Viewing and modifying the settings of an Administration Server

You can adjust the settings of an Administration Server in the properties window of this Server.

To open the Properties: Administration Server window,

Select Properties in the context menu of the Administration Server node in the console tree.

Adjusting the general settings of Administration Server

You can adjust the general settings of Administration Server in the General, Administration Server connection settings, Events repository, and Security sections of the Administration Server properties window.

The Security section is not displayed in the Administration Server properties window if the display has been disabled in the Administration Console interface.

To enable the display of the Security section in Administration Console:

1. In the console tree, select the Administration Server that you want.
2. In the View menu of the main application window, select Configure interface.
3. In the Configure interface window that opens, select the Display security settings sections check box and click OK.
4. In the window with the application message, click OK.

The Security section will be displayed in the Administration Server properties window.

Administration Console interface settings

You can adjust the interface settings of Administration Console to display or hide the user interface controls related to the following features:

• Vulnerability and Patch Management
• Data encryption and protection
• Endpoint control settings
• Mobile Device Management
• Secondary Administration Servers
• Security Settings sections

To configure the Administration Console interface settings:

1. In the console tree, select the Administration Server that you want.
2. In the View menu of the main application window, select Configure interface.
3. In the Configure interface window that opens, select the check boxes next to the features that you want displayed and click OK.
4. In the window with the application message, click OK.

The selected features will be displayed in the Administration Console interface.

Event processing and storage on the Administration Server

Information about events that occur during the operation of the application and managed devices is saved in the Administration Server database. Each event is attributed to a certain type and level of severity (Critical event, Functional failure, Warning, or Info). Depending on the conditions under which an event occurred, the application can assign different levels of severity to events of the same type.

You can view types and levels of severity assigned to events in the Event configuration section of the Administration Server properties window. In the Event configuration section, you can also configure processing of every event by the Administration Server:

• Registration of events on the Administration Server and in event logs of the operating system on a device and on the Administration Server.
• Method used for notifying the administrator of an event (for example, an SMS or email message).

In the Events repository section of the Administration Server properties window, you can edit the settings of events storage in the Administration Server database by limiting the number of event records and record storage term. When you specify the maximum number of events, the application calculates an approximate amount of storage space required for the specified number. You can use this approximate calculation to evaluate whether you have enough free space on the disk to avoid database overflow. The default capacity of the Administration Server database is 400,000 events. The maximum recommended capacity of the database is 45 million events.

The application checks the database every 10 minutes. If the number of events reaches the specified maximum value plus 10,000, the application deletes the oldest events so that only the specified maximum number of events remains.

When the Administration Server deletes old events, it cannot save new events to the database. During this period of time, information about events that were rejected is written to the Kaspersky Event Log. The new events are queued and then saved to the database after the deletion operation is complete.

You can change the settings of any task to save events related to the task progress, or save only task execution results. In doing so, you will reduce the number of events in the database, increase the speed of execution of scenarios associated with analysis of the event table in the database, and lower the risk that critical events will be overwritten by a large number of events.

Viewing log of connections to the Administration Server

The history of connections and attempts to connect to the Administration Server during its operation can be saved to a log file. The information in the file allows you to track not only connections on your network infrastructure, but unauthorized attempts to access the Administration Server as well.

To log events of connection to the Administration Server:

1. In the console tree, select the Administration Server for which you want to enable connection event logging.
2. In the context menu of the Administration Server, select Properties.
3. In the properties window that opens, in the Administration Server connection settings section, select the Connection ports subsection.
4. Enable the Log Administration Server connection events option.
5. Click the OK button to close the Administration Server properties window.

All further events of inbound connections to the Administration Server, authentication results, and SSL errors will be saved to the file %ProgramData%\KasperskyLab\adminkit\logs\sc.syslog.

Control of virus outbreaks

Kaspersky Security Center allows you to quickly respond to emerging threats of virus outbreaks. Risks of virus outbreaks are assessed by monitoring virus activity on devices.

You can configure assessment rules for threats of virus outbreaks and actions to take in case one emerges; to do this, use the Virus outbreak section of the properties window of Administration Server.

You can specify the notification procedure for the Virus outbreak event in the Event configuration section of the Administration Server properties window, in the Virus outbreak event properties window.

The Virus outbreak event is generated upon detection of Malicious object detected events during the operation of security applications. Therefore, you must save information about all Malicious object detected events on Administration Server in order to recognize virus outbreaks.

You can specify the settings for saving information about any Malicious object detected event in the policies of the security applications.

When Malicious object detected events are counted, only information from the devices of the primary Administration Server is taken into account. The information from secondary Administration Servers is not taken into account. For each secondary Server, the Virus outbreak event is configured individually.

Limiting traffic

Expand all | Collapse all

To reduce traffic volumes within a network, the application provides the option to limit the speed of data transfer to an Administration Server from specified IP ranges and IP subnets.

You can create and configure traffic-limiting rules in the Traffic section of the Administration Server properties window.

To create a traffic-limiting rule:

1. In the console tree, select the node with the name of the Administration Server for which you want to create a traffic-limiting rule.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, select the Traffic section.
4. Click the Add button.
5. In the New rule window, specify the following settings:

   In the IP range to limit traffic section, select the method that will be used to define the subnet or range for which the data transfer rate will be limited, and then enter the values of the settings for the selected method. Select one of the following methods:

   • Specify the range by using address and network mask

     Traffic is limited based on subnet settings. Specify the subnet address and the subnet mask for determining the range in which traffic will be limited.

     You can also click Browse to add subnets from the global list of subnets.

   • Specify the range by using start and end addresses

     Traffic is limited based on a range of IP addresses. Specify the range of IP addresses in the Start and End entry fields.

     This option is selected by default.

   In the Traffic limit section, you can adjust the following restrictive settings for the data transfer rate:

   • Time interval

     Time interval during which the traffic restriction will be in force. You can specify the boundaries of the time interval in the entry fields.

   • Limit (KB/s)

     Maximum total transfer speed of incoming and outgoing data of the Administration Server. Traffic restriction will only be effective within the interval specified in the Time interval field.

   • Limit traffic for the remaining time (KB/s)

     Traffic will be limited not only within the interval specified in the Time interval field, but also at other times.

     By default, this check box is cleared. The value of this field may not match the value of the Limit (KB/s) field.

Primarily, traffic limiting rules affect the transfer of files. These rules do not apply to the traffic generated by synchronization between Administration Server and Network Agent, or between primary and secondary Administration Servers.

Configuring Web Server

Web Server is designed for publishing stand-alone installation packages, iOS MDM profiles, and files from a shared folder.

You can define the settings for Web Server connection to the Administration Server and set the Web Server certificate in the Web Server section of the Administration Server properties window.

Working with internal users

The accounts of internal users are used to work with virtual Administration Servers. Kaspersky Security Center grants the rights of real users to internal users of the application.

The accounts of internal users are created and used only within Kaspersky Security Center. No data on internal users is transferred to the operating system. Kaspersky Security Center authenticates internal users.

You can configure accounts of internal users in the User accounts folder of the console tree.