Installing and initially configuring the application using Kaspersky Security Center

You can install Kaspersky Embedded Systems Security on a client device remotely from the administrator's workstation using the Kaspersky Security Center Web Console or the Administration Console.

Installation using Kaspersky Security Center involves the following steps:

1. Creating an installation package.

   For the remote installation, Kaspersky Embedded Systems Security

   installation package

   A set of files created for remote installation of Kaspersky applications using Kaspersky Security Center. The installation package contains the settings required to install the application and ensure its operation immediately after the installation. The values of the settings correspond to the default values of the application settings. The installation package is created using the .kud file included in the application distribution kit.

   is used. The Kaspersky Embedded Systems Security installation package is the same for all supported operating systems and processor architecture types. You can create the installation package using the Kaspersky Security Center Web Console or the Administration Console.

   You can specify the initial configuration settings using the autoinstall.ini configuration file included in the installation package, or in the properties of the installation package (this method is available only in the Web Console).

   You can add the following to the installation package that you are creating:

   • License key for automatic activation of the application during installation
   • Pre-downloaded application databases to avoid having to update the databases after installation

   You can also activate the application and update the databases as part of the getting started procedure

2. Deploying the Kaspersky Embedded Systems Security application on devices in the corporate network.

   Kaspersky Security Center Web Console supports the following main deployment methods:

   • Installing the application using the Protection Deployment Wizard.
   • Installing the application using the remote installation task.

   The Kaspersky Security Center Administration Console supports the following main deployment methods:

   • Installing the application using the Remote Installation Wizard.
   • Installing the application using the remote installation task.

   For a description of the deployment procedures, see the Kaspersky Security Center Help.

   If necessary, you can view the application remote installation log by using remote diagnostics of the Kaspersky Security Center client device.

3. Getting started.

   Before using the application, you need to complete the initial configuration of the application and prepare the application for operation.

   If initial configuration of the application has not been completed on a device, you cannot use or update the application on that device.

To use Kaspersky Security Center to manage Kaspersky Embedded Systems Security installed on client devices, you need to put these devices in

. Before starting Kaspersky Embedded Systems Security installation, you can create Kaspersky Security Center administration groups to which you want to move the devices with the application installed, and configure the rules to automatically move the devices to these administration groups. If rules for moving devices to the administration groups are not configured, Kaspersky Security Center moves all the devices that have the Administration Agent installed and are connected to Administration Server to the Unassigned devices list. In this case, you need to manually move computers to the administration groups (refer to the Kaspersky Security Center Help for details).

In this section Creating an installation package in the Web Console Creating an installation package in the Administration Console Preparing an archive with application databases in order to create an installation package with integrated databases Autoinstall.ini configuration file settings Getting started using Kaspersky Security Center

Page top

Creating an installation package in the Web Console

In Kaspersky Security Center Web Console, you can create an installation package in one of the following ways:

• From an archive file that you have prepared previously.
• From a distribution kit hosted on Kaspersky servers.

To prepare an archive for creating an installation package:

1. Download the kess.zip archive from the application download page. It is located in the Kaspersky Embedded Systems Security for Linux -> Additional distribution → Files for Product remote installation section.
2. Unpack the kess.zip archive to a folder accessible to Kaspersky Security Center Administration Server. Place the distribution files, that correspond to the type of operating system where you want to install the application and the type of its package manager, to the same folder:
   • To install Kaspersky Embedded Systems Security:
     • kess-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess_3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess_3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess_3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)
   • To install the graphical user interface of the application:
     • kess-gui-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess-gui-3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)

     If you do not want to install the graphical user interface, do not add these files to the folder; this will make the installation package smaller.

   If you do not plan to use the graphical interface, disable it by editing the appropriate setting (USE_GUI=No) in the properties of the created installation package or in the autoinstall.ini configuration file. Otherwise, the installation will fail.

   If you want to use the created installation package with different operating systems or package managers, place the files for all the types of operating systems and package managers that you need in the directory.

3. If you want to use offline application databases downloaded in advance:
   1. Place prepared archives with databases for all your operating system types into the folder.
   2. In initial configuration settings, disable the database update task after installing the application. You can configure the corresponding parameter in the properties of the created installation package or in the autoinstall.ini configuration file (UPDATE_EXECUTE=no). The autoinstall.ini file is located in the directory where you extracted the kess.zip archive.
4. If you want to perform the initial configuration of the application using a configuration file, open the autoinstall.ini configuration file and edit it as necessary.

   You can also perform the initial configuration of the application later in the properties of the created installation package on the Settings tab.

5. Place all prepared files in an archive in ZIP, CAB, TAR, or TAR.GZ format with any name.

To create an installation package for Kaspersky Embedded Systems Security in Kaspersky Security Center Web Console:

1. In the main Web Console window, select one of the following sections:
   • Device discovery and deployment → Deployment and assignment → Installation packages.
   • Operations → Repositories → Installation packages.

   A list of installation packages available on the Administration Server opens.

2. Click Add.

   The wizard for creating an installation package will start. Follow the instructions of the Wizard.

3. On the first page of the wizard, select the method for creating an installation package:
   • Create an installation package from a file. The installation package will be created from an archive that you have prepared in advance.
   • Create the installation package for a Kaspersky application. The installation package will be created from a distribution package located on Kaspersky servers.

   Kaspersky Security Center Cloud Console does not allow creation of installation packages from a file.

4. Depending on the selected package creation method:
   • Specify the package name, click the Browse button, and specify the path to the archive that you have prepared for creating the installation package.
   • Select Kaspersky Embedded Systems Security distribution package. In the window on the right, read the information about the distribution package and click the Download and create installation package button. The installation package creation process starts.
5. When prompted by the Wizard, read the License Agreement between you and Kaspersky and the Privacy Policy that describes the processing and transmission of data. To continue creating the installation package, you must confirm that you have read and accept the full terms of the End User License Agreement and the Privacy Policy.
6. Complete the wizard.

   The installation package will be created and added to the list of installation packages. Using the installation package, you can install the application on devices in the corporate network or update the application version.

7. If necessary, edit initial configuration settings (see the table below). To do this, open the properties of the installation package and go to Settings tab.

   Initial configuration settings

   Section	Description
   Specify the locale.	Select this check box if you want to specify the locale to be used by the application. In the displayed field, enter the locale in the RFC 3066 format. If this setting is not specified, the default locale is used.
   Activate the application	Select this check box if you want to activate the application during installation. In the displayed field, enter the activation code. You can also activate the application after installation.
   Select the update source.	Select the update source for databases and application modules: Kaspersky update servers. Kaspersky Security Center. Other source in the local or global network. If you select this option, enter the address of the update source in the field that opens.
   Run the database update task after installation.	Select this check box if you want to run the databases and application modules update task after installing the application.
   Specify the proxy server settings.	Select this check box if you use a proxy server for internet access. In the displayed field, enter the proxy server address in one of the following formats: <connection protocol>://<IP address of the proxy server>:<port number> if the proxy server connection does not require authentication <connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number> if the proxy server connection requires authentication Connecting to a proxy server over HTTPS is not supported.
   Install kernel source	Select this check box to automatically start of kernel module compilation.
   Use the graphical user interface.	Select this check box if you plan to install the graphical user interface of the application (the files for installing the graphical interface are included in the installation package).
   Specify a user with the admin role	Select the check box to specify the user to be assigned the administrator (admin) role. In the displayed field, enter the user name.
   Configure SELinux automatically	Select the check box to automatically configure SELinux to work with Kaspersky Embedded Systems Security.
   Remove users from privileged groups	Select this check box to remove users from the 'kessadmin' and 'kessaudit' privileged groups before installing the application. If the check box is selected and the 'nogroup' group does not exist, the installation fails and you are prompted to manually remove users from privileged groups.
   Disable protection components and scan tasks when the application is started for the first time after installation.	Select this check box if, after completing the installation process, you want to run the application with protection components and scan tasks disabled. An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file. If you enable the necessary components and tasks, the enabled components and tasks will continue to work after the application is restarted.

Page top

Creating an installation package in the Administration Console

Before creating an installation package for Kaspersky Embedded Systems Security, you need to prepare the files to be included in the package.

To prepare files for creating an installation package:

1. Download the kess.zip archive from the application download page. It is located in the Kaspersky Embedded Systems Security for Linux -> Additional distribution → Files for Product remote installation section.
2. Unpack the kess.zip archive to a folder accessible to Kaspersky Security Center Administration Server. Place the distribution files, that correspond to the type of operating system where you want to install the application and the type of its package manager, to the same folder:
   • To install Kaspersky Embedded Systems Security:
     • kess-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess_3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess_3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess_3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)
   • To install the graphical user interface of the application:
     • kess-gui-3.4.0-<build number>.i386.rpm (for 32-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_i386.deb (for 32-bit operating systems with dpkg)
     • kess-gui-3.4.0-<build number>.x86_64.rpm (for 64-bit operating systems with rpm)
     • kess-gui-3.4.0-<build number>_amd64.deb (for 64-bit operating systems with dpkg)

     If you do not want to install the graphical user interface, do not add these files to the folder; this will make the installation package smaller.

   If you do not plan to install the graphical interface, you need to opt out by setting USE_GUI=No in the autoinstall.ini configuration file. Otherwise, the installation will fail.

   If you want to use the created installation package with different operating systems or package managers, place the files for all the types of operating systems and package managers that you need in the directory.

3. If you want to use offline application databases downloaded in advance:
   1. Place prepared archives with databases for all your operating system types into the folder.
   2. In initial configuration settings, disable the database update task after installing the application. To do this, open the autoinstall.ini configuration file and set UPDATE_EXECUTE=no. The autoinstall.ini file is located in the directory where you extracted the kess.zip archive.

   If you want to prepare the initial configuration settings of the application, open the autoinstall.ini configuration file and edit it as necessary.

To create an installation package for Kaspersky Embedded Systems Security in the Administration Console of Kaspersky Security Center:

1. In the console tree, select Additional → Remote installation → Installation packages.
2. Click the Create installation package button.

   The wizard for creating an installation package will start.

3. In the wizard window that opens, click the Create installation package for a Kaspersky application button.
4. Enter the name of the new installation package and proceed to the next step.
5. Select Kaspersky Embedded Systems Security distribution package. To do this, open a standard Windows browsing window using the Browse button and specify the path to the kess.kud file. The file is located in the directory where you extracted the kess.zip archive.

   The application name is displayed in the window.

   Proceed to the next step.

6. Read the License Agreement between you and Kaspersky and the Privacy Policy that describes the processing and transmission of data.

   To continue creating the installation package, you must confirm that you have read and accept the full terms of the End User License Agreement and the Privacy Policy. To confirm, in the window that opens, select both check boxes.

   Proceed to the next step.

7. The wizard downloads the files required to install the application to Kaspersky Security Center Administration Server. Wait for the download to finish.
8. Complete the wizard.

The created installation package is located in the tree of the Administration Console of Kaspersky Security Center in the Additional → Remote installation → Installation packages folder. You can use the same installation package many times.

Page top

Preparing an archive with application databases in order to create an installation package with integrated databases

You can create an installation package for remote installation and include pre-downloaded application databases in it. This may be useful, for example, if you are installing the application on a device with the Astra Linux Special Edition operating system. If you are using an installation package with integrated databases, the application is installed with the databases already functional; in this case, you do not need to update the databases immediately after installation.

To create an archive with databases for installing the application:

1. Install and perform the initial configuration of Kaspersky Embedded Systems Security on the device using the command line or using Kaspersky Security Center.
2. Update the application databases. You can update the databases during the initial configuration of the application or after installation by running a task of an Update type in the command line or an Update task in the Kaspersky Security Center Administration Console or the Kaspersky Security Center Web Console.
3. Copy the contents of the /var/opt/kaspersky/kess/private/updates/ directory to one of the following subdirectories, depending on the architecture of the operating system for which you are creating the installation package with integrated databases: /i386/ or /x86_64/.
4. Place the directories with the databases into a kess-bases.tgz archive, preserving the structure of nested directories. You can place only one subdirectory with databases for the required architecture of the operating system in the archive, or if you plan to create an installation package for installation on several operating systems with different architectures, you can place all the subdirectories with databases (/i386/ or /x86_64/) into a single archive for different architectures.
5. You can use the created archive with application databases when creating an installation package in the Kaspersky Security Center Administration Console or Kaspersky Security Center Web Console.

Page top

Autoinstall.ini configuration file settings

In the autoinstall.ini configuration file, you can specify the settings shown in the table below. The set of applicable settings depends on the application usage mode.

Autoinstall.ini configuration file settings

If you want to change the settings in the autoinstall.ini configuration file, specify the values of settings in the following format: <setting_name>=<setting_value> (the application does not process spaces between the name of a setting and its value).

Page top

Getting started using Kaspersky Security Center

After deploying Kaspersky Embedded Systems Security through Kaspersky Security Center, you must prepare the application for operation. To do so:

1. Activate the application if activation was not performed using the key added to the installation package of the application.

   You can create and execute an activation task using the Administration Console or Kaspersky Security Center Web Console, as well as distribute the license key from the Kaspersky Security Center key storage to the devices.

2. Update the databases and application modules if you did not add pre-downloaded application databases to the installation package of the application. You can use the Update task, which is created automatically by the initial configuration wizard of Kaspersky Security Center after installing the administration MMC plug-in or the Kaspersky Embedded Systems Security administration web plug-in.

   Kaspersky Embedded Systems Security protects the device only after the application databases are updated.

3. Configure a
   policy

   A policy determines the application settings and manages the access to configuration of an application installed on devices within an administration group. An individual policy must be created for each application. You can create an unlimited number of various policies for applications installed on the devices in each administration group, but only one policy can be applied to each application at a time within an administration group.

   for centralized management of the application using Kaspersky Security Center Administration Console or Web Console. You can use a policy that is created automatically by the initial configuration wizard of Kaspersky Security Center after installing the administration MMC plug-in or the Kaspersky Embedded Systems Security administration web plug-in.

   You can also configure the application management tasks using the Administration Console or the Web Console.

Page top