Documente Academic
Documente Profesional
Documente Cultură
Dear User,
Thank you for choosing our product. We hope that this documentation will help you in your work and
answer your questions about this software product.
Warning! This document is the property of Kaspersky Lab AO (further referred to as Kaspersky Lab):
all rights to this document are reserved by the copyright laws of the Russian Federation, and by
international treaties. Illegal reproduction or distribution of this document or parts hereof will result in
civil, administrative, or criminal liability under applicable law.
Any type of reproduction or distribution of any materials, including in translated form, is allowed only
with the written permission of Kaspersky Lab.
This document and the graphics associated with it may be used exclusively for information,
non-commercial or personal purposes.
This document may be amended without prior notice. For the latest version, please refer to
Kaspersky Labs website at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials
used in this document the rights to which are held by third parties, or for potential damages
associated with the usage of such documents.
Revision date: 2/16/2016
2016 AO Kaspersky Lab. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com
Table of contents
About this Guide ..............................................................................................................6
In this document ..........................................................................................................6
Document conventions ................................................................................................9
Sources of information about Kaspersky Security ......................................................... 11
Sources for independent retrieval of information ....................................................... 11
Discussing Kaspersky Lab applications on the forum ................................................ 13
Hardware and software requirements ............................................................................ 14
Requirements for the server on which Kaspersky Security is deployed .................... 14
Requirements for the protected network attached storage ........................................ 16
Requirements for the computer on which Kaspersky Security Console is installed ... 17
Kaspersky Security ........................................................................................................ 20
Kaspersky Security application program components and their codes for the
Windows Installer service .......................................................................................... 24
Kaspersky Security application components ......................................................... 25
Application components of the "Administration tools" set ...................................... 28
Kaspersky Security install and uninstall log ............................................................... 29
Install and uninstall settings and their keys for the Windows Installer service ........... 29
Changes in the system after Kaspersky Security installation..................................... 39
Kaspersky Security processes................................................................................... 45
Installation planning ....................................................................................................... 46
Administration tools selection .................................................................................... 46
Selecting installation type .......................................................................................... 47
Wizard-based installation and uninstallation of the application ...................................... 50
Installing using the Setup Wizard .............................................................................. 50
Installing Kaspersky Security on a protected server .............................................. 51
Installing Kaspersky Security Console .................................................................. 55
Advanced settings after installation of Kaspersky Security Console on another
computer ............................................................................................................... 56
About access permissions for Kaspersky Security Management Service ......... 57
Enabling network connections for Kaspersky Security Management Service ... 58
Table of contents
4
Checking Kaspersky Security functions use the EICAR test virus ................................. 90
About the EICAR test virus ........................................................................................ 90
Checking the functions of Kaspersky Security Real-Time Protection and
On-Demand Scan ...................................................................................................... 92
Kaspersky Security deployment schemes ..................................................................... 95
Protection of Directly Attached Storages (DAS) ........................................................ 96
Protection of clusters ................................................................................................. 97
Protection of terminal servers .................................................................................... 99
Network Attached Storage Protection ...................................................................... 100
Contacting Technical Support ...................................................................................... 102
How to get technical support ................................................................................... 102
Technical Support via Kaspersky CompanyAccount ............................................... 103
Technical support by phone..................................................................................... 104
Using trace files and AVZ scripts ............................................................................. 104
Glossary....................................................................................................................... 105
AO Kaspersky Lab ....................................................................................................... 111
Information about third-party code ............................................................................... 113
Trademark notices ....................................................................................................... 114
Index ............................................................................................................................ 115
Table of contents
5
Prepare Kaspersky Security for installation, install and activate the application
This Guide will also help you to learn about sources of information about the application and ways to
receive technical support.
In this section
In this document .......................................................................................................................... 6
Document conventions ................................................................................................................ 9
In this document
The Kaspersky Security Installation Guide contains the following sections:
Sources of information about Kaspersky Security
This section lists the sources of information about the application.
Document conventions
This document uses the following conventions (see table below).
Table 1.
Sample text
Note that...
Document conventions
reference information.
use...
Example:
Update means...
The Databases are out of
date event occurs.
New terms
Press ENTER.
Press ALT+F4.
To configure a task
schedule:
Sample text
The following types of text content are set off with a special font:
help
The following message then
appears:
Specify the date in
dd:mm:yy format.
<User name>
In this section
Sources for independent retrieval of information ....................................................................... 11
Discussing Kaspersky Lab applications on the forum ................................................................ 13
Online help
Manuals
If you did not find a solution to your problem, contact Kaspersky Lab Technical Support (see the
section "Contacting Technical Support" on page 102).
Prepare Kaspersky Security for installation, install and activate the application
Kaspersky Security 10 for Windows Server Administrator's Guide contains information about
configuring and using Kaspersky Security.
In the Implementation Guide for Network Attached Storage Protection you can find information about
configuring and using Kaspersky Security for Network Attached Storage Protection.
In this section
Requirements for the server on which Kaspersky Security is deployed ..................................... 14
Requirements for the protected network attached storage ........................................................ 16
Requirements for the computer on which Kaspersky Security Console is installed.................... 17
You can install Kaspersky Security without uninstalling Kaspersky Anti-Virus 8.0 for Windows
Servers Enterprise Edition.
Minimum configuration:
RAM: 1GB
Recommended configuration:
RAM: 2 GB
For installation and operation of Kaspersky Security, Microsoft Windows Installer 3.1 must be
installed on the server.
You can install Kaspersky Security on a server under one of the following 32-bit Microsoft Windows
operating systems:
You can install Kaspersky Security on a server under one of the following 64-bit Microsoft Windows
operating systems:
HNAS 4100
HNAS 4080
HNAS 4060
HNAS 4040
HNAS 3090
HNAS 3080
The computer should have Microsoft Windows Installer 3.1 in order to support installation and
operation of Kaspersky Security Console.
You can install Kaspersky Security Console on a computer running one of the following 32-bit
Microsoft Windows operating systems:
Microsoft Windows 8
You can install Kaspersky Security Console on a computer running one of the following 64-bit
Microsoft Windows operating systems:
Microsoft Windows 8
Kaspersky Security
Kaspersky Security 10 for Windows Server (previously Kaspersky Anti-Virus for Windows Servers
Enterprise Edition) protects servers running on Microsoft Windows operating systems and
network attached storages against viruses and other computer security threats to which servers are
exposed through file exchange. Kaspersky Security is designed for use on local area networks of
medium to large organizations. Kaspersky Security users are corporate network administrators and
specialists responsible for anti-virus protection of the corporate network.
You can install Kaspersky Security on the following servers:
Terminal servers
Print servers
Application servers
Domain controllers
File servers these servers are more likely to get infected because they exchange files with
user workstations
Via Kaspersky Security Console installed on the same server as Kaspersky Security or on a
different computer
The Kaspersky Security Center application can also be used for centralized administration of
multiple servers running Kaspersky Security.
It is possible to review Kaspersky Security performance counters for the "System Monitor"
application, as well as SNMP counters and traps.
Kaspersky Security
20
Real-Time Protection.
Kaspersky Security scans objects when they are accessed. Kaspersky Security scans the
following objects:
Files
Scripts
Master boot record and boot sectors on the local hard drives and external devices
Server Control.
Kaspersky Security monitors all attempts to access network file resources, enables
Applications Launch Control, and blocks access to the server for remote computers if they
show malicious or encryption activity.
On-demand scan.
Kaspersky Security runs a single scan of the specified area for viruses and other computer
security threats. Kaspersky Security scans server files and RAM and also startup objects.
Kaspersky Security
21
Quarantine.
Kaspersky Security quarantines probably infected objects by moving such objects from their
original location to Quarantine. For security purposes, objects are stored in Quarantine in
encrypted form.
Backup.
Kaspersky Security stores encrypted copies of objects classified as Infected or Probably
infected in Backup before disinfecting or deleting them.
Applying templates.
You can manually configure the security settings of a node in the server file resources tree
and save the values of the configured settings to a template. This template can then be used
to configure the security settings of other nodes in Kaspersky Security protection and scan
tasks.
Kaspersky Security
22
Hierarchical storage.
Kaspersky Security can operate in hierarchical storage management mode (HSM systems).
HSM systems allow data relocation between fast local drives and slow long-term data
storage devices.
Trusted zone.
You can create a list of exclusions for protection scope or scan scope which Kaspersky
Security applies to On-Demand Scan, Real-Time File Protection, Script Monitoring, and
RPC-Network Storage Protection.
Managing permissions.
You can configure the rights of managing Kaspersky Security and the rights of managing
Windows services, that are registered by the application, for users and groups of users.
In this section
Kaspersky Security application program components and their codes for the Windows
Installer service ......................................................................................................................... 24
Kaspersky Security install and uninstall log ............................................................................... 29
Install and uninstall settings and their keys for the Windows Installer service ............................ 29
Changes in the system after Kaspersky Security installation ..................................................... 39
Kaspersky Security processes .................................................................................................. 45
Kaspersky Security
23
In this section
Kaspersky Security application components ............................................................................. 24
Application components of the "Administration tools" set .......................................................... 28
Kaspersky Security
24
Component
Code
Functions performed
Basic functionality
Core
Applications
APPCtrl
Launch Control
Anti-Virus
AVProtection
protection
On-Demand Scan
Ods
On-demand scan
Anti-Cryptor
Script Monitoring
This component installs Kaspersky Security
system files and On-demand scan tasks
(scanning of objects on the protected server
upon request).
If other Kaspersky Security components are
specified when installing Kaspersky Security
from the command line, but the Core component
Kaspersky Security
25
Component
Code
Functions performed
is not specified, the Core component is installed
automatically.
Untrusted Hosts
HostBlocker
Blocking
Anti-Cryptor
Anticryptor
Real-Time File
Oas
Protection
ICAP-Network
ICAPStorageProtection
Storage Protection
RPC-Network
Storage Protection
NetApp
Kaspersky Security
26
Component
Code
Functions performed
Script Monitoring
ScriptChecker
Use of Kaspersky
KSN
Security Network
Module of
AKIntegration
Kaspersky
Network Agent.
Security Center
Network Agent
Set of "System
PerfMonCounters
monitor" counters.
SNMP counters
and traps
SnmpSupport
Kaspersky Security
27
Component
Code
Functions performed
Kaspersky
TrayApp
Security icon
Command line
Shell
utility
Component
Code
Component functions
Kaspersky Security
MmcSnapin
snap-in
Help
Help
Kaspersky Security
28
Component
Code
Component functions
Documentation
Docs
To install Kaspersky Security with the log file ks4ws.log created on disk C:\:
Kaspersky Security
29
Table 4.
Setting
Default value
Windows
Installer key and its
values
Description
Acceptance of the
Rejection of the
EULA=<value>
User License
User License
Agreement.
Agreement
User License
Agreement to install
Kaspersky Security.
Do not scan
PRESCAN=<value>
We recommend
0 scan before
scanning active
installation;
1 scan before
installation
Kaspersky Security
30
Setting
Default value
Windows
Installer key and its
values
Description
Kaspersky Security:
INSTALLDIR=<full
Folder in which
%ProgramFiles%\Ka
Kaspersky Security
spersky
Lab\Kaspersky
during installation.
Security 10 for
Windows Server
Administration tools:
%Program
Files%\Kaspersky
Lab\Kaspersky
Security 10 for
Windows Server
Admins Tools
In the x64-bit version
of Microsoft
Windows:
%ProgramFiles(x86)
%.
Kaspersky Security
31
A different folder
can be specified.
Setting
Default value
Windows
Installer key and its
values
Description
Startup of
Start
RUNRTP=<value>
1 start;
to start Real-Time
Real-Time File
Protection and
0 do not start.
Script Monitoring
when Kaspersky
Kaspersky Security
Security starts
startup
(Enable real-time
(recommended).
protection after
installation of
application)
Exclusions from
ADDMSEXCLUSION=
In the Real-Time
scan as
<value>
recommended by
1 exclude;
Microsoft
Corporation (Add
Exclude
0 do not exclude.
protection scope
objects on the
Microsoft
recommended
recommended by
files to exclusions
Microsoft
list)
Corporation for
exclusion.
Some applications
on the server may
become unstable
when the anti-virus
application
intercepts or
modifies files used
by such
applications.
Microsoft
Corporation
Kaspersky Security
32
Setting
Default value
Windows
Installer key and its
values
Description
includes, for
example, some
domain controller
applications in the
list of such objects.
Objects excluded
Exclude
ADDKLEXCLUSION=
In the Real-Time
<value>
scope according to
1 exclude;
Kaspersky Lab
0 do not exclude.
recommendations
protection scope
objects on the
(Add Kaspersky
Lab recommended
recommended by
files to exclusions
list)
exclusion.
Exclude remote
RADMINEXCLUSION
admin programs
using the
=<value>
utility is launched,
from processing
not-a-virus:RemoteA
Kaspersky Security
dmin* mask to
the
exclusions
not-a-virus:Remot
eAdmin* mask to
exclusions)
the
not-a-virus:RemoteAd
min* mask to
exclusions.
0 do not add objects
using the
not-a-virus:RemoteAd
min* mask to
exclusions.
detect it as being
vulnerable to
exploitation by
fraudsters and
deletes its
executable module
from the server
drive. Kaspersky
Security assigns
names with the
not-a-virus:Remote
Admin* mask to
such objects.
If you plan to use
Kaspersky Security
33
Setting
Default value
Windows
Installer key and its
values
Description
remote
administration
utilities after
installing Kaspersky
Security, you can
exclude this object
from processing by
the application by
using the Add
objects using the
not-a-virus:Remot
eAdmin* mask to
exclusions
installation setting.
Remote
administration
utilities can also be
excluded from
processing in the
Real-Time File
Protection and
On-Demand Scan
tasks after
Kaspersky Security
installation (see
Kaspersky Security
10 for Windows
Server.
Administrator's
Guide).
Kaspersky Security
34
Setting
Default value
Windows
Installer key and its
values
Description
\server directory in
LICENSEKEYPATH=<
By default the
(Key)
installer attempts to
find the license key
file with .key
extension in the
\server folder of the
distribution kit.
If the \server folder
contains several key
files, the installer will
select the key file
that has the longest
"service lifetime".
A key file can be
saved beforehand in
the \server folder or
by specifying
another path to the
key file using the
Add key setting.
You can add a key
after Kaspersky
Security is installed
using an
administration tool
of your choice: for
example, Kaspersky
Security Console. If
you do not add a
key during
installation of the
Kaspersky Security
35
Setting
Default value
Windows
Installer key and its
values
Description
application,
Kaspersky Security
will not function.
Detailed information
about licensing the
application is
provided in the
Kaspersky Security
10 for Windows
ServerAdministrator
's Guide.
Path to the
configuration file
Not specified
CONFIGPATH=<confi
Kaspersky Security
imports settings
from the specified
configuration file
created in the
application.
Kaspersky Security
does not import
passwords from the
configuration file, for
example, account
passwords for
launching tasks, or
passwords for
connecting to a
proxy server. Once
the settings are
imported, you will
have to enter all
passwords
Kaspersky Security
36
Setting
Default value
Windows
Installer key and its
values
Description
manually.
If the configuration
file is not specified,
the application will
start to work with the
default settings after
setup.
Enabling network
Disabled
ADDWFEXCLUSION=
<value>
Kaspersky Security
Console
1 allow;
is installed on a host
0 deny.
Kaspersky Security
37
Setting
Default value
Windows
Installer key and its
values
Description
Kaspersky Security
38
Table 5.
Setting
Default value
Restoring
Remove
RESTOREQTN =<value>
quarantined
objects
Restoring the
Remove
content of
RESTOREBCK =<value>
0 delete backup content;
backup
Folder for
restored
objects
%ALLUSERSPROFILE%\Application
Data\Kaspersky Lab\Kaspersky
Server\10.0\Restored\
It will create Kaspersky Security folders on the protected server and on the computer on
which the Kaspersky Security Console is installed
Kaspersky Security
39
Folder
%ProgramFiles%\Kaspersky Lab\Kaspersky
Security for Windows Server\
In the Microsoft Windows 64-bit version
Kaspersky Security
40
Folder
%ALLUSERSPROFILE%\Application
Windows Server\10.0\Update\Distribution\
%ALLUSERSPROFILE%\Application
Windows Server\10.0\Bases\Backup\
Kaspersky Security
41
Folder
%ALLUSERSPROFILE%\Application
update tasks
Windows Server\10.0\Bases\Temp\
%ALLUSERSPROFILE%\Application
Windows Server\10.0\Restored\
Table 7.
Folder
%ProgramFiles%\Kaspersky Lab\Kaspersky
Security Console)
Kaspersky Security
42
Table 8.
Service
Purpose
(KAVFSGT)
(kavfsscs)
checking scripts.
Group
Purpose
KAVWSEE
A group on the protected server whose users have full access to the
Administrators
Key
Purpose
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\KAVFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\Eventlog\Kaspersky Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\kavfsscs]
service settings
Kaspersky Security
43
Key
Purpose
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\KAVFSGT]
settings
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\Kaspersky Security\Performance]
In Microsoft Windows 64-bit version:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services\Kaspersky Security x64\Performance].
In Microsoft Windows 32-bit version:
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab
\WSEE\SnmpAgent]
In Microsoft Windows 64-bit version:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Nod
e\KasperskyLab\WSEE\SnmpAgent]
In Microsoft Windows 32-bit version:
HKEY_LOCAL_MACHINE\Software\KasperskyLab\WS
EE\10.0\Trace\
In Microsoft Windows 64-bit version:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Ka
sperskyLab\WSEE\10.0\Trace\
In Microsoft Windows 32-bit version:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\
WSEE\10.0\CrashDump\
In Microsoft Windows 64-bit version:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Ka
sperskyLab\WSEE\10.0\CrashDump\
Kaspersky Security
44
Dump settings
File name
Purpose
kavfs.exe
kavfswp.exe
kavfsscs.exe
kavtray.exe
Kavfsgt.exe
kavshell.exe
kavfsrcn.exe
Kaspersky Security
45
Installation planning
This section describes Kaspersky Security administrative tools and the particulars of installing
Kaspersky Security using the Setup Wizard, from the command line, via Kaspersky Security Center,
and via Active Directory group policies.
Before starting to install Kaspersky Security, plan its main stages.
2. Identify the software components which should be installed (see page 24).
3. Select installation method.
In this section
Administration tools selection .................................................................................................... 46
Selecting installation type .......................................................................................................... 47
Installation planning
46
Kaspersky Security Console is included in the "Administration tools" product components set.
Command line utility
You can manage Kaspersky Security from the command line of a protected server.
The command line utility is included in the Kaspersky Security program components group.
Kaspersky Security Center
If the Kaspersky Security Center application is used for centralized management of anti-virus
protection of computers at your company, you can manage Kaspersky Security via the Kaspersky
Security Center Administration Server.
The following components should be installed:
Module for integration with Kaspersky Security Center Network Agent. This component is
included in the Kaspersky Security program components group. It ensures Kaspersky Security
communication with the Network Agent. Install the Module for integration with Kaspersky Security
Center Network Agent onto the protected server.
Kaspersky Security Center Network Agent. Install this component on each protected server.
This component supports interaction between Kaspersky Security installed on the server and the
Kaspersky Security Center Administration Server. The Network Agent installation file in included in
the Kaspersky Security Center distribution kit folder.
Kaspersky Security plugin. Additionally, install the plug-in for managing Kaspersky Security via
the Administration Console on the computer where the Kaspersky Security Center Administration
Server is installed. This ensures the application management interface via the Kaspersky Security
Center. The plug-in installation file, \server\klcfginst.exe, is included in the Kaspersky Security
distribution kit.
Installation planning
47
Select the installation method depending on the network architecture and the following conditions:
whether special Kaspersky Security installation settings will need to be set, or whether the
recommended installation settings (see page 29) will be used
whether the installation settings will be the same for all servers or individual to each server
Kaspersky Security can be installed interactively using the Setup Wizard or in silent mode without
user participation, and invoked by running the installation package file with setup settings from the
command line. A centralized remote installation of Kaspersky Security can be performed using
Active Directory group policies or using the Kaspersky Security Center remote installation task.
Kaspersky Security can be installed on a single server, configured for operation and its settings
saved to a configuration file; the file created can then be used to install Kaspersky Security on other
servers (this possibility does not apply when the product is installed using Active Directory group
policies).
Launching the Setup Wizard
The Setup Wizard can install the following:
Kaspersky Security program components onto the protected server (see page 51) from the
\server\setup.exe file of the distribution kit;
Kaspersky Security Console from the \client\setup.exe file of the distribution kit on the
protected server or another LAN host.
The installation package file can be launched from the command line with the necessary
installation settings
If the installation package file is started without options, Kaspersky Security will be installed with the
default settings. Kaspersky Security options can be used to modify the installation settings.
Kaspersky Security Console can be installed on the protected server and / or administrator's
workstation.
Sample commands for the installation of Kaspersky Security and Kaspersky Security Console can
be found in the section "Installing and Uninstalling Kaspersky Security from the command line" (see
page 69).
Installation planning
48
Installation planning
49
In this section
Installing using the Setup Wizard .............................................................................................. 50
Modifying the set of components and repairing Kaspersky Security .......................................... 64
Uninstallation using the Setup Wizard ....................................................................................... 66
To install and proceed with using Kaspersky Security, take the following steps:
1. Install Kaspersky Security on the protected server (see section "Installing Kaspersky Security
on a protected server" on page 51).
2. Install Kaspersky Security Console on the computers from which you intend to manage
Kaspersky Security (see section "Installing Kaspersky Security Console" on page 55).
3. If the Kaspersky Security Console has been installed on a computer other than the protected
server, configure additional settings to allow Console users to manage Kaspersky Security
via the Console (see section "Advanced settings after installation of Kaspersky Security
Console on another computer" on page 56).
In this section
Installing Kaspersky Security on a protected server .................................................................. 51
Installing Kaspersky Security Console....................................................................................... 55
Advanced settings after installation of Kaspersky Security Console on another computer......... 56
Actions after installing Kaspersky Security ................................................................................ 61
Make sure no other anti-virus programs are installed on the server. You can install Kaspersky
Security without uninstalling Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise
Edition.
Make sure that the account which you are using to start the Setup Wizard is registered in the
administrators group on the protected server.
After completing the actions described above, proceed with the installation procedure. Following the
Setup Wizard instructions, specify the settings for Kaspersky Security installation. The Kaspersky
Security installation process can be stopped at any step of the Setup Wizard. To do so, press the
Cancel button in the Setup Wizard window.
You can read more about the installation (uninstallation) settings (see page 29).
3. In the welcome screen of the Kaspersky Security Setup Wizard, click the Next button.
The End User License Agreement window opens.
4. Review the terms of the License Agreement and select I accept the terms of End User
License Agreement in order to proceed with the installation. Press the Next button.
If the server has Kaspersky Anti-Virus for Windows Servers Enterprise Edition installed, the
Previous version of the program detected window will open.
If previous versions of the program are not detected, proceed to step 6 of these instructions.
5. To upgrade from the previous version of the application, click the Install button. The Setup
Wizard will upgrade application to Kaspersky Security and save compatible settings in the
new version (see section "Migration to Kaspersky Security from an earlier version of the
application" on page 87). On the upgrade completion, wizard will open the Installation
completion window (proceed to the Step 15 of these instructions).
The Quick scan of the computer before installation window opens.
6. In the Quick scan of the computer before installation, check the box Scan computer for
viruses to scan system memory and boot sectors of the local server drives for threats. Press
the Next button. On completion of the scanning procedure the wizard will open a window
reporting Quick scan results.
This window displays information about scanned server objects: the total number of scanned
objects, the number of threat types detected, the number of infected or probably infected
objects detected, the number of dangerous or suspicious processes removed from memory
by Kaspersky Security, and the number of dangerous or suspicious processes that the
application was unable to remove.
To see exactly which objects were scanned, press the List of processed objects button.
7. Press the Next button in the Quick scan of the computer before installation window.
The Installation type window opens.
Custom installation, to select the components for installation from the list of Kaspersky
Security features.
The SNMP protocol support component of Kaspersky Security will only appear in the list
of components suggested for installation if the Microsoft Windows SNMP service is
installed on the server.
Select the components to be installed. To cancel all changes, press the Reset button in the
Custom installation window. Press the Next button.
If required, review the information about available space on the local drives, by clicking
Disk button.
11. In the Advanced installation settings window, configure the following installation settings:
If you want to activate the application, specify a Kaspersky Security key file for application
activation.
If you want to activate the application later, press the Next button.
If a key file has been saved beforehand in the \server folder of the distribution kit, the
name of this file will be displayed in the Key field.
To add the key using a key file stored in another folder, specify the key file.
You cannot activate the application using an activation code via Setup Wizard. If you
want to activate the application using activation code, you need to enter the code
after installation. Detailed information about the activation of application is provided in
the Kaspersky Security 10 for Windows Server Administrator's Guide.
Once the key file is added, license information will be shown in the window. Kaspersky
Security displays the calculated date of license expiry. The license term runs from the
time when you add a key and expires no later than the key file expiry date.
Click Next button to apply the key in the application.
14. In the Ready to install window, press the Install button. The wizard will start the installation
of Kaspersky Security components.
4. Review the terms of the End User License Agreement in the opened window, and select I
accept the terms of End User License Agreement in order to proceed with the installation.
Press the Next button.
5. In the Installation type window that opens, select one of the following options:
Full installation to install the complete set of "Administration tools" components, which
includes the Kaspersky Security Console, help file, and application documentation. Go to
step 7 of this instruction.
Custom installation manually selects the components from the list. Press the Next button.
You can read more about the components of Kaspersky Security (see page 24).
9. In the Ready to install window, press the Install button. The wizard will begin installing the
selected components.
10. The Installation complete window opens when the installation is completed.
11. Click OK.
The Setup Wizard window will close. Kaspersky Security Console will be installed on the
protected server.
If the "Administration tools" set has been installed on a different computer rather than on the
protected server, adjust the advanced settings (see section "Advanced settings after installation of
Kaspersky Security Console on another computer" on page 56).
Add Kaspersky Security users to the KAVWSEE Administrators group on the protected
server.
If the protected server is running on Microsoft Windows Server 2008 / 2012 / 2012 R2, allow
network connections for the Kaspersky Security Management Service (kavfsgt.exe) on this
server.
In this section
About access permissions for Kaspersky Security Management Service .................................. 57
Enabling network connections for Kaspersky Security Management Service ............................ 58
Permission for network connections for Kaspersky Security Console running Microsoft
Windows ................................................................................................................................... 59
You cannot allow or block user access to Kaspersky Security Management Service by
configuring Kaspersky Security.
You can connect to Kaspersky Security from a local account if an account with the same name
and password is registered on the protected server.
To establish a connection between Kaspersky Security Console and the Kaspersky Security
Management Service, you need to allow network connections for the service through the firewall on
the protected server.
Network connections have to be configured if Kaspersky Security runs under Microsoft Windows
Server 2003 / 2008 / 2012 / 2012 R2.
2. In the Windows firewall settings window, select the Change settings command.
3. In the list of predefined exceptions on the Exceptions tab check the flags: COM + Network
access, Windows Management Instrumentation (WMI) and Remote Administration.
6. Click OK.
7. Press the OK button in the Windows Firewall settings dialog window.
Network connections for Kaspersky Security Management Service are now enabled.
The Kaspersky Security Console uses the DCOM protocol to receive information about application
events (objects scanned, tasks completed, etc.) from the Kaspersky Security Management Service
on a remote server.
If the computer on which Kaspersky Security Console is installed runs on Microsoft Windows XP SP2
or higher / Vista / 7 / 8 / 8.1, network connections have to be allowed via the firewall on this computer, in
order to establish a connection between Kaspersky Security Console and Kaspersky Security
Management Service.
2. In the Windows firewall open port 135 (TCP) and allow network connections for the
executable file of the Kaspersky Security remote management process kavfsrcn.exe. The
computer on which Kaspersky Security Console is installed exchanges information via port
TCP 135 with the protected server on which Kaspersky Security is installed.
If Kaspersky Security Console was opened while you were configuring the connection between
the protected server and the computer on which Kaspersky Security Console is installed, close
Kaspersky Security Console, wait for the Kaspersky Security remote management process
kavfsrcn.exe to end, and restart the Console. The new connection settings will be applied.
To allow anonymous remote access to COM applications, take the following steps:
1. On the computer on which Kaspersky Security Console is installed, open the Component
Services console: select Start Run, type dcomcnfg, and click OK.
2. Expand the Computers node in the Component Services console of the computer, open
the context menu of the My Computer node and select the Properties command.
3. On the COM Security tab of the Properties window, click the Edit limits button in the User
rights group of settings.
4. Make sure that the Allow Remote Access check box is selected for the ANONYMOUS
LOGON user in the Allow remote access window.
5. Click OK.
To open TCP port 135 in the Windows firewall and to allow network connections for the
Kaspersky Security remote management process executable file:
1. Close Kaspersky Security Console on the remote computer.
2. Perform the following actions depending on the computer's operating system:
a. Select Start > Control panel > Windows firewall and in the Windows
firewall window select the command Change settings.
b. In Windows Firewall window (or Windows Firewall settings) click the
Add port button on the Exclusions tab.
c. In the Name field specify the part name RPC (TCP/135) or enter another
name, for example Kaspersky Security DCOM, and specify port number
(135) in the Port name field.
d. Select TCP protocol.
e. Click OK.
f. Press the Add Program button on the Exclusions tab.
In Microsoft Windows 7 :
3. Specify kavfsgt.exe file in the Add Program window. This is located in the folder specified as
a destination folder during the installation of Kaspersky Security Console using MMC. By
default the full path to the file is as follows:
4. Click OK.
5. Click the OK button in the Windows firewall (Windows firewall settings) window.
Starting the Kaspersky Security databases update task. After installation Kaspersky Security
will scan objects using the database included in the application distribution kit.
The application will then update the databases every hour according to the default schedule
configured in the task.
Run a Critical Areas Scan of the server if no anti-virus software with real-time file protection
was installed on the protected server before installing Kaspersky Security.
Detailed information about starting and configuring the settings of update and scan tasks, as well as
instructions on configuring an administrator notification are provided in the Kaspersky Security 10 for
Windows Server Administrator's Guide.
In this section
Starting Kaspersky Security databases update task .................................................................. 62
Critical Areas Scan.................................................................................................................... 64
1. In the settings of the Database Update task, configure a connection with the source of
updates Kaspersky Lab HTTP or FTP update servers.
2. If Kaspersky Security Console has been started on a computer other than the protected
server, connect to the protected server: open the context menu on the Kaspersky Security
node in the Console tree, select Connect to another computer, then in the Select
computer dialog box select Another computer, and enter the network name of the
protected server in the input field.
If the user account that you used to sign into Microsoft Windows does not have sufficient
privileges to access the Kaspersky Security Management Service on the server, specify a
user account that has such permissions. You can read about which accounts can be given
access to Kaspersky Security Management Service (see section "About access
permissions for Kaspersky Security Management Service" on page 57).
b. If your network requires authentication when accessing the proxy server, select the
necessary authentication method in the drop-down list of the Proxy server
authentication settings section:
Use NTLM authentication if the proxy server supports the built-in Microsoft Windows
NTLM authentication. Kaspersky Security will use the user account specified in the
task to access the proxy server (by default the task will run under the Local system
(SYSTEM) user account).
Use NTLM authentication with name and password if the proxy server supports
the built-in Microsoft Windows NTLM authentication. Kaspersky Security will use the
account specified for accessing the proxy server.
Enter username and password or select a user from the list.
Use user name and password to select basic authentication. Enter username and
password or select a user from the list.
2. In the window that opens, in the Installation section, click the Install Kaspersky Security
link.
The Setup Wizard's Modify, repair or remove installation window opens.
4. In the Custom installation window, in the list of available components, select the
components that you want to add to Kaspersky Security or that you want to remove. To do
this, perform the following actions:
Component will be installed on local hard drive if you want to install one
component
Component and its subcomponents will be installed on local hard drive if you
want to install a group of components
the selected component, and in the context menu select Component will be
unavailable.
Press the Install button.
5. In the Ready to install window, confirm the change to the set of application components by
clicking the Install button.
6. In the window that opens upon completion of installation, click the OK button.
The set of Kaspersky Security components will be modified based on the specified settings.
If problems occur in the operation of Kaspersky Security (Kaspersky Security crashes; tasks crash or
do not start), it is possible to attempt to restore the Kaspersky Security. You can perform a restore
while saving the current settings of Kaspersky Security, or you can select an option to reset all
Kaspersky Security settings to their default values.
2. In the window that opens, in the Installation section, click the Install Kaspersky Security
link.
The Setup Wizard's Modify, repair or remove installation window opens.
5. In the Ready to repair window, confirm the application repair by clicking the Install button.
6. In the window that opens upon completion of the restore, click the OK button.
Kaspersky Security will be restored based on the specified settings.
In this section
Uninstalling Kaspersky Security from a protected server ........................................................... 67
Uninstalling Kaspersky Security Console .................................................................................. 68
Kaspersky Security can be uninstalled from the protected server using the Setup / Uninstallation Wizard.
The server may need to be rebooted after uninstalling Kaspersky Security from the protected server.
Rebooting can be postponed.
Select the Export Quarantine objects check box in order for Kaspersky Security to
export objects that have been quarantined. The check box is cleared by default.
Check the Export Backup objects checkbox, in order to export objects from Kaspersky
Security Quarantine. The check box is cleared by default.
Click the Save to button and select the folder to which you want to export restored
objects. By default, the objects will be exported to %ProgramData%\Kaspersky
Lab\Kaspersky Security for Windows Server\10.0\Uninstall.
4. In the Ready to uninstall window, confirm removal by clicking the Uninstall button.
5. In the window that opens upon completion of removal, click the OK button.
Kaspersky Security will be removed from the protected server.
You can uninstall Kaspersky Security Console from the computer using the Setup / Uninstallation
Wizard.
After you have uninstalled Kaspersky Security Console, you do not need to restart the computer.
4. Click OK.
Removal is now complete, and the Setup Wizard closes.
In this section
About installing and uninstalling Kaspersky Security from the command line ............................ 69
Example commands for installing Kaspersky Security ............................................................... 70
Actions after installing Kaspersky Security ................................................................................ 72
Adding / uninstalling components. Sample commands .............................................................. 73
Uninstalling Kaspersky Security. Sample commands ................................................................ 73
Return codes............................................................................................................................. 74
Perform the installation using the rights of an account that is included in the administrators group
on the computer on which the application is installed.
If one of the \server\ks4ws_x86(x64).msi files is run on the protected server without additional keys,
Kaspersky Security will be installed with the recommended installation settings (see page 29).
The set of components to be installed can be assigned using the ADDLOCAL key by listing the
codes for the selected components or sets of components as its values.
On computers running a 32-bit version of Microsoft Windows, run the files with the x86 suffix in
the distribution kit. On computers running a 64-bit version of Microsoft Windows, run the files
with the x64 suffix in the distribution kit.
Detailed information about use of the standard commands and keys of the Windows Installer service
is provided in the documentation supplied by Microsoft.
Examples for Kaspersky Security installation from file setup.exe
To install Kaspersky Security with the recommended installation settings in the mode
without interaction with the user, run the following command:
\server\setup.exe /s /p EULA=1
To install Kaspersky Security with the following settings:
do not exclude from the scan files recommended for exclusion by Microsoft Corporation;
Examples of commands used for installation: running the .msi file of an installation
package
To install Kaspersky Security with the recommended installation settings in the mode
without interaction with the user, run the following command:
msiexec /i ks4ws.msi /qn EULA=1
To install Kaspersky Security with the recommended installation settings; display the
installation interface, run the following command:
msiexec /i ks4ws.msi /qf EULA=1
In order to install Kaspersky Security with activation using the key file C:\0000000A.key:
msiexec /i ks4ws.msi LICENSEKEYPATH=C:\0000000A.key /qn EULA=1
To install Kaspersky Security with a preliminary scan of active processes and boot
sectors of the local disks, run the following command:
msiexec /i ks4ws.msi PRESCAN=1 /qn EULA=1
To install Kaspersky Security while saving its files in the destination folder C:\KSWS,
execute the following command:
msiexec /i ks4ws.msi INSTALLDIR=C:\KSWS /qn EULA=1
To install Kaspersky Security: save the installation log file with name ksws.log in the
folder in which the msi file of the Anti-Virus installation package is stored, and execute
the following command:
msiexec /i ks4ws.msi /l*v ksws.log /qn EULA=1
To install Kaspersky Security Console, run the following command:
msiexec /i ks4wstools.msi /qn EULA=1
To install Kaspersky Security with activation using the key file C:\0000000A.key: add
objects matching the not-a-virus:RemoteAdmin* mask to exclusions; configure
Kaspersky Security according to the settings described in the configuration file
C:\settings.xml, and execute the following command:
msiexec /i ks4ws.msi LICENSEKEYPATH=C:\0000000A.key
RADMINEXCLUSION=1 CONFIGPATH=C:\settings.xml /qn EULA=1
See also
Actions after installing Kaspersky Security ................................................................................ 72
Install and uninstall settings and their keys for the Windows Installer service ............................ 29
Starting the Kaspersky Security databases update task. After installation Kaspersky Security
will scan objects using the database included in its distribution kit. We recommend updating
Kaspersky Security database immediately. To do so, you must run the Database Update
task. The database will then be updated every hour according to the default schedule.
For example, you can run the Database Update task by running the following command:
Run a Critical Areas scan of the server if no anti-virus software with real-time file protection
was installed on the protected server before installing Kaspersky Security.
The On-Demand Scan component is installed automatically. You do not need to specify it in the list
of ADDLOCAL key values by adding or deleting Kaspersky Security components.
To add the Script Monitoring component to already installed components, run the
following command:
msiexec /i ks4ws.msi ADDLOCAL=Oas,ScriptChecker /qn EULA=1
or
\server\setup.exe /s /p "ADDLOCAL=Oas,ScriptChecker EULA=1"
Return codes
The below table contains a list of return codes from the command line.
Table 12.
Return codes
Code
Description
25001
25002
25003
Application being installed does not match the operating system's word size
(32-bit vs. 64-bit).
25004
In this section
General information on installing via Kaspersky Security Center ............................................... 75
Rights to install or uninstall Kaspersky Security ........................................................................ 76
Kaspersky Security installation procedure via Kaspersky Security Center ................................. 77
Actions after installing Kaspersky Security ................................................................................ 79
Installing Kaspersky Security Console via Kaspersky Security Center ...................................... 82
Uninstalling Kaspersky Security via Kaspersky Security Center ................................................ 83
You can create a task to remotely install Kaspersky Security on a set of computers that are not in the
same administration group. When creating this task you must generate a list of the individual
computers on which Kaspersky Security should be installed.
Detailed information on the remote installation task is provided in the Kaspersky Security Center
Administrator's Guide.
If the Kaspersky Security Center Network Agent is already installed on computers on which
Kaspersky Security is to be installed (no matter in which domain the computers are located
and whether they belong to any domain).
If the Network Agent is not yet installed on the servers, you can install it with Kaspersky
Security using a remote installation task. Before installing the Network Agent, make sure
that the account that you want to specify in the task is included in the administrators
group on each of the servers.
All computers on which you want to install Kaspersky Security are in the same domain as the
Administration Server, and the Administration Server is registered under the Domain
Admin account (if this account has local administrator's rights on the computers within the
domain).
By default, when using the Forced installation method, the remote installation task is run from the
account from which the Administration Server runs.
When working with group tasks or with tasks for sets of computers in the forced installation
(uninstallation) mode, an account should have the following rights on a client computer:
If you intend to manage Kaspersky Security via Kaspersky Security Center in the future, make sure
that the following conditions are met:
The computer where the Kaspersky Security Center Administration Server is installed also
has the Kaspersky Security Administration Plug-in installed (\server\klcfginst.exe file in the
Kaspersky Security distribution kit).
Servers can also be combined into an administration group beforehand in order to later manage the
protection settings using Kaspersky Security Center policies and group tasks.
To install Kaspersky Security with the help of remote installation, carry out the following:
1. Launch Administration Console of Kaspersky Security Center.
2. In Kaspersky Security Center, expand the Remote installation node and in the Installation
Packages subnode create a new installation package, specifying the ks4ws.kud file from the
distribution kit as the installation package file.
3. If required, in the properties of the created installation package, change the set of Kaspersky
Security components to be installed (see section "Modifying the set of components and
repairing Kaspersky Security" on page 64). If required, change the default installation
settings (see section "Install and uninstall settings and their keys for the Windows Installer
service" on page 29).
In Kaspersky Security Center, expand the Remote installation node and in the Installation
packages subnode in the workspace open the context menu of the created Kaspersky
a. In the Components to install group of settings check boxes next to the names of the
Kaspersky Security components you wish to install.
b. In order to indicate a destination folder other than the default one, specify the name of
the folder and the path to it in the Destination folder field.
The path to the destination folder may contain system environment variables. If such
folder does not exist on the server, it will be created.
See also
Actions after installing Kaspersky Security ................................................................................ 79
Checking Kaspersky Security functions Using the EICAR test virus .......................................... 90
1. Create Database Update tasks for the group of servers on which Kaspersky Security was
installed. Set Kaspersky Security Center Administration Server as the update source.
2. Create a group On-Demand Scan task with the Critical Areas Scan task status. Kaspersky
Security Center evaluates the security status of each server in the group based on the results
of the execution of this task, not the Critical Areas scan task.
3. Create a new policy for the group of servers. In the properties of the created policy, on the
System tasks tab, deactivate the scheduled start of system scan tasks as required and the
database update tasks on the administration group servers.
You can also configure administrator notifications about Kaspersky Security events (see the
Administrator's Guide for Kaspersky Security 10 for Windows Server).
Detailed information about configuring Kaspersky Security settings via Kaspersky Security Center is
provided in the Kaspersky Security 10 for Windows Server Administrator's Guide.
In this section
Creating and launching an "Database Update" group task ........................................................ 80
Creating and launching a group server scan task and assigning the "Critical Areas scan task"
status to it ................................................................................................................................. 81
2. Enter the name of the task in the Specify task name window of the task creation wizard, for
example Updating databases on the group servers.
3. In the Task type window under the heading Kaspersky Security 10, select the type of the
task to be created: Database Update.
6. In the Schedule window, check the Run by schedule box and in the Frequency list select
the item After Administration Server has retrieved updates.
7. In the Finish window of the task creation wizard press the Ready button.
A group task for application database updates will be created.
2. In the Specify task name window of the task creation wizard, enter the task name, for
example Critical Areas scan on group servers.
3. In the Task type window under the heading Kaspersky Security 10, select the type of the
task to be created: On-demand scan.
6. In the Options window, select the Consider task as Critical Areas scan check box.
7. In the Schedule window configure the task schedule settings:
a. check the Run by schedule box.
b. Specify the frequency of starting the task, for instance once a week.
c. Specify the time for the task launch in the Start time field.
d. In the Start date field specify the current date as the date on which the schedule will
be applied.
e. Click OK.
8. In the Finish window of the task creation wizard press the Ready button.
This will create a group server scan task with a "Critical areas scan task" status.
In the Select installation package type window, select Create an installation package
for an application specified by the user and select the client\setup.exe file from the
distribution kit folder.
If required, modify the set of components to be installed using ADDLOCAL key in the
Executable file launch settings (optional) field and change the destination folder.
For instance, in order to install the Kaspersky Security Console alone in the folder
C:\KasperskyConsole without installing the help file and documentation, proceed as
follows:
\server\setup.exe /s /p
"ADDLOCAL=MmcSnapin INSTALLDIR=:\KasperskyConsole
EULA=1"
2. In the Installation packages node, create a task to remotely install Kaspersky Security
Console on the selected computers (administration group). Configure task settings.
To learn more about creating and configuring remote installation tasks, see Administrator's
Guide for Kaspersky Security Center.
2. In the task, select the deletion method (corresponds with the selection of the installation
method; see previous item) and specify an account with the rights of which the Administration
Server addresses the computers. You can uninstall Kaspersky Security only with default
uninstallation settings (see section "Install and uninstall settings and their keys for the
Windows Installer service" on page 29).
In this section
Kaspersky Security Installation through active directory group policies ..................................... 84
Actions after installing Kaspersky Security ................................................................................ 85
Kaspersky Security Uninstallation through active directory group policies ................................. 86
Detailed information about use of Active Directory group policies is provided in the
documentation supplied by Microsoft.
2. On the domain controller create a new policy for a group in which servers are combined.
3. Using Group Policy Object Editor create a new installation package in the Computer
configuration node. Specify the path to the msi file of the installation package of Kaspersky
Security (Kaspersky Security Console) in the UNC format (Universal Naming Convention).
4. Select Always install with elevated privileges in Windows Installer service in both the
Computer configuration node and in the User configuration node of the selected group.
Detailed information about use of Active Directory group policies is provided in the
documentation supplied by Microsoft.
2. Select the policy created for the installation of Kaspersky Security and in the Group policies
editor, in the Software Installation node (Computer configuration Program
configuration Software Installation) open the context menu of the Kaspersky Security
(Kaspersky Security Console) installation package and select the All tasks Remove
command.
This section contains information on the capability to save, migrate, and apply settings of installed
applications when installing Kaspersky Security 10 for Windows Server without removing Kaspersky
Anti-Virus 6.0 for Windows Servers MP4 or Kaspersky Anti-Virus 8.0 for Windows Servers
Enterprise Edition.
The computer may have to be restarted when updating the program to Kaspersky Security 10 for
Windows Server.
In this section
Migrating settings from Kaspersky Security 6.0 for Windows Server MP4 ................................. 88
Migrating settings from Kaspersky Security 8.0 for Windows Servers Enterprise Edition
Service Pack 1 .......................................................................................................................... 89
Update settings
After updating KasperskyAnti-Virus 6.0 to Kaspersky Security 10, you are advised to
double-check the application settings that were migrated from KasperskyAnti-Virus to
Kaspersky Security.
You can also apply policies and group tasks that were created when using KasperskyAnti-Virus 6.0
in Kaspersky Security.
Kaspersky Security Center policies and group tasks are not automatically converted and are not
supported without reinstalling the Kaspersky Security Administration Plug-in.
To use policies or group tasks that were created with KasperskyAnti-Virus 6.0,
import the previously saved policy or task when creating a new policy or task during the first step
of the Wizard in the Kaspersky Security 10 Plug-in.
Kaspersky Security Center policies and group tasks are not automatically converted and are not
supported without reinstalling the Kaspersky Security Administration Plug-in.
To use policies or group tasks that were created with KasperskyAnti-Virus 8.0,
import the previously saved policy or task when creating a new policy or task during the first step
of the Wizard in the Kaspersky Security 10 Plug-in.
Detailed information about the procedure for importing policies and group tasks is provided in the
Kaspersky Security 10 for Windows Server Administrator's Guide and in the Kaspersky Security
Center Administrator's Guide.
In this section
About the EICAR test virus........................................................................................................ 90
Checking the functions of Kaspersky Security Real-time protection and On-demand scan ....... 92
The test virus is not a virus and does not contain a program code that may damage to your
computer, although most vendors' anti-virus applications identify a threat in it.
The file containing this test virus is called eicar.com. You can download it from the website of EICAR
http://www.eicar.org/anti_virus_test_file.htm.
Before saving the file in a folder on the computers hard drive, make sure that Real-Time File
Protection on that drive is disabled.
File eicar.com contains a text line. When scanning the file Kaspersky Security detects a test threat in
this text line, assigns the Infected status to this file and deletes it. Information about the threat
detected in the file will appear in Kaspersky Security Console and in the task log.
You can use the eicar.com file in order to check how Kaspersky Security disinfects infected objects
and how it detects probably infected objects. In order to do this, open the file using a text editor, add
to the beginning of the text line in the file one of the prefixes listed in the table below, and save the file
under a new name, for example eicar_cure.com.
In order to make sure that Kaspersky Security processes the eicar.com file with a prefix, in the
Objects protection security settings section, set the All objects value for the Kaspersky
Security Real-Time File Protection tasks and Default On-demand Scan tasks. See the
instructions in the Administrator's Guide for Kaspersky Security 10 for Windows Server.
Table 13.
Prefix
No prefix
SUSP
WARN
CURE
Before you save the file into the folder, make sure that the Real-Time File Protection is
disabled in this folder.
2. If you wish to check the functioning of the user net notifications, make sure that the Microsoft
Windows messaging service is enabled both on the protected server and on the computer on
which you saved the file eicar.com.
To test notifications through the Terminal Services window, copy the file eicar.com to the
server after connecting to the server using the Remote Desktop Connection utility;
To test notifications through Microsoft Windows NET SEND service, copy the file
eicar.com from the computer where you saved it, via that computer's network places.
Real-Time File Protection works correctly if the following conditions are met:
The file eicar.com has been deleted from the protected server.
In the Kaspersky Security Console, the task log was given the status Critical. A line
appeared in the log with information about a threat in the eicar.com file. (To view the task log,
in the Kaspersky Security Console tree expand the Real-Time Protection node, select the
Real-Time File Protection task and in the results panel of the node click the Open log link).
A Microsoft Windows NET SEND message will have appeared on the computer from which
you copied the file (or Terminal Service in the terminal session on the server), as follows:
Kaspersky Security blocked access to <path to file on the
server>\eicar.com on computer <network name of computer> at <time that
event occurred>. Reason: Threat detected. Virus: EICAR-Test-File. User
name: <user name>. Computer name: <network name of the computer from
which you copied the file>.
Make sure that Microsoft Windows NET SEND service is functioning on the computer
from which you have copied the eicar.com file.
In order to check the On-Demand Scan function, take the following steps:
1. Download file eircar.com from the EICARsite at http://www.eicar.org/anti_virus_test_file.htm.
Save it into the public folder on the local drive of any of the computers on the network.
Before you save the file into the folder, make sure that the Real-Time File Protection is
disabled in this folder.
d. Enter the network path to eicar.com file on the remote computer in the UNC format
(Universal Naming Convention).
e. Check the box to include the added network path to the scan area.
f. Run the Critical Areas Scan task.
The on-demand scan works as it should if the following conditions are met:
In the Kaspersky Security Console, the task log was given the status Critical; in the
execution log of the task Critical Areas Scan a line appeared with information on a threat in
the eicar.com file. (To view the task log, in the Kaspersky Security Console tree expand the
On-Demand Scan subnode, select the Critical Areas Scan task and in the results panel
click the Open log link).
In this section
Protection of Directly Attached Storages (DAS) ........................................................................ 96
Protection of clusters................................................................................................................. 97
Protection of terminal servers .................................................................................................... 99
Network Attached Storage Protection task .............................................................................. 100
Kaspersky Security monitors file operations performed on files in DAS storages. Kaspersky Security
recognizes DAS storages as local file resources of the server.
Protection of clusters
Kaspersky Security supports installation on server clusters running in Active / Active and Active /
Passive modes (see figure below).
Kaspersky Security ensures correct operation of the server during migration of cluster resources
(failover / failback).
Complete cluster protection is achieved when Kaspersky Security is installed on each node.
Kaspersky Security protects local drives of the server file system and shared drives of the cluster that
are currently owned by the protected node. File resources owned by an unprotected cluster node are
not protected.
Protection of terminal users working in the mode of desktop publication and app publication
Kaspersky Security scans files located in network share folders in the network storage system when
an attempt is made to read or modify the files from a workstation. The network attached storage
allows reading or modifying a file if Kaspersky Security has identified that file as safe. If Kaspersky
Security has identified a file as infected or probably infected, the network attached storage blocks
that file from being read or modified. Kaspersky Security allows you to configure the actions that the
application will perform on infected and probably infected files. By default Kaspersky Security
disinfects infected files, and if disinfection is not possible it deletes them (if the action is available in
the network storage system); probably infected files are placed in quarantine. Before disinfecting or
deleting a file, Kaspersky Security places a copy of the file in Backup.
You can find more detailed information in the Implementation Guide for Kaspersky Security 10 for
Windows Server for Network Storage Protection.
In this section
How to get Technical support .................................................................................................. 102
Technical Support via Kaspersky CompanyAccount ............................................................... 103
Technical support by phone .................................................................................................... 104
Using trace files and AVZ scripts ............................................................................................. 104
Before contacting Technical Support, please read through the Technical Support rules
(http://support.kaspersky.com/support/rules).
English
Spanish
Italian
German
Polish
Portuguese
Russian
French
Japanese
To learn more about Kaspersky CompanyAccount, visit the Technical Support website
(http://support.kaspersky.com/faq/companyaccount_help).
Glossary
A
Network Agent
A component of Kaspersky Security Center that is responsible for interaction between Administration
Server and Kaspersky Lab applications installed on a specific network node (workstation or server).
This component is common for all Windows-based applications from the company's product range.
Active key
The key that the application currently uses in its operation.
Additional key
The additional key is a key that confirms the right to use the application but is not currently in use.
Administration group
A set of computers associated in accordance with their functions and the pool of Kaspersky Lab
applications installed on them. Computers are grouped for the ease of management, which allows
administering them as a single unit. A group may include other groups. Group policies and group
tasks can be created for each of the applications installed within one group.
Administration server
A component of Kaspersky Security Center that performs centralized storage of information about
Kaspersky Lab applications installed on the corporate network and ways of managing them.
Anti-virus databases
Databases that contain information about computer security threats known to Kaspersky Lab as of
the anti-virus database release date. Anti-virus database signatures help to detect malicious code in
scanned objects. Anti-virus databases are created by Kaspersky Lab specialists and updated hourly.
Archive
A file that contains inside itself one or several other files, which, in their turn, may also be archives.
Application settings
Application settings that are common to all types of tasks and determine how the application
operates in general. For example, performance, reports, and Backup settings.
B
Backup
A dedicated storage area intended for storing backup copies of files that have been created before
their first disinfection or deletion.
D
Disinfection of objects
A method of processing infected objects that results in a complete or partial recovery of data. Not
every infected object can be disinfected.
Glossary
106
F
False alarm
A situation when a non-infected object is identified by a Kaspersky Lab application as infected
because its code is similar to that of a virus.
H
Heuristic analysis
A technology intended for detection of threats that cannot be detected using current version of
Kaspersky Lab applications databases. It allows finding files that may contain some unknown virus
or a new modification of a known virus.
Files in which malicious code is detected during heuristic analysis are marked as probably infected.
Heuristic Analyzer
A technology of detecting threats whose signatures have not yet been added to Kaspersky Lab
databases. The heuristic analyzer allows detecting objects behaving in a way that can pose a
security threat to the operating system. Objects detected by the heuristic analyzer are considered
probably infected. For example, an object may be considered probably infected if it contains
sequences of commands that are typical of malicious objects (open file, write to file).
I
Infected file
A file that contains malicious code (i.e., when scanning the file, code of a known application that
poses a threat has been detected). Kaspersky Lab specialists recommend that you abstain from
handling such files since this may lead to an infection of your computer.
Glossary
107
K
Key file
An .key file that makes it possible to activate a Kaspersky Lab application on the terms of a
license by adding a key.
File mask
Representation of the name and extension of a file by means of wildcards.
To create a file mask, you can use any symbols that are allowed to use in file names, including
special ones:
Please note that the name and the extension of a file are always separated with a dot.
O
OLE object
A file that has been merged or integrated into another one. Kaspersky Lab applications allow
scanning OLE objects for viruses. For example, if you embed a Microsoft Office Excel spreadsheet
into a Microsoft Office Word document, the former will be scanned as OLE object.
Glossary
108
P
Potentially infectable file
A file with a specific structure or format that may be used by criminals to convert this file into a
container for storing and spreading malicious code. As a rule, they include executable files, for
example, those with com, exe, dll, and other similar extensions. The risk of malicious code
penetration into such files is rather high.
Q
Quarantine
The folder to which the Kaspersky Lab application moves probably infected objects that have been
detected. Objects are stored in Quarantine in encrypted form in order to avoid any impact on the
computer.
S
Signature analysis
Threat detection technology, which uses Kaspersky Security databases that contain the descriptions
of known threats and the methods of neutralizing them. Protection with signature analysis ensures
the minimum admissible security level. According to recommendations of Kaspersky Lab specialists,
this analysis method is always enabled.
Glossary
109
Startup objects
A set of applications that are required for start and proper operation of the operating system and
software installed on the computer. Every time the operating system boots, it runs those objects.
There are viruses aimed at infecting such objects, which may result, for example, in blocked booting
of the operating system.
T
Task
Functions performed by the Kaspersky Lab application as tasks, for example: Real-Time File
Protection, Full scan, Application databases update.
Task settings
Settings of the application that are specific for each task type.
U
Update
A procedure that consists in replacing / adding new files (databases or application modules)
retrieved from Kaspersky Lab update servers.
V
Vulnerability
A flaw in the operating system or in an application that may be exploited by malicious programs in
order to intrude into the operating system or application and corrupt its integrity. A large number of
vulnerabilities in the operating system makes its operation unreliable, because viruses that have
intruded into the operating system may provoke failures in the system's operation or errors in the
operation of installed applications.
Glossary
110
AO Kaspersky Lab
Kaspersky Lab is a world-renowned vendor of systems for protection of computers against various
threats, including viruses and other malware, spam, network and hacking attacks.
In 2008, Kaspersky Lab was rated among the worlds top four leading vendors of information security
software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). In Russia,
according to IDC, Kaspersky Lab is the first choice among vendors of computer protection systems
for home users (IDC Endpoint Tracker 2014).
Kaspersky Lab was founded in Russia in 1997. Today, Kaspersky Lab is an international group of
companies running 34 offices in 31 countries. The company is now employing more than 3,000
skilled professionals.
PRODUCTS. Kaspersky Lab products provide protection for all systemsfrom home computers to
large corporate networks.
The personal product range includes information security applications for desktop, laptop, and tablet
computers, and for smartphones and other mobile devices.
The company offers solutions and technologies for protection and control of workstations and mobile
devices, virtual machines, file servers and web servers, mail gateways, and firewalls. The company's
portfolio also includes dedicated products for protection against DDoS attacks, protection of
environments managed with industrial control systems, and fraud prevention. Used in conjunction
with centralized management tools, these solutions ensure effective automated protection against
computer threats for companies and organizations of any scale. Kaspersky Lab products are
certified by major testing laboratories, compatible with the applications of most software vendors,
and optimized for work on most hardware platforms.
Kaspersky Lab virus analysts work around the clock. Every day they uncover hundreds of thousands
of new computer threats, create tools to detect and disinfect them, and include the signatures of
these threats in the databases used by Kaspersky Lab applications.
TECHNOLOGIES. Many technologies that are now part and parcel of modern anti-virus tools were
originally developed by Kaspersky Lab. It is no coincidence that the program kernel of Kaspersky
Anti-Virus is integrated in products of many software vendors, including Alcatel-Lucent, Alt-N, Asus,
BAE Systems, Blue Coat, Check Point, Cisco Meraki, Clearswift, D-Link, Facebook, General
Dynamics, H3C, Juniper Networks, Lenovo, Microsoft, NETGEAR, Openwave Messaging, Parallels,
Qualcomm, Samsung, Stormshield, Toshiba, Trustwave, Vertu, and ZyXEL. Many of the companys
innovative technologies are patented.
ACHIEVEMENTS. Over the years, Kaspersky Lab has won hundreds of awards for its services in
combating computer threats. For example, in 2014, tests and researches conducted by the
renowned Austrian anti-virus lab AV-Comparatives brought Kaspersky Lab one of the two leading
positions in the number of Advanced+ certificates awarded, which gave the company the Top Rated
certificate. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The
companys products and technologies protect more than 400 million users, and its corporate clients
number more than 270,000.
http://www.kaspersky.com
Virus Encyclopedia
http://www.securelist.com/
Virus Lab:
AO Kaspersky Lab
112
http://www.kaspersky.com
Trademark notices
Registered trademarks and service marks are the property of their respective owners.
Citrix, XenApp, and XenDesktop are registered trademarks of Citrix Systems, Inc. and/or
subsidiaries in the United States and/or elsewhere.
Celerra, EMC, Isilon, OneFS, and VNX are either registered trademarks or trademarks of EMC
Corporation in the United States and/or elsewhere.
Radmin are registered trademarks of Famatech.
Domino, IBM, Lotus Notes, System Storage are trademarks of International Business Machines
Corporation registered all over the world.
Active Directory, Hyper-V, Excel, Microsoft, Windows, Windows Server, Windows Vista are
trademarks of Microsoft Corporation registered in the United States and elsewhere.
Data ONTAP and NetApp are either registered trademarks or trademarks of NetApp, Inc. in the
United States and/or elsewhere.
Index
A
Administration groups ............................................................................................................. 105
Administration server .............................................................................................................. 105
AVZ script ............................................................................................................................... 104
T
Tracing
trace file.............................................................................................................................. 104