Managing KES devices

In Kaspersky Security Center, you can manage KES mobile devices in the following ways:

• Centrally manage KES devices by using commands.
• View information about the settings for management of KES devices.
• Install applications by using mobile app packages.
• Disconnect KES devices from management.

Creating a mobile applications package for KES devices

A Kaspersky Endpoint Security for Android license is required to create a mobile applications package for KES devices.

To create a mobile applications package:

1. In the Remote installation folder of the console tree, select the Installation packages subfolder.

   The Remote installation folder is a subfolder of the Advanced folder by default.

2. Click the Additional actions button and select Manage mobile apps packages in the drop-down list.
3. In the Mobile apps package management window, click the New button.
4. The Mobile Applications Package Creation Wizard starts. Follow the instructions of the Wizard.

The newly created mobile applications package is displayed in the Mobile apps package management window.

Enabling certificate-based authentication of KES devices

To enable certificate-based authentication of a KES device:

1. Open the system registry of the client device that has Administration Server installed (for example, locally, using the regedit command in the Start → Run menu).
2. Go to the following hive:
   • For 32-bit systems:

     HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\.core\.independent\KLLIM

   • For 64-bit systems:

     HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\.core\.independent\KLLIM

3. Create a key with the LP_MobileMustUseTwoWayAuthOnPort13292 name.
4. Specify REG_DWORD as the key type.
5. Set the key value on 1.
6. Restart the Administration Server service.

Mandatory certificate-based authentication of the KES device using a shared certificate will be enabled after you run the Administration Server service.

The first connection of the KES device to the Administration Server does not require a certificate.

By default, certificate-based authentication of KES devices is disabled.

Viewing information about a KES device

To view information about a KES device:

1. In the Mobile Device Management folder in the console tree, select the Mobile devices subfolder.

   The folder workspace displays a list of managed mobile devices.

2. In the workspace, filter KES devices by protocol type (KES).
3. Select the mobile device for which you want to view the information.
4. From the context menu of the mobile device select Properties.

The properties window of the KES device opens.

The properties window of the mobile device displays information about the connected KES device.

Disconnecting a KES device from management

To disconnect a KES device from management, the user has to remove Network Agent from the mobile device. After the user has removed Network Agent, the mobile device details are removed from the Administration Server database, and the administrator can remove the mobile device from the list of managed devices.

To remove a KES device from the list of managed devices:

1. In the Mobile Device Management folder in the console tree, select the Mobile devices subfolder.

   The folder workspace displays a list of managed mobile devices.

2. In the workspace, filter KES devices by protocol type (KES).
3. Select the mobile device that you must disconnect from management.
4. In the context menu of the mobile device, select Delete.

The mobile device is removed from the list of managed devices.

If Kaspersky Endpoint Security for Android has not been removed from the mobile device, that mobile device reappears in the list of managed devices after synchronization with the Administration Server.