Application name and version number. Request description. Please describe your problem with all details. Customer ID and password. Enter the customer ID and password received during registration at the Technical Support Service web site. Email address. The experts of the Technical Support Service will send their reply to your inquiry to that address.
Technical support over the phone
If an urgent problem has occurred, you can always call the Technical Support Service in your city. Before you contact the specialists of the Russian (http://support.kaspersky.ru/support/support_local) or international (http://support.kaspersky.com/support/international) Technical Support, please collect information (http://support.kaspersky.com/support/details) about your computer. It will help our experts assist you with maximum efficiency.
DISCUSSION OF KASPERSKY LAB'S APPLICATIONS IN WEB FORUM
If your question does not require an immediate answer, you can discuss it with the Kaspersky Lab's experts and other users in our forum at http://forum.kaspersky.com. In the forum you can view existing discussions, leave your comments, create new topics, use search.

PURPOSE OF THE DOCUMENT

This Guide contains a description of basic concepts and features of Kaspersky Administration Kit as well as general schemes for work with the product. Stepwise description of the procedures is provided in the Kaspersky Administration Kit Reference Guide. Features described in the Reference Guide are underlined in the text.

APPLICATION FEATURES

The application enables the corporate network administrator to: Perform remote installation and removal of Kaspersky Lab's applications across the network in a centralized manner. This feature enables the administrator to copy the required set of Kaspersky Lab's applications to a selected computer, and then install these applications remotely to the network computers. Remotely manage Kaspersky Lab's applications in a centralized manner. The administrator can create a multilevel anti-virus protection system, and manage the operation of all applications from his workstation. This is particularly important for larger companies whose local network consists of a large number of computers that may be located in several separate buildings or offices. This feature includes: creating the hierarchy of Administration Servers; joining hosts into administration groups based on the functions performed by the computers and on the set of applications installed on them; configuring the application settings in a centralized way by creating and applying policies; configuring the application settings for particular individual computers using the application settings; managing the operation of applications in a centralized manner by creating and running group tasks and tasks for specific computers and the Administration Server;

Network Agent

Software requirements: For Windows systems: Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 deployed in the Server Core mode; Microsoft
Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. For Novell systems: Novell NetWare 6 SP5 or higher; Novell NetWare 6.5 SP7 or higher. For Linux systems: The supported version of the operating system is determined by the requirement of the compatible Kaspersky Lab's application installed on the client computer. Hardware requirements: For Windows systems: Intel Pentium 233 MHz or higher. 32 MB of RAM. 20 MB of available disk space. For Novell systems: Intel Pentium 233 MHz or higher. 32 MB of RAM. 32 MB of available disk space. For Linux systems: Intel Pentium 133 MHz or higher. 64 MB of RAM. 100 MB of available disk space. Update Agent Software requirements for Windows systems: Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server 2008; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7. Hardware requirements for Windows systems: Intel Pentium III 800 MHz or higher. 256 MB of RAM. 500 MB of available disk space.

BASIC CONCEPTS

This section explains the basic concepts used in Kaspersky Administration Kit. Definitions of these concepts and some terms are listed in the Glossary.
Administration Server. Administration groups.... 14 Administration Server Hierarchy.... 15 Client computer. Group..... 15 Administrator's workstation..... 16 Application configuration plug-in.... 16 Policies, application settings and tasks..... 17 Relation between policies and local application settings.... 18
ADMINISTRATION SERVER. ADMINISTRATION GROUPS
Components of Kaspersky Administration Kit allow remote management of Kaspersky Lab's applications within a corporate network. Computers with the installed Administration Server component will be further referred to as Administration Servers (or Servers). The whole variety of computers in the corporate network can be subdivided into groups arranged into a certain hierarchical structure. We shall refer to such groups as administration groups. The structure of administration groups is displayed in the console tree within the Administration Server node. Administration Server is installed on host computer as a service with the following set of attributes: under the name of Kaspersky Administration Server; using automatic startup type when the operating system starts; using to log on the Local System account or user account selected during component installation. Functions performed by an Administration Server or, more specifically, by the Administration Server component installed on it are as follows: storage of the administration groups structure; storage of configuration data copies for client computers; organization of repositories for distribution packages of Kaspersky Lab's applications; remote deployment and removal of applications from computers; updating databases and application modules; management of policies and tasks on client computers;

CONCEPTS

storage of information about events; generation of reports on application operation; distribution of licenses to client computers, storage of license information; delivery of notifications about performance of tasks. Such notifications can inform, for example, about virus detection on a computer.
ADMINISTRATION SERVER HIERARCHY
Administration Servers can be arranged in hierarchy of the "master server slave server" type. Each Administration Server can have several slave Servers on the same or different nesting levels of the hierarchy. The nesting level for slave servers is not limited. The administration groups of the master Server then will include the client computers of all slave Servers. Thus, isolated and independent sections of computer networks can be controlled by different Administration Servers which are in turn managed by the primary Server. The opportunity to build a hierarchy of Servers can be employed to: decrease the load on Administration Server (compared to a single Server running in a whole network). decrease intranet traffic and simplify work with remote offices. There is no need to establish connections between primary Server and all network computers, which may be located, for example, in other regions. It is sufficient to install in each network segment a slave Administration Server, distribute computers among administration groups of slave Servers and establish connections between the slave Servers and primary Server over fast communication channels. distribute more precisely responsibilities between the anti-virus security administrators. All opportunities for centralized management and monitoring of anti-virus security in corporate networks remain available at that. Each computer included in the structure of administration groups can be connected to a single Administration Server only. Administrators must control correct connection of computers to Administration Servers using the features for computer search in administration groups of different Servers based on network attributes.

ADMINISTRATOR'S WORKSTATION
Computers with the installed Kaspersky Administration Console will be further referred to as administrator's workstations. Administrators can use these computers to manage remotely all Kaspersky Lab's applications installed on client computers in a centralized manner. After Kaspersky Administration Console is installed, its icon appears in the Start Administration Kit menu and can be used to start the console. Programs Kaspersky
Administrator's workstation is not an object of administration group, but it can also be included in a group as a client computer. There are no restrictions for the number of administrator's workstations. Administrator's workstations for different Administration Servers can be the same; each workstation can be used to manage the administration groups of any Administration Server within a corporate network. Within administration groups of any Server, the same computer can act as an Administration Server client, Administration Server or administrator's workstation.
APPLICATION CONFIGURATION PLUG-IN
The interface for management of a specific application via Kaspersky Administration Console is provided by a specialized component application configuration plug-in. It is included in all Kaspersky Lab's applications that can be controlled
using Kaspersky Administration Kit. Each application that can be managed via Kaspersky Administration Kit has its own plug-in. It is installed on the administrator's workstation and provides: the set of dialogs (interface) for creation and editing of application policies; the set of dialogs (interface) for creation and editing of application policies; the set of dialogs (interface) for creation and editing of settings for the application tasks; information about the tasks implemented in an application; information about application events; functionality necessary to display the information about application operation and statistics received from client computers in the Kaspersky Administration Console.
POLICIES, APPLICATION SETTINGS AND TASKS
A named operation performed by a Kaspersky Lab's application is called a task. Tasks are subdivided into types in accordance with the performed functions. Each task is associated with certain application settings used during its performance. The set of application parameters common for all types of its tasks makes up the application settings. Application settings specific for each individual task type make up the corresponding task settings. Application settings and task settings do not overlap. Detailed descriptions of task types for each Kaspersky Lab's application can be found in their respective Guides. To initiate performance of some necessary function, you have to configure the application settings, create and set up the corresponding task and launch it. Application settings defined for an individual client computer through local interface or remotely via Administration Console will be referred to as local application settings. Centralized configuration of application settings on client computers is accomplished through definition of policies. Policy is a collection of settings regulating operation of an application in a group. The policy does not define all of the application settings. The application settings are defined by the policy settings and the task settings. Each parameter represented in a policy has a "lock" attribute, which shows if the setting is allowed for modification in the policies of child hierarchy levels (for nested groups and slave Administration Server), in task settings and local application settings. If a parameter is "locked" in the policy, its value cannot be redefined (see section "Relation between policies and local application settings" on page 18). The unchecked Inherit settings from parent policy box disables the "lock" for inherited policies. A specific policy is defined for each application in a group. Several policies with different settings can be defined for a single application. However, an application can use only one active policy at a time. There is an opportunity to activate a disabled policy upon a certain event. Thus you can, for example, enforce stricter anti-virus protection settings during virus outbreaks. You can also create a policy for mobile users. It will enter into force when a computer is disconnected from corporate network. Application settings can differ in various groups. Each group can have its own policy for an application. Child groups and slave Administration Servers inherit the policies from groups belonging to higher hierarchy level.

AUTHENTICATION OF CLIENT COMPUTERS ON ADMINISTRATION SERVER
Authentication of client computers is based on their names. A client computer name is unique among all names of computers connected to Administration Server. The name of a client computer is transferred to Administration Server either when Windows network is polled and a new computer is discovered in it, or during first connection of the Network Agent installed on a client computer. By default, the name matches the computer name in Windows network (NetBIOS name). If a client computer with this name is already registered on the Administration Server, a suffix with the next number will be added to the new client computer name, for example: <Name>-1, <Name>-2, etc. The client computer will be added to administration group under that name.
RIGHTS TO ACCESS THE ADMINISTRATION SERVER AND

ITS OBJECTS

The Kaspersky Administration Kit supports the following types of permissions for access to the applicationfunctionality: Reading: connection to the Administration Server; viewing the structure of Administration Server folders; viewing the values of applications' policies, tasks, and settings. Writing: creation of administration groups, addition of child groups and client computers to them; installation of the Network Agent component on client computers; updating the version of applications installed on client computers; creating policies, tasks for groups and for individual computers, and configuring application settings; centralized management of applications, receiving reports about their operation using services provided by the Administration Server, the Network Agent and the Administration Console components. Execution: starting and stopping the existing group tasks and tasks for specific computers; report generation. Modify access privileges: granting to users, and groups of users, access rights to the functionality of Kaspersky Administration Kit.
Edit event log settings. Edit notification settings. Remote install of Kaspersky Lab applications. Remote install of external applications: preparation of installation packages and remote install of third-party applications to the client computers. Edit Administration Server hierarchy settings. After Administration Server installation, default rights to connect to the Server and work with its objects are granted to the users included in the KLAdmins and KLOperators groups. These groups are created during installation of the Administration Server component depending upon the account selected for starting the Administration Server service: in the domain including the Administration Server and on the Administration Server host computer, if the Server starts using the account belonging to the domain; only on the Administration Server host computer, if the Server starts using the local system account. The KLAdmins group has all access rights, and the KLOperators group only has rights to read and execute. The set of rights granted to the KLAdmins group cannot be modified. Users included in the KLAdmins group will be referred to as Kaspersky Administration Kit administrators, users of the KLOperators group are called Kaspersky Administration Kit operators. Viewing of the KLAdmins and KLOperators groups and introduction of the necessary modifications are available in the standard Windows administration tools Computer management / Local Users and Groups. Apart from the users of the KLAdmins group, administrator's rights are granted to: administrators of the domain including the computers of the administration group assigned to this Server; local administrators of computers with the installed Administration Server. Local administrator can be excluded from the list of users allowed to manage the Administration Server. All operations initiated by the administrators of Kaspersky Administration Kit will be performed using the rights of the Administration Server account. For each Administration Server an individual KLAdmins group can be created; it will have the necessary rights for work with that Server only. If computers belonging to the same domain are included in administration groups of different Servers, then the domain administrator is a Kaspersky Administration Kit administrator for all the groups. The KLAdmins group is common for those administration groups; it is created during installation of the first Administration Server. It can be supplemented using the administration tools of the operating systems. Operations initiated by the administrators of Kaspersky Administration Kit will be performed using the rights of the Administration Server account. User rights (see section "Granting rights" on page 36) in Kaspersky Administration Kit are defined based on Windows authentication of users in the network. After application setup an administrator of Kaspersky Administration Kit can: modify the rights granted to the KLOperators groups; grant the rights to access the functionality of Kaspersky Administration Kit to other user groups and individual users registered on a computer with installed Administration Console; grant various access rights to work in each administration group.

MAIN PROGRAM WINDOW

The main program window (see the figure below) contains a menu, a toolbar, browsing pane and an informational panel, which can display the task pane or results pane. The menu provides controls for the windows and access to the help system. The Action submenu duplicates the context menu commands for the current node or folder of the console tree. The toolbar buttons allow direct access to some items of the main menu. Items available on the toolbar depend on the current node of the console tree. Browsing pane displays the namespace of Kaspersky Administration Kit as a console tree (see section "Console tree" on page 28). Informational area of the main window can display the task pane, results pane, or their combination. For some nodes of the console tree the informational area can offer two viewing modes: extended and standard. Switching between them is performed using the corresponding tabs. The task pane consists of one or several tabs, which display pages containing links for fast access to basic operations available for the node selected in the console tree. For more details about using the task pane please refer to the Task pane section (on page 30).
The results pane displays a list of items within the node selected in console tree or a set of informational panes. It can be a list of computers in groups, list of reports, event or computer selections, etc. For more details about using the task pane please refer to the Task pane section (on page 33).
Figure 3. Main program window of Kaspersky Anti-Virus

CONSOLE TREE

Console tree (see the figure below) displays the hierarchy of Administration Servers existing in corporate network, the structure of their administration groups and other objects of the application, such as repositories, selections, etc.
The namespace of Kaspersky Administration Kit can contain several nodes including the names of servers corresponding to the installed Administration Servers included in the hierarchy.

Figure 4. Console tree

The Administration Server <computer name> node is a container that reflects the structure of folders of the selected Administration Server. The Administration Server <computer name> container includes the following nodes: Managed computers; Reports and notifications; Kaspersky Administration Kit tasks; Tasks for specific computers; Event and computer selections; Unassigned computers; Repositories. The Managed computers folder is intended for storage, display, configuration and modification of the structure of administration groups, group policies and group tasks.

To change the set of pages containing informational panels, click the button the Statistics tab. To configure the set of informational panels on a page, click the button displayed window to specify necessary settings.
in the upper right corner of
next to the page name and use the
To define the display settings for an individual information panel, press the button You can fold and unfold the panels using the buttons and.

next to its name.

Standard results pane displays data in the form of a table (see the figure below). The list of columns for various nodes of the console tree can be found in the Reference Guide.
Figure 8. Standard view of the results pane
Administration Console information updates automatically for nodes and information panels only. To update the data in the results pane, use the F5 key, the Refresh item in the context menu or the Refresh link in the task pane.

CONTEXT MENU

In the console tree each category of objects in the namespace of Kaspersky Administration Kit has its own context menu. In the menu standard commands of the MMC context menu are supplemented with commands used for operations with a given object. The objects and the set of corresponding context menu commands are listed in the Reference Guide. In the results pane each item of an object selected in the tree also has a context menu containing the commands used to work with that item. Main types of items and the set of corresponding supported commands are listed in the Reference Guide.
MANAGEMENT OF NETWORK COMPUTERS
The procedures for management of computers within the corporate network are used to define: Administration Servers (see section "Connecting to the Administration Server" on page 35) and their hierarchy (see section "Slave Administration Servers" on page 45); rights to access the Administration Server (see section "Granting rights" on page 36); the structure and hierarchy of administration groups (see section "Creating, viewing and editing the structure of administration groups" on page 39).
Connection to the Administration Server.... 35 Granting rights...... 36 Viewing information about the computer network. Domains, IP subnets and Active Directory groups.. 37 Quick Start Wizard..... 39 Creating, viewing and editing the structure of administration groups... 39
CONNECTION TO THE ADMINISTRATION SERVER
The Administration Console can be used to connect the remote client computers to the Administration Server via Internet. After launching Kaspersky Administration Kit, the main program window displays the console tree that reflects the upper level of the hierarchy existing in the namespace of Kaspersky Administration Kit. To load the structure of Administration Server folders in the main window, add the appropriate object to the console tree Server and connect to the necessary Administration Server (see the figure below). You can connect the remote client computers to the Administration Server using the Administration Console via Internet.

when a child group is added, the system creates a folder with precisely the same structure.
Figure 11. Viewing the structure of Administration Server folders
When a folder is selected in the console tree, its content is displayed in the results pane. Full list of the results pane columns for each object of the Administration Console is available in the Reference Guide. Manipulations with the objects in the Managed computers folder are performed using the context menu commands (see section "Context menu" on page 34) and the links of the task pane. For administration groups with the structure identical to the structure of domains and workgroups in the existing Windows network, you can use the Quick Start Wizard (see section "Quick Start Wizard" on page 39). To create a designed structure manually, perform the following actions: 1. 2. 3. 4. Connect to the necessary Administration Server. Build the hierarchy creating the child groups one by one. Add client computers to the groups. Add slave Administration Servers.
The structure of administration groups is displayed in the Managed computers folder. You can view information about each of its objects: slave servers, groups and client computers. The system provides the time of object creation and last modification of its settings (see the figure below). You can also view and edit the settings of object interaction (slave Server, client computer or all client computers in a group) with the Administration Server.
Figure 12. Viewing the group properties
To find information about specific client computers, you can use the computer search feature (see section "Finding computers" on page 77) in the corporate network based on the specified criteria. During search the system can use information about slave Administration Servers. To find, save and display information about computers in a separate folder of the console tree, use the functionality for creation of selections (see section "Computer selections" on page 79). When the configuration of corporate computer network changes, adequate modifications in the structure of administration groups are required. You can: Add to any administration group an arbitrary number of groups of any level (slave Administration Servers and child groups making up the next hierarchy level can be added to a group). You can also determine, which Kaspersky Lab's applications will be installed automatically on all client computers newly added to the group. To automatically install Kaspersky Lab's applications on new computers running the Microsoft Windows 98 / ME operating systems, install the Network Agent on these computers in advance. Add client computers to the groups. Change the hierarchy of administration groups by moving individual client computers and whole groups to other groups.

The settings that are not "locked" in the inherited policy, can be modified (see section "Relation between policies and local application settings" on page 18) in the slave Server policies (the icon is ). If a parameter is not "locked" in the slave Server policy, it can also be redefined (see section "Relation between policies and local application settings" on page 18) in the application and task settings. The icon will be displayed next to the names of group tasks inherited from the master Administration Server ).
(the regular task icon is
Deployment tasks for specific computers cannot be transferred to slave Administration Servers. Transfer of group tasks is configured in task properties. Updating of the client computers connected to a slave Administration Server (see section "Updating of slave Servers and their client computers" on page 63) can be configured to launch the updates download task automatically after the master Server receives updates. Its successful completion will trigger the launch of application update tasks on client computers of the slave Server.
REMOTE MANAGEMENT OF APPLICATIONS
Kaspersky Administration Kit supports management only for Kaspersky Lab's applications that include a specialized component application management plug-in. The management of applications is performed in two ways: management of application settings through definition of policies (see section "Managing policies" on page 48) or editing of the local settings (see section "Local application settings" on page 52) of corresponding applications; creation and launch of tasks (see section "Managing the operation of applications" on page 52).
Managing policies..... 48 Local application settings.... 52 Managing the operation of applications..... 52

MANAGING POLICIES

An application policy can only be created if the management plug-in for that application is installed on the administrator's workstation. To create a policy, use the Create a new policy link located in the task pane of the group for which the policy is being created. When creating a policy, you can specify a minimum set of parameters required for application operation. All other settings are set to the default values applied during the local installation of the application. For quick creation of policies for individual applications use the links Create a new Kaspersky Anti-Virus for Windows Workstations policy and Create a new Kaspersky Anti-Virus for Windows Servers policy in the task pane. Policies created for applications within a group appear in the corresponding folder of the console tree. Icons reflecting the status of policies are displayed next to their names. The icons and corresponding statuses are listed in the Reference Guide.

To generate a report on the status of licenses installed on client computers, you can use the internal Licensing Report template or create a new template of the same type. The report created using the Licensing Report template contains complete information about all licenses installed on all client computers (both current and reserve licenses), indicating which computers are using which keys, and the license restrictions. A complete list of the licenses installed on client computers can be found in the Repositories node, in the Licenses folder (see the figure below). The application displays complete information for each license in the results pane. Full list of the results pane columns for the Licenses folder is available in the Reference Guide.

Figure 32. Licenses

You can check which licenses are installed for the application on a specific client computer by viewing the application properties configuration window. In order to install a license, you must create and run the license installation task. The task for license installation can be created as a group or local task or even as a task for specific computers. You can use a wizard to create a license installation task. To replace an installed license or make it active, you can use an existing task having changed its settings first.

QUARANTINE AND BACKUP

Operations with Quarantine and Backup are supported for versions 6.0 or higher of Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus for Windows Servers. Anti-virus applications provide the functionality necessary to keep certain objects in specialized repositories. Each computer has individual local Quarantine and Backup folders. Quarantine is used to store suspicious objects, Backup - to store backup copies of infected objects made before their disinfection or removal. Kaspersky Administration Kit supports the opportunity to keep a centralized list of objects placed by Kaspersky Lab's applications in their repositories. Network Agents send the information from client computers for storage in the database of the appropriate Administration Server. At that, you can use the Administration Console to view the properties of objects in local repositories, run anti-virus scanning of those repositories and delete the stored objects. To allow remote management of objects in local storage areas, in the application policy enable the checkboxes in the Notify Administration Server information section (see the figure below): About quarantined objects.
About backup objects. About unprocessed objects. The settings of repositories are configured individually for every application: in policy or application settings.
Figure 33. Configuring remote repositories

In the in (min) field time during which the specified number of viruses was detected.
Figure 44. Viewing the Administration Server properties. The Virus outbreak tab
The Virus outbreak event is generated based on the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events in the operation of anti-virus applications. Therefore, for successful recognition of a virus outbreak all information about those events should be stored on Administration Server. To do that, appropriate settings must be selected in the policies for all anti-virus applications. In the properties window of the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events the On Administration Server for (days) box must be checked.
Figure 45. Configuring event registration
The procedure for notification about the Virus outbreak event is defined on the Administration Server within the Notification tab of the event properties (see the figure below). Automatic change of the current policy for applications can be configured as response to a virus outbreak. The set of policies for every type of virus outbreaks is defined in the Policy activation window that opens after clicking the Configure policies to activate on "Virus outbreak" event link on the Virus outbreak tab of the Administration Server settings window.
To count the Detection of Viruses, Worms, Trojans, and Malware and Infected objects detected events, only information from the client computers of the master Administration Server is to be taken into account. For each slave Server the Virus outbreak event is configured individually.
Figure 46. Editing the settings for email notifications

UNPROCESSED FILES

Information about the files for which scheduled scanning and disinfection has been postponed, is available in the Unprocessed files folder of the Repositories node. The folder contains information about all such files within the Administration Servers and client computers. Postponed processing and disinfection are performed upon request or after a specified event. You can configure the settings for postponed disinfection of selected files.
BACKUP COPYING AND RESTORATION OF ADMINISTRATION SERVER DATA
Backup copying allows you to move an Administration Server from one computer to another without data losses and restore information in case of Administration Server database transfer to another host or upgrade to a newer version of the Kaspersky Administration Kit application. When an Administration Server is uninstalled from the computer, the Kaspersky Administration Kit always suggests making a backup copy.
During backup copying the following data is saved or restored: information database of the Administration Sever (policies, tasks, application settings and events saved on the Administration Server); configuration information about the structure of the administration groups and client computers; repository of the installation files for deployment of applications (content of the Packages, Uninstall, Updates folders); Administration Server certificate. Data restoration during migration to a later application version is supported beginning with Kaspersky Administration Kit 5.0 Maintenance Pack 3. If during the restoration of the Administration Server data, the path to the shared folder has changed, you should verify correct execution of tasks in which the folder is used (update, remote deployment tasks) and, if necessary, change the settings. Copying of the Administration Server data for backup and subsequent restoration can be performed by a backup task or manually using the klbackup utility included in the distribution package of Kaspersky Administration Kit. Data restoration is only performed using the klbackup utility. After Administration Server setup the klbackup utility is saved in the program folder specified during installation of the component. When started from the command line, it copies or restores data depending upon the selected options. The backup task is created manually; it is added to the Kaspersky Administration Kit tasks node. To perform actual data backup, you should configure the task. You can also create a backup task manually: select Kaspersky Administration Kit as the application for which the task will be created; and define Administration Server data backup as the task type.

Virus Encyclopedia:

http://www.viruslist.com

Anti-virus laboratory:

newvirus@kaspersky.com (only for sending archives of suspicious objects) http://support.kaspersky.ru/helpdesk.html?LANG=en (for queries to virus analysts)
Administration groups..... 14 Administration Server..... 14 Administration Server certificate..... 23 Applications registry..... 81

Backup..... 68

Client computers..... 15, 43 Computer selections..... 79 Console tree..... 28 Context menu..... 34
Data backup..... 85 Database...... 9 Deployment...... 20 Detecting computers..... 77
Event log..... 70 Event selections...... 70
Hardware requirements..... 9
Launching application..... 27 License current...... 67 renewal..... 67
Management connection to the Administration Server.... 35 granting rights..... 36 initial configuration..... 39 local settings...... 52 network information..... 37 Managing application..... 52

Policies..... 17

Quarantine and Backup..... 68
Reports..... 74 Results pane...... 33
Slave Administration Servers.... 45 Software requirements..... 9

Tasks...... 17

Updates distribution..... 62, 64 download...... 59

Hardware requirements: For Windows systems:
Intel Pentium processor, 233 MHz or faster 32 MB RAM 10 MB available space on hard drive

For Novell systems:

Intel Pentium processor, 233 MHz or better 12 MB RAM
32 MB free (available) space on hard drive

1.3. Distribution kit

This software product is supplied free-of-charge with any Kaspersky Lab's application included into the package of Kaspersky Anti-Virus Business Optimal and Kaspersky Corporate Suite (retail box version) and also available for download from Kaspersky Lab's corporate website at www.kaspersky.com.
1.4. Help desk for registered users
Kaspersky Lab offers a large service package, enabling its legal users to enjoy all available features of Kaspersky Lab's products. Once you purchase a license for any Kaspersky Lab's product included into Kaspersky Anti-Virus Business Optimal or Kaspersky Corporate Suite, you become a registered user of Kaspersky Administration Kit. After this you will receive the following services during the term of your license: New versions of the anti-virus software application; Consultations on matters related to the installation, configuration, and operation of the anti-virus application by phone or based on requests sent using a web form; When sending a request to the Technical support service, make sure you specify information about the license for Kaspersky Lab's application used in conjunction with Kaspersky Administration Kit. Information about new Kaspersky Lab applications and about new computer viruses (for those who subscribe to the Kaspersky Lab newsletter).
Kaspersky Lab does not provide information related to operation and use of your operating system or various other technologies.
1.5. The purpose of this document
This Guide contains a description of the installation of Kaspersky Administration Kit and remote installation of applications within a computer network of simple configuration. General concepts and application operation scheme are provided in the Kaspersky Administration Kit Administrator's Guide; step-by-step description of
actions when using the application is provided in the Kaspersky Administration Kit Reference Book. In order to review questions that our users often ask Kaspersky Lab's support specialists visit our website and follow the Services Knowledge base link. This section contains information about installation, configuration and functioning of Kaspersky Lab's applications and about removal of most commonly spread viruses and disinfection of infected files.

1.6. Conventions

Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists the conventions used in the text. Convention Bold font Meaning Menu titles, commands, window titles, dialog elements, etc. Additional information, notes. Information you should pay special attention to. Description of the successive user's steps and possible actions

Figure 3. Selecting the account
You can select one of two options:
Domain User account - the Administration Server will be started under the user account included into the domain. In this case the Administration Server will initiate all operations using the rights of this account and during the next stage you will be offered to specify the user whose account will be used. If a Windows domains structure has been created within the corporate network we recommend selecting the domain administrator's account in order to start the Administration Server. In the future it will allow to avoid configuring additional settings, for example, specifying account of a user who is granted with the domain administrator's rights when creating a deployment (remote installation) task (see section 0 on page 53).
Local System account - the Administration Server will be started under the System account with all rights granted to this account. In this case you do not select a user account and will switch directly to the stage where you will have to specify the recourse to store the Administration Server's information database. For the correct operation of Kaspersky Administration Kit it is mandatory that the account used to start the Administration Server is granted the rights of the administrator for the resource used to store the Administration Server's information database.
6. If you selected a domain's user account to start the Administration Server under, you will be offered to specify such user. In order to do it, in the User name field in the wizard window (see Figure 4) select the user name using the Browse button or enter this name manually out of names registered within the current domain. After this, enter the password used to register the user in the domain.

Figure 4. Selecting user

If you selected a user who does not have the domain administrator's rights, the Administration Server will be launched under his account, however the functionality of Kaspersky Administration Kit will be somewhat restricted. For example, it may not have the rights required to execute a deployment task using a launch scenario (see section 0 on page 53) and polling some domains of the Windows network. For the correct operation of the Administration server, the account used to launch it must have the following rights: Log on as a service; Act as part of the operating system; Access this computer from the network; Replace a process level token; Increase quotas/ Adjust memory quotas for a process.

Perimeter defense: Kaspersky Antivirus 5.6 for Microsoft ISA Server 2000 Enterprise Edition.
Mail server protection: Kaspersky Antivirus 5.5 for Microsoft Exchange Server 2000/2003, Planned Update 1; Kaspersky Security 5.5 for Microsoft Exchange Server 2003, Planned Update 1.
For detailed information on managing the above applications using Kaspersky Administration Kit see relevant application Manuals.
4.1. Remote software installation
Remote software installation can be performed from the administrator's workstation in the main application window of Kaspersky Administration Kit. Some Kaspersky Lab's applications can be installed only the client computers only locally (details see Guides to the corresponding applications). However, remote administration of these applications using Kaspersky Administration Kit will be available. In order to perform remote software installation: 1. Create an installation package (see section 0 on page 53). The structure of this package will include files required to install the application and the files that contain settings of the installation package.
Installation and Removal of Software on the Computers
Installation package contains file setup.exe using which the local installation of the application in non-interactive mode is performed. 2. Create remote installation task (see section 0 on page 53). In order to install the application on all computers in the logical network or several administration groups or on specific computers from various groups, you must create a global deployment (remote installation) task. In order to install the application on all computers of an administration group (including all nested groups and slave servers), you must create a group deployment (remote installation) task. You can use the deployment wizard (see section 4.2 on page 71) to create either a group or a global task. The task you create will be run according to the schedule. Application operation settings on each client computer will be configured based on the group policy and the default settings of the application. You can abort the installation process by manually interrupting execution of the task. All installation packages created for the Administration Server will be located on the console tree in a special container Remote Installation. On the Administration Server these installation packages will be stored in the specified shared folder in the service folder Packages. You can review the properties of the installation package, change its name and settings using the Properties: <Package Name> window (see Figure 20). This window opens using the Properties shortcut menu command or the analogous item in the Action menu. The installation packages created can be distributed on the slave Administration Servers (see section 4.1.4 on page 49) and on the computers within a group using the updating agents (see section 4.1.6 on page 51). One installation package can be reused many times to create deployment tasks. Applications may also be installed in non-interactive mode.

Figure 19. Creating an installation package. Selecting the license key
5. After this the required set of files for the installation of the specified application onto the client computers will be downloaded to shared folder on the Administration Server and a check whether the administration plugin for the selected application is installed on the administrator's workstation will be performed. If such plugin is not installed or its version is older than the version included into the distribution package, the new plugin will be installed and the old plugin will be replaced. Upon the completion of the wizard, the installation package created will be added to the Remote installation node and displayed in the results pane.
4.1.2. Reviewing and configuring the installation package settings
To review the properties of the installation package, change its name and settings:
in the console tree, expand the Remote Installation node, select the required installation package in the results pane and use the Properties command from the shortcut menu or the analogous command from the Action menu. This will open window Properties <Installation package name> see Figure 20) that consists of tabs General, Settings, Licenses and OS reboot. The General tab (see Figure 20) includes general information about the package: package name; name and version of the application for which installation the package has been created; package size; creation date.
The Settings tab (see Figure 21) contains the installation package settings for the application for which installation the package is created. These settings are created by default at the stage of the package creation and if required, you can modify them.
Figure 20. Installation package properties review window The General tab
Figure 21. Installation package properties review window The Settings tab
The License tab (see Figure 22) contains general information about the license for the application for which installation the package is created. The License tab is not available in the properties of the Network Agent or the Administration Server installation package properties.
Figure 22. Installation package properties review window The License tab

4.1.7. Configuring the deployment task
Deployment tasks are configured the same way as any task (details see Reference Book for Kaspersky Administration Kit). Provided below is a detailed discussion of settings specific for this type of tasks provided on the Settings tab. If you are editing a task that will perform forced installation (see Figure 40), you can: determine whether you have to reinstall the application if it is already installed on the client computer; specify the method to be used to deliver the files required to install the application to the client computer and specify the maximum number of simultaneous connections; specify the number of attempts to perform the installation if the task is run based on schedule.
Figure 40. Configuring a deployment task Push installation method
When configuring a deployment task using a startup scenario, you can us the Settings tab to change the list of accounts of users for who the startup scenario will be modified (see Figure 41). To edit the list use the Add and the Remove buttons.
Figure 41. Configuring a deployment task using the startup scenario.
4.1.8. Deploying application to slave administration servers
This task enables you to install and update software on slave servers Before creating the task make sure that an installation package is on all the servers. Use Package retranslation task to send the package to server (see section 4.1.5). To create application deployment to slave servers task: 1. 2. Connect to the required Administration Server. Select the Global tasks node in the console tree, open the shortcut menu and select the New / Task command or use the analogous item in the Action menu. This will start the task creation wizard. Follow its instructions. Specify the task name.
When selecting the application and the task type (see Figure 29), specify values Kaspersky Administration Kit and Deploy application to slave administration servers. Specify the installation package that will be installed during the execution of this task Check the Do not install application if it is already installed box in order to prevent repeated installation (by default the box is checked). This step is not available for a global task. Select Slave Administration Servers (Figure. 42) and make up a list of slave servers

Figure 45. Selecting an installation package
4. In the next wizard window, if required, specify the Network Agent installation package to be jointly installed (details see section 0 on page 53). 5. In the wizard window (see Figure 46) determine on which computers the application will be installed. In order to do it, select one of the options:
Install the application onto selected computers, if you select this option, then after the wizard is complete a global application deployment task will be created. Install application onto computers in the administration group - as the result of the wizard's work, a group task will be created.
Figure 46. Selecting a task type
6. Then if you are creating a group task, specify a group on whose computers the application will be remotely installed (see Figure 47), or select computers for the installation. If the application must be installed on all client computers within the logical network, select the Groups group.
Figure 47. Selecting a group
7. Then determine under which account the deployment task will be run on the computers (details see section 0 on page 53).
Figure 48. Selecting a user's account
8. After this a window will open that will display the process of distribution and execution of the deployment task on the computers of the selected group (see Figure 49). You can switch to the final window of the wizard without waiting for the process to be completed. In order to do it, press the Next button. You can view detailed information about the results of the task execution on each computer using the History button.
Figure 49. Deployment task execution
4.3. Local software installation
The local software installation is performed individually on each computer. In order to perform local installation you must have the administrator's right for the local computer. Some applications that support administration using Kaspersky Administration Kit can be installed on computers only locally. Details see Guides to the corresponding applications. General procedure for the software installation during local deployment of the anti-virus protection system can be as follows: install the Network Agent and configure the connection between the client computer and the Administration Server (see section 4.3.1 on page 76);
install the required applications on the computer that will be included into the anti-virus protection system according to the description in the corresponding Guides; install the administration plugin for each of the installed Kaspersky Lab's applications into the administrator's workstation (see section 4.3.2 on page 81).
Kaspersky Administration Kit support local application installation in noninteractive mode based on the files created during installation package creation (see section 4.3.3 on page 82).
4.3.1. Local installation of the Network Agent

license period defined by the license key is one year from the date of purchase. After your license expires, the application will operate but you will not be able to update the anti-virus database. Local network administrator A user who installs, configures, and maintains Kaspersky Administration Kit and remotely manages Kaspersky Lab applications installed on the logical network computers. M Maximum protection A protection level that ensures comprehensive protection but slightly decreases performance characteristics. Maximum speed A protection level that has a maximum operation speed but a lower security level. N Network Agent A Kaspersky Administration Kit component that provides communication between the Administration Server and Kaspersky Lab applications installed on specific network nodes (workstations or servers). This component is common to all Windows applications included in Kaspersky Lab Business Optimal and Corporate Suite. Separate versions of Administration Agent exist for Kaspersky Lab Novell and UNIX applications. O OLE-object An object linked or embedded into other files by using OLE technology. On-demand full scan An administrator-defined mode that scans all files on your computer for viruses and disinfects/deletes infected objects upon their detection. P Policy see Group policy Push installation A remote installation method that allows you to install Kaspersky Lab software on specified computers on your logical network. In order to successfully perform the task using a push installation, the account used to launch this task must have rights to run applications on remote clients. This method is recommended for computers running MS Windows NT/2000/2003/XP, which support this feature, or for computers that are running MS Windows 98/Me and have an installed Network Agent. Q Quarantining A method of handling a suspicious object. Access to this object is blocked and the file is moved to the quarantine for further processing.
Quarantine A special storage that isolates infected and suspicious objects. R Real-time protection A scanning mode in which an anti-virus application is memory resident. In the real-time protection mode, the application scans all objects when you open them for reading, writing, or executing. Before enabling access to an object, Kaspersky Anti-Virus scans it for viruses and, if a virus is detected, blocks access to the object, disinfects it or deletes it (depending on user-defined settings). Recommended level The level of antivirus protection with default settings recommended by Kaspersky Lab experts which ensures the optimal protection of your computer. This level is set by default. Remote installation Installation of Kaspersky Lab applications using the services provided by Kaspersky Administration Kit. Restoring Restoring Administration Server data using a backup utility. The information for restoring is available in the backup storage. The utility allows you to restore: Administration Server database that stores policies, tasks, application settings, and events logged on the Administration Server Information about the logical networks and client configurations Installation files for the remote installation of applications (contents of the Packages, Uninstall, Updates folders) Administration Server certificate S Script-based installation An installation method that relates the remote installation task with a specified user account (several accounts). When the specified user logs onto the domain, the application will be installed on the client where this user has logged on. This method is recommended for use with computers running MS Windows 95/98/Me Settings, task Application settings specific for each type of task. Settings, applications Application settings specific for all types of tasks performed by this application. Severity level A parameter that classifies an event recorded during Kaspersky Anti-Virus performance. There are four severity levels: Critical Error Warning Info

B.1. Other Kaspersky Lab Products
Kaspersky Lab News Agent The News Agent is intended for timely delivery of news published by Kaspersky Lab, for notifications about the current status of virus activity and fresh news. The program reads the list of available news channels and their content from news server of Kaspersky Lab with specified frequency. The product performs the following functions: It visualizes in the system tray the current status of virus activity. The product allows the users to subscribe and unsubscribe from news channels. It retrieves news from each subscribed channel with the specified frequency and notifies about fresh news. It allows reviewing news on the subscribed channels. It allows reviewing the list of channels and their status. It allows opening pages with news details in your browser.
News Agent is a stand-alone Microsoft Windows application, which can be used independently or may be bundled with various integrated solutions offered by Kaspersky Lab Ltd.

Kaspersky OnLine Scanner

The program is a free service offered to the visitors of Kaspersky Lab's corporate website. The service allows an efficient online anti-virus scan of your computer. Kaspersky OnLine Scanner runs directly from your browser. Thus, users can quickly test their computers in case of a slightest suspicion of malicious infection. Using the service, visitors can: Exclude archives and e-mail databases from scanning. Select standard/extended anti-virus databases for scanning. Save a report on the scanning results in txt or html formats.
Kaspersky OnLine Scanner Pro
The program is a subscription service offered to the visitors of Kaspersky Lab's corporate website. The service allows an efficient online anti-virus scan of your computer and disinfection of dangerous files. Kaspersky OnLine Scanner Pro runs directly from your browser. Using the service, visitors can: Exclude archives and e-mail databases from scanning.

Appendix B

Select standard/extended anti-virus databases for scanning. Save a report on the scanning results in txt or html formats.
Kaspersky Anti-Virus 6.0 Kaspersky Anti-Virus 6.0 is designed to safeguard personal computers against malicious software as an optimal combination of conventional methods of antivirus protection and new proactive technologies. The program provides for complex anti-virus checks including: Anti-virus scanning of e-mail traffic on the level of data transmission protocol (POP3, IMAP and NNTP for incoming mail and SMTP for outgoing messages) irrespectively of the mail client being used as well as disinfection of e-mail databases. Real-time anti-virus scanning of Internet traffic transferred via HTTP. Anti-virus scanning of individual files, directories or drives. In addition, a preset scan task can be used to initiate anti-virus analysis exclusively for critical areas of the operating system and start-up objects of Microsoft Windows.

This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed computer environments. Kaspersky Corporate Suite supports the majority of operating systems and applications installed across an enterprise. All package components are managed from one console and have a unified user interface. Kaspersky Corporate Suite delivers a reliable, high-performance protection system that is fully compatible with the specific needs of your network configuration.
Kaspersky Corporate Suite provides comprehensive anti-virus protection for:
Workstations running Microsoft Windows 98/ME, Microsoft Windows NT/2000/XP Workstation and Linux; File servers running Microsoft Windows NT 4.0 Server, Microsoft Windows 2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD, Linux; Samba file storage
Depending on the type of distribution kit.
E-mail systems, including Microsoft Exchange Server 2000/2003, Lotus Notes/Domino, sendmail, postfix , exim, and qmail mail systems Internet gateways: CheckPoint Firewall 1; Microsoft ISA Server 2000 Enterprise Edition, Microsoft ISA Server 2004 Enterprise Edition Hand-held computers (PDAs), running Symbian OS, Microsoft Windows CE and Palm OS, and also smartphones running Microsoft Windows Mobile 2003 for Smartphone and Microsoft Smartphone 2002.
Corporate Suite distribution kit includes Kaspersky The Kaspersky Administration Kit, a unique tool for automated deployment and administration.
You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. Kaspersky Anti-Spam Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help organizations with small- and medium-sized networks wage war against the onslaught of unsolicited e-mail messages (spam). The product combines the revolutionary technology of linguistic analysis with modern methods of e-mail filtration, including DNS Black Lists and formal letter features. Its unique combination of services allows users to identify and wipe out up to 95% of unwanted traffic. Installed at the entrance to a network, where it monitors incoming e-mail traffic streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail. The product is compatible with any mail system and can be installed on either an existing mail server or a dedicated one. Kaspersky Anti-Spams high performance is ensured by daily updates to the content filtration database adding samples provided by the Companys linguistic laboratory specialists. Databases are updated every 20 minutes. Kaspersky Security for Microsoft Exchange 2003 Kaspersky Security for Microsoft Exchange performs anti-virus processing of incoming and outgoing mail messages as well as messages stored at the server, including letters in public folders and filters out unsolicited correspondence using "smart" spam recognition techniques in combination with Microsoft technologies. The application scans all messages arriving at an Exchange Server via SMTP protocol checking them for the presence of viruses using Kaspersky Lab's antivirus technologies and for the presence of SPAM attributes. It filters out spam based on formal attributes (mail address, IP address, letter size, heading) and analyzes the content of messages and of their attachments using "smart' technologies, including unique graphic signatures for identifying graphic SPAM. The application scans both the message body and the attached files.

Kaspersky Mail Gateway Kaspersky Mail Gateway is a comprehensive solution that provides complete protection for users of mail systems. This application installed between the corporate network and the Internet scans all components of e-mail messages for the presence of viruses and other malware (Spyware, Adware, etc.) and performs centralized anti-spam filtration of e-mail stream. The application contains a number of advanced tools for filtering e-mail traffic by name and MIME attachments and a series of tools that reduce the load on the mail system and prevent hacker attacks. Kaspersky Anti-Virus for Proxy Servers Kaspersky Anti-Virus for Proxy Server is an antivirus solution for protecting web traffic transferred over HTTP protocol through a proxy server. The application scans Internet traffic in real time, protects against malware penetrating your system while web surfing, and scans files downloaded from the Internet. Kaspersky Anti-Virus for MIMESweeper for SMTP Kaspersky Anti-Virus for MIMESweeper for SMTP provides high-speed antivirus scans of SMTP traffic on servers running Clearswift MIMESweeper. The program is designed as a plug-in for Clearswift MIMESweeper for SMTP and scans for viruses and processes incoming and outgoing e-mails in real time.

B.2. Contact Us

If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to assist you in any matters related to our product by phone or via email. All of your recommendations and suggestions will be thoroughly reviewed and considered. Technical support General information Please find the technical support information at http://www.kaspersky.com/supportinter.html WWW: http://www.kaspersky.com http://www.viruslist.com Email: sales@kaspersky.com
APPENDIX C. LICENSE AGREEMENT
NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT (AGREEMENT) FOR THE LICENSE OF SPECIFIED SOFTWARE (SOFTWARE) PRODUCED BY KASPERSKY LAB. (KASPERSKY LAB). IF YOU HAVE PURCHASED THIS SOFTWARE VIA INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE BUTTON THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, AND DO NOT INSTALL THE SOFTWARE. IF YOU HAVE PURCHASED THIS SOFTWARE ON A PHYSICAL MEDIUM, HAVING BROKEN THE CD'S SLEEVE, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT BREAK THE CD's SLEEVE ,DOWNLOAD, INSTALL OR USE THIS SOFTWARE. IF YOU HAVE BROKEN THE CD'S SLEEVE OR OPENED THE BOX, YOU WILL NOT BE ENTITLED TO RETURN THE SOFTWARE FOR REFUND. SOFTWARE FOR HOME USE (KASPERSKY ANTI-VIRUS PERSONAL, KASPERSKY ANTI-VIRUS PERSONAL PRO, KASPERSKY ANTIHACKER, KASPERSKY SECURITY FOR PDA) PURCHASED AS A DOWNLOAD VIA THE INTERNET MAY BE RETURNED FOR A FULL REFUND WITHIN 14 DAYS AFTER PURCHASE FROM KASPERSKY LAB, IT'S AUTHORIZED DISTRIBUTOR OR RESELLER. OTHER PRODUCTS ARE NON REFUNDABLE. THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to Software herein shall be deemed to include the software activation key (Key Identification File) with which you will be provided by Kaspersky Lab as part of the Software. 1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of this Agreement, Kaspersky Lab hereby grants to you the non-exclusive, non-transferable right to use one copy of the specified version of the Software and the accompanying documentation (the Documentation) for the term of this Agreement solely for your own internal business purposes. You may install one copy of the Software on one computer, workstation, personal digital assistant, or other electronic device for which the

Appendix C

packaging for the Software. A separate license is required for each Client Device or seat that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to or actually accessing or using the Software. Use of software or hardware that reduces the number of Client Devices or seats directly accessing or utilizing the Software (e.g., multiplexing or pooling software or hardware) does not reduce the number of licenses required (i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware front end). If the number of Client Devices or seats that can connect to the Software exceeds the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the license you have obtained. This license authorizes you to make or download such copies of the Documentation for each Client Device or seat that is licensed as are necessary for its lawful use, provided that each such copy contains all of the Documentation proprietary notices. 1.3 Volume Licenses. If the Software is licensed with volume license terms specified in the applicable application invoicing or packaging for the Software, you may make, use or install as many additional copies of the Software on the number of Client Devices as the volume license terms specify. You must have reasonable mechanisms in place to ensure that the number of Client Devices on which the Software has been installed does not exceed the number of licenses you have obtained. This license authorizes you to make or download one copy of the Documentation for each additional copy authorized by the volume license, provided that each such copy contains all of the Documents proprietary notices. 2. Duration. This Agreement is effective for the period specified in the Key File (the unique file which is required to fully enable the Software, please see Help/ about Software or Software about, for Unix/Linux version of the Software see the notification about expiration date of the Key File) unless and until earlier terminated as set forth herein. This Agreement will terminate automatically if you fail to comply with any of the conditions, limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support.

(ii) You accept all responsibility for the selection of this Software to meet your requirements. Kaspersky Lab does not warrant that the Software and/or the Documentation will be suitable for such requirements nor that any use will be uninterrupted or error free; (iii) Kaspersky Lab does not warrant that this Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus; (iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item; (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended or (c) use the Software other than as permitted under this Agreement; (vi) The warranties and conditions stated in this Agreement are in lieu of all other conditions, warranties or other terms concerning the supply or purported supply of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (v) have effect between the Kaspersky Lab and your or would otherwise be implied into or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care). 7. Limitation of Liability
(i) Nothing in this Agreement shall exclude or limit Kaspersky Labs liability for (i) the tort of deceit, (ii) death or personal injury caused by its breach of a common law duty of care or any negligent breach of a term of this Agreement, (iii) any breach of the obligations implied by s.12 Sale of Goods Act 1979 or s.2 Supply of Goods and Services Act 1982 or (iv) any liability which cannot be excluded by law. (ii) Subject to paragraph (i), the Supplier shall have no liability (whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on contracts);
(c) (d) (e) (f) (g) (h) (i)
Loss of the use of money; Loss of anticipated savings; Loss of business; Loss of opportunity; Loss of goodwill; Loss of reputation; Loss of, damage to or corruption of data, or;

(j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraph (ii), (a) to (ii), (i). (iii) Subject to paragraph (i), Kaspersky Labs liability (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software. 8. The construction and interpretation of this Agreement shall be governed in accordance with the laws of England and Wales. The parties hereby submit to the jurisdiction of the courts of England and Wales save that Kaspersky Lab as claimant shall be entitled to initiate proceedings in any court of competent jurisdiction. 9. (i) This Agreement contains the entire understanding of the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date. Save as provided in paragraphs (ii) - (iii), you shall not have any remedy in respect of an untrue statement made to you upon which you relied in entering into this Agreement (Misrepresentation) and Kaspersky Lab shall not have any liability to the other than pursuant to the express terms of this Agreement. (ii) Nothing in this Agreement shall exclude or limit Kaspersky Labs liability for any Misrepresentation made by it knowing that it was untrue. (iii) The liability of Kaspersky Lab for Misrepresentation as a fundamental matter, including a matter fundamental to the makers ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii).