Kaspersky Security Center Cloud Console

Viewing task run results stored on the Administration Server

Exporting a task

Importing a task

Page top

About tasks

Kaspersky Security Center Cloud Console manages Kaspersky security applications installed on devices by creating and running tasks. Tasks are required for installing, launching, and stopping applications, scanning files, updating databases and software modules, and performing other actions on applications. Tasks can be performed on the Administration Server and on devices.

The following types of tasks are performed on devices:

Local tasks—Tasks that are performed on a specific device
Local tasks can be modified either by the administrator, who uses administration tools, or by the user of a remote device (for example, through the security application interface). If a local task has been modified simultaneously by the administrator and the user of a managed device, the changes made by the administrator will take effect because they have a higher priority.
Group tasks—Tasks that are performed on all devices of a specific group
Unless otherwise specified in the task properties, a group task also affects all subgroups of the selected group.
Global tasks—Tasks that are performed on a set of devices, regardless of whether they are included in any group

For each application, you can create multiple group tasks, global tasks, or local tasks.

You can make changes to the settings of tasks, view the progress of tasks, and copy, export, import, and delete tasks.

A task is started on a device only if the application for which the task was created is running.

Execution results of tasks are saved in the OS event log on each device and in the Administration Server database.

Do not include private data in task settings. For example, avoid specifying the domain administrator password.

See also:

Scenario: Migration without a hierarchy of Administration Servers

Page top

About task scope

The scope of a task is the set of devices on which the task is performed. The types of scope are as follows:

For a local task, the scope is the device itself.
For an Administration Server task, the scope is the Administration Server.
For a group task, the scope is the list of devices included in the group.

When creating a global task, you can use the following methods to specify its scope:

Specifying certain devices manually.
You can use an IP address (or IP range), NetBIOS name, or DNS name as the device address.
Importing a list of devices from a TXT file with the device addresses to be added (each address must be placed on an individual line).
If you import a list of devices from a file or create a list manually, and if devices are identified by their names, the list can only contain devices for which information has already been entered into the Administration Server database. Moreover, the information must have been entered when those devices were connected or during device discovery.
Specifying a device selection.
Over time, the scope of a task changes as the set of devices included in the selection change. A selection of devices can be made on the basis of device attributes, including software installed on a device, and on the basis of tags assigned to devices. Device selection is the most flexible way to specify the scope of a task.

Tasks for device selections are always run on a schedule by the Administration Server. These tasks cannot be run on devices that lack connection to the Administration Server. Tasks whose scope is specified by using other methods are run directly on devices and therefore do not depend on the device connection to the Administration Server.

Tasks for device selections are not run on the local time of a device; instead, they are run on the local time of the Administration Server. Tasks whose scope is specified by using other methods are run on the local time of a device.

See also:

Page top

Creating a task

You can create a task in the task list. Alternatively, you can select devices in the Managed devices list, and then create a new task assigned to the selected devices.

To create a task in the task list:

In the main menu, go to Assets (Devices) → Tasks.
Click Add.
The New task wizard starts. Follow its instructions.
If you want to modify the default task settings, enable the Open task details when creation is complete option on the Finish task creation page. If you do not enable this option, the task is created with the default settings. You can modify the default settings later, at any time.
Click the Finish button.

The task is created and displayed in the list of tasks.

To create a new task assigned to the selected devices:

In the main menu, go to Assets (Devices) → Managed devices.

The list of managed devices is displayed.

In the list of managed devices, select the check boxes next to the devices to run the task for them. You can use the search and filter functions to find the devices you're looking for.
Click the Run task button, and then select Create new task.
The New task wizard starts.

On the first step of the wizard, you can remove the devices selected to include in the task scope. Follow the wizard instructions.
Click the Finish button.

The task is created for the selected devices.

See also:

Scenario: Kaspersky applications initial deployment

Scenario: Monitoring and reporting

Page top

Viewing the task list

You can view the list of tasks that are created in Kaspersky Security Center Cloud Console.

To view the list of tasks,

In the main menu, go to Assets (Devices) → Tasks.

The list of tasks is displayed. The tasks are grouped by the names of applications to which they are related. For example, the Uninstall application remotely task is related to the Administration Server, and the Find vulnerabilities and required updates task refers to the Network Agent.

To view properties of a task,

Click the name of the task.

The task properties window is displayed with several named tabs. For example, the Task type is displayed on the General tab, and the task schedule—on the Schedule tab.

See also:

Scenario: Finding and fixing software vulnerabilities

Page top

Starting a task manually

The application starts tasks according to the schedule settings specified in the properties of each task. You can start a task manually at any time from the task list. Alternatively, you can select devices in the Managed devices list, and then start an existing task for them.

To start a task manually:

In the main menu, go to Assets (Devices) → Tasks.
In the task list, select the check box next to the task that you want to start.
Click the Start button.

The task starts. You can check the task status in the Status column or by clicking the Result button.

See also:

Starting a task for selected devices

About tasks

Creating a task

Page top

Starting a task for selected devices

You can select one or more client devices in the list of devices, and then launch a previously created task for them. This allows you to run tasks created earlier for a specific set of devices.

This changes the devices to which the task was assigned to the list of devices that you select when you run the task.

To start a task for selected devices:

In the main menu, go to Assets (Devices) → Managed devices. The list of managed devices is displayed.
In the list of managed devices, use the check boxes to select the devices to run the task for them. You can use the search and filter functions to find the devices you're looking for.
Click the Run task button, and then select Apply existing task.

The list of the existing tasks is displayed.
The selected devices are displayed above the task list. If necessary, you can remove a device from this list. You can delete all but one device.
Select the desired task in the list. You can use the search box above the list to search for the desired task by name. Only one task can be selected.
Click Save and start task.

The selected task is immediately started for the selected devices. The scheduled start settings in the task are not changed.

See also:

Page top

General task settings and properties

Expand all | Collapse all

This section contains the settings that you can view and configure for most of your tasks. The list of settings available depends on the task you are configuring.

Settings specified during task creation

You can specify the following settings when creating a task. Some of these settings can also be modified in the properties of the created task.

Devices to which the task will be assigned:
- Assign task to an administration group
  The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
  
  For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
  
  If a task is assigned to an administration group, the Security tab is not displayed in the task properties window because group tasks are subject to the security settings of the groups to which they apply.
- Specify device addresses manually or import addresses from a list
  The task is assigned to specific devices. You can specify devices by one of the following methods:
  - Specify the IP address, NetBIOS name, or DNS name of the device.
  - Specify the IP range.
    You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
  - Select devices detected by the Administration Server, including unassigned devices.
    For example, you may want to use this option in a task of installing Network Agent on unassigned devices.
- Assign task to a device selection
  The task is assigned to devices included in a device selection. You can specify one of the existing selections.
  
  For example, you may want to use this option to run a task on devices with a specific operating system version.
Account settings:
- Default account
  The task will be run under the same account as the application that performs this task.
  
  By default, this option is selected.
- Specify account
  Fill in the Account and Password fields to specify the details of an account under which the task is run. The account must have sufficient rights for this task.
Operating system restart settings:
- Do not restart
  Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
- Restart the device
  Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
- Prompt user for action
  The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
  
  By default, this option is selected.
- Repeat prompt every (min)
  If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
  
  By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
  
  If this option is disabled, the prompt is displayed only once.
- Restart after (min)
  After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
  
  By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Force closure of applications in blocked sessions
  Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
  
  If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
  
  If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
  
  By default, this option is disabled.

Settings specified after task creation

You can specify the following settings only after a task is created.

Group task settings:
- Distribute to subgroups
  This option is only available in the settings of the group tasks.
  
  When this option is enabled, the task scope includes:
  - The administration group that you selected while creating the task.
  - The administration groups subordinate to the selected administration group at any level down by the group hierarchy.
  When this option is disabled, the task scope includes only the administration group that you selected while creating the task.
  
  By default, this option is enabled.
- Distribute to secondary and virtual Administration Servers
  When this option is enabled, the task that is effective on the primary Administration Server is also applied on the secondary Administration Servers (including virtual ones). If a task of the same type already exists on the secondary Administration Server, both tasks are applied on the secondary Administration Server—the existing one and the one that is inherited from the primary Administration Server.
  
  This option is only available when the Distribute to subgroups option is enabled.
  
  By default, this option is disabled.

Task scheduling settings:

Start task setting:

Manually
The task does not run automatically. You can only start it manually.

By default, this option is selected.
Once
The task runs once, on the specified date and time (by default, on the day when the task was created).
Immediately
The task runs immediately after its settings are saved.
Every N minutes
The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.

By default, the task runs every 30 minutes, starting from the current system time.
Every N hours
The task runs regularly, with the specified interval in hours, starting from the specified date and time.

By default, the task runs every 6 hours, starting from the current system date and time.
Every N days
The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.

By default, the task runs every day, starting from the current system date and time.
By days of week
The task runs regularly, on the specified days of the week, at the specified time.

By default, the task runs every Friday at 6:00:00 PM.
Monthly
The task runs regularly, on the specified day of the month, at the specified time.

In months that lack the specified day, the task runs on the last day.

By default, the task runs on the first day of each month, at the current system time.
Every month on specified days of selected weeks
The task runs regularly, on the specified days of each month, at the specified time.

By default, no days of month are selected. The default start time is 18:00.
When new updates are downloaded to the repository
When new updates are downloaded to the distribution point repositories, Kaspersky Security Center Cloud Console runs all tasks that have this schedule. Network Agent checks the availability of updates during periodic synchronization between the managed device and the Administration Server (the heartbeat).

For example, you may want to use this schedule for the Update task related to a security application, such as Kaspersky Endpoint Security.

If Network Agent on a managed device detects no new updates for 25 hours or longer, then Kaspersky Security Center Cloud Console runs on this device all tasks that have this schedule. These tasks are run every hour until new updates are detected. Kaspersky Security Center Cloud Console also runs these tasks every hour if there is no connection between the managed device and the distribution point that downloads updates to the repository.
On virus outbreak
The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:
- Anti-virus for workstations and file servers
- Anti-virus for perimeter defense
- Anti-virus for mail systems
By default, all application types are selected.

You may want to run different tasks depending on the security application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.
On completing another task
The current task starts after another task completes. This parameter only works if both tasks are assigned to the same devices. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task as a triggering task.

You have to select the triggering task from the table and the status with which this task must complete (Completed successfully or Failed).

If necessary, you can search, sort, and filter the tasks in the table as follows:
- Enter the task name in the search field, to search the task by its name.
- Click the sort icon to sort the tasks by name.
  By default, the tasks are sorted in alphabetical ascending order.
- Click the filter icon, and in the window that opens, filter the tasks by group, and then click the Apply button.

The scheduling settings may depend on the local time zone of the device operating system.

Correlation between the local time zone of the device operating system and the task start time

Task schedule	Local time is used
Once	No
Every N minutes	No
Every N hours	No
Every N days	Yes
By days of week	Yes
Monthly	Yes
Every month on specified days of selected weeks	Yes
When new updates are downloaded to the repository	Another trigger for running the task (corresponds to the schedule name)
On virus outbreak	Another trigger for running the task (corresponds to the schedule name)
On completing another task	Another trigger for running the task (corresponds to the schedule name)
Immediately	Another trigger for running the task (corresponds to the schedule name)
Manually	Another trigger for running the task (corresponds to the schedule name)

Run missed tasks
This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.

If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.

If this option is disabled, only scheduled tasks run on client devices. For Manually, Once and Immediately schedule, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.

By default, this option is disabled.
Use automatically randomized delay for task starts
If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.

If this option is disabled, the task starts on client devices according to the schedule.
Use automatically randomized delay for task starts within an interval of
If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

If this option is disabled, the task starts on client devices according to the schedule.

By default, this option is disabled. The default time interval is one minute.
Turn on devices by using the Wake-on-LAN function before starting the task
The operating system on the device starts at the specified time before the task is started. The default time period is five minutes.

Enable this option if you want the task to run on all of the client devices from the task scope, including those devices that are turned off when the task is about to start.

If you want the device to be automatically turned off after the task is completed, enable the Shut down the devices after completing the task option. This option can be found in the same window.

By default, this option is disabled.
Shut down the devices after completing the task
For example, you may want to enable this option for an install update task that installs updates to client devices each Friday after business hours, and then turns off these devices for the weekend.

By default, this option is disabled.
Stop the task if it runs longer than
After the specified time period expires, the task is stopped automatically, whether it is completed or not.

Enable this option if you want to interrupt (or stop) tasks that take too long to execute.

By default, this option is disabled. The default task execution time is 120 minutes.

Notifications:
- Store task history block:
  - Save all events
  - Save events related to task progress
  - Save only task execution results
  - Store in the Administration Server database for (days)
    Application events related to execution of the task on all client devices from the task scope are stored on the Administration Server during the specified number of days. When this period elapses, the information is deleted from the Administration Server.
    
    By default, this option is enabled.
  - Store in the OS event log on device
    Application events related to execution of the task are stored locally in Windows Event Log of each client device.
    
    By default, this option is disabled.
- Notify of errors only
- Notify by email
Task scope settings
Exclusions from scope
You can specify groups of devices to which the task is not applied. Groups to be excluded can only be subgroups of the administration group to which the task is applied.
Revision history

See also: