Kaspersky Security Center Cloud Console
- Kaspersky Security Center Cloud Console Help
- What's new
- Kaspersky Security Center Cloud Console
- About Kaspersky Security Center Cloud Console
- Hardware and software requirements for Kaspersky Security Center Cloud Console
- Compatible Kaspersky applications and solutions
- Localization of Kaspersky Security Center Cloud Console
- Comparison of Kaspersky Security Center and Kaspersky Security Center Cloud Console
- Architecture and basic concepts
- Application licensing
- Licensing of Kaspersky Security Center Cloud Console
- About the trial mode of Kaspersky Security Center Cloud Console
- Using Kaspersky Marketplace to choose Kaspersky business solutions
- Licenses and the minimum number of devices for each license
- Events of the licensing limit exceeded
- Methods of distribution of the activation codes to the managed devices
- Adding a license key to the Administration Server repository
- Deploying a license key to client devices
- Automatic distribution of a license key
- Viewing information about license keys in use in the Administration Server repository
- Viewing information about the license keys used for a specific Kaspersky application
- Deleting a license key from the repository
- Viewing the list of devices where a Kaspersky application is not activated
- Revoking consent with an End User License Agreement
- Renewing licenses for Kaspersky applications
- Use of Kaspersky Security Center Cloud Console after the license expiration
- Licensing definitions
- Data provision
- Hardening Guide
- Interface of Kaspersky Security Center Cloud Console
- Initial configuration of Kaspersky Security Center Cloud Console
- Workspace management
- About workspace management in Kaspersky Security Center Cloud Console
- Getting started with Kaspersky Security Center Cloud Console
- Opening your Kaspersky Security Center Cloud Console workspace
- Returning to the list of workspaces
- Signing out of Kaspersky Security Center Cloud Console
- Managing the company and the list of workspaces
- Managing access to the company and its workspaces
- Resetting your password
- Editing the settings of an account in Kaspersky Security Center Cloud Console
- Selecting the data centers used to store Kaspersky Security Center Cloud Console information
- Access to public DNS servers
- Scenario: Creating a hierarchy of Administration Servers managed through Kaspersky Security Center Cloud Console
- Migration to Kaspersky Security Center Cloud Console
- About migration from Kaspersky Security Center Web Console
- Methods of migration to Kaspersky Security Center Cloud Console
- Scenario: Migration without a hierarchy of Administration Servers
- Migration wizard
- Migration with a hierarchy of Administration Servers
- Scenario: Migration of devices running Linux or macOS operating systems
- Scenario: Reverse migration from Kaspersky Security Center Cloud Console to Kaspersky Security Center
- Migration with virtual Administration Servers
- About migration from Kaspersky Endpoint Security Cloud
- About migration from Kaspersky Security Center Web Console
- Quick start wizard
- About quick start wizard
- Starting quick start wizard
- Step 1. Selecting installation packages to download
- Step 2. Configuring a proxy server
- Step 3. Configuring Kaspersky Security Network
- Step 4. Configuring third-party update management
- Step 5. Creating a basic network protection configuration
- Step 6. Closing the quick start wizard
- Kaspersky applications initial deployment
- Scenario: Kaspersky applications initial deployment
- Creating installation packages for Kaspersky applications
- Distributing installation packages to secondary Administration Servers
- Creating a stand-alone installation packages for Network Agent
- Viewing the list of stand-alone installation packages
- Creating custom installation packages
- Requirements for a distribution point
- Network Agent installation package settings
- Virtual infrastructure
- Usage of Network Agent for Windows, Linux, and macOS: Comparison
- Specifying settings for remote installation on Unix devices
- Replacing third-party security applications
- Options for manual installation of applications
- Forced deployment through the remote installation task of Kaspersky Security Center Cloud Console
- Protection deployment wizard
- Starting Protection deployment wizard
- Step 1. Selecting the installation package
- Step 2. Selecting Network Agent version
- Step 3. Selecting devices
- Step 4. Specifying the remote installation task settings
- Step 5. Restart management
- Step 6. Removing incompatible applications before installation
- Step 7. Moving devices to Managed devices
- Step 8. Selecting accounts to access devices
- Step 9. Starting installation
- Network settings for interaction with external services
- Preparing a device running Astra Linux in the closed software environment mode for installation of Network Agent
- Preparing a Linux device and installing Network Agent on a Linux device remotely
- Installing applications by using a remote installation task
- Starting and stopping Kaspersky applications
- Mobile Device Management
- Detection and response capabilities
- Discovering networked devices and creating administration groups
- Scenario: Discovering networked devices
- Network polling
- Adjustment of distribution points and connection gateways
- Calculating the number and configuration of distribution points
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- Assigning distribution points manually
- Modifying the list of distribution points for an administration group
- Using a distribution point as a push server
- Using the "Do not disconnect from the Administration Server" option to provide continuous connectivity between a managed device and the Administration Server
- Creating administration groups
- Creating device moving rules
- Copying device moving rules
- Adding devices to an administration group manually
- Moving devices or clusters to an administration group manually
- Configuring retention rules for unassigned devices
- Configuring network protection
- Scenario: Configuring network protection
- About device-centric and user-centric security management approaches
- Policy setup and propagation: Device-centric approach
- Policy setup and propagation: User-centric approach
- Network Agent policy settings
- Comparison of Network Agent policy settings by operating systems
- Manual setup of the Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Tasks
- Managing client devices
- Settings of a managed device
- Device selections
- Viewing and configuring the actions when devices show inactivity
- About device statuses
- Configuring the switching of device statuses
- Changing the Administration Server for client devices
- Avoiding conflicts between multiple Administration Servers
- Creating Administration Server connection profiles
- About clusters and server arrays
- Properties of a cluster or server array
- Device tags
- Creating a device tag
- Renaming a device tag
- Deleting a device tag
- Viewing devices to which a tag is assigned
- Viewing tags assigned to a device
- Tagging devices manually
- Removing assigned tags from devices
- Viewing rules for tagging devices automatically
- Editing a rule for tagging devices automatically
- Creating a rule for tagging devices automatically
- Running rules for auto-tagging devices
- Deleting a rule for tagging devices automatically
- Quarantine and Backup
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading system information from a client device
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of an application and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Triggering of rules in Smart Training mode
- Managing administration groups
- Policies and policy profiles
- About policies
- About lock and locked settings
- Inheritance of policies and policy profiles
- Managing policies
- Viewing the list of policies
- Creating a policy
- Modifying a policy
- General policy settings
- Enabling and disabling a policy inheritance option
- Copying a policy
- Moving a policy
- Exporting a policy
- Importing a policy
- Viewing the policy distribution status chart
- Activating a policy automatically at the Virus outbreak event
- Forced synchronization
- Deleting a policy
- Managing policy profiles
- Data encryption and protection
- Users and user roles
- About user accounts
- Adding an account of an internal user
- About user roles
- Configuring access rights to application features. Role-based access control
- Assigning a role to a user or a security group
- Creating a user role
- Editing a user role
- Editing the scope of a user role
- Deleting a user role
- Associating policy profiles with roles
- Creating a security group
- Editing a security group
- Adding user accounts to an internal group
- Deleting a security group
- Configuring ADFS integration
- Configuring integration with Microsoft Entra ID
- Assigning a user as a device owner
- Assigning a user as a Linux device owner after installation of Network Agent
- Managing object revisions
- Kaspersky Security Network (KSN)
- Deletion of objects
- Updating Kaspersky databases and applications
- Scenario: Regular updating of Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- Creating the task for downloading updates to the repositories of distribution points
- Configuring managed devices to receive updates only from distribution points
- Enabling and disabling automatic updating and patching for Kaspersky Security Center Cloud Console components
- Automatic installation of updates for Kaspersky Endpoint Security for Windows
- About update statuses
- Approving and declining software updates
- Using diff files for updating Kaspersky databases and software modules
- Updating Kaspersky databases and software modules on offline devices
- Updating Kaspersky Security for Windows Server databases
- Managing third-party applications on client devices
- Limitations of Vulnerability and patch management
- Availability of Vulnerability and patch management features in trial and commercial mode and under various licensing options
- About third-party applications
- Third-party software updates
- Scenario: Updating third-party software
- Installing third-party software updates
- Creating the Find vulnerabilities and required updates task
- Find vulnerabilities and required updates task settings
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Creating the Install Windows Update updates task
- Viewing information about available third-party software updates
- Exporting the list of available software updates to a file
- Approving and declining third-party software updates
- Updating third-party applications automatically
- Finding and fixing software vulnerabilities
- Fixing software vulnerabilities
- Creating the Fix vulnerabilities task
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Viewing information about software vulnerabilities detected on all managed devices
- Viewing information about software vulnerabilities detected on the selected managed device
- Viewing statistics of vulnerabilities on managed devices
- Exporting the list of software vulnerabilities to a file
- Ignoring software vulnerabilities
- Scenario: Finding and fixing software vulnerabilities
- Setting the maximum storage period for the information about fixed vulnerabilities
- Managing applications run on client devices
- Using Application Control to manage executable files
- Application Control modes and categories
- Obtaining and viewing a list of applications installed on client devices
- Obtaining and viewing a list of executable files installed on client devices
- Creating application category with content added manually
- Creating application category that includes executable files from selected devices
- Viewing the list of application categories
- Configuring Application Control in the Kaspersky Endpoint Security for Windows policy
- Adding event-related executable files to the application category
- Creating an installation package of a third-party application from the Kaspersky database
- Viewing and modifying the settings of an installation package of a third-party application from the Kaspersky database
- Settings of an installation package of a third-party application from the Kaspersky database
- Application tags
- Configuring Administration Server
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Configuring storage term of events concerning to the deleted devices
- Aggregate emails about events
- Limitations on management of secondary Administration Servers running on-premises through Kaspersky Security Center Cloud Console
- Viewing the list of secondary Administration Servers
- Deleting a hierarchy of Administration Servers
- Configuring the interface
- Managing virtual Administration Servers
- Monitoring and reporting
- Scenario: Monitoring and reporting
- About types of monitoring and reporting
- Dashboard and widgets
- Reports
- Events and event selections
- About events in Kaspersky Security Center Cloud Console
- Events of Kaspersky Security Center Cloud Console components
- Using event selections
- Creating an event selection
- Editing an event selection
- Viewing a list of an event selection
- Exporting an event selection
- Importing an event selection
- Viewing details of an event
- Exporting events to a file
- Viewing an object history from an event
- Logging information about events for tasks and policies
- Deleting events
- Deleting event selections
- Notifications and device statuses
- Kaspersky announcements
- Receiving license expiration warning
- Cloud Discovery
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading system information from a client device
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of an application and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Running remote diagnostics on a Linux-based client device
- Exporting events to SIEM systems
- Configuring event export to SIEM systems
- Before you begin
- About event export
- Configuring an event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using Syslog format
- Configuring Kaspersky Security Center Cloud Console for export of events to a SIEM system
- Viewing export results
- Quick Start Guide for Managed Service Providers (MSPs)
- About Kaspersky Security Center Cloud Console
- Getting started with Kaspersky Security Center Cloud Console
- Recommendations on managing your customers' devices
- Typical deployment scheme for MSPs
- Scenario: Protection deployment (tenant management through virtual Administration Servers)
- Scenario: Protection deployment (tenant management through administration groups)
- Joint usage of Kaspersky Security Center on-premises and Kaspersky Security Center Cloud Console
- Licensing of Kaspersky applications for MSPs
- Monitoring and reporting capabilities for MSPs
- Working with Kaspersky Security Center Cloud Console in a cloud environment
- Licensing options in a cloud environment
- Preparing for work in a cloud environment through Kaspersky Security Center Cloud Console
- Cloud environment configuration wizard in Kaspersky Security Center Cloud Console
- Step 1. Checking the required plug-ins and installation packages
- Step 2. Selecting the application activation method
- Step 3. Selecting the cloud environment and authorization
- Step 4. Segment polling and configuring synchronization with Cloud
- Step 5. Selecting an application to create a policy and tasks for
- Step 6. Configuring Kaspersky Security Network for Kaspersky Security Center Cloud Console
- Step 7. Creating an initial configuration of protection
- Network segment polling via Kaspersky Security Center Cloud Console
- Adding connections for cloud segment polling via Kaspersky Security Center Cloud Console
- Deleting a connection for cloud segment polling
- Configuring the polling schedule via Kaspersky Security Center Cloud Console
- Viewing the results of cloud segment polling via Kaspersky Security Center Cloud Console
- Viewing the properties of cloud devices via Kaspersky Security Center Cloud Console
- Synchronization with Cloud: Configuring the moving rule
- Remote installation of applications to the Azure virtual machines
- Contact Technical Support
- Sources of information about the application
- Known issues
- Glossary
- Account on Kaspersky Security Center Cloud Console
- Active key
- Additional (or reserve) license key
- Administration group
- Administration Server
- Amazon EC2 instance
- Amazon Machine Image (AMI)
- Anti-virus databases
- Application tag
- Authentication Agent
- Available update
- AWS Application Program Interface (AWS API)
- AWS IAM access key
- AWS Management Console
- Broadcast domain
- Centralized application management
- Cloud Discovery
- Connection gateway
- Demilitarized zone (DMZ)
- Device owner
- Device tag
- Direct application management
- Distribution point
- Event repository
- Event severity
- Forced installation
- Group task
- Home Administration Server
- HTTPS
- IAM role
- IAM user
- Identity and Access Management (IAM)
- Incompatible application
- Installation package
- JavaScript
- Kaspersky Next Expert View
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Cloud Console Administrator
- Kaspersky Security Center Cloud Console Operator
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License term
- Local installation
- Local task
- Managed device
- Management web plug-in
- Network Agent
- Network anti-virus protection
- Network protection status
- Patch importance level
- Policy
- Policy profile
- Program settings
- Protection status
- Quarantine
- Remote installation
- Restoration
- SSL
- Task
- Task for specific devices
- Task settings
- UEFI protection device
- Update
- Virtual Administration Server
- Virus activity threshold
- Virus outbreak
- Vulnerability
- Workspace
- Information about third-party code
- Trademark notices
Settings of a managed device
To view the settings of a managed device:
- In the main menu, go to Assets (Devices) → Managed devices.
The list of managed devices is displayed.
- In the list of managed devices, click the link with the name of the required device.
The properties window of the selected device is displayed.
The following tabs are displayed in the upper part of the properties window representing the main groups of the settings:
- General
This tab comprises the following sections:
- The General section displays general information about the client device. Information is provided on the basis of data received during the last synchronization of the client device with the Administration Server:
- Name
In this field, you can view and modify the client device name in the administration group.
- Description
In this field, you can enter an additional description for the client device.
- Device status
Status of the client device assigned on the basis of the criteria defined by the administrator for the status of anti-virus protection on the device and the activity of the device on the network.
- Device owner
Name of the device owner. You can assign or remove a user as a device owner by clicking the Manage device owner link.
- Full group name
Administration group, which includes the client device.
- Last update of anti-virus databases
Date the anti-virus databases or applications were last updated on the device.
- Connected to Administration Server
Date and time Network Agent installed on the client device last connected to the Administration Server.
- Last visible
Date and time the device was last visible on the network.
- Network Agent version
Version of the installed Network Agent.
- Created
Date of the device creation within Kaspersky Security Center Cloud Console.
- Do not disconnect from the Administration Server
If this option is enabled, continuous connectivity between the managed device and the Administration Server is maintained. You may want to use this option if you are not using push servers, which provide such connectivity.
If this option is disabled and push servers are not in use, the managed device only connects to the Administration Server to synchronize data or to transmit information.
The maximum total number of devices with the Do not disconnect from the Administration Server option selected is 300.
This option is disabled by default on managed devices. This option is enabled by default on the device where the Administration Server is installed and stays enabled even if you try to disable it.
- Sessions
This section contains a table with information about the users currently logged in to the device. The table displays the following data in the corresponding columns:
- User name
- SAM account name
- User principal name
- Email address
To correctly display information about domain users' sessions, you must use domain controller polling.
- Name
- The Network section displays the following information about the network properties of the client device:
- IP address
Device IP address.
- Windows domain
Windows domain or workgroup, which contains the device.
- DNS name
Name of the DNS domain of the client device.
- NetBIOS name
Windows network name of the client device.
- IPv6 address
- IP address
- The System section provides information about the operating system installed on the client device:
- Operating system
- CPU architecture
- Operating system vendor
- Operating system folder
- Device name
- Virtual machine type
The virtual machine manufacturer.
- Dynamic virtual machine as part of VDI
This row displays whether the client device is a dynamic virtual machine as part of VDI.
- Operating system build
- The Protection section provides the following information about the current status of anti-virus protection on the client device:
- Visible
Visibility status of the client device.
- Device status
Status of the client device assigned on the basis of the criteria defined by the administrator for the status of anti-virus protection on the device and the activity of the device on the network.
- Status description
Status of the client device protection and connection to Administration Server.
- Protection status
This field shows the current status of real-time protection on the client device.
When the status changes on the device, the new status is displayed in the device properties window only after the client device is synchronized with the Administration Server.
- Last full scan
Date and time the last malware scan was performed on the client device.
- Virus detected
Total number of threats detected on the client device since installation of the security application (first scan), or since the last reset of the threat counter.
- Objects that have failed disinfection
Number of unprocessed files on the client device.
This field ignores the number of unprocessed files on mobile devices.
- Disk encryption status
The current status of file encryption on the local drives of the device. For a description of the statuses, see the Kaspersky Endpoint Security for Windows Help.
- Visible
- The Device status defined by application section provides information about the device status that is defined by the managed application installed on the device. This device status can differ from the one defined by Kaspersky Security Center Cloud Console.
- The General section displays general information about the client device. Information is provided on the basis of data received during the last synchronization of the client device with the Administration Server:
- Applications
This tab lists all Kaspersky applications installed on the client device.This tab contains the Start and Stop buttons that allow you to start and stop the selected Kaspersky application (excluding Network Agent). You can use these buttons if port 15000 UDP is available on the managed device for receipt push-notifications from Administration Server. If the managed device is unavailable for push-notifications, but the mode of continuous connection to Administration Server is enabled (the Do not disconnect from the Administration Server option in the General section is enabled), the Start and Stop buttons are available too. Otherwise, when you try to start or stop the application, an error message is displayed. Also you can click the application name to view general information about the application, a list of events that have occurred on the device, and the application settings.
- Active policies and policy profiles
This tab lists the policies and policy profiles that are currently assigned to the managed device.
- Tasks
On the Tasks tab, you can manage client device tasks: view the list of existing tasks, create new ones, remove, start and stop tasks, modify their settings, and view execution results. The list of tasks is provided based on data received during the last session of client synchronization with the Administration Server. The Administration Server requests the task status details from the client device. If port 15000 UDP is available on the managed device for receipt push-notifications from Administration Server, the task status is displayed and buttons for managing the task are enabled. If the managed device is unavailable for push-notifications, but the mode of continuous connection to Administration Server is enabled (the Do not disconnect from the Administration Server option in the General section is enabled), the actions with tasks are available too.
If connection is not established, the status is not displayed and buttons are disabled.
- Events
The Events tab displays events logged on the Administration Server for the selected client device.
- Security issues
In the Security issues tab, you can view, edit, and create security issues for the client device. Security issues can be created either automatically, through managed Kaspersky applications installed on the client device, or manually by the administrator. For example, if some users regularly move malware from their removable drives to devices, the administrator can create a security issue. The administrator can provide a brief description of the case and recommended actions (such as disciplinary actions to be taken against a user) in the text of the security issue, and can add a link to the user or users.
A security issue for which all of the required actions have been taken is called processed. The presence of unprocessed security issues can be chosen as the condition for a change of the device status to Critical or Warning.
This section contains a list of security issues that have been created for the device. Security issues are classified by severity level and type. The type of a security issue is defined by the Kaspersky application, which creates the security issue. You can highlight processed security issues in the list by selecting the check box in the Processed column.
- Tags
In the Tags tab, you can manage the list of keywords that are used for finding client devices: view the list of existing tags, assign tags from the list, configure auto-tagging rules, add new tags and rename old tags, and remove tags.
- Advanced
This tab comprises the following sections:
- Applications registry. In this section, you can view the registry of applications installed on the client device and their updates; you can also set up the display of the applications registry.
Information about installed applications is provided if Network Agent installed on the client device sends required information to the Administration Server. You can configure sending of information to the Administration Server in the properties window of Network Agent or its policy, in the Repositories section.
Clicking an application name opens a window that contains the application details and a list of the update packages installed for the application.
- Executable files. This section displays executable files found on the client device.
- Distribution points. This section provides a list of distribution points with which the device interacts.
- Export to file
Click the Export to file button to save to a file a list of distribution points with which the device interacts. By default, the application exports the list of devices to a CSV file.
- Properties
Click the Properties button to view and configure the distribution point with which the device interacts.
- Export to file
- Hardware registry. In this section, you can view information about hardware installed on the client device.
If Network Agent is installed on a device running Windows, it sends to the Administration Server the following information about the device hardware:
- RAM
- Mass storage devices
- Motherboard
- CPU
- Network adapters
- Monitors
- Video adapter
- Sound card
If Network Agent is installed on a device running Linux or macOS, it sends to the Administration Server the following information about the device hardware, if this information is provided by the operating system:
- Total RAM volume
- Total volume of mass storage devices
- Motherboard
- CPU
- Network adapters
- Available updates. This section displays a list of software updates found on this device but not installed yet.
- Software vulnerabilities. This section provides information about vulnerabilities in third-party applications installed on client devices.
To save the vulnerabilities to a file, select the check boxes next to the vulnerabilities that you want to save, and then click the Export to CSV button or Export to TXT button.
The section contains the following settings:
- Show only vulnerabilities that can be fixed
If this option is enabled, the section displays vulnerabilities that can be fixed by using a patch.
If this option is disabled, the section displays both vulnerabilities that can be fixed by using a patch, and vulnerabilities for which no patch has been released.
By default, this option is enabled.
- Vulnerability properties
Click a software vulnerability name in the list to view the properties of the selected software vulnerability in a separate window. In the window, you can do the following:
- Ignore software vulnerability on this managed device (in Administration Console or in Kaspersky Security Center Cloud Console).
- View the list of recommended fixes for the vulnerability.
- Manually specify the software updates to fix the vulnerability (in Administration Console or in Kaspersky Security Center Cloud Console).
- View vulnerability instances.
- View the list of existing tasks to fix vulnerability and create new tasks to fix vulnerability.
- Show only vulnerabilities that can be fixed
- Remote diagnostics. In this section, you can perform remote diagnostics of client devices.
- Applications registry. In this section, you can view the registry of applications installed on the client device and their updates; you can also set up the display of the applications registry.