Kaspersky Security Network (KSN)

This section describes how to use an online service infrastructure named Kaspersky Security Network (KSN). The section provides the details on KSN, as well as instructions on how to enable KSN, configure access to KSN, and view the statistics of the use of KSN proxy server.

Updates functionality (including providing anti-virus signature updates and codebase updates), as well as KSN functionality may not be available in the software in the U.S.

About KSN

Kaspersky Security Network (KSN) is an online service infrastructure that provides access to the online Knowledge Base of Kaspersky, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives. KSN allows you to use Kaspersky reputation databases to retrieve information about applications installed on managed devices.

Kaspersky Security Center supports the following KSN infrastructure solutions:

• Global KSN is a solution that allows you to exchange information with Kaspersky Security Network. If you participate in KSN, you agree to send to Kaspersky, in automatic mode, information about the operation of Kaspersky applications installed on client devices that are managed through Kaspersky Security Center. Information is transferred in accordance with the current KSN access settings. Kaspersky analysts additionally analyze received information and include it in the reputation and statistical databases of Kaspersky Security Network. Kaspersky Security Center uses this solution by default.
• Private KSN is a solution that allows users of devices with Kaspersky applications installed to obtain access to reputation databases of Kaspersky Security Network, and other statistical data, without sending data to KSN from their own computers. Kaspersky Private Security Network (Private KSN) is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:
  • User devices are not connected to the internet.
  • Transmission of any data outside the country or outside the corporate LAN is prohibited by law or restricted by corporate security policies.

  You can set up access settings of Kaspersky Private Security Network in the KSN Proxy settings section of the Administration Server properties window.

The application prompts you to join KSN while running the Quick Start Wizard. You can start or stop using KSN at any moment when using the application.

You use KSN in accordance with the KSN Statement that you read and accept when you enable KSN. If the KSN Statement is updated, it is displayed to you when you update or upgrade Administration Server. You can accept the updated KSN Statement or decline it. If you decline it, you keep using KSN in accordance with the previous version of KSN Statement that you accepted before.

When KSN is enabled, Kaspersky Security Center checks if the KSN servers are accessible. If access to the servers using system DNS is not possible, the application uses public DNS. This is necessary to make sure the level of security is maintained for the managed devices.

Client devices managed by the Administration Server interact with KSN through KSN proxy server. KSN proxy server provides the following features:

• Client devices can send requests to KSN and transfer information to KSN even if they do not have direct access to the internet.
• The KSN proxy server caches processed data, thus reducing the load on the outbound channel and the time period spent for waiting for information requested by a client device.

You can configure the KSN proxy server in the KSN Proxy settings section of the Administration Server properties window.

Setting up access to Kaspersky Security Network

You can set up access to Kaspersky Security Network (KSN) on the Administration Server and on a distribution point.

To set up Administration Server access to Kaspersky Security Network (KSN):

1. In the console tree, select the Administration Server for which you want to configure access to KSN.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, in the Sections pane, select KSN Proxy → KSN Proxy settings.
4. In the workspace, enable the Use Administration Server as proxy server option to use the KSN proxy service.

   Data is sent from client devices to KSN in accordance with the Kaspersky Endpoint Security policy, which is active on those client devices. If this check box is cleared, no data will be sent to KSN from the Administration Server and client devices through Kaspersky Security Center. However, client devices can send data to KSN directly (bypassing Kaspersky Security Center), in accordance with their respective settings. The Kaspersky Endpoint Security for Windows policy, which is active on client devices, determines which data will be sent directly (bypassing Kaspersky Security Center) from those devices to KSN.

5. Enable the I agree to use Kaspersky Security Network option.

   If this option is enabled, client devices send patch installation results to Kaspersky. When enabling this option, make sure to read and accept the terms of the KSN Statement.

   If you are using

   Private KSN

   Kaspersky Private Security Network is a solution that gives users of devices with Kaspersky applications installed access to reputation databases of Kaspersky Security Network and other statistical data—without sending data from their devices to Kaspersky Security Network. Kaspersky Private Security Network is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:

   • Devices are not connected to the internet.
   • Transmission of any data outside the country or the corporate LAN is prohibited by law or corporate security policies.

   , enable the Configure Private KSN option and click the Select file with KSN Proxy settings button to download the settings of Private KSN (files with the extensions pkcs7 and pem). After the settings are downloaded, the interface displays the provider's name and contacts, as well as the creation date of the file with the settings of Private KSN.

   When you enable Private KSN, pay attention to the distribution points configured to send KSN requests directly to the Cloud KSN. The distribution points that have Network Agent version 11 (or earlier) installed will continue to send KSN requests to the Cloud KSN. To reconfigure the distribution points to send KSN requests to Private KSN, enable the Forward KSN requests to Administration Server option for each distribution point. You can enable this option in the distribution point properties or in the Network Agent policy.

   When you select the Configure Private KSN check box, a message appears with details about Private KSN.

   The following Kaspersky applications support Private KSN:

   • Kaspersky Security Center
   • Kaspersky Endpoint Security for Windows
   • Kaspersky Security for Virtualization 3.0 Agentless Service Pack 2
   • Kaspersky Security for Virtualization 3.0 Service Pack 1 Light Agent

   If you enable the Configure Private KSN option in Kaspersky Security Center, these applications receive information about supporting Private KSN. In the settings window of the application, in the Kaspersky Security Network subsection of the Advanced Threat Protection section, KSN provider: Private KSN is displayed. Otherwise, KSN provider: Global KSN is displayed.

   If you use application versions earlier than Kaspersky Security for Virtualization 3.0 Agentless Service Pack 2 or earlier than Kaspersky Security for Virtualization 3.0 Service Pack 1 Light Agent when running Private KSN, we recommend that you use secondary Administration Servers for which the use of Private KSN has not been enabled.

   Kaspersky Security Center does not send any statistical data to Kaspersky Security Network if Private KSN is configured in the KSN Proxy → KSN Proxy settings section of the Administration Server properties window.

   If you have the proxy server settings configured in the Administration Server properties, but your network architecture requires that you use Private KSN directly, enable the Ignore proxy server settings when connecting to Private KSN option. Otherwise, requests from the managed applications cannot reach Private KSN.

6. Configure the Administration Server connection to the KSN proxy service:
   • Under Connection settings, for the TCP port, specify the number of the TCP port that will be used for connecting to the KSN proxy server. The default port to connect to the KSN proxy server is 13111.
   • If you want the Administration Server to connect to the KSN proxy server through a UDP port, enable the Use UDP port option and specify a port number for the UDP port. By default, this option is disabled, and TCP port is used. If this option is enabled, the default UDP port to connect to the KSN proxy server is 15111.
   • If you want the Administration Server to connect to the KSN proxy server through an HTTPS port, enable the Use HTTPS through port option and specify a port number. By default, this option is disabled, and TCP port is used. If this option is enabled, the default HTTPS port to connect to the KSN proxy server is 17111.
7. Enable the Connect secondary Administration Servers to KSN through primary Administration Server option.

   If this option is enabled, secondary Administration Servers of any hierarchy level use the primary Administration Server as the KSN proxy server. If this option is disabled, secondary Administration Servers connect to KSN on their own. In this case, managed devices use secondary Administration Servers as KSN proxy servers.

   Secondary Administration Servers use the primary Administration Server as a proxy server if in the right pane of the KSN Proxy settings section, in the properties of secondary Administration Servers the Use Administration Server as a proxy server check box is selected.

8. Click OK.

The KSN access settings will be saved.

You can also set up distribution point access to KSN, for example, if you want to reduce the load on the Administration Server. The distribution point that acts as a KSN proxy server sends KSN requests from managed devices to Kaspersky directly, without using the Administration Server.

To set up distribution point access to Kaspersky Security Network (KSN):

1. Make sure that the distribution point is assigned manually.
2. In the console tree, select the Administration Server node.
3. In the context menu of the Administration Server, select Properties.
4. In the Administration Server properties window, select the Distribution points section.
5. Select the distribution point in the list and click the Properties button to open its properties window.
6. In the distribution point properties window, in the KSN Proxy section, select Access KSN Cloud/Private KSN directly over the internet.
7. Click OK.

The distribution point will act as a KSN proxy server.

Enabling and disabling KSN

To enable KSN:

1. In the console tree, select the Administration Server for which you need to enable KSN.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, in the KSN Proxy section, select the KSN Proxy settings subsection.
4. Select the Use Administration Server as a proxy server.

   The KSN proxy server is enabled.

5. Select the I agree to use Kaspersky Security Network check box.

   KSN will be enabled.

   If this check box is selected, client devices send patch installation results to Kaspersky. When selecting this check box, you should read and accept the terms of the KSN Statement.

6. Click OK.

To disable KSN:

1. In the console tree, select the Administration Server for which you need to enable KSN.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, in the KSN Proxy section, select the KSN Proxy settings subsection.
4. Clear the Use Administration Server as proxy server check box to disable the KSN proxy service, or clear the I agree to use Kaspersky Security Network check box.

   If this check box is cleared, client devices will send no patch installation results to Kaspersky.

   If you are using Private KSN, clear the Configure Private KSN check box.

   KSN will be disabled.

5. Click OK.

Viewing the accepted KSN Statement

When you enable Kaspersky Security Network (KSN), you must read and accept the KSN Statement. You can view the accepted KSN Statement at any time.

To view the accepted KSN Statement:

1. In the console tree, select the Administration Server for which you enabled KSN.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, in the KSN Proxy section, select the KSN Proxy settings subsection.
4. Click the View accepted KSN Statement link.

In the window that opens, you can view the text of the accepted KSN Statement.

Viewing the KSN proxy server statistics

KSN proxy server is a service that ensures interaction between the

Using a KSN proxy server provides you the following features:

• Client devices can send requests to KSN and transfer information to KSN even if they do not have direct access to the internet.
• The KSN proxy server caches processed data, thus reducing the load on the outbound channel and the time period spent for waiting for information requested by a client device.

In the Administration Server properties window, you can configure the KSN proxy server and view statistics on the KSN proxy server usage.

To view the statistics of KSN proxy server:

1. In the console tree, select the Administration Server for which you need to view the KSN statistics.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, in the KSN Proxy section, select the KSN Proxy statistics subsection.

   This section displays the actual statistics of the operation of KSN proxy server (the number of cache records, packages processed in cache, and received packages). Also, if Administration Server is connected to KSN, the corresponding informational message displays.

   If necessary, perform these additional actions:

   • Click Refresh to update the statistics on the KSN proxy server usage.
   • Click the Export to file button to export the statistics to a CSV file.
   • Click the Check KSN connection button to check if the Administration Server is currently connected to KSN.
4. Click the OK button to close the Administration Server properties window.

Accepting an updated KSN Statement

You use KSN in accordance with the KSN Statement that you read and accept when you enable KSN. If the KSN Statement is updated, it is displayed to you when you update or upgrade Administration Server. You can accept the updated KSN Statement or decline it. If you decline it, you keep using KSN in accordance with the version of the KSN Statement that you previously accepted.

After updating or upgrading Administration Server, the updated KSN Statement is displayed automatically. If you decline the updated KSN Statement, you still can view and accept it later.

To view and then accept or decline an updated KSN Statement:

1. In the console tree, select the Administration Server node.
2. On the Monitoring tab, in the Monitoring section, click the The accepted Kaspersky Security Network Statement is obsolete link.

   The KSN Statement window opens.

3. Carefully read the KSN Statement, and then make your decision. If you accept the updated KSN Statement, click the I accept the terms of the License Agreement button. If you decline the updated KSN Statement, click the Cancel button.

Depending on your choice, KSN keeps working in accordance with the terms of the current or updated KSN Statement. You can view the text of the accepted KSN Statement in the properties of Administration Server at any time.

Enhanced protection with Kaspersky Security Network

Kaspersky offers an extra layer of protection to users through the Kaspersky Security Network. This protection method is designed to combat advanced persistent threats and zero-day attacks. Integrated cloud technologies and the expertise of Kaspersky virus analysts make Kaspersky Endpoint Security the unsurpassed choice for protection against the most sophisticated network threats.

Details on enhanced protection in Kaspersky Endpoint Security are available on the Kaspersky website.

Checking whether the distribution point works as KSN proxy server

On a managed device assigned to work as a distribution point, you can enable KSN proxy server. A managed device works as KSN proxy server when the ksnproxy service is running on the device. You can check, turn on, or turn off this service on the device locally.

You can assign a Windows-based or a Linux-based device as a distribution point. The method of distribution point checking depends on the operating system of this distribution point.

To check whether the Windows-based distribution point works as KSN proxy server:

1. On the distribution point device, in Windows, open Services (All Programs → Administrative Tools → Services).
2. In the list of services, check whether the ksnproxy service is running.

   If the ksnproxy service is running, then Network Agent on the device participates in Kaspersky Security Network and works as KSN proxy server for the managed devices included in the scope of the distribution point.

If you want, you may turn off the ksnproxy service. In this case, Network Agent on the distribution point stops participating in Kaspersky Security Network. This requires local administrator rights.

To check whether the Linux-based distribution point works as KSN proxy server:

1. On the distribution point device, display the list of running processes.
2. In the list of running processes, check whether the /opt/kaspersky/ksc64/sbin/ksnproxy process is running.

If /opt/kaspersky/ksc64/sbin/ksnproxy process is running, then Network Agent on the device participates in Kaspersky Security Network and works as the KSN proxy server for the managed devices included in the scope of the distribution point.