saved on the Administration Server); configuration information about the structure of the logical network and client computers; repository of the installation files for deployment of applications (content of the Packages, Uninstall, Updates folders); Administration Server certificate.
Functions performed by a Kaspersky Lab application are implemented as tasks, for example: Real-time protection of files, Full computer scan and Database update.
TASK FOR SPECIFIC COMPUTERS
A task assigned for a set of client computers from arbitrary administration groups within a logical network and performed on those hosts.

TASK SETTINGS

Task-specific application settings.

UPDATE

The procedure of replacement / addition of new files (databases or application modules), downloaded from the Kaspersky Lab's update servers.

UPDATE AGENT

Computer acting as an intermediate source for distribution of updates and installation packages in an administration group.

VIRUS ACTIVITY THRESHOLD

Maximum allowed number of events of the specified type within a limited time; when exceeded, it is interpreted as an increase of virus activity and threat of a virus attack. The property is important during the periods of virus outbreaks since it enables administrators to react in a timely manner to occurring virus attack threats.

KASPERSKY LAB

Kaspersky Lab was founded in 1997. Today it is the leading Russian developer of a wide range of high-performance information security software products, including anti-virus, anti-spam and anti-hacking systems. Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has offices in the United Kingdom, France, Germany, Japan, the Benelux countries, China, Poland, Romania and the USA (California). A new company office, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky Lab's partner network includes over 500 companies worldwide. Today, Kaspersky Lab employs over a thousand highly qualified specialists, including 10 MBA degree holders and 16 PhD degree holders. All Kaspersky Lab's senior anti-virus experts are members of the Computer Anti-Virus Researchers Organization (CARO). Our company's most valuable assets are the unique knowledge and collective expertise accumulated during fourteen years of continuous battle against computer viruses. Thorough analysis of computer virus activities enables the company's specialists to anticipate trends in the development of malware, and to provide our users with timely protection against new types of attacks. This advantage is the basis of Kaspersky Lab's products and services. The company's products remain one step ahead of other vendors in delivering comprehensive anti-virus coverage to our clients. Years of hard work have made the company one of the top anti-virus software developers. Kaspersky Lab was the first to develop many of the modern standards for anti-virus software. The company's flagship product, Kaspersky Anti-Virus, reliably protects all types of computer systems against virus attacks, including workstations, file servers, mail systems, firewalls, Internet gateways and hand-held computers. Its easy-to-use management tools maximize the automation of anti-virus protection for computers and corporate networks. A large number of developers worldwide use the Kaspersky Anti-Virus kernel in their products, including Nokia ICG (USA), Aladdin (Israel), Sybari (USA), G Data (Germany), Deerfield (USA), Alt-N (USA), Microworld (India), and BorderWare (Canada). Kaspersky Lab's customers enjoy a wide range of additional services that ensure both stable operation of the company's products and full compliance with the customer's specific business requirements. We design, implement and support corporate anti-virus systems. Kaspersky Lab's anti-virus database is updated every hour. The company provides its customers with 24-hour technical support service in several languages. If you have any questions, comments, or suggestions, you can contact us through our dealers, or at Kaspersky Lab directly. We will be glad to assist you, via phone or email, in any matters related to our products. You will receive full and comprehensive answers to all your questions. Kaspersky Lab official site: http://www.kaspersky.com

Virus Encyclopedia:

http://www.viruslist.com

Anti-virus laboratory:

newvirus@kaspersky.com (only for sending archives of suspicious objects) http://support.kaspersky.ru/helpdesk.html?LANG=en (for queries to virus analysts)
Administration groups..... 14 Administration Server..... 14 Administration Server certificate..... 23 Applications registry..... 81

Backup..... 68

Client computers..... 15, 43 Computer selections..... 79 Console tree..... 28 Context menu..... 34
Data backup..... 85 Database...... 9 Deployment...... 20 Detecting computers..... 77
Event log..... 70 Event selections...... 70
Hardware requirements..... 9
Launching application..... 27 License current...... 67 renewal..... 67
Management connection to the Administration Server.... 35 granting rights..... 36 initial configuration..... 39 local settings...... 52 network information..... 37 Managing application..... 52

Policies..... 17

Quarantine and Backup..... 68
Reports..... 74 Results pane...... 33
Slave Administration Servers.... 45 Software requirements..... 9

Tasks...... 17

Updates distribution..... 62, 64 download...... 59

KASPERSKY LAB

Kaspersky Administration Kit 6.0

Deployment Guide

KASPERSKY ADMINISTRATION KIT 6.0
Kaspersky Lab Ltd. Visit our website: http://www.kaspersky.com/ Revision date: February 2007.

Contents

CHAPTER 1. KASPERSKY ADMINISTRATION KIT.. 5 1.1. Purpose, structure and main functions... 5 1.2. Software and Hardware Requirements... 7 1.3. Distribution kit.... 9 1.4. Help desk for registered users... 9 1.5. The purpose of this document... 9 1.6. Conventions.... 10 CHAPTER 2. TYPICAL SCHEMES OF DEPLOYMENT OF ANTI-VIRUS PROTECTION... 11 2.1. Schemes of deployment of anti-virus protection on the computers within the logical network.... 11 2.2. Building a centralized anti-virus protection administration system.. 12 CHAPTER 3. INSTALLING KASPERSKY ADMINISTRATION KIT.. 14 3.1. Installing MSDE from the Kaspersky Administration Kit distribution package. 15 3.2. Installing the Administration Server and Administration Console on Local Host.... 17 3.3. Removing Kaspersky Administration Kit components.. 33 3.4. Updating the application version... 33 CHAPTER 4. INSTALLATION AND REMOVAL OF SOFTWARE ON THE COMPUTERS... 35 4.1. Remote software installation... 36 4.1.1. Creating an installation package... 37 4.1.2. Reviewing and configuring the installation package settings.. 40 4.1.3. Creating and configuring the Network Agent installation package. 45 4.1.4. Creating and Configuring Administration Server Installation Package. 49 4.1.5. Creating a task for distribution of the installation package on the slave Administration Servers.... 49 4.1.6. Distribution of the installation packages within a group using network agents... 51
Kaspersky Administration Kit
4.1.7. Creating a remote installation task... 53 4.1.8. Configuring the deployment task... 66 4.1.9. Deploying application to slave administration servers.. 68 4.1.10. Remote software removal... 70 4.2. Deployment wizard.... 71 4.3. Local software installation... 75 4.3.1. Local installation of the Network Agent... 76 4.3.2. Local installation of the application administration plugin.. 81 4.3.3. Installing applications in non-interactive mode.. 82 APPENDIX A. GLOSSARY... 84 APPENDIX B. KASPERSKY LAB... 91 B.1. Other Kaspersky Lab Products... 92 B.2. Contact Us.... 98
CHAPTER 1. KASPERSKY ADMINISTRATION KIT
1.1. Purpose, structure and main functions
Kaspersky Administration Kit is an application that is designed to provide a centralized solution for most important administration tasks associated with managing the corporate network anti-virus security system based on Kaspersky Labs applications included into Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite. Kaspersky Administration Kit supports all network configurations that use TCP/IP protocol. Kaspersky Administration Kit is a tool for corporate network administrators and anti-virus security officers. The application enables the administrator to: Deploy or remove Kaspersky Lab applications across a network connection to computers within the network. This feature enables the administrator to copy the required set of Kaspersky Lab's applications to a selected computer and then deploy these applications on the network computers. Ensure remote centralized management of Kaspersky Lab applications. This feature enables the administrator to create a multi-level anti-virus protection system and manage the operation of all applications from a single administrator's workstation. This is particularly important for larger companies that have a local network consisting of a large number of computers that may cover several separate buildings or offices. This feature enables the administrator to: group computers into administration groups based on the functions performed by such computers and the set of applications installed on them; configure the application settings in a centralized way by creating and applying group policies; configure individual settings of the application for individual computers using the application settings. manage the operation of the applications in a centralized way by creating and running group and global tasks.
create individual patterns for the application's operation by creating and running tasks for a set of computers from different administration groups.
Automatically update the anti-virus database and application modules on computers. This feature allows centralized updating of the anti-virus database for all installed Kaspersky Lab's applications without accessing the Kaspersky Lab's internet updates server for each individual update. The updating can be performed automatically according to the schedule set up by the administrator. The administrator can monitor the installation of the updates on the client computers. Receive reports using a dedicated system. This feature allows centralized collection of statistical information about the operation of all installed Kaspersky Lab's applications, monitoring the correctness of the operation of these applications and creating reports based on the information obtained. The administrator can create a cumulative network report about the operation of an application or reports about the operation of application installed on each computer. Use events notification system. Mail notification sending system. This feature allows the administrator to create a list of events in the operation of the applications about which he or she will receive notifications. The list of such event may, for example, include detection of a new virus or an error that occurred when attempting to update the anti-virus database on a computer, detection of a new computer in the network. Perform license management. This capability supports centralized installation of license keys for all installed enterprise applications, tracking of compliance with the license agreement (number of licenses should correspond to number of running applications) and license agreement expiration date. Cooperate with Cisco Network Admission Control (NAC). This functionality provides a mapping between host antivirus protection conditions and Cisco NAC statuses.

7. During the next stage you will be offered to define resourse Microsoft SQL server (MSDE) or MySQL (see Figure 6), that will be used to store the Administration Server information database.
Figure 6. Selecting the database
8. If during the previous stage you selected MSDE or Microsoft SQL server and you are planning to use a server installed within the corporate network to work with Kaspersky Administration Kit, indicate such server's name in the SQL server name and specify the name of the database that will be created to store the Administration Server data in the SQL server database name (see Figure 7). The default database name is KAV.
Value (local) will be automatically assigned to the Server name field if an SQL server is detected on the computer from which Kaspersky Administration Kist is being installed. To display the list of all Microsoft SQL servers installed in the network, press the Browse button. If the Administration Server will be started under the local administrator's account or under the system account, the Browse button will not be available.
Figure 7. Selecting SQL server
If during the previous stage MySQL server was selected, specify in this window (see Figure 8) its name in the MySQL server name field (by default IP address of the computer onto which Kaspersky Administration Kit is being installed will be used) and specify port to be used for connection in the Port field (the default port is 3306). In the MySQL server database name field specify the database name that will be created to store the Administration Server data (by default the database will be created under name KAV). If during the previous stage MySQL server was selected, specify in this window
Figure 8. Selecting MySQL server
If there are no SQL servers in the network and you cannot use them, you have to install one (see section 3.1 on page 15). If you wish to install an SQL server on the computer from which you are installing Kaspersky Administration Kit, you have to abort the installation and restart it after you have installed the SQL server. If you install Kaspersky Administration Kit onto a remote computer, it is not required to interrupt the Kaspersky Administration Kit installation wizard. Install the SQL server and return to the Kaspersky Administration Kit installation. 9. During this step you have to define the authentication mode to be used by the Administration Server to connect to the SQL server. For MSDE or Microsoft SQL server you can select of the following two options (see Figure 9). Microsoft Windows Authentication Mode - in this case the account used to start the Administration server will be used to verify the rights; SQL Server Authentication Mode - if you select this option, the account specified below will be used to verify the rights. Fill in the Account, Password and Confirm password fields.

After you have finished configuring the Kaspersky Administration Kit installation settings, you can review them and start the installation. After the installation of the Administration Console an icon will appear in menu Start ProgramsKaspersky Administration Kit of your computer. This icon can be used to start the Console. The Administration Server and Agent will be installed on a host computer as services with attributes listed in Table 2. The table also lists properties of the Kaspersky Lab Posture Validation Server (PVS) for Cisco NAC, which is going to run on the host in question if appropriate components had been installed together with the Administration Server. Table 2 Property Service Name Displayed Service Name Administration Server CSAdminServer Kaspersky Administration Server Kaspersky Lab PVS for Cisco NAC nacserver Kaspersky Lab Cisco NAC Posture Validation Server Administration Agent klnagent Kaspersky Network Agent
Property Process Name in Windows Task Manager Startup Type User Name

Administration Server

Kaspersky Lab PVS for Cisco NAC

Administration Agent

klserver.exe

klnacserver.exe

klnagent.exe
Automatically, at operating system boot. Local Service or user specified.
A server version of the Network Agent will be installed on the computer together with the Administration Server. It is included into the structure of the Administration Server component and is installed or removed together with it and can only interact with the Administration Server installed locally. You do not have to configure the settings used by the Agent to connect to the Administration Server, as programmatically this connection is implemented based on the assumption that these components are installed on the same computer. Such configuration allows to avoid additional configuration and possible conflicts in the operation of the components if they are installed separately. A server version of the Network Agent is installed with the same attributes and performs the same application administration functions as the standard Network Agent. It will operate based on the policy of the group into which the Administration Server's computer is included as a client computer, all tasks provided for the Network Agent will be created except the Server change task. A separate installation of the Network Agent on the Administration Server's computer is not required. Its functions will be performed by the server version. You can review properties of the following services: Kaspersky Administration Server, Kaspersky Network Agent, and Kaspersky Lab Cisco NAC Posture Validation Server; and monitor their operation using the standard Windows administration tools - Computer Management Services. Information about operation of the Kaspersky Administration Server service will be registered and saved in the Windows system log on the computer where the Administration Server is installed, in a separate branch of the Kaspersky Event Log. Additionally, groups of local users KLAdmins and KLOperators will be created on the computer on which the Administration Server is installed. If the Administration Server is run under the account of a user included into the domain, then groups KLAdmins and KLOperators will be added to the list of groups of the domain users. Change of the list of the groups is performed using standard Windows administration tools.

CHAPTER 4. INSTALLATION AND REMOVAL OF SOFTWARE ON THE COMPUTERS
Before you start the installation, you must make sure that the software and hardware of the computers meet the corresponding requirements (see section 1.3 on page 9) Kaspersky Administration Kit allows installation and removal of Kaspersky Lab's applications using the following methods: remotely in a centralized way, via the Administration Console; locally, individually on each computer.
Connection of the Administration Server with the client computers is ensured by the Network Agent component. Therefore this component must be installed on each computer that will be connected to the remote centralized administration system before the installation of the anti-virus applications. If you use the centralized method to install the applications via the Administration Console, the Network Agent can be installed together with one of the applications. On the computer on which the Administration Server is installed, only server version of the Network Agent can be used. It is included into the Administration Server structure and is installed and removed together with the Administration Server (see section 3.2 on page 17). You do not have to install the Network Agent on this computer. The Network Agent is installed the same way as the applications - that is either remotely or locally. The Network Agents can differ depending on the Kaspersky Lab's applications for which they are installed. In some cases only local installation of the Network Agent is possible (details see Guides to the corresponding applications). The Network Agent is installed on the client computer only once. Kaspersky Administration Kit application administration interface is implemented by the corresponding administration plugins. Therefore, in order to access the application administration interface, the corresponding plugin must be installed on the administrator's workstation. In case of the remote installation method, it is installed automatically when the first installation package for the corresponding application is created. In case of a local installed on the client computer, the administration plugin must be installed manually by the administrator.
Under the current version of Kaspersky Administration Kit the following Kaspersky Lab applications may be managed remotely: Workstation and file server protection: Kaspersky Antivirus 5.0 for Windows File Servers; Kaspersky Antivirus 6.0 for Windows Servers; Kaspersky Antivirus 5.0 for Windows Workstations; Kaspersky Antivirus 6.0 for Windows Workstations; Kaspersky Antivirus 5.0 Second Opinion Solution; Kaspersky Antivirus 5.7 for Novell NetWare;
Perimeter defense: Kaspersky Antivirus 5.6 for Microsoft ISA Server 2000 Enterprise Edition.
Mail server protection: Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003, Planned Update 1; Kaspersky Security 5.5 for Microsoft Exchange Server 2003, Planned Update 1.

2. Select in the console tree the Remote installation node, open the shortcut menu and select command Create Installation Package or use the analogous item in the Action menu. This will start the wizard. Follow its instructions. 3. You will be offered to specify the name of the installation package and during the next step - to specify the application to be installed (see Figure 17). If you are installing an application that supports remote installation via Kaspersky Administration Kit, you have to select the Create the installation package for Kaspersky Lab's application option from the drop-down list. Using the Browse button, select file that contains description of the application (file has extension.kpd and is bundled with all Kaspersky Lab applications for which remote administration via Kaspersky Administration Kit is supported) or a self-extracting archive of the Kaspersky Lab's application (file has extension.exe and can be downloaded from the Kaspersky Lab's website). As the result, fields with the application name and the version number will be automatically filled in.
Figure 17. Creating an installation package. Selecting application to be installed
Settings of the installation package will be created by default and will correspond to the application selected to be installed. You can change the settings after the package is created using the package properties review window (see section 4.1.2 on page 40).
If you create an installation package to install other applications (see Figure 18): select Create installation package for application specified by the user from the drop-down list; indicate the path to the application distribution package using the Browse button; install the Copy entire folder into the installation package box, if the package must contain the entire content of the folder in which the distribution file is located; specify the settings used to run the executable file in the entry line provided if such settings are required to install the application (for example, running in non-interactive mode using switch /s).
Figure 18. Creating and installation package to install application specified by user.
4. In the next wizard window (see Figure 19), you can specify the license key that will be included into the installation package. In order to do it, press the Browse button and select the required file of the license key (file has extension.key) If you do not wish to include the license key into the installation package, simply press the Next> button.

4.1.4. Creating and Configuring Administration Server Installation Package
When creating an Administration Server installation package as a file with description, select file ak6.kpd, located in the root directory of the Kaspersky Administration Kit distribution. The properties of the Administration Server installation package are shown on two tabs: General (cf. Figure Figure 20) and Reboot OS (cf. Figure Figure 23). The other properties are the same as Administration Server default settings.
4.1.5. Creating a task for distribution of the installation package on the slave Administration Servers
In order to create the task for distribution of the installation package on the slave Administration Servers: 1. Connect to the Administration Server you need. 2. Select the Global tasks node in the console tree, open the shortcut menu and select the New Task command or use the analogous item in the Action menu. This will start the wizard. Follow its instructions. 3. For the Kaspersky Administration Kit application select the Packages retranslation task task type. 4. In the next wizard window (see Figure 25) select which installation packages must be distributed. Select one of the following options: All installation packages. Selected installation packages. In this case check boxes next to the names of the required installation packages in the table below.
Figure 25. Creating a set of installation packages
Specify the required value in the The maximum number of simultaneous downloads:. 5. In the next wizard window (see Figure 26) check boxes next to the names of the slave Administration Servers to which the installation packages must be distributed.
Figure 26. Selecting slave Administration Servers
6. In the next wizard window specify the task launch schedule (details see section 0 on page 53). 7. To exit the wizard when it is completed, press the Finish button.
4.1.6. Distribution of the installation packages within a group using network agents
In order to distribute installation packages within a group, you can use updating agents. The updating agents receive installation packages and updates from the Administration Server and save them in the Kaspersky Lab's application installation folder. The location of the folder that contains the updates and the installation packages cannot be changed; its size cannot be restricted. Later the installation packages will be distributed to the client computers using the multi-address delivery. Delivery of the new installation packages within a group is only performed once. If at the moment of the delivery a client computer was disconnected from the corporate logical network, then when the installation task is run the Network Agent will automatically download the required installation package from the updating agent.
In order to create the list of the updating agents and configure them to distribute installation packages to computers within a group, 1. Connect to the required Administration Server. 2. Select the required group in the console tree, open the shortcut menu and select the Properties command or use the analogous item in the Actions menu. 3. In the group properties window that will open, on the Updating Agents tab (see Figure 27) create the list of computers that will act as the updating agents within the group, using the Add and the Remove buttons.

Figure 43. Application Deployment to slave administration servers task. Settings tab.
4.1.9. Remote software removal
In order to remotely remove the software: Create a task similarly to creation of a deployment task (see section 0 on page 53); select Remote application removal as the task type and select the required Kaspersky Lab's application from the Application to be removed drop-down list in the Application window (see Figure 44). In order to remove a third-party application, check the Third-party application and select the application to be removed. The drop-down list contains the list of applications detected on the computers of the logical networks after the Network Agent had been installed on these computers.
Figure 44. Selecting an application to be removed
The task you created will be run according to the schedule.

4.2. Deployment wizard

You can use deployment wizard to install Kaspersky Lab's applications. This wizard allows performing application deployment using the forced installation method using installation packaged created or directly from the distribution package. The wizard performs the following: creation of an installation package to install the application (if such package has not been installed earlier). The package is stored in the Remote installation node under the name that matches the name and the version of the application and can be used to install the application later. creation and launching of global and group deployment tasks. The task created will be located in the Global tasks or Group tasks folder of the group for which the task was created and can be manually run later. The name of the task matches the name of the package for the application installation: Installation <Name of the selected installation package>.
In order to install application using the deployment wizard: 1. Connect to the required Administration Server. 2. In the console tree of the main Kaspersky Administration Kit application window select the node corresponding to the required Administration Server, open the shortcut menu and select the Deployment wizard command or use the analogous command in the Action menu. This will run the wizard. Follow its instructions. 3. In the window that will open (see Figure 45) specify the installation package that will be installed. If you are installing the application from a distribution package and/or if the installation package has not been created, create a new installation package. In order to do it press the New button; this will open the installation package creation wizard (see section 4.1.1 on page 37).

install the required applications on the computer that will be included into the anti-virus protection system according to the description in the corresponding Guides; install the administration plugin for each of the installed Kaspersky Lab's applications into the administrator's workstation (see section 4.3.2 on page 81).
Kaspersky Administration Kit support local application installation in noninteractive mode based on the files created during installation package creation (see section 4.3.3 on page 82).
4.3.1. Local installation of the Network Agent
In order to locally install the Network Agent on the computer: 1. Run file setup.exe (or setup.msi) located on the distribution CD of the Kaspersky Administration Kit application in folder NetAgent. The installation process is facilitated by the wizard. The wizard will offer you to configure the installation settings. Follow its instructions. 2. First steps of the installation process are the usual procedure and involve unpacking required files from the distribution package and copying them on the hard drive of your computer, accepting the license agreement and providing information about the user and the company. 3. Then you have to define the Network Agent installation folder. The default installation folder is Program Files\Kaspersky Lab\NetworkAgent. If such folder does not exist, it will be created automatically. To change the folder use the Browse button. 4. In the next wizard window (see Figure 50) you will have to configure settings used by the Network Agent to connect to the Administration Server. In order to do this define the following: address of the computer on which the Administration Server is or will be installed. The computer's IP address or name in the Windows network can be used as the computer address. Alternatively, you can select the computer using the Browse button. whether UDP Port 137, used to obtain Administration Server IP address needs to be opened in Kaspersky Antivirus 6.0 AntiHacker. If so, check Enable NetBIOS Name Service in Kaspersky Antivirus 6.0 Anti-Hacker.
the port number using which the Network Agent will connect to the Administration Server. By default port 14000 will be used. If it has been assigned, you can change it. Only decimal representation is allowed. port number that will be used for secure connection to the Administration Server using SSL protocol. By default port 13000 port is used. If it has been assigned, you can change it. Only decimal representation is allowed. In order to make sure that the connection is using a secured port (using SSL protocol) check the Use SSL to connect to server box.

To generate a Kaspersky Administration Kit answer file: 1. Use the command line to go to the folder containing a Kaspersky Administration Kit distribution and run the executable with switches /r and /f1"<file path>\setup.iss"2 (for example, setup.exe /r /f1"C:\setup.iss"). 2. This will start the application installation wizard on the host computer. Follow the prompts offered by the wizard to configure application installation settings. For example, Administration Server or Console only may be selected for installation.
Once the installation is complete, the selected version of Kaspersky Administration Kit will have been installed on the host computer, and an answer file will have been generated and placed in the specified directory. The resulting answer file should be copied into the relevant installation package folder on the Administration Server. This will cause Kaspersky Administration Kit to install noninteractively using one of the methods above with the configuration specified in the answer file. An answer file may be used to update Kaspersky Administration Kit noninteractively. However, it can only be used to update the application version that had been utilized to generate the file.
The complete path to the answer file must be specified.

APPENDIX A. GLOSSARY

This Guide uses some specific terms related to anti-virus protection. Glossary is a list of definitions of these terms. The glossary entries are arranged in alphabetical order to facilitate using the glossary. A Available updates Service Packs that contain urgent updates accumulated over time and latest changes in the application architecture. Administration group Computers grouped in accordance with their functional and installed Kaspersky Lab applications. Grouping significantly facilitates the management process and allows the administrator to manage all computers as a single entity. A group might include other groups. Group policies and group tasks can be created for each application of installed on group members. Administration Console A Kaspersky Administration Kit component that provides user interface for the administrative services of the Administration Server and Network Agent. Anti-virus database A database created by Kaspersky Lab specialists that contains detailed definitions of all currently existing viruses and methods for their detection and disinfection. Anti-virus applications use the database to successfully detect and disinfect viruses. The anti-virus database available on the Kaspersky Lab websites is regularly updated as new virus threats appear. Registered users of Kaspersky Lab applications have access to database updates. To keep your computer constantly protected from viruses, we strongly recommend that you download updates on a regular basis. Administrator workstation A computer where the Administration Console of Kaspersky Administration Kit is installed. Using the Console, the administrator can build and manage the anti-virus protection system based on Kaspersky Lab applications. Anti-virus protection status Current status of anti-virus protection that characterizes the security level for your computer. Administration Server A Kaspersky Administration Kit component that centrally stores information about Kaspersky Lab applications installed on clients and manages these applications. Administration Server certificate A certificate used to authenticate the Administration Server upon connection of the Administration Console to the server and data transmission between the server and clients. The Administration Server certificate is created during the installation of the

Quarantine A special storage that isolates infected and suspicious objects. R Real-time protection A scanning mode in which an anti-virus application is memory resident. In the real-time protection mode, the application scans all objects when you open them for reading, writing, or executing. Before enabling access to an object, Kaspersky Anti-Virus scans it for viruses and, if a virus is detected, blocks access to the object, disinfects it or deletes it (depending on user-defined settings). Recommended level The level of antivirus protection with default settings recommended by Kaspersky Lab experts which ensures the optimal protection of your computer. This level is set by default. Remote installation Installation of Kaspersky Lab applications using the services provided by Kaspersky Administration Kit. Restoring Restoring Administration Server data using a backup utility. The information for restoring is available in the backup storage. The utility allows you to restore: Administration Server database that stores policies, tasks, application settings, and events logged on the Administration Server Information about the logical networks and client configurations Installation files for the remote installation of applications (contents of the Packages, Uninstall, Updates folders) Administration Server certificate S Script-based installation An installation method that relates the remote installation task with a specified user account (several accounts). When the specified user logs onto the domain, the application will be installed on the client where this user has logged on. This method is recommended for use with computers running MS Windows 95/98/Me Settings, task Application settings specific for each type of task. Settings, applications Application settings specific for all types of tasks performed by this application. Severity level A parameter that classifies an event recorded during Kaspersky Anti-Virus performance. There are four severity levels: Critical Error Warning Info
Events of the same kind can be of different severity levels, depending on a specific situation.
Startup objects A set of programs that are necessary for launching and smooth operation of the operating system and other software installed on your computer. Your operating system launches these objects during each startup. Some viruses attempt to infect the startup objects and can cause a startup failure. Suspicious object An object that contains either a modified code of a well-known virus or a code reminiscent of a virus yet unknown to Kaspersky Lab specialists. Scan files by format In this scanning mode, the program analyzes the contents of a file, namely, the format identifier in the file header. Scan files by extension In the scanning mode, the program takes into account the scanned file extension. T Task An action that has a name performed by a Kaspersky Lab application. Third party application An anti-virus application by a third-party vendor or a Kaspersky Lab's application not supporting administration via Kaspersky Administration Kit. U Unknown virus A new virus that is not recorded in the anti-virus database. As a rule, Kaspersky Anti-Virus detects unknown viruses using an heuristic code analyzer and objects containing these viruses are identified as suspicious. Updating A function of Kaspersky Anti-Virus that updates/adds new files (anti-virus database or program modules) retrieved from Kaspersky Lab update servers. Updating agents - computers that act as intermediate centers for distributing updates and installation packages within the administration groups. V Virtual drives (RAM drives) A part of RAM emulating a normal physical disk of a personal computer. Virus activity threshold number of viruses detected for a specified time interval. When this number is exceeded, the situation is regarded as a Virus outbreak (virus attack). This parameter is important for defining virus epidemics because the administration can respond in a timely fashion to new threats and take preventive measures to protect his/her network.

packaging for the Software. A separate license is required for each Client Device or seat that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to or actually accessing or using the Software. Use of software or hardware that reduces the number of Client Devices or seats directly accessing or utilizing the Software (e.g., multiplexing or pooling software or hardware) does not reduce the number of licenses required (i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware front end). If the number of Client Devices or seats that can connect to the Software exceeds the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the license you have obtained. This license authorizes you to make or download such copies of the Documentation for each Client Device or seat that is licensed as are necessary for its lawful use, provided that each such copy contains all of the Documentation proprietary notices. 1.3 Volume Licenses. If the Software is licensed with volume license terms specified in the applicable application invoicing or packaging for the Software, you may make, use or install as many additional copies of the Software on the number of Client Devices as the volume license terms specify. You must have reasonable mechanisms in place to ensure that the number of Client Devices on which the Software has been installed does not exceed the number of licenses you have obtained. This license authorizes you to make or download one copy of the Documentation for each additional copy authorized by the volume license, provided that each such copy contains all of the Documents proprietary notices. 2. Duration. This Agreement is effective for the period specified in the Key File (the unique file which is required to fully enable the Software, please see Help/ about Software or Software about, for Unix/Linux version of the Software see the notification about expiration date of the Key File) unless and until earlier terminated as set forth herein. This Agreement will terminate automatically if you fail to comply with any of the conditions, limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support.
(i) Kaspersky Lab will provide you with the support services (Support Services) as defined below for a period of one year following: (a) payment of its then current support charge, and;

(i) Kaspersky Lab warrants that for [90] days from first download or installation the Software will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation.
(ii) You accept all responsibility for the selection of this Software to meet your requirements. Kaspersky Lab does not warrant that the Software and/or the Documentation will be suitable for such requirements nor that any use will be uninterrupted or error free; (iii) Kaspersky Lab does not warrant that this Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus; (iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item; (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended or (c) use the Software other than as permitted under this Agreement; (vi) The warranties and conditions stated in this Agreement are in lieu of all other conditions, warranties or other terms concerning the supply or purported supply of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (v) have effect between the Kaspersky Lab and your or would otherwise be implied into or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care). 7. Limitation of Liability

(i) Nothing in this Agreement shall exclude or limit Kaspersky Labs liability for (i) the tort of deceit, (ii) death or personal injury caused by its breach of a common law duty of care or any negligent breach of a term of this Agreement, (iii) any breach of the obligations implied by s.12 Sale of Goods Act 1979 or s.2 Supply of Goods and Services Act 1982 or (iv) any liability which cannot be excluded by law. (ii) Subject to paragraph (i), the Supplier shall have no liability (whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on contracts);
(c) (d) (e) (f) (g) (h) (i)
Loss of the use of money; Loss of anticipated savings; Loss of business; Loss of opportunity; Loss of goodwill; Loss of reputation; Loss of, damage to or corruption of data, or;
(j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraph (ii), (a) to (ii), (i). (iii) Subject to paragraph (i), Kaspersky Labs liability (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software. 8. The construction and interpretation of this Agreement shall be governed in accordance with the laws of England and Wales. The parties hereby submit to the jurisdiction of the courts of England and Wales save that Kaspersky Lab as claimant shall be entitled to initiate proceedings in any court of competent jurisdiction. 9. (i) This Agreement contains the entire understanding of the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date. Save as provided in paragraphs (ii) - (iii), you shall not have any remedy in respect of an untrue statement made to you upon which you relied in entering into this Agreement (Misrepresentation) and Kaspersky Lab shall not have any liability to the other than pursuant to the express terms of this Agreement. (ii) Nothing in this Agreement shall exclude or limit Kaspersky Labs liability for any Misrepresentation made by it knowing that it was untrue. (iii) The liability of Kaspersky Lab for Misrepresentation as a fundamental matter, including a matter fundamental to the makers ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii).