Kaspersky Security Center Cloud Console
- Kaspersky Security Center Cloud Console Help
- What's new
- Kaspersky Security Center Cloud Console
- About Kaspersky Security Center Cloud Console
- Hardware and software requirements for Kaspersky Security Center Cloud Console
- Compatible Kaspersky applications and solutions
- Localization of Kaspersky Security Center Cloud Console
- Comparison of Kaspersky Security Center and Kaspersky Security Center Cloud Console
- Architecture and basic concepts
- Application licensing
- Licensing of Kaspersky Security Center Cloud Console
- About the trial mode of Kaspersky Security Center Cloud Console
- Using Kaspersky Marketplace to choose Kaspersky business solutions
- Licenses and the minimum number of devices for each license
- Events of the licensing limit exceeded
- Methods of distribution of the activation codes to the managed devices
- Adding a license key to the Administration Server repository
- Deploying a license key to client devices
- Automatic distribution of a license key
- Viewing information about license keys in use in the Administration Server repository
- Viewing information about the license keys used for a specific Kaspersky application
- Deleting a license key from the repository
- Viewing the list of devices where a Kaspersky application is not activated
- Revoking consent with an End User License Agreement
- Renewing licenses for Kaspersky applications
- Use of Kaspersky Security Center Cloud Console after the license expiration
- Licensing definitions
- Data provision
- Hardening Guide
- Interface of Kaspersky Security Center Cloud Console
- Initial configuration of Kaspersky Security Center Cloud Console
- Workspace management
- About workspace management in Kaspersky Security Center Cloud Console
- Getting started with Kaspersky Security Center Cloud Console
- Opening your Kaspersky Security Center Cloud Console workspace
- Returning to the list of workspaces
- Signing out of Kaspersky Security Center Cloud Console
- Managing the company and the list of workspaces
- Managing access to the company and its workspaces
- Resetting your password
- Editing the settings of an account in Kaspersky Security Center Cloud Console
- Selecting the data centers used to store Kaspersky Security Center Cloud Console information
- Access to public DNS servers
- Scenario: Creating a hierarchy of Administration Servers managed through Kaspersky Security Center Cloud Console
- Migration to Kaspersky Security Center Cloud Console
- About migration from Kaspersky Security Center Web Console
- Methods of migration to Kaspersky Security Center Cloud Console
- Scenario: Migration without a hierarchy of Administration Servers
- Migration wizard
- Migration with a hierarchy of Administration Servers
- Scenario: Migration of devices running Linux or macOS operating systems
- Scenario: Reverse migration from Kaspersky Security Center Cloud Console to Kaspersky Security Center
- Migration with virtual Administration Servers
- About migration from Kaspersky Endpoint Security Cloud
- About migration from Kaspersky Security Center Web Console
- Quick start wizard
- About quick start wizard
- Starting quick start wizard
- Step 1. Selecting installation packages to download
- Step 2. Configuring a proxy server
- Step 3. Configuring Kaspersky Security Network
- Step 4. Configuring third-party update management
- Step 5. Creating a basic network protection configuration
- Step 6. Closing the quick start wizard
- Kaspersky applications initial deployment
- Scenario: Kaspersky applications initial deployment
- Creating installation packages for Kaspersky applications
- Distributing installation packages to secondary Administration Servers
- Creating a stand-alone installation packages for Network Agent
- Viewing the list of stand-alone installation packages
- Creating custom installation packages
- Requirements for a distribution point
- Network Agent installation package settings
- Virtual infrastructure
- Usage of Network Agent for Windows, Linux, and macOS: Comparison
- Specifying settings for remote installation on Unix devices
- Replacing third-party security applications
- Options for manual installation of applications
- Forced deployment through the remote installation task of Kaspersky Security Center Cloud Console
- Protection deployment wizard
- Starting Protection deployment wizard
- Step 1. Selecting the installation package
- Step 2. Selecting Network Agent version
- Step 3. Selecting devices
- Step 4. Specifying the remote installation task settings
- Step 5. Restart management
- Step 6. Removing incompatible applications before installation
- Step 7. Moving devices to Managed devices
- Step 8. Selecting accounts to access devices
- Step 9. Starting installation
- Network settings for interaction with external services
- Preparing a device running Astra Linux in the closed software environment mode for installation of Network Agent
- Preparing a Linux device and installing Network Agent on a Linux device remotely
- Installing applications by using a remote installation task
- Starting and stopping Kaspersky applications
- Mobile Device Management
- Detection and response capabilities
- Discovering networked devices and creating administration groups
- Scenario: Discovering networked devices
- Network polling
- Adjustment of distribution points and connection gateways
- Calculating the number and configuration of distribution points
- Standard configuration of distribution points: Single office
- Standard configuration of distribution points: Multiple small remote offices
- Assigning distribution points manually
- Modifying the list of distribution points for an administration group
- Using a distribution point as a push server
- Using the "Do not disconnect from the Administration Server" option to provide continuous connectivity between a managed device and the Administration Server
- Creating administration groups
- Creating device moving rules
- Copying device moving rules
- Adding devices to an administration group manually
- Moving devices or clusters to an administration group manually
- Configuring retention rules for unassigned devices
- Configuring network protection
- Scenario: Configuring network protection
- About device-centric and user-centric security management approaches
- Policy setup and propagation: Device-centric approach
- Policy setup and propagation: User-centric approach
- Network Agent policy settings
- Comparison of Network Agent policy settings by operating systems
- Manual setup of the Kaspersky Endpoint Security policy
- Manual setup of the group update task for Kaspersky Endpoint Security
- Tasks
- Managing client devices
- Settings of a managed device
- Device selections
- Viewing and configuring the actions when devices show inactivity
- About device statuses
- Configuring the switching of device statuses
- Changing the Administration Server for client devices
- Avoiding conflicts between multiple Administration Servers
- Creating Administration Server connection profiles
- About clusters and server arrays
- Properties of a cluster or server array
- Device tags
- Creating a device tag
- Renaming a device tag
- Deleting a device tag
- Viewing devices to which a tag is assigned
- Viewing tags assigned to a device
- Tagging devices manually
- Removing assigned tags from devices
- Viewing rules for tagging devices automatically
- Editing a rule for tagging devices automatically
- Creating a rule for tagging devices automatically
- Running rules for auto-tagging devices
- Deleting a rule for tagging devices automatically
- Quarantine and Backup
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading system information from a client device
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of an application and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Remotely connecting to the desktop of a client device
- Connecting to devices through Windows Desktop Sharing
- Triggering of rules in Smart Training mode
- Managing administration groups
- Policies and policy profiles
- About policies
- About lock and locked settings
- Inheritance of policies and policy profiles
- Managing policies
- Viewing the list of policies
- Creating a policy
- Modifying a policy
- General policy settings
- Enabling and disabling a policy inheritance option
- Copying a policy
- Moving a policy
- Exporting a policy
- Importing a policy
- Viewing the policy distribution status chart
- Activating a policy automatically at the Virus outbreak event
- Forced synchronization
- Deleting a policy
- Managing policy profiles
- Data encryption and protection
- Users and user roles
- About user accounts
- Adding an account of an internal user
- About user roles
- Configuring access rights to application features. Role-based access control
- Assigning a role to a user or a security group
- Creating a user role
- Editing a user role
- Editing the scope of a user role
- Deleting a user role
- Associating policy profiles with roles
- Creating a security group
- Editing a security group
- Adding user accounts to an internal group
- Deleting a security group
- Configuring ADFS integration
- Configuring integration with Microsoft Entra ID
- Assigning a user as a device owner
- Assigning a user as a Linux device owner after installation of Network Agent
- Managing object revisions
- Kaspersky Security Network (KSN)
- Deletion of objects
- Updating Kaspersky databases and applications
- Scenario: Regular updating of Kaspersky databases and applications
- About updating Kaspersky databases, software modules, and applications
- Creating the task for downloading updates to the repositories of distribution points
- Configuring managed devices to receive updates only from distribution points
- Enabling and disabling automatic updating and patching for Kaspersky Security Center Cloud Console components
- Automatic installation of updates for Kaspersky Endpoint Security for Windows
- About update statuses
- Approving and declining software updates
- Using diff files for updating Kaspersky databases and software modules
- Updating Kaspersky databases and software modules on offline devices
- Updating Kaspersky Security for Windows Server databases
- Managing third-party applications on client devices
- Limitations of Vulnerability and patch management
- Availability of Vulnerability and patch management features in trial and commercial mode and under various licensing options
- About third-party applications
- Third-party software updates
- Scenario: Updating third-party software
- Installing third-party software updates
- Creating the Find vulnerabilities and required updates task
- Find vulnerabilities and required updates task settings
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Creating the Install Windows Update updates task
- Viewing information about available third-party software updates
- Exporting the list of available software updates to a file
- Approving and declining third-party software updates
- Updating third-party applications automatically
- Finding and fixing software vulnerabilities
- Fixing software vulnerabilities
- Creating the Fix vulnerabilities task
- Creating the Install required updates and fix vulnerabilities task
- Adding rules for update installation
- Viewing information about software vulnerabilities detected on all managed devices
- Viewing information about software vulnerabilities detected on the selected managed device
- Viewing statistics of vulnerabilities on managed devices
- Exporting the list of software vulnerabilities to a file
- Ignoring software vulnerabilities
- Scenario: Finding and fixing software vulnerabilities
- Setting the maximum storage period for the information about fixed vulnerabilities
- Managing applications run on client devices
- Using Application Control to manage executable files
- Application Control modes and categories
- Obtaining and viewing a list of applications installed on client devices
- Obtaining and viewing a list of executable files installed on client devices
- Creating application category with content added manually
- Creating application category that includes executable files from selected devices
- Viewing the list of application categories
- Configuring Application Control in the Kaspersky Endpoint Security for Windows policy
- Adding event-related executable files to the application category
- Creating an installation package of a third-party application from the Kaspersky database
- Viewing and modifying the settings of an installation package of a third-party application from the Kaspersky database
- Settings of an installation package of a third-party application from the Kaspersky database
- Application tags
- Configuring Administration Server
- Creating a hierarchy of Administration Servers: adding a secondary Administration Server
- Configuring storage term of events concerning to the deleted devices
- Aggregate emails about events
- Limitations on management of secondary Administration Servers running on-premises through Kaspersky Security Center Cloud Console
- Viewing the list of secondary Administration Servers
- Deleting a hierarchy of Administration Servers
- Configuring the interface
- Managing virtual Administration Servers
- Monitoring and reporting
- Scenario: Monitoring and reporting
- About types of monitoring and reporting
- Dashboard and widgets
- Reports
- Events and event selections
- About events in Kaspersky Security Center Cloud Console
- Events of Kaspersky Security Center Cloud Console components
- Using event selections
- Creating an event selection
- Editing an event selection
- Viewing a list of an event selection
- Exporting an event selection
- Importing an event selection
- Viewing details of an event
- Exporting events to a file
- Viewing an object history from an event
- Logging information about events for tasks and policies
- Deleting events
- Deleting event selections
- Notifications and device statuses
- Kaspersky announcements
- Receiving license expiration warning
- Cloud Discovery
- Remote diagnostics of client devices
- Opening the remote diagnostics window
- Enabling and disabling tracing for applications
- Downloading trace files of an application
- Deleting trace files
- Downloading application settings
- Downloading system information from a client device
- Downloading event logs
- Starting, stopping, restarting the application
- Running the remote diagnostics of an application and downloading the results
- Running an application on a client device
- Generating a dump file for an application
- Running remote diagnostics on a Linux-based client device
- Exporting events to SIEM systems
- Configuring event export to SIEM systems
- Before you begin
- About event export
- Configuring an event export in a SIEM system
- Marking of events for export to SIEM systems in Syslog format
- About exporting events using Syslog format
- Configuring Kaspersky Security Center Cloud Console for export of events to a SIEM system
- Viewing export results
- Quick Start Guide for Managed Service Providers (MSPs)
- About Kaspersky Security Center Cloud Console
- Getting started with Kaspersky Security Center Cloud Console
- Recommendations on managing your customers' devices
- Typical deployment scheme for MSPs
- Scenario: Protection deployment (tenant management through virtual Administration Servers)
- Scenario: Protection deployment (tenant management through administration groups)
- Joint usage of Kaspersky Security Center on-premises and Kaspersky Security Center Cloud Console
- Licensing of Kaspersky applications for MSPs
- Monitoring and reporting capabilities for MSPs
- Working with Kaspersky Security Center Cloud Console in a cloud environment
- Licensing options in a cloud environment
- Preparing for work in a cloud environment through Kaspersky Security Center Cloud Console
- Cloud environment configuration wizard in Kaspersky Security Center Cloud Console
- Step 1. Checking the required plug-ins and installation packages
- Step 2. Selecting the application activation method
- Step 3. Selecting the cloud environment and authorization
- Step 4. Segment polling and configuring synchronization with Cloud
- Step 5. Selecting an application to create a policy and tasks for
- Step 6. Configuring Kaspersky Security Network for Kaspersky Security Center Cloud Console
- Step 7. Creating an initial configuration of protection
- Network segment polling via Kaspersky Security Center Cloud Console
- Adding connections for cloud segment polling via Kaspersky Security Center Cloud Console
- Deleting a connection for cloud segment polling
- Configuring the polling schedule via Kaspersky Security Center Cloud Console
- Viewing the results of cloud segment polling via Kaspersky Security Center Cloud Console
- Viewing the properties of cloud devices via Kaspersky Security Center Cloud Console
- Synchronization with Cloud: Configuring the moving rule
- Remote installation of applications to the Azure virtual machines
- Contact Technical Support
- Sources of information about the application
- Known issues
- Glossary
- Account on Kaspersky Security Center Cloud Console
- Active key
- Additional (or reserve) license key
- Administration group
- Administration Server
- Amazon EC2 instance
- Amazon Machine Image (AMI)
- Anti-virus databases
- Application tag
- Authentication Agent
- Available update
- AWS Application Program Interface (AWS API)
- AWS IAM access key
- AWS Management Console
- Broadcast domain
- Centralized application management
- Cloud Discovery
- Connection gateway
- Demilitarized zone (DMZ)
- Device owner
- Device tag
- Direct application management
- Distribution point
- Event repository
- Event severity
- Forced installation
- Group task
- Home Administration Server
- HTTPS
- IAM role
- IAM user
- Identity and Access Management (IAM)
- Incompatible application
- Installation package
- JavaScript
- Kaspersky Next Expert View
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Cloud Console Administrator
- Kaspersky Security Center Cloud Console Operator
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License term
- Local installation
- Local task
- Managed device
- Management web plug-in
- Network Agent
- Network anti-virus protection
- Network protection status
- Patch importance level
- Policy
- Policy profile
- Program settings
- Protection status
- Quarantine
- Remote installation
- Restoration
- SSL
- Task
- Task for specific devices
- Task settings
- UEFI protection device
- Update
- Virtual Administration Server
- Virus activity threshold
- Virus outbreak
- Vulnerability
- Workspace
- Information about third-party code
- Trademark notices
Installing an application remotely
This article contains information on how to install an application remotely on devices in an administration group, devices with specific addresses, or a selection of devices.
To install an application on specific devices:
- In the main menu, go to Assets (Devices) → Tasks.
- Click Add.
The New task wizard starts.
- In the Task type field, select Install application remotely.
- Select one of the following options:
- Assign task to an administration group
The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
If a task is assigned to an administration group, the Security tab is not displayed in the task properties window because group tasks are subject to the security settings of the groups to which they apply.
- Specify device addresses manually or import addresses from a list
You can specify NetBIOS names, DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
- Assign task to a device selection
The task is assigned to devices included in a device selection. You can specify one of the existing selections.
For example, you may want to use this option to run a task on devices with a specific operating system version.
The Install application remotely task is created for the specified devices. If you selected the Assign task to an administration group option, the task is a group one.
- Assign task to an administration group
- At the Task scope step, specify an administration group, devices with specific addresses, or a device selection.
The available settings depend on the option selected at the previous step.
- At the Installation packages step, specify the following settings:
- Select how you want to install the selected application:
- Remote installation by Kaspersky Security Center
- Remote installation by Microsoft Azure API
For more information on how to install applications on Microsoft Azure virtual machines, refer to Remote installation of applications to Azure virtual machines.
- In the Select installation package field, select the installation package of an application that you want to install.
- In the Force installation package download settings group, specify how files that are required for the application installation are distributed to client devices:
- Using Network Agent
If this option is enabled, installation packages are delivered to client devices by Network Agent installed on those client devices.
If this option is disabled, installation packages are delivered using the operating system tools of client devices.
We recommend that you enable this option if the task has been assigned to devices with Network Agents installed.
By default, this option is enabled.
- Using operating system resources through distribution points
If this option is enabled, installation packages are transmitted to client devices using operating system tools through distribution points. You can select this option if there is at least one distribution point on the network.
If the Using Network Agent option is enabled, the files are delivered using operating system tools only if Network Agent tools are unavailable.
By default, this option is enabled for remote installation tasks that have been created on a virtual Administration Server.
- Using Network Agent
- In the Maximum number of concurrent downloads field, specify the maximum allowed number of client devices to which Administration Server can simultaneously transmit the files.
- In the Maximum number of installation attempts field, specify the maximum allowed number of installer runs.
If the number of attempts specified in the parameter is exceeded, Kaspersky Security Center Cloud Console does not start the installer on the device anymore. To restart the Install application remotely task, increase the value of the Maximum number of installation attempts parameter, and then restart the task. Alternatively, you can create a new Install application remotely task.
- If you migrate from one Kaspersky application to another and your current application is password-protected, enter the password in the Password to uninstall the current Kaspersky application field. Note that during the migration, your current Kaspersky application will be uninstalled.
The Password to uninstall the current Kaspersky application field is only available if you have selected the Using Network Agent option in the Force installation package download settings group.
You can use the uninstall password only for the Kaspersky Security for Windows Server to Kaspersky Endpoint Security for Windows migration scenario when installing Kaspersky Endpoint Security for Windows by using the Install application remotely task. Using the uninstall password when installing other applications may cause installation errors.
To complete the migration scenario successfully, make sure that the following prerequisites are met:
- You are using Kaspersky Security Center Network Agent 14.2 for Windows or later.
- You are installing the application on devices running Windows.
- Define the additional options:
- Do not re-install application if it is already installed
If this option is enabled, the selected application will not be re-installed if it has already been installed on this client device.
If this option is disabled, the application will be installed anyway.
By default, this option is enabled.
- Verify operating system type before downloading
Before transmitting the files to client devices, Kaspersky Security Center Cloud Console checks if the Installation utility settings are applicable to the operating system of the client device. If the settings are not applicable, Kaspersky Security Center Cloud Console does not transmit the files and does not attempt to install the application. For example, to install some application to devices of an administration group that includes devices running various operating systems, you can assign the installation task to the administration group, and then enable this option to skip devices that run an operating system other than the required one.
- Prompt users to close running applications
Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
By default, this option is disabled.
- Do not re-install application if it is already installed
- Select on which devices you want to install the application:
- Install on all devices
The application will be installed even on devices managed by other Administration Servers.
This option is selected by default. You do not have to change this setting if you have only one Administration Server in your network.
- Install only on devices managed through this Administration Server
The application will be installed only on devices managed by this Administration Server. Select this option if you have more than one Administration Server in your network and want to avoid conflicts between them.
- Install on all devices
- Specify whether devices must be moved to an administration group after installation:
- Do not move devices
The devices remain in the groups in which they are currently located. The devices that have not been placed in any group remain unassigned.
- Move unassigned devices to the selected group (only a single group can be selected)
The devices are moved to the administration group that you select.
The Do not move devices option is selected by default. For security reasons, you might want to move the devices manually.
- Do not move devices
- Select how you want to install the selected application:
- At this step of the wizard, specify whether the devices must be restarted during installation of applications:
- Do not restart the device
If this option is selected, the device will not be restarted after the security application installation.
- Restart the device
If this option is selected, the device will be restarted after the security application installation.
- Prompt user for action
The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
By default, this option is selected.
- Repeat prompt every (min)
If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
If this option is disabled, the prompt is displayed only once.
- Restart after (min)
After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Repeat prompt every (min)
- Force closure of applications in blocked sessions
Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
By default, this option is disabled.
- Do not restart the device
- If necessary, at the Select accounts to access devices step, add the accounts that will be used to start the Install application remotely task:
- No account required (Network Agent installed)
If this option is selected, you do not have to specify the account under which the application installer will be run. The task will run under the account under which the Administration Server service is running.
If Network Agent has not been installed on client devices, this option is unavailable.
- Account required (Network Agent is not used)
Select this option if Network Agent is not installed on the devices for which you assign the remote installation task. In this case, you can specify a user account or an SSH certificate to install the application.
- Local Account. If this option is selected, specify the user account under which the application installer will be run. Click the Add button, select Local Account, and then specify the user account credentials.
You can specify multiple user accounts if, for example, none of them have all the required rights on all devices for which you assign the task. In this case, all added accounts are used for running the task, in consecutive order, top-down.
- SSH certificate. If you want to install an application on a Linux-based client device, you can specify an SSH certificate instead of a user account. Click the Add button, select SSH certificate, and then specify the private and public keys of the certificate.
To generate a private key, you can use the ssh-keygen utility. Note that Kaspersky Security Center Cloud Console supports the PEM format of private keys, but the ssh-keygen utility generates SSH keys in the OPENSSH format by default. The OPENSSH format is not supported by Kaspersky Security Center Cloud Console. To create a private key in the supported PEM format, add the -m PEM option in the ssh-keygen command. For example:
ssh-keygen -m PEM -t rsa -b 4096 -C "<user email>"
- Local Account. If this option is selected, specify the user account under which the application installer will be run. Click the Add button, select Local Account, and then specify the user account credentials.
- No account required (Network Agent installed)
- At the Finish task creation step, click the Finish button to create the task and close the wizard.
If you enabled the Open task details when creation is complete option, the task settings window opens. In this window, you can check the task parameters, modify them, or configure a task start schedule, if necessary.
- In the task list, select the task you created, and then click Start.
Alternatively, wait for the task to launch according to the schedule that you specified in the task settings.
When the remote installation task is completed, the selected application is installed on the specified devices.
|
See also: |