You are on page 1of 86

Kaspersky Security for Virtualization 1.

1

Administrator's Guide

APPLICATION VERSI ON: 1.1

Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers to most questions that may arise. Warning: This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal reproduction or distribution of this document or parts hereof will result in civil, administrative, or criminal liability under applicable law. Any type of reproduction or distribution of any materials, including translations, may be allowed only with written permission from Kaspersky Lab. This document and related graphic images can be used exclusively for informational, non-commercial, or personal use. This document may be amended without prior notice. The latest version of this document can be found on the Kaspersky Lab website, at http://www.kaspersky.com/docs. Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any third-party materials used herein, or for any potential harm associated with the use of such materials. Document revision date: 3/23/2012 © 2012 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com

2

CONTENTS
ABOUT THIS GUIDE .....................................................................................................................................................7 In this document .......................................................................................................................................................7 Document conventions .............................................................................................................................................9 SOURCES OF INFORMATION ABOUT THE APPLICATION ..................................................................................... 10 Sources of information for independent research ................................................................................................... 10 Discussing Kaspersky Lab applications on the Forum ........................................................................................... 11 Contacting the Sales Department ........................................................................................................................... 11 Contacting Technical Writing and Localization Department.................................................................................... 11 KASPERSKY SECURITY 1.1 FOR VIRTUALIZATION ................................................................................................ 12 Distribution kit ......................................................................................................................................................... 13 Hardware and software requirements ..................................................................................................................... 14 APPLICATION ARCHITECTURE ................................................................................................................................ 15 Contents of the Kaspersky Security virtual machine image .................................................................................... 16 Integration of Kaspersky Security and the VMware virtual infrastructure ................................................................ 16 CONCEPT OF ADMINISTERING THE APPLICATION THROUGH KASPERSKY SECURITY CENTER ................... 18 About Kaspersky Security policy and protection profiles ........................................................................................ 19 Protection profile inheritance............................................................................................................................. 19 About the root protection profile ........................................................................................................................ 20 About Kaspersky Security tasks ............................................................................................................................. 20 INSTALLING AND REMOVING THE APPLICATION .................................................................................................. 21 Preparing for installation ......................................................................................................................................... 21 Requirements for the composition of Kaspersky Security Center components and VMware virtual infrastructure ..................................................................................................................................................... 21 Creating a VMware vCenter Server account ..................................................................................................... 22 Installing Kaspersky Security Console Plug-in .................................................................................................. 23 Upgrading an older version of the application......................................................................................................... 23 Application installation procedure ........................................................................................................................... 23 Step 1. Select action ......................................................................................................................................... 24 Step 2. Connect to VMware vCenter Server ..................................................................................................... 24 Step 3. Select the image file of an SVM ............................................................................................................ 25 Step 4. Review the license agreements ............................................................................................................ 25 Step 5. Select VMware ESXi hosts ................................................................................................................... 25 Step 6. Select deployment scenario .................................................................................................................. 25 Step 7. Select data storage ............................................................................................................................... 26 Step 8. Match virtual networks .......................................................................................................................... 26 Step 9. Specify network settings ....................................................................................................................... 26 Step 10. Specify network settings manually ...................................................................................................... 26 Step 11. Change account passwords on SVMs ................................................................................................ 27 Step 12. Register SVMs in the VMware vShield Manager console ................................................................... 27 Step 13. Log into the VMware vCenter Server account .................................................................................... 27 Step 14. Launch the deployment of SVMs ........................................................................................................ 27 Step 15. Deployment of SVMs .......................................................................................................................... 28 Step 16. Finish installation of the application .................................................................................................... 28 Modifications to Kaspersky Security Center after application installation ............................................................... 28

3

ADMINISTRATOR'S GUIDE

Modifications to the VMware virtual infrastructure after application installation ...................................................... 28 Configuring the automatic launch of an SVM .................................................................................................... 29 Attaching an SVM to a VMware ESXi host ....................................................................................................... 29 Changing the configuration of SVMs ...................................................................................................................... 29 Step 1. Select action ......................................................................................................................................... 30 Step 2. Connect to VMware vCenter Server ..................................................................................................... 30 Step 3. Select SVMs ......................................................................................................................................... 31 Step 4. Enter the klconfig account password .................................................................................................... 31 Step 5. Edit the settings of SVM connection to VMware vCenter Server .......................................................... 31 Step 6. Edit the klconfig account password....................................................................................................... 32 Step 7. Start the reconfiguration of SVMs ......................................................................................................... 32 Step 8. Changing the configuration of SVMs .................................................................................................... 32 Step 9. End the reconfiguration of SVMs .......................................................................................................... 32 Getting started ........................................................................................................................................................ 32 Step 1. Enter the policy name ........................................................................................................................... 33 Step 2. Select application.................................................................................................................................. 33 Step 3. Configure the root protection profile...................................................................................................... 33 Step 4. Configure advanced settings ................................................................................................................ 37 Step 5. Finish policy creation ............................................................................................................................ 37 Removing the application ....................................................................................................................................... 38 Application removal procedure ............................................................................................................................... 38 Step 1. Select action ......................................................................................................................................... 38 Step 2. Connect to VMware vCenter Server ..................................................................................................... 39 Step 3. Select VMware ESXi hosts ................................................................................................................... 39 Step 4. Cancel the registration of SVMs in the VMware vShield Manager console .......................................... 39 Step 5. Confirm removal ................................................................................................................................... 40 Step 6. Remove SVMs ...................................................................................................................................... 40 Step 7. Finish application removal .................................................................................................................... 40 APPLICATION LICENSING ......................................................................................................................................... 41 About the End User License Agreement ................................................................................................................ 41 About the license .................................................................................................................................................... 41 About the key file .................................................................................................................................................... 42 Activating the application ........................................................................................................................................ 43 Renewing a license ................................................................................................................................................ 43 Creating the key installation task ............................................................................................................................ 43 Step 1. Enter the name of the key installation task ........................................................................................... 44 Step 2. Select the task type .............................................................................................................................. 44 Step 3. Select the key file.................................................................................................................................. 44 Step 4. Select the key installation task run mode.............................................................................................. 45 Step 5. Finish key installation task creation ...................................................................................................... 45 Running the key installation task ............................................................................................................................ 45 Viewing the details of installed keys ....................................................................................................................... 46 STARTING AND STOPPING THE APPLICATION ...................................................................................................... 47 MANAGING PROTECTION ......................................................................................................................................... 48 PROTECTION OF VIRTUAL MACHINES .................................................................................................................... 49 About protection of virtual machines ....................................................................................................................... 49 Editing packer scan settings ................................................................................................................................... 50

4

..................................... 64 Creating a custom scan task ................................................. Select the task type ....... 59 About virtual machine scan.............................................................................................. 68 Step 8. 70 About anti-virus database updates .......................................................................................................................................................................................................................................... 71 Step 3............ 65 Step 2............................ Enter the full scan task name ............................... Finish custom scan task creation .................................................................................................................................. 65 Step 3........................................ 53 Creating a protection profile ........................ 69 UPDATING ANTI-VIRUS DATABASES ............... 59 Step 1.................................. 60 Step 2........................... Connect to VMware vCenter Server ................................................... Enter the name of the update distribution task ............................................... 74 Running an update rollback task ................................ 73 Step 2.................................................................................................................................................................................................................. 73 Step 4......... 66 Step 5...................................................................................................................................................................................................................... 70 Creating an update distribution task ........................................ Finish full scan task creation ................ 75 Viewing reports . 77 5 ............ 66 Step 6..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 70 Automatic updates of anti-virus databases .......................................................................................................... 72 Step 1.............. 56 Deleting a protection profile .................................................................................................... 60 Step 4.......................................................... 68 Starting and stopping a full scan task or custom scan task .......................................................................................... 64 Step 1......................................................................................................................................................................... Select the task type .... 73 Step 3.............................................................. 72 Step 4............................................ 76 CONTACTING TECHNICAL SUPPORT .... 53 Editing protection profile settings ......................... 71 Step 2.................. Configure scan settings ................................ Configure scan settings ........................................................................ Select the task type ............................................................................................................................................................................................................... 75 About events........................................................................................................................................................................................................................................................................................................................... REPORTS...... 63 Step 5............................................................................................................. Create a scan scope ........................................................................................................................................................................... 72 Rolling back the last anti-virus database update ................................... Select the action scope ............................................................................................................................................................................. 75 About reports ...................................................................................................................................................... Enter the name of the rollback task ......................................................................................................................................................................................................................................................................................... 71 Step 1.................................................................................................................................................. 67 Step 7................................................ 74 STATISTICS................................... 59 Creating a full scan task .................................................................................... 55 Assigning a protection profile to a virtual machine ............................................................................................................ Finish update distribution task creation.............................................................................................................................................................................. Finish rollback task creation .... Select the update distribution task run mode ...................................................... Select the rollback task run mode ..... AND NOTIFICATIONS ............................ 60 Step 3.. 65 Step 4................................ Enter the custom scan task name ...................................................................... 57 SCANNING OF VIRTUAL MACHINES ...................................................... 77 Ways to receive technical support .............................................. Select the full scan task run mode .......................................................................................................................... 64 Step 6....................................................... 50 Disabling protection on a virtual machine ............................. 72 Creating an update rollback task ....................................... Select the task type ....................................CONTENTS Viewing the protected infrastructure of the KSC cluster .................................................. 51 Manage protection profiles .......................................... Select the custom scan task run mode ...................................... Create a scan scope ..........................................................................

.................... 80 KASPERSKY LAB ZAO ............................................................................................................................................................... 79 GLOSSARY ................................................................................................................................. 84 INDEX .............................................................................................................................................................................................................................................. 85 6 ........................... 77 Collecting information for Technical Support ....................................................................... 82 INFORMATION ABOUT THIRD-PARTY CODE .............................................................................................................................................................................................................................................................................. 83 TRADEMARK NOTICES ................................................................................. 77 Obtaining technical support via My Kaspersky Account .............................................ADMINISTRATOR'S GUIDE Technical support by phone..........

............... Describes additional sources of information about the application and ways of receiving technical support.......... Describes the preparation for the installation of Kaspersky Security as well as installation and activation of the application..................... Describes the way to use Kaspersky Security............................. and specifics of integration with other applications..... Concept of administering the application through Kaspersky Security Center (see page 18) This section describes the concept of administering the application through Kaspersky Security Center............................ This Guide is intended for technical specialists tasked with installing and administering Kaspersky Security and providing support to companies that use Kaspersky Security....... key features............. Application architecture (see page 15) This section describes the application components and the logic of their interaction. This Guide is intended for technical specialists with experience in managing a virtual infrastructure based on the VMware™ vSphere™ platform......1 (see page 12) This section describes the purpose. 7 Document conventions ........................... Kaspersky Security for Virtualization 1................ 7 . and covers the integration of the application with Kaspersky Security Center and the VMware virtual infrastructure....... system requirements.......... common deployments....1 (hereinafter also «Kaspersky Security").. Helps plan the rollout of Kaspersky Security on a corporate network................... 9 IN THIS DOCUMENT This Guide comprises the following sections: Sources of information about the application (see page 10) This section describes sources of information about the application and lists websites that you can use to discuss application operation..................... The Guide serves the following purposes:      Describes the operating principles of Kaspersky Security...................... IN THIS SECTION: In this document .............................ABOUT THIS GUIDE This document is an administrator's guide to Kaspersky Security for Virtualization 1.. Installing and removing the application (see page 21) This section describes how you can install the application in the VMware virtual infrastructure or remove it from the VMware virtual infrastructure................................. and composition of the application...

Starting and stopping the application (see page 47) This section describes how you can start and stop the application. reports. This section describes the purpose of the End User License Agreement. and notifications (see page 75) This section describes the ways to get information about the operation of Kaspersky Security. Information on third-party code (see page 83) This section contains information on third-party code. Kaspersky Lab ZAO (see page 82) This section provides information about Kaspersky Lab ZAO. Virtual machine protection (see page 49) This section describes how Kaspersky Security protects virtual machines on VMware ESXi hosts controlled by a VMware ESXi hypervisor against viruses and other threats.ADMINISTRATOR'S GUIDE Application licensing (see page 41) This section contains information about the basic concepts of application activation. Glossary (see page 85) This section contains a list of terms that are mentioned in the document and their definitions. the ways to activate the application and renew your license. Virtual machine scan (see page 59) This section describes the Kaspersky Security scan task performed on files of virtual machines on VMware ESXi hosts controlled by a VMware ESXi hypervisor and provides instructions for configuring the scan task settings. Contacting Kaspersky Lab Technical Support for assistance (see page 77) This section provides information about how to obtain technical support and the requirements for receiving help from Technical Support. Managing protection (see page 48) This section describes how you can check the protection status of virtual machines and see if there are any problems with protection. Anti-virus database update (see page 70) This section contains information on database updates (hereinafter also "updates"). Trademark notices (see page 84) This section contains information on trademarks used in this document. Statistics. the types of licenses. Index This section allows you to quickly find required information within the document. and how you can configure the virtual machine protection settings. and instructions on how to configure update settings. 8 .

. To configure a task schedule: In the command line. Press ENTER... Update means. not including the angle brackets.. Example: . <User name> Variables are enclosed in angle brackets. insert the corresponding value. We recommended that you use.. Press ALT+F4. The following table shows document conventions and examples of their use. and buttons..ABOUT THIS GUIDE DOCUMENT CONVENTIONS The document text is accompanied by semantic elements to which we recommend paying particular attention: warnings.. Those keys must be pressed simultaneously. failures in equipment operation or operating system problems. such as entry fields. hints. type help.. The following semantic elements are italicized in the text:  New terms  Names of application statuses and events Names of keyboard keys appear in bold and are capitalized. DESCRIPTION OF DOCUMENT CONVENTION Warnings are highlighted in red and boxed. Instead of the variable. 9 . Notes are boxed. recommendations. Warnings provide information about possible unwanted actions that may lead to data loss. The Databases are out of date event occurs. Click the Enable button. are set off in bold. Document conventions are used to highlight semantic elements. specific values for settings. menu items. Table 1. Names of keys that are connected by a + (plus) sign indicate the use of a key combination. Names of application interface elements. Notes may contain useful hints. Introductory phrases of instructions are italicized and are accompanied by the arrow sign. Examples are given on a yellow background under the heading "Example". The following message then appears: Specify the date in dd:mm:yy format. The following types of text content are set off with a special font:  Text in the command line  Text of messages that the application displays on screen  Data that the user must enter. and examples. Document conventions SAMPLE TEXT Note that. or important special cases in operation of the application.

kaspersky...................kaspersky......... On this page (http://www...................SOURCES OF INFORMATION ABOUT THE APPLICATION This section describes sources of information about the application and lists websites that you can use to discuss application operation.. we recommend that you contact Kaspersky Lab Technical Support (see the section "Technical support by phone" on page 77)............... An Internet connection is required to use information sources on the Kaspersky Lab website.. You can select the most suitable information source.... The page http://www............................com contains a link to the eStore......................... its functions and features................................. 11 SOURCES OF INFORMATION FOR INDEPENDENT RESEARCH You can use the following sources of information to research on your own:     Application page on the Kaspersky Lab website Application page on the Technical Support website (Knowledge Base) Online help Documentation If you cannot find a solution for your issue.... Application page on the Kaspersky Lab website The Kaspersky Lab website features an individual page for each application....... There you can purchase or renew the application............................ 10 ..... IN THIS SECTION: Sources of information for independent research ..............................................com/security-virtualization) you can view general information about an application.............................. 11 Contacting Technical Writing and Localization Department via email ..................................... The Knowledge Base consists of reference articles that are grouped by topic........ 10 Discussing Kaspersky Lab applications on the Forum .................................................... depending on the level of importance and urgency of the issue......................... 11 Contacting the Sales Department ........................... Application page on the Technical Support website (Knowledge Base) Knowledge Base is a section on the Technical Support website that provides advice on using Kaspersky Lab applications.........

CONTACTING TECHNICAL WRITING AND LOCALIZATION DEPARTMENT To contact the Technical Writing and Localization Department. and find information about the basic techniques for using the application. recommendations. 11 .com. CONTACTING THE SALES DEPARTMENT If you have any questions on how to select. Context help contains information about each window of Kaspersky Security Console Plug-in: list of settings and their description. In this forum you can view existing topics.com). DISCUSSING KASPERSKY LAB APPLICATIONS ON THE FORUM If your question does not require an urgent answer. and answers to frequently asked questions on how to purchase. leave your comments.kaspersky.kaspersky. purchase. Online help The online help of the application comprises context help.com. configure its settings.com/contacts). install. Please use "Kaspersky Help Feedback: Kaspersky Security for Virtualization 1. They also may contain news from Technical Support. Service is provided in Russian and in English. but also to other Kaspersky Lab applications. Articles may provide answers to questions relating not only to Kaspersky Security.kaspersky. you can discuss it with the Kaspersky Lab experts and other users in our forum (http://forum.SOURCES OF INFORMATION ABOUT THE APPLICATION On the page of the application in the Knowledge Base (http://support. and create new discussion topics. By sending a message with your question to sales@kaspersky.com). send an email to docfeedback@kaspersky. you can read articles that provide useful information. you can contact our Sales Department specialists in one of the following ways:   By calling our HQ office in Moscow by phone (http://www.1" as the subject line in your message. Documentation The distribution kit includes documents that help you to install and activate the application on the computers of a local area network. and use the application. or renew the application.

VMware ESXi host that is not part of a VMware cluster. VMware cluster. Kaspersky Security grants access the file. Kaspersky Security makes it possible to configure the protection of virtual machines at any level of the hierarchy of VMware inventory objects: VMware vCenter™ Server. Updates keep the virtual machine protected against new viruses and other threats at all times. VMware vShield Endpoint integration helps protect virtual machines without the need to install additional antivirus software on guest operating systems. Kaspersky Security protects virtual machines with Windows® guest operating systems. Virtual machine files have to be scanned regularly with new anti-virus databases to prevent the spread of malicious objects. data center. disinfects or blocks the file.  Kaspersky Security is administered using the Kaspersky Security Center system for remote administration and maintenance of Kaspersky Lab applications. You can use the tools of Kaspersky Security Center to:    install the application in a VMware virtual infrastructure configure the application settings administer the application       manage the protection of virtual machines manage the scan task manage the application keys update anti-virus databases of the application generate application event reports delete the application from a VMware virtual infrastructure 12 . vApp object. You can perform an on-demand scan or schedule a scan. If a file is found to contain viruses and other threats. The application protects the file system of the guest operating system of a virtual machine (hereinafter also "virtual machine files"). Anti-virus database updates. and virtual machine. You can update anti-virus databases on demand or schedule an update. resource pool.    If a file is free from viruses and other threats.1 FOR VIRTUALIZATION Kaspersky Security is an integrated solution that protects virtual machines on a VMware ESXi host managed by the VMware ESXi hypervisor against viruses and other computer security threats (hereinafter "viruses and other threats"). The application supports the protection of virtual machines during their migration within the DRS cluster of VMware.KASPERSKY SECURITY 1. Kaspersky Security performs the action configured in its settings. The application scans virtual machine files for viruses and other threats. for example. Kaspersky Security features:  Protection. not disabled or paused) and if they have the VMware vShield Endpoint Thin Agent driver installed and enabled. Kaspersky Security protects virtual machines when they are active (online. including server operating systems (see the "Hardware and software requirements" section on page 14). that is. Scanning. The application downloads updated anti-virus databases. The application scans all files opened or closed by the user or a different application on a virtual machine for viruses and other threats. The application is integrated into a virtual infrastructure managed by the VMware ESXi hypervisor (hereinafter "VMware virtual infrastructure") by means of VMware vShield™ Endpoint™ technology.

................... 13 ................................com............... http://www.............................kaspersky..KASPERSKY SECURITY 1......1 FOR VIRTUALIZATION IN THIS SECTION: Distribution kit. the eStore section) or partner companies........ 13 Hardware and software requirements ...... contact the Sales Department at sales@kaspersky................ Application activation information is emailed after payment has been completed............................... For more details on ways to purchase the application and on the contents of the distribution kit........................................................................................com... 14 DISTRIBUTION KIT The application is available from online stores of Kaspersky Lab (for example...................... The distribution kit contains the following items:    Application files Application manuals license agreement setting out the terms on which you can use the application The content of the distribution kit may vary with the region in which the application is distributed.....................

 Software requirements for the guest operating system of the virtual machine protected by Kaspersky Security:  Desktop operating systems:     Windows Vista® (32 bit). The driver has to be installed on the virtual machine protected by Kaspersky Security. patch 3. The driver is included in the VMware Tools kit supplied together with VMware ESXi 5. For hardware requirements for the Window operating system. the local area network must meet the following software requirements:  Kaspersky Security Center 9. VMware vShield Manager 5.0 Critical Fix 2. build 433742 or later.Net Framework 3. VMware vShield Endpoint Thin Agent driver. or VMware ESXi 4.0 hypervisor.0. patch 1. For hardware requirements for Kaspersky Security Center. see VMware http://www.0. For hardware requirements for the VMware virtual infrastructure. VMware vShield Endpoint 5.HARDWARE AND SOFTWARE REQUIREMENTS For Kaspersky Security to operate properly.0.1 or VMware vCenter Server 5.1 hypervisor. Windows 7 (32 / 64 bit) Windows XP SP2 or later (32 bit) Server operating systems:     Windows 2003 (32 / 64 bit) Windows 2003 R2 (32 / 64 bit) Windows 2008 (32 / 64 bit) Windows 2008 R2 (64 bit). see Windows product manuals.0 hypervisor. see the Kaspersky Security Center Rollout Manual.5 or later.com/pdf/vshield_50_quickstart. The computer with the Kaspersky Security Center Administration Console installed must have Microsoft® .  Software requirements for the VMware virtual architecture:      VMware ESXi 5.vmware.pdf product manuals. VMware vCenter Server 4. build 474610 or later. 14 .0. patch 1.

One SVM protects virtual machines on one VMware ESXi host. a system for remote administration of Kaspersky Lab applications (see Kaspersky Security Center Administrator's Guide). Application architecture Kaspersky Security is supplied as an image of a virtual machine (see the "Contents of the Kaspersky Security virtual machine image" section on page 16). Figure 1. a component of Kaspersky Security Center. Kaspersky Security should be installed on each VMware ESXi host whose virtual machines you want to protect with Kaspersky Security. 15 . The Kaspersky Security Console Plug-in is included in the Kaspersky Security Center installation package. The VMware virtual infrastructure may contain several VMware ESXi hosts. and protects virtual machines deployed on this ESXi host against viruses and other threats. installed on a VMware ESXi host that is managed by a VMware ESXi hypervisor. This eliminates the need to install the application on each virtual machine in order to protect such virtual machines. The Administration Agent is included in the Kaspersky Security virtual machine image. Kaspersky Security is installed. configured. Secure virtual machine – a virtual machine with Kaspersky Security deployed on VMware ESXi host.APPLICATION ARCHITECTURE Kaspersky Security is an integrated solution that protects virtual machines on a VMware ESXi host managed by the VMware ESXi hypervisor (see figure below). The interaction between Kaspersky Security and Kaspersky Security Center is ensured by Administration Agent. The Kaspersky Security Console Plug-in provides the interface for managing the Kaspersky Security application through Kaspersky Security Center. The Kaspersky Security Console Plug-in should be installed on the computer (see the "Installing Kaspersky Security Console Plug-in" section on page 23) that hosts the Kaspersky Security Center Administration Console component. and administered via Kaspersky Security Center.

. To enable Kaspersky Security to protect virtual machines..... 16 . The user opens.. Interaction between Kaspersky Security and the VMware virtual infrastructure Kaspersky Security interacts with the VMware virtual infrastructure as follows: 1.....   The enumerated components must be installed in the VMware virtual infrastructure prior to the installation of Kaspersky Security. The VMware vShield Endpoint Thin Agent driver ensures the collection of data on virtual machines and transmission of files for scanning by Kaspersky Security.... The component provides information about virtual machines installed on VMware ESXi hosts...... The component participates in the rollout of Kaspersky Security............ 16 CONTENTS OF THE KASPERSKY SECURITY VIRTUAL MACHINE IMAGE The Kaspersky Security virtual machine image comprises:     SUSE® Linux® Enterprise Server operating system Kaspersky Security The EPSEC library – a component provided by VMware..... The component ensures interaction between the VMware vShield Endpoint Thin Agent driver installed on a virtual machine and the EPSEC library installed on the SVM.. you have to install and enable the VMware vShield Endpoint Thin Agent driver on these virtual machines. VMware vCenter Server................ADMINISTRATOR'S GUIDE IN THIS SECTION: Contents of the Kaspersky Security virtual machine image... INTEGRATION OF KASPERSKY SECURITY AND THE VMWARE VIRTUAL INFRASTRUCTURE The following components are required for Kaspersky Security integration with the VMware virtual infrastructure:  VMware vShield Endpoint ESX Module... The EPSEC library provides access to the files of virtual machines protected by Kaspersky Security............... saves or executes files on a virtual machine protected by Kaspersky Security.................................. This component is intended for administering and automating operational tasks within the VMware virtual infrastructure........... enabling the latter to manage the Kaspersky Security application.... This component is installed on the VMware ESXi host.... This component ensures the installation of the VMware vShield Endpoint ESX Module on VMware ESXi hosts and registration of SVMs.... Administration Agent – a component of Kaspersky Security Center...... The driver is included in the VMware Tools kit supplied together with VMware ESXi 5.. VMware vShield Manager........... patch 1...... 16 Integration of Kaspersky Security and the VMware virtual infrastructure ..............0 hypervisor... Administration Agent interacts with Kaspersky Security Center Administration Server.........

If the files are found to contain viruses and other threats. 3. the application disinfects or blocks a file.APPLICATION ARCHITECTURE 2. The VMware vShield Endpoint ESX Module component relays this event information to the EPSEC library installed on the SVM. For example. 17 . The EPSEC library relays this event information to Kaspersky Security installed on the SVM and provides access to files on the virtual machine. the application allows the user to access these files. the application performs the action configured in the settings of the protection profile (see the "About Kaspersky Security policy and protection profiles" section on page 19) assigned to this virtual machine. Kaspersky Security scans files opened. 5. The VMware vShield Endpoint Thin Agent intercepts information about these events and relays it to the VMware vShield Endpoint ESX Module component installed on the VMware ESXi host. saved or executed by the user on the virtual machine for viruses and other threats. 4.   If the files are free from viruses and other threats.

. A policy defines the virtual machine protection settings and packer scan settings (see the "Getting started" section on page 32)............ KSC Cluster The Kaspersky Security application is controlled via Kaspersky Security Center by means of policies and tasks (see Kaspersky Security Center Administrator's Guide)..................................1........... a centralized system enabling remote control of Kaspersky Lab applications............................ The KSC cluster is assigned the name of the corresponding VMware vCenter Server platform.......................... In the case of Kaspersky Security for Virtualization 1. the SVM is the equivalent of a Kaspersky Security Center client computer... IN THIS SECTION: About Kaspersky Security policy and protection profiles .......................................... 19 About Kaspersky Security tasks ..... Figure 2............. Automatic data synchronization between SVMs and the Kaspersky Security Center Administration Server happens in the same way as data synchronization between client computers and Administration Server (see Kaspersky Security Center Administrator's Guide).. VMware inventory objects as part of this VMware vCenter Server platform form the protected infrastructure of the KSC cluster............... 20 18 ..........CONCEPT OF ADMINISTERING THE APPLICATION THROUGH KASPERSKY SECURITY CENTER Kaspersky Security for Virtualization 1...................1 is controlled via Kaspersky Security Center.. Scan tasks define the virtual machine scan settings (see the "Scanning of virtual machines" section on page 59).......... SVMs installed on VMware ESXi hosts controlled by a single VMware vCenter Server platform and the virtual machines protected by them are combined into a KSC cluster at Kaspersky Security Center (Kaspersky Security Center cluster) (see figure below)............

............ Kaspersky Security Center makes it possible to form a complex hierarchy of administered groups and policies (for details see Kaspersky Security Center Administrator's Guide)........................ we recommend creating a separate policy for each KSC cluster.......................................CONCEPT CENTER OF ADMINISTERING THE APPLICATION THROUGH KASPERSKY SECURITY ABOUT KASPERSKY SECURITY POLICY AND PROTECTION PROFILES In Kaspersky Security.. Instead.......................................... Figure 3.......... A protection profile is assigned to VMware inventory objects within the protected infrastructure of a KSC cluster..... Protection profiles let you flexibly configure different protection settings for different virtual machines.................... 19 About the root protection profile ..... 20 PROTECTION PROFILE INHERITANCE Kaspersky Security uses protection profile inheritance according to the hierarchy of VMware inventory objects.................... 19 .......... A policy can comprise several protection profiles.. Protection profiles The SVM protects the virtual machine using the settings configured in the protection profile assigned to it.. a policy is applied to a KSC cluster............. Only one protection profile may be assigned to a single VMware inventory object.................. a policy is applied to all SVMs that are part of the KSC cluster and defines the protection settings of all virtual machines that are part of the protected infrastructure of this KSC cluster..................... We do not recommend creating a complex hierarchy of administered groups and policies when configuring Kaspersky Security settings. IN THIS SECTION: Protection profile inheritance ........................ Accordingly... Virtual machine protection settings within a policy are defined by a protection profile (see figure below).................

Rollback. SVMs scan selected virtual machines within the specified KSC cluster for viruses and other threats. Kaspersky Security Center rolls back the latest anti-virus database updates on SVMs. The root protection profile is assigned to the root object within the structure of VMware inventory objects – VMware vCenter Server. Kaspersky Security Center automatically distributes anti-virus database updates and installs them on SVMs. all daughter objects. Adding a key. including virtual machines. You can use the following tasks to control Kaspersky Security:      Full scan. such as scanning of virtual machines and anti-virus database updates. Daughter objects / virtual machines have been assigned a protection profile of their own remain protected. inherit the root protection profile. you can assign identical protection profiles to virtual machines within a VMware cluster or resource pool. ABOUT KASPERSKY SECURITY TASKS Kaspersky Security Center controls the operation of SVMs by means of tasks. You can use group tasks to control Kaspersky Security via Kaspersky Security Center. In terms of Kaspersky Security. Kaspersky Security Center adds a key to SVMs to activate the application or renew the license. A VMware inventory object can be excluded from protection. Group tasks are performed on the client computers of the selected administration group. Tasks implement the primary application functions. you will be able to form additional protection profiles and use them to configure virtual machine protection more flexibly. group tasks (hereinafter "tasks") are performed on all SVMs that are part of the KSC cluster. all VMware inventory objects. After creating a policy. For example. including virtual machines within the protected infrastructure of a KSC cluster.ADMINISTRATOR'S GUIDE A protection profile assigned to a VMware inventory object is inherited by all of its daughter objects. Distribution of updates. are also excluded from protection. SVMs scan all virtual machines within all KSC clusters for viruses and other threats. You can perform the following actions with tasks:    run or pause create new tasks edit task settings 20 . While the root protection profile cannot be deleted. including virtual machines. Protection profile inheritance makes it possible to assign identical protection settings to several virtual machines simultaneously. In this way all virtual machines within the protected infrastructure of the KSC cluster are assigned identical protection settings. This means that you can either assign a specific protection profile to a virtual machine or let the protection profile inherited from its parent object to be applied to it. By virtue of protection profile inheritance. you can edit its settings. Custom scan. unless the daughter object / virtual machine has been assigned a protection profile of its own (see the "Assigning a protection profile to a virtual machine" section on page 56) or the daughter object / virtual machine has been excluded from protection (see the "Disabling protection on a virtual machine" section on page 51). If you have excluded a VMware inventory object from protection. ABOUT THE ROOT PROTECTION PROFILE The root protection profile is formed during policy creation.

......... 32 Removing the application ................................................................................................................................................................................................................... 23 Application installation procedure ................................................................................................................................................................................... 22 Installing Kaspersky Security Console Plug-in .......................................................................................... 23 REQUIREMENTS FOR THE COMPOSITION OF KASPERSKY SECURITY CENTER COMPONENTS AND VMWARE VIRTUAL INFRASTRUCTURE Before installing the application................... 38 PREPARING FOR INSTALLATION This section contains the requirements for the composition of Kaspersky Security Center components and VMware virtual infrastructure and describes the preparatory steps that precede the installation........................................................................................................................................... check:   the composition of Kaspersky Security Center components the composition of VMware virtual infrastructure components 21 .................... 38 Application removal procedure ............... 21 Creating a VMware vCenter Server account .................................................. 23 Modifications to Kaspersky Security Center after application installation ........................................................................................................... 28 Changing the configuration of SVMs .............................. 28 Modifications to the VMware virtual infrastructure after application installation ............................... IN THIS SECTION: Preparing for installation...................................................................INSTALLING AND REMOVING THE APPLICATION This section describes how you can install the application in the VMware virtual infrastructure or remove it from the VMware virtual infrastructure.................................................................................................................................................................................................................................................................................................................. 29 Getting started..... IN THIS SECTION: Requirements for the composition of Kaspersky Security Center components and VMware virtual infrastructure ......... 21 Upgrading an older version of the application ................................................

VMware vShield Manager This component is a console for managing the VMware vShield Endpoint component. For Kaspersky Security Center installation. VMware vShield Endpoint Thin Agent driver.1. VMware virtual infrastructure components:       VMware vCenter Server VMware vSphere Client VMware vShield Endpoint. CREATING A VMWARE VCENTER SERVER ACCOUNT The following VMware vCenter Server accounts are needed for the operation of the application:   An administrator account with privileges to create virtual machines. Account passwords must not contain blanks. 22 .Net Framework on the computer with the Kaspersky Security Center Administration Console installed is 3. An account with privileges to view VMware control objects (System. The version of Microsoft .ADMINISTRATOR'S GUIDE  Whether the Kaspersky Security Center components and VMware components meet the software requirements for the installation of Kaspersky Security (see the "Hardware and software requirements" section on page 14). The driver is included in the VMware Tools kit supplied together with VMware ESXi 5.0 hypervisor. The driver has to be installed and enabled on virtual machines that you intend to protect with Kaspersky Security.View privilege). Kaspersky Security Center components:    Administration Server Administration Console Administration Agent The Administration Agent is included in the Kaspersky Security virtual machine image. patch 1. Microsoft . The user name and password of the account are stored on SVMs in encrypted form. See VMware product manuals about the VMware vShield Endpoint Thin Agent driver. make sure that:    The IP address 169. Parallel operation of Kaspersky Security and anti-virus software can cause a conflict. No anti-virus software is installed on virtual machines that you intend to protect with Kaspersky Security. The user name and password of the account are not saved in the application settings.254.60 is available in the virtual network of each VMware ESXi host. see the Kaspersky Security Center Rollout Manual. This account is used during the installation of the application.5 or later is needed for the Setup Wizard.Net Framework 3. This IP is reserved for Kaspersky Security. This account is used during the operation of SVMs. The component is installed on VMware ESXi hosts and provides the EPSEC library. See VMware manuals about creating a VMware vCenter Server account. An array of VMware ESXi hosts on which virtual machines are deployed.5 or later. Before installing the application.

For details see the Kaspersky Security Center Administrator's Guide. Copy the Kaspersky Security Console Plug-in installation file from the Kaspersky Security Center installation package to the computer where Administration Console is installed. APPLICATION INSTALLATION PROCEDURE The application is installed in the VMware virtual infrastructure by deploying SVMs on VMware ESXi hosts. install Kaspersky Security Console Plug-in on the computer where Administration Console is installed. 2. 23 . Kaspersky Security Console Plug-in appears in the list of control plug-in in the properties of Administration Server. Open the Administration Console of Kaspersky Security Center. 4. To install the application in the VMware virtual infrastructure: 1.1 link. After it has been installed. You can manage the Setup Wizard as follows:    To return to the previous step of the Setup Wizard. The application can be upgraded by deleting SVMs on VMware ESXi hosts (see the "Application removal procedure" section on page 38) and then installing SVMs with the new version of the application on the VMware ESXi hosts (see the "Application installation procedure" on page 23). Select the Administration Server in the console tree. 3. Run the installation file of Kaspersky Security Console Plug-in on the administrator's workstation. The link is located in the Deployment section in the workspace. Launch the Setup Wizard by clicking the Install / Remove / Reconfigure Kaspersky Security for Virtualization 1. To install Kaspersky Security Console Plug-in: 1. Follow the instructions of the Setup Wizard. UPGRADING AN OLDER VERSION OF THE APPLICATION Kaspersky Security does not support upgrades of an older version of the application on an SVM. To proceed with the Setup Wizard. click the Next button. click the Cancel button. 2. To exit the Setup Wizard. click the Back button.INSTALLING AND REMOVING THE APPLICATION INSTALLING KASPERSKY SECURITY CONSOLE PLUG-IN To control the application via Kaspersky Security Center.

........................................ Finish installation of the application ...................................... SELECT ACTION At this step..... 27 Step 13.............................. Specify the name of an administrator account with privileges to create virtual machines....................................................................... 27 Step 14.................................... IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established... User name.. Launch the deployment of SVMs ............. Select data storage ......................................................................................................... 27 Step 12................... Register SVMs in the VMware vShield Manager console ................................................................ Review the license agreements ............................ 25 Step 5............ Proceed to the next step of the Setup Wizard by clicking the Next button............................................ADMINISTRATOR'S GUIDE IN THIS SECTION: Step 1............................................................ 26 Step 9............................... Select deployment scenario ... CONNECT TO VMWARE VCENTER SERVER At this step....... 27 Step 15.... 26 Step 10..................................................................................................................................................... Specify network settings ....................... Select the image file of an SVM ........................... Proceed to the next window of the Setup Wizard by clicking the Next button............ Connect to VMware vCenter Server ..... Specify the password of an administrator account with privileges to create virtual machines..... 28 STEP 1........................................................................ Match virtual networks ........................................................... STEP 2............................. choose the Installation option...... Change account passwords on SVMs ........................ Select VMware ESXi hosts .................................................... 26 Step 8................................................................................................................................... 25 Step 4................ Password of the user account under which a connection to the VMware vCenter Server is established.......................... specify the settings of the Setup Wizard connection to VMware vCenter Server:    VMware vCenter Server address......................... Password.. Select action .................................................................................................................... 24 Step 3.................................................. 24 Step 2............................................................................... Deployment of SVMs ........ 28 Step 16... Name of the user account under which a connection to the VMware vCenter Server is established. 24 ............................................................... 25 Step 7................................................................................... Log into the VMware vCenter Server account .................................................. Password should not contain spaces....................................... 25 Step 6.......................................................................................................... 26 Step 11...................... The Setup Wizard establishes a connection to VMware vCenter Server....................................................... Specify network settings manually ...............................

INSTALLING

AND REMOVING THE APPLICATION

If the connection to VMware vCenter Server is not established, check the connection settings. If the connection settings are specified correctly, finish the Setup Wizard, make sure the VMware vCenter Server is available over the network, and restart application installation.

STEP 3. SELECT THE IMAGE FILE OF AN SVM
At this step, select the image file of an SVM. To do so, click the Browse button and select the SVM image file in the window that opens. The Setup Wizard will check the image of the SVM. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 4. REVIEW THE LICENSE AGREEMENTS
At this step, review the license agreements concluded between you and Kaspersky Lab and between you and Novell®. Novell holds copyright to the SUSE Linux Enterprise Server operating system installed on the SVM. Carefully review the license agreements and, if you accept all of their terms, select I accept the terms. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 5. SELECT VMWARE ESXI HOSTS
At this step, select the VMware ESXi hosts on which you want to install the SVM. The table shows the details of all VMware ESXi hosts within a single VMware vCenter Server platform:    The VMware ESXi host column shows the IP address of a VMware ESXi host. The Status column shows the current status of the VMware ESXi host: available, unavailable. The Protection column shows whether or not the virtual machines of this VMware ESXi host are protected:   Protected – an SVM is installed on a VMware ESXi host. Unprotected – an SVM is not installed on a VMware ESXi host.

You can select those enabled VMware ESXi hosts on which an SVM is not installed. To select a VMware ESXi host, select the check box on the left of the name of this VMware ESXi host in the table. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 6. SELECT DEPLOYMENT SCENARIO
At this step, select the scenario for the deployment of an SVM in the data storage of the VMware ESXi host:  Dynamic provisioning with the use of VMware vStorage Thin Provisioning . During space provisioning, the minimum required space is reserved for the SVM in the data storage of the VMware ESXi host. This space can be increased, if necessary. This option is selected by default. Provisioning of disk space with constant volume. During space provisioning, the entire required volume of space is reserved for the SVM in the data storage of the VMware ESXi host.

Proceed to the next step of the Setup Wizard by clicking the Next button.

25

ADMINISTRATOR'S GUIDE

STEP 7. SELECT DATA STORAGE
At this step, for each SVM, select a data storage from the list of data storages connected to VMware ESXi hosts. The table shows the following details:   The VMware ESXi host column shows the IP address of a VMware ESXi host. The SVM name column shows the name of the SVM deployed on the particular VMware ESXi host. SVMs are automatically assigned the name KSV-<N>, where N represents the IP address of the VMware ESXi host on which the SVM is deployed. For example, ksv-192-168-0-2. You can change the name of the SVM. To this end, double-click the Name column and type a new name.  The drop-down list in the Data storage column shows the names of data storages connected to the VMware ESXi host. If one data storage is connected to a VMware ESXi host, the drop-down list shows one name.

In the drop-down list of the Data storage column, select a data storage for each SVM. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 8. MATCH VIRTUAL NETWORKS
At this step, match the virtual network of the SVM to the virtual network of the VMware ESXi host:   The VMware ESXi host column shows the IP address of the VMware ESXi host on which the SVM is installed. In the drop-down list of the VMware vShield network column, select the virtual network of the VMware ESXi host to be used by the SVM to communicate with the VMware vShield Endpoint ESX Module component. This component is installed on the VMware ESXi host. The component ensures interaction between the VMware vShield Endpoint Thin Agent driver installed on a virtual machine and the EPSEC library installed on the SVM. In the drop-down list of the User network column, select the virtual network of the VMware ESXi host to be used by the SVM to communicate with an external network environment.

Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 9. SPECIFY NETWORK SETTINGS
At this step, specify the network settings of SVMs:    Use DHCP. This option enables the DHCP network protocol that lets SVMs receive network settings automatically. This option is selected by default. Assign manually for each SVM. Network settings are specified for SVMs manually. Assign manually using common settings. Network settings are specified for SVMs manually within the selected range. After selecting this option, specify the range of network settings in the Main gateway, DNS server, and Subnet mask fields.

Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 10. SPECIFY NETWORK SETTINGS MANUALLY
This step is available if you have selected the option to Assign manually for each SVM or Assign manually using common settings at the previous step of the setup wizard. If you have selected Use DHCP, this step is skipped.

26

INSTALLING

AND REMOVING THE APPLICATION

If you have selected the option to Assign manually for each SVM at the previous step of the Setup Wizard, specify all network settings of SVMs manually. If you leave a settings field of any SVM blank, network settings received over the DHCP protocol are used for this SVM. If you have selected the option to Assign manually using common settings at the previous step of the Setup Wizard, the Main gateway, DNS-server, and Subnet mask columns of the table are filled with the values specified previously. Type the IP addresses of SVMs manually. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 11. CHANGE ACCOUNT PASSWORDS ON SVMS
Two accounts – root and klconfig – are configured on SVMs by default. These accounts are used to configure SVMs. At this step, change the default passwords of the root and klconfig accounts on the SVMs. Account passwords must not contain blanks. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 12. REGISTER SVMS IN THE VMWARE VSHIELD MANAGER
CONSOLE
At this step, specify the settings of SVM registration in the VMware vShield Manager console:    VMware vShield Manager address. IP address (IPv4) of the VMware vShield Manager console to which SVMs are connected. User name. Name of the administrator account for connecting to the VMware vShield Manager console. Password. Password of the administrator account for connecting to the VMware vShield Manager console. Password should not contain spaces.

Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 13. LOG INTO THE VMWARE VCENTER SERVER ACCOUNT
At this step, specify the settings of the VMware vCenter Server account that has privileges to view VMware inventory objects (System.View privilege). This account is used during the operation of SVMs.    VMware vCenter Server address. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established User name. Name of the user account under which a connection to the VMware vCenter Server is established. Specify the name of an account with privilege to view VMware inventory objects (System.View privilege). Password. Password of the user account under which a connection to the VMware vCenter Server is established. Specify the password of an account with privilege to view VMware inventory objects (System.View privilege). Password should not contain spaces.

Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 14. LAUNCH THE DEPLOYMENT OF SVMS
All settings needed to launch SVMs on VMware ESXi hosts have been specified.

27

ADMINISTRATOR'S GUIDE

Click the Next button to launch the deployment of SVMs.

STEP 15. DEPLOYMENT OF SVMS
At this step, SVMs are deployed on VMware ESXi hosts. This process takes some time. Wait for the deployment to end. SVM deployment progress is reflected in the table. The start and end times of the deployment process on each of the VMware ESXi hosts are shown in the Start and End columns. An SVM is automatically enabled after being deployed. Proceed to the next step of the Setup Wizard by clicking the Next button.

STEP 16. FINISH INSTALLATION OF THE APPLICATION
At this step, the results of SVM deployment on VMware ESXi hosts are displayed. Click the Finish button to finish the Setup Wizard.

MODIFICATIONS TO KASPERSKY SECURITY CENTER
AFTER APPLICATION INSTALLATION
After Kaspersky Security has been installed in the VMware virtual infrastructure, SVMs send their details to Kaspersky Security Center. Based on this information, Kaspersky Security Center combines the SVMs installed on VMware ESXi hosts into a single VMware vCenter Server platform, and the virtual machines protected by them into a KSC cluster. The KSC cluster is assigned the name of the corresponding VMware vCenter Server platform. In the Administered computers folder, Kaspersky Security Center creates folders for each KSC cluster and assigns the names of KSC clusters to the folders (see the "Concept of administering the application through Kaspersky Security Center" section on page 18).

MODIFICATIONS TO THE VMWARE VIRTUAL
INFRASTRUCTURE AFTER APPLICATION INSTALLATION
After installing the application in the VMware virtual infrastructure, perform the following:   Configure the SVM to be launched automatically when the VMware ESXi host is enabled. If an SVM is installed in a VMware virtual infrastructure that uses the VMware Distributed Resource Scheduler (DRS) and VMware vMotion components, make sure the SVM does not participate in the migration of virtual machines. To do so, attach the SVM to the VMware ESXi host.

IN THIS SECTION:
Configuring the automatic launch of an SVM .................................................................................................................. 29 Attaching an SVM to a VMware ESXi host ...................................................................................................................... 29

28

select Virtual Machine Options. 4. 4. See VMware manuals for details. edit the default settings of the virtual machine launch. select the DRS cluster of VMware. 6. In the tree of VMware inventory objects on the left. Select the Allow virtual machines to start and stop automatically with the system check box. 7. If necessary. Select an SVM in the Startup order table and move it into the Automatic Startup category by clicking the Move up button.INSTALLING AND REMOVING THE APPLICATION CONFIGURING THE AUTOMATIC LAUNCH OF AN SVM To configure the automatic launch of an SVM: 1. In the vSphere DRS section in the list on the left. In the Software section. 8. 8. select the Virtual Machine Startup / Shutdown item. 3. 2. CHANGING THE CONFIGURATION OF SVMS You can change the configuration of SVMs: settings of SVM connection to VMware vCenter Server and password of the klconfig account. In the Automation Level column. In the tree of VMware inventory objects on the left. A list of virtual machines installed on this VMware ESXi host appears in the right part of the window. which contains the VMware ESXi host that you need. 3. Click OK. Select the Configuration tab in the window on the right. such as VMware vSphere vApp and VMware vSphere Fault Tolerance. Select an SVM in the list of virtual machines. In the right part of the window. 6. select the VMware ESXi host on which the relevant SVM is installed. Open the VMware vSphere Client component. ATTACHING AN SVM TO A VMWARE ESXI HOST To attach an SVM to a VMware ESXi host: 1. 5. The settings of certain VMware components. See VMware manuals for details. 9. may override the virtual machine settings configured by you. 5. 2. Click the Properties link in the upper right corner of the window to open the Virtual Machine Startup and Shutdown window. 7. 29 . Open the VMware vSphere Client component. Click OK. Right-click to open the context menu and select Edit Settings. select the Enable individual virtual machine automation levels check box. select Disabled. The <DRS cluster name> Settings window opens.

..................... 31 Step 4.. To exit the Reconfiguration Wizard................. STEP 2. Open the Administration Console of Kaspersky Security Center......... Specify the name of an administrator account with privileges to create virtual machines....... Follow the instructions of the Reconfiguration Wizard........ specify the settings of the Reconfiguration Wizard connection to VMware vCenter Server:   VMware vCenter Server address............................................................... The link is located in the Deployment section in the workspace................ click the Back button.................................................................................................................................................................. Edit the klconfig account password ........................................................ Select action ......... Enter the klconfig account password ......................................................... 4....................................ADMINISTRATOR'S GUIDE To change the configuration of SVMs: 1........1 link................. Select the Administration Server in the console tree... Changing the configuration of SVMs .... 32 Step 7.......................... Edit the settings of SVM connection to VMware vCenter Server .............. Name of the user account under which a connection to the VMware vCenter Server is established... 31 Step 5.............................................................................................. You can manage the Reconfiguration Wizard as follows:    To return to the previous step of the Reconfiguration Wizard....................................... 32 Step 8.................................... 30 Step 3. choose the Reconfigure option.......... To proceed with the Reconfiguration Wizard................................... IN THIS SECTION: Step 1....... Select SVMs .............................. End the reconfiguration of SVMs .............................. Proceed to the next step of the Reconfiguration Wizard by clicking the Next button. 30 ................................. 32 Step 9................... click the Cancel button........ 31 Step 6.............................. Start the reconfiguration of SVMs ..... 32 STEP 1. 2........................... click the Next button....... SELECT ACTION At this step............ Launch the Reconfiguration Wizard by clicking the Install / Remove / Reconfigure Kaspersky Security for Virtualization 1....... CONNECT TO VMWARE VCENTER SERVER At this step.......... User name............................................ Connect to VMware vCenter Server .................................................... 3...................... 30 Step 2..... IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established.......

The Application version column shows the version number of Kaspersky Security installed on the SVM of this VMware ESXi host. STEP 5. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established. select the option Change settings and specify the following settings:   VMware vCenter Server address. Proceed to the next step of the Reconfiguration Wizard by clicking the Next button. check the connection settings. finish the Reconfiguration Wizard. ENTER THE KLCONFIG ACCOUNT PASSWORD At this step. Specify the password of an administrator account with privileges to create virtual machines. on which an SVM is installed:    The VMware ESXi host column shows the IP address of a VMware ESXi host. Specify the name of an account with privilege to view VMware inventory objects (System. If the connection settings are specified correctly. select the check box on the left of the name of this VMware ESXi host in the table. Password should not contain spaces.INSTALLING AND REMOVING THE APPLICATION  Password. User name. Name of the user account under which the SVM connection to the VMware vCenter Server is established. Password of the user account under which a connection to the VMware vCenter Server is established. The Reconfiguration Wizard establishes a connection to VMware vCenter Server. make sure the VMware vCenter Server is available over the network.View privilege). select the virtual machines that you want to reconfigure. Proceed to the next step of the Reconfiguration Wizard by clicking the Next button. EDIT THE SETTINGS OF SVM CONNECTION TO VMWARE VCENTER SERVER At this step. enter the klconfig account password. The Status column shows the status of the SVM:   Available – the SVM is enabled. Proceed to the next window of the Reconfiguration Wizard by clicking the Next button. STEP 4. SELECT SVMS At this step. and restart the reconfiguration process. The table shows the details of VMware ESXi hosts of the selected VMware vCenter Server platform. 31 . you can edit the settings of the SVM connection to VMware vCenter Server: To do so. STEP 3. Unavailable – the SVM is disabled. The klconfig account is used during the operation of SVMs. If the connection to VMware vCenter Server is not established. You can select only those VMware ESXi hosts on which the SVM has the Available status. To select a VMware ESXi host.

EDIT THE KLCONFIG ACCOUNT PASSWORD At this step. Specify the password of an account with privilege to view VMware inventory objects (System. START THE RECONFIGURATION OF SVMS All settings needed to reconfigure SVMs have been entered. STEP 7. Wait for the process to end. Proceed to the next step of the Reconfiguration Wizard by clicking the Next button. The start and end times of the process on each of the VMware ESXi hypervisors are shown in the Start and End columns. Proceed to the next window of the Reconfiguration Wizard by clicking the Next button. you can change the password of the klconfig account that is used on SVMs. Proceed to the next step of the Reconfiguration Wizard by clicking the Next button. 32 . Open the Administration Console of Kaspersky Security Center. all previously created policies will apply. Click the Next button to start the reconfiguration of SVMs. You have to delete the policies and create new ones. STEP 6.View privilege). SVM reconfiguration progress is reflected in the table. On the Computers tab of the folder with the name of a KSC cluster. Password of the user account under which the SVM connection to the VMware vCenter Server is established. SVMs are reconfigured on VMware ESXi hosts. STEP 9. END THE RECONFIGURATION OF SVMS At this step. To do so. This process takes some time. If the VMware vCenter Server platform is replaced / reinstalled. GETTING STARTED After installing Kaspersky Security. In the Administered computers folder of the console tree.ADMINISTRATOR'S GUIDE  Password. STEP 8. 2. select the folder with the name of the KSC cluster for whose SVMs you want to create a policy. the results of SVM reconfiguration on VMware ESXi hypervisors are displayed. Click the Finish button to finish the Reconfiguration Wizard. you can view a list of SVMs that are part of this KSC cluster. you have to configure the operation settings of SVMs by applying a policy. Password should not contain spaces. CHANGING THE CONFIGURATION OF SVMS At this step. they will start protecting the virtual machines. select the Change password and specify a new password for the klconfig account in the New password and Confirmation fields. After the settings of SVMs have been configured. To create a policy: 1.

.... Click the Edit button............................. 33 Step 4............................... Clear the Copy settings from existing policy check box.............. Proceed to the next step of the Policy Wizard by clicking the Next button... You can manage the Policy Wizard as follows:    To return to the previous step of the Policy Wizard.... The "lock" signifies a prohibition on editing the group of settings in policies of the nested level of the hierarchy (for nested administered groups and subordinated administered servers) and in task settings................................... Select application .... Finish policy creation .......................... 33 Step 2.......... select the name of the Kaspersky Security for Virtualization 1.. enter the policy name in the Name field.............................. To exit the Policy Wizard......... 33 Step 3.................. 5......... If a group of settings in a policy is under a "lock"..... it is impossible to redefine the values of such settings (see Kaspersky Security Center Administrator's Guide)....... click the Next button........................ Run the Policy Wizard by clicking the Create policy link.......... Select the Policies tab in the workspace... To edit the root protection profile settings: 1................ ENTER THE POLICY NAME At this step........ Proceed to the next step of the Policy Wizard by clicking the Next button.................. 37 STEP 1. Follow the instructions of the Policy Wizard............ SELECT APPLICATION At this step............ 37 Step 5................................................... click the Cancel button................. click the Back button........... Configure the root protection profile .........1 application in the Application name dropdown list............................. 4.................. Configure advanced settings ............. CONFIGURE THE ROOT PROTECTION PROFILE At this step..................... IN THIS SECTION: Step 1............................. you can edit the default settings of the root protection profile....INSTALLING AND REMOVING THE APPLICATION 3.............................. STEP 3............................................. STEP 2.................. Enter the policy name . 2...... After the policy has been created.................. Each group of settings of the root protection profile has the "lock" attribute: ........ To proceed with the Policy Wizard... Change the setting value to Enable protection....... 33 ................... the root protection profile is assigned to all virtual machines in the KSC cluster.

the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Low). select it by means of the slider. b. If this check box is cleared. If the check box is cleared. a. Kaspersky Security does not unpack and scan objects larger in size than the value specified. Enables / disables the scanning of objects embedded inside a file. 3. At this level of detail. Recommended. regardless of whether the Do not unpack large compound files check box is selected. click the Settings button and specify the following settings in the Security level settings window that opens: In the Scan of archives and compound objects section. By default. Enable / disable scanning of archives. This checkbox is cleared by default.ADMINISTRATOR'S GUIDE The Protection settings window opens. If the check box is selected. Level of heuristic analysis configured for the particular level of security:  Light scan. Kaspersky Security scans large files that are extracted from archives. perform one of the following:    To apply one of the preset security levels (High. In the Security level section. To configure a custom security level. This checkbox is cleared by default. specify the values of the following settings:  Scan archives. specify the values of the following settings:  Heuristic analyzer level. click the Default button. This checkbox is cleared by default. Scanning is faster and less resource- 34 . This check box is available when the Scan archives check box is selected. If this check box is selected.  Do not unpack large compound files.  Scan self-extracting archives. Kaspersky Security does not scan compound files whose size exceeds the value specified in the Maximum size of a compound object to scan field. Deletes archives that cannot be disinfected. Maximum size of compound objects subject to scanning (in megabytes). To change the security level to Recommended. Kaspersky Security deletes archives that could not be disinfected.  Scan embedded OLE objects. the value is set to 8 MB. Heuristic Analyzer does not perform all instructions in executable files while scanning executable files for malicious code. In the Performance section. Kaspersky Security does not delete archives that could not be disinfected. Kaspersky Security scans compound files of all sizes.  Delete archives if disinfection failed. Enables / disables the scanning of self-extracting archives. This checkbox is selected by default. This checkbox is cleared by default.  Maximum size of a compound object to scan N MB.

After you have configured the security level settings manually. If the check box is selected. Kaspersky Security stops scanning an object when the scan duration reaches the value specified in the Scan objects for no longer than N second(s) field. At this level of detail. Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan detail levels of heuristic analysis. worms. Kaspersky Security always scans files on virtual machines for viruses. the security level name in the Security level section changes to Custom. This checkbox is selected by default. In the Threats window. Kaspersky Security stops scanning an object if it takes longer than the time value specified. 35 . While scanning files for malicious code.INSTALLING AND REMOVING THE APPLICATION intensive. When the check box is selected. While scanning files for malicious code. and remote administration applications). Enables protection against malicious tools. a. Enables protection against auto-dialers. This checkbox is selected by default.   Medium scan. protection against adware is enabled. Scanning consumes more resources of the SVM and takes more time. c. If this checkbox is selected. Deep scan. protection against other types of threats is enabled. This checkbox is selected by default. If this checkbox is selected.  Auto-dialers. b. Maximum duration of object scanning (in seconds). When the check box is selected. By default. the probability of detecting threats is higher than at the Light scan and Medium scan levels. Kaspersky Security does not limit the duration of object scanning. In the Threat types section. This checkbox is cleared by default. protection against auto-dialers is enabled. Enables protection against other threats (such as downloaders. protection against malicious tools is enabled. click ОK. and trojans. Enables protection against adware. In the Security level settings window.  Others. Heuristic Analyzer performs the number of instructions in executable files that is recommended by Kaspersky Lab.  Limit objects scan time.  Adware. click the Settings button and specify the values of the following settings in the Threats window that opens:  Malicious tools. If the check box is cleared. keyloggers.  Scan objects for no longer than N second(s). the value is set to 60 seconds. This checkbox is selected by default. click ОK.

Kaspersky Security automatically deletes probably infected objects. In the entry field on the right. specify the values of the following settings:  Infected objects. If disinfection fails. click ОK. Kaspersky Security automatically attempts to disinfect infected objects. In the entry field on the right. This action is selected by default. click ОK. Kaspersky Security deletes infected objects. Scan all but these file types. Select one of the following options:   Scan these file types only. Kaspersky Security automatically blocks probably infected objects without attempting to disinfect them. The Exclusions from protection window opens. If disinfection fails. 8. In the Folders table. 5.  Skip. Kaspersky Security automatically skips infected objects without attempting to disinfect them. This action is selected by default. To exclude certain files of virtual machines from protection. In the Action on threat detection section. Kaspersky Security deletes such objects. The application deletes objects permanently. Block if disinfection fails. Kaspersky Security automatically attempts to disinfect infected objects. you can specify whether the exclusion from protection should be used for embedded folders. File extensions should be separated with a comma. If the action to be taken on infected or probably infected objects in the custom scan task settings is set to Disinfect. Action taken by Kaspersky Security on detecting probably infected objects:   Delete. Proceed to the next step of the Policy Wizard by clicking the Next button. specify a list of extensions of files that should not be scanned while a virtual machine is being protected. Block. For each folder. In the Exclusions from protection window. 36 . Delete if disinfection fails. Kaspersky Security automatically blocks infected objects without attempting to disinfect them. and the action in the policy settings is set to Skip. File extensions should be separated with a comma.  Probably infected objects. specify a list of extensions of files that should not be scanned while a virtual machine is being protected. Skip. click the Settings button in the Exclusions from protection section.     Disinfect. Block if disinfection fails or Block. Delete. Kaspersky Security blocks such objects. In the Protection settings window. Action taken by Kaspersky Security on detecting infected objects:  Disinfect. Kaspersky Security automatically skips probably infected objects without attempting to disinfect them. 9. 6. Block. the application skips the object that has been blocked as a result of the task. specify a list of extensions of files that should be scanned while a virtual machine is being protected. 7.ADMINISTRATOR'S GUIDE 4.

the policy is applied to SVMs. The policy created appears in the list of policies on the Policies tab. protection is enabled against packers that intruders can use to harm the virtual machine or user data. After Kaspersky Security Center relays this information to Kaspersky Security. Enables / disables the scanning and protection against files that have been packed three or more times. protection against multi-packed files is enabled. This checkbox is selected by default. choose the Active policy option. CONFIGURE ADVANCED SETTINGS At this step. When the check box is selected. The Policy Wizard finishes. The SVMs will start protecting the virtual machines on VMware ESXi hosts according to the root protection profile assigned to them. and the scanning of such objects is allowed. and the scanning of such files is allowed. Proceed to the next step of the Policy Wizard by clicking the Next button. This checkbox is selected by default. FINISH POLICY CREATION At this step. Enables / disables protection against packers that intruders can use to harm the virtual machine or user data. 37 . Click Finish. STEP 5. When the check box is selected. specify the settings for scanning packers on virtual machines:  Packed files that may cause harm.  Multi-packed files.INSTALLING AND REMOVING THE APPLICATION STEP 4.

......................... SELECT ACTION At this step................ 39 Step 5........ VMware vShield Server console.......................................................................... 40 Step 6........... Proceed to the next step of the Removal Wizard by clicking the Next button........................ The following components of the VMware virtual infrastructure should also be available:   VMware vCenter Server........ 40 Step 7... 3......................................................... Select VMware ESXi hosts .... Remove SVMs ........................... Used for canceling the registration of SVMs in the VMware vShield Manager console........................ You can manage the Removal Wizard as follows:    To return to the previous step of the Removal Wizard............ To proceed with the Removal Wizard...... 40 STEP 1........................................................................................ 4.... 38 Step 2......... An SVM can be deleted if it is enabled and available over the network............ Select action ... 39 Step 4........................ click the Cancel button..........REMOVING THE APPLICATION The application is removed by deleting SVMs from VMware ESXi hosts............................. You can delete SVMs from all or some of the VMware ESXi hosts that are part of the KSC cluster.................................................................................. Select the Administration Server in the console tree........... Provides information about VMware ESXi hosts on which an SVM is installed......... IN THIS SECTION: Step 1....................................... 39 Step 3....................... Open the Administration Console of Kaspersky Security Center............ choose the Removal option................... Cancel the registration of SVMs in the VMware vShield Manager console............................................ click the Next button....................... Connect to VMware vCenter Server ......... Confirm removal..1 link.................................................... Finish application removal ............. APPLICATION REMOVAL PROCEDURE To remove the application from the VMware virtual infrastructure: 1..... 38 .. To exit the Removal Wizard............................... Launch the Removal Wizard by clicking the Install / Remove / Reconfigure Kaspersky Security for Virtualization 1........... Follow the instructions of the Removal Wizard.. click the Back button.................... 2................ The link is located in the Deployment section in the workspace........

CONNECT TO VMWARE VCENTER SERVER At this step.INSTALLING AND REMOVING THE APPLICATION STEP 2. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established. Password. The Removal Wizard establishes a connection to VMware vCenter Server. IP address (IPv4) of the VMware vShield Manager console to which SVMs are connected. Specify the password of an administrator account with privileges to create virtual machines. To select a VMware ESXi host. CANCEL THE REGISTRATION OF SVMS IN THE VMWARE VSHIELD MANAGER CONSOLE To remove an SVM successfully. Password of the user account under which a connection to the VMware vCenter Server is established. specify the settings of the connection to the VMware vShield Manager console:  VMware vShield Manager address. Proceed to the next window of the Removal Wizard by clicking the Next button. The Application version column shows the version number of Kaspersky Security installed on the SVM of this VMware ESXi host. make sure VMware vCenter Server is available over the network. finish the Removal Wizard. on which an SVM is installed:    The VMware ESXi host column shows the IP address of a VMware ESXi host. STEP 3. Unavailable – the SVM is disabled. select the check box on the left of the name of this VMware ESXi host in the table. To cancel the registration. The Status column shows the status of the SVM:   Available – the SVM is enabled. the Removal Wizard needs to cancel its registration in the VMware vShield Manager console. 39 . At this step. SELECT VMWARE ESXI HOSTS At this step. You can select only those VMware ESXi hosts on which the SVM has the Available status. Proceed to the next step of the Removal Wizard by clicking the Next button. The table shows the details of VMware ESXi hosts of the selected VMware vCenter Server platform. check the connection settings. select the VMware ESXi hosts from which you want to remove the SVM. If the connection to VMware vCenter Server is not established. Password should not contain spaces. the Removal Wizard establishes a connection with the VMware vShield Manager console. and restart the process. User name. specify the settings of the Removal Wizard connection to VMware vCenter Server:    VMware vCenter Server address. If the connection settings are specified correctly. Name of the user account under which a connection to the VMware vCenter Server is established. STEP 4. Specify the name of an administrator account with privileges to create virtual machines.

Proceed to the next step of the Setup Wizard by clicking the Next button. SVM removal progress is reflected in the table. The start and end times of the removal process on each of the VMware ESXi hosts are shown in the Start and End columns.ADMINISTRATOR'S GUIDE   User name. the results of SVM removal from VMware ESXi hosts are displayed. the Removal Wizard shows the number of SVMs that will be removed. CONFIRM REMOVAL At this step. click the Next button. Wait for the removal to end. STEP 7. This process takes some time. Click the Finish button to finish the Removal Wizard. Password. Password should not contain spaces. Password of the administrator account for connecting to the VMware vShield Manager console. After the application has been removed from all of the selected VMware ESXi hosts. STEP 5. FINISH APPLICATION REMOVAL At this step. proceed to the next step of the Removal Wizard by clicking the Next button. To confirm the removal. Name of the administrator account for connecting to the VMware vShield Manager console. To return to the previous step of the Removal Wizard. SVMs are removed from VMware ESXi hosts. STEP 6. click the Back button. REMOVE SVMS At this step. 40 .

................... You can review the terms of the End User License Agreement in the following ways:   During the installation of the application (see the "Step 4. By reading the license.............................................................................................................................................................................. granted under the End User License Agreement......... stipulating the terms on which you may use the application................................ 45 Viewing the details of installed keys ... the ways to activate the application and renew your license.............. 41 About the license .................... 43 Running the key installation task ........... A license entitles you to the following kinds of services:    Using the application to protect a certain number of virtual machines...... 43 Renewing a license ........ The scope of services and application usage term depend on the type of license................................................................................. This document is included in the application distribution kit................................ Using other services available from Kaspersky Lab or its partners during the license term.......................................... 41 ............................................. 42 Activating the application........................................................ Contacting Kaspersky Lab Technical Support for assistance............................................................... 41 About the key file ............................................... You accept the terms of the End User License Agreement after confirming your content to the End User License Agreement when installing the application........................................... 43 Creating the key installation task .... If you do not accept the terms of the End User License Agreement.....................APPLICATION LICENSING This section contains information about the basic concepts of application activation..................................................................................................................................... This section describes the purpose of the End User License Agreement.............................. under which the application was activated........ View the license agreements" section on page 25).. the types of licenses.......................................... ABOUT THE LICENSE A license is a time-limited right to use the application.... IN THIS SECTION: About the End User License Agreement ........................................ 46 ABOUT THE END USER LICENSE AGREEMENT The End User License Agreement is a binding agreement between you and Kaspersky Lab ZAO....................................................................... you must abort the installation..............................txt file..........................................................

The license applies not to unique virtual machines in the VMware virtual infrastructure. License type: trial or commercial. Kaspersky Lab provides a key file when you buy Kaspersky Security. which you can protected with the application. Desktop key – a key needed to use the application for protection of virtual machines with a desktop operating system. License term – a term specified in the End User License Agreement during which you may use the application.ADMINISTRATOR'S GUIDE The following license types are provided:  Trial – a free license intended for trying out the application. Key file expiration date – a date that comes after a specific period after key file creation. all Kaspersky Security features become disabled.  Commercial– a paid license available to buyers of the application. you have to renew your commercial license. A key is used. Limited number of virtual machines with a server or desktop (determined by the key type) operating system – the maximum number of simultaneously running virtual machines with a server or desktop operating system.   42 . When the commercial license expires. For example. A key file contains the following information:   Key – a unique alphanumeric sequence. You can still protect and scan the virtual machines. When the trial license expires. for example. We recommend renewing the license before its expiration to ensure full protection against computer security threats. A trial license is usually of limited duration. which enables the user to use a Kaspersky Lab application on the terms of a trial or commercial license. The key file validity period may be several years. not disabled or paused). It starts to elapse from the date of first activation of the application with the particular key file. you need to purchase a commercial license. You can activate the application under a trial license only once. To continue using Kaspersky Security in fully functional mode. the application continues to work in limited functionality mode. 1 year. but to those virtual machines on which the VMware vShield Endpoint Thin Agent driver is installed and enabled and which are active (online. you can request a key file from Technical Support (see the "Contacting Technical Support" section on page 77). Key type:     Server key – a key needed to use the application for protection of virtual machines with a server operating system. If you have accidentally deleted a key file. ABOUT THE KEY FILE A key file is a file with the . to receive technical support from Kaspersky Lab. that is. but only using databases installed before the license expiration date. The application can be used only with a key file. You can activate the application with this key file only before its expiration.key extension. To continue using the application.

Kaspersky Security automatically removes the additional key. you have to install two additional keys: a server key and a desktop key. Run the key installation task (see the "Running the key installation task" section on page 45). If the number of virtual machines exceeds the number covered by the license conditions. This prevents virtual machine protection from being interrupted after the expiration of the current license until you activate the application under a new license. 43 . The type of the additional key must match the guest operating system of virtual machines: an additional server key is intended for virtual machines with a server operating system. CREATING THE KEY INSTALLATION TASK To create a key installation task: 1. After installing the active key. This will result in the installation of the additional key.APPLICATION LICENSING ACTIVATING THE APPLICATION Activating the application requires installing the key on all SVMs. you will need to install the additional key again. while a desktop key is intended for virtual machines with a desktop operating system. a license violation message appears in Kaspersky Security Center (see Kaspersky Security Center Administrator's Guide). This key is automatically used as the active key after the Kaspersky Security license has expired. If an SVM is used in a VMware virtual infrastructure to protect virtual machines with both server and desktop guest operating systems. Run the key installation task (see the "Running the key installation task" section on page 45). you have to install two keys on such machines: a server key and a desktop key. If an SVM is used in a VMware virtual infrastructure to protect virtual machines with both server and desktop operating systems. or the operating systems of virtual machines do not match the type of the key installed. It is recommended to buy a separate license for each VMware vCenter Server platform. Create a key installation task (see the "Creating a key installation task" section on page 43) for each KSC cluster on whose SVMs you want to install the key. To activate the application: 1. To renew a license: 1. on all SVMs installed on VMware ESXi hosts within a single VMware vCenter Server platform. while an additional desktop key is intended for virtual machines with a desktop operating system. you can renew it by installing an additional key. Open the Administration Console of Kaspersky Security Center. This task installs a key on all SVMs within a single KSC cluster. Use the key installation task to install a key. RENEWING A LICENSE When your license is going to expire soon. 2. 2. that is. Create a key installation task (see the "Creating a key installation task" section on page 43) for each KSC cluster on whose SVMs you want to install the additional key. If you replace or remove the active key. The key type must match the guest operating system of virtual machines: a server key is intended for virtual machines with a server operating system.

Run the Task Wizard by clicking the Create task link. 44 Step 4.... To use the key as an additional key.. specify the path to the key file........... You can use the key as an additional key if the application has been already activated and the active key installed.... 4... 44 Step 3................. the following information is displayed in the lower part of the window:   Key – a unique alphanumeric sequence.................... click the Cancel button.............. 45 Step 5................ to receive technical support from Kaspersky Lab.............................. select the folder with the name of the KSC cluster for whose SVMs you want to create a key installation task........................................ To proceed with the Task Wizard..... click the Next button.............. 44 Step 2........... click the Browse button and select a file with the ........................................ In the Administered computers folder of the console tree... SELECT THE KEY FILE At this step................................................ SELECT THE TASK TYPE At this step... select the Use the key as additional check box...........1. 5............. Proceed to the next step of the Task Wizard by clicking the Next button. select Key installation as the type of task for Kaspersky Security for Virtualization 1.... A key is used..............................................key extension in the Key file selection window that opens......... Proceed to the next step of the Task Wizard by clicking the Next button........... Select the key file .... To exit the Task Wizard........ IN THIS SECTION: Step 1... click the Back button... STEP 3. Select the task type.....................................ADMINISTRATOR'S GUIDE 2........................................ Follow the instructions of the Task Wizard....... 3..................... License type: trial or commercial. Enter the name of the key installation task ......... 45 STEP 1................. To do so................. ENTER THE NAME OF THE KEY INSTALLATION TASK At this step.... Select the Tasks tab in the workspace............................................................ Select the key installation task run mode ................ Finish key installation task creation..... You can manage the Task Wizard as follows:    To return to the previous step of the Task Wizard........ for example..... After you select a key file.. enter the key installation task name in the Name field..... STEP 2.... 44 .

This checkbox is cleared by default. Do one of the following:   Right-click to open the context menu and select Run. Once. and Instantly modes. FINISH KEY INSTALLATION TASK CREATION Click Finish at this step. If the check box is cleared. 5. It starts to elapse from the date of first activation of the application with the particular key file.  Launch task randomly at intervals of (min). Proceed to the next step of the Task Wizard by clicking the Next button. This checkbox is cleared by default. STEP 4. the task is launched on an SVM by schedule only.APPLICATION LICENSING  Limited number of virtual machines with a server or desktop (determined by the key type) operating system – the maximum number of simultaneously running virtual machines with a server or desktop operating system. 45 . 3. Key file expiration date – a date that comes after a specific period after key file creation. The key file validity period may be several years. the key installation task is launched according to this schedule. and in the Manually. SELECT THE KEY INSTALLATION TASK RUN MODE At this step. If the check box is selected. In the list of tasks. Distributed launch makes it possible to prevent a large number of SVMs from contacting the Kaspersky Security Center Administration Server at the same time. For example. 1 year. The Task Wizard finishes. Choose the task run mode in the drop-down list. select the folder with the name of the KSC cluster for whose SVMs you want to run a key installation task. The settings displayed in the window depend on the task run mode chosen. If the check box is selected. Run skipped tasks. configure the key installation task run mode:   Run by schedule. and Instantly modes – only on the SVMs that are visible online. an attempt to run the task is made the next time the application is launched on the virtual machine. the task is launched as soon as an SVM appears online. If you have configured a schedule for running the key installation task in the Task run schedule window. License term – a term specified in the End User License Agreement during which you may use the application. You can activate the application with this key file only before its expiration. which you can protected with the application. In the Manually.   Proceed to the next step of the Task Wizard by clicking the Next button. you can specify the maximum task launch delay time in the entry field. STEP 5. 4. You can also run the key installation task at any time manually (see the "Running the key installation task" section on page 45). select the key installation task that you want to run. Once. In the Administered computers folder of the console tree. Click the Run button. Select the Tasks tab in the workspace. The created key installation task appears in the list of tasks on the Tasks tab. Open the Administration Console of Kaspersky Security Center. RUNNING THE KEY INSTALLATION TASK To start the key installation task: 1. 2. The button is located on the right of the list of tasks in the Running task section.

select the template of the "Key usage report". The Expiration date field – this field shows the expiry date of a key (server or desktop) whose validity period expires before that of another key. Open the Administration Console of Kaspersky Security Center. The Restriction field shows the maximum number of virtual machines which you can protect with the application. The Service information field – this field shows the following information:    License number – service information relating to the key and license. The Restriction field – the sum of the following values: the maximum number of virtual machines with a desktop operating system and the maximum number of virtual machines with a server operating system. The details of keys installed on the SVM is displayed in the report as follows:     The Key field – a key for protecting virtual machines. Kaspersky Security Center shows the details of one key. For server machines – a key for protecting virtual machines with a server operating system. Therefore. For desktop machines – a key for protecting virtual machines with a desktop operating system. The Computers on which it is additional field shows the number of SVMs on which the key is used as an additional key.   For details on managing reports. A report generated using the "Key usage report" template appears in the workspace. The Computers on which it is active field shows the number of SVMs on which the key is used as the active key. 2. see the Kaspersky Security Center Administrator's Guide. In the Reports and notifications folder. if you have both a server key and a desktop key installed. which you can protected with the application. information about these files is presented in the report as follows:   The Key field – a unique combination of a server key and a desktop key.ADMINISTRATOR'S GUIDE VIEWING THE DETAILS OF INSTALLED KEYS To view the details of installed keys: 1. 46 .

update distribution task. and rollback task. The scan task for virtual machines is launched at application startup if the Run by schedule setting in the task schedule is set to At application startup. 47 . If the Run by schedule setting is set to a different value. Kaspersky Security stops automatically when the operating system is shut down on an SVM.STARTING AND STOPPING THE APPLICATION Kaspersky Security starts automatically when the operating system is launched on an SVM. The virtual machine protection feature is started automatically when the application is launched. the scan task is launched according to its own schedule. Kaspersky Security controls the operating processes of the virtual machine protection task. scan task.

see the Kaspersky Security Center Administrator's Guide. Client computer status is used to reflect the status of client computer protection in Kaspersky Security Center.MANAGING PROTECTION A secure virtual machine of Kaspersky Security in Kaspersky Security Center is the equivalent of a client computer. Information about threats detected by an SVM is recorded in the report (see the "About reports" section on page 75). its status changes to Critical or Warning. 48 . For details on client computer statuses. A feature of Kaspersky Security is that the status of an SVM changes upon detection of threats on virtual machines protected by this SVM. When an SVM detects a threat on virtual machines.

.................. It is recommended regularly to view the list of files blocked in the course of virtual machine protection and manage them........... You can view the details of blocked files in a virus report or by filtering events by the Object blocked event (see Kaspersky Security Center Administrator's Guide)............. the application skips the object that has been blocked as a result of the task........... 51 Manage protection profiles ............................................................... IN THIS SECTION: About protection of virtual machines ............................................. Probably infected status if the scan cannot determine whether the file is infected or not.. Files found to contain one of the malicious objects are referred to as infected.. disinfects or blocks the file..... you can save file copies in a location that is inaccessible to a virtual machine user or delete the files............ The file may contain a code sequence that is typical of viruses and other threats. When a user or application attempts to access a file on a virtual machine......................... 53 ABOUT PROTECTION OF VIRTUAL MACHINES One SVM protects the file system of the guest operating system of virtual machines on the VMware ESXi host......... If the action to be taken on infected or probably infected objects in the custom scan task settings is set to Disinfect... Block if disinfection fails or Block.... Information about all events occurring during the protection of virtual machines is logged in a report (see the "About reports" section on page 75)..... Kaspersky Security grants access the file.. To access files blocked in the course of virtual machine protection...... 50 Disabling protection on a virtual machine ... A virtual machine that has not been assigned a protection profile is excluded from protection..... Kaspersky Security installed on an SVM scans this file.................................................................. 49 Editing packer scan settings................................... for example........................................ 49 ................................................................. you need to temporarily disable the protection of such virtual machines (see the "Disabling protection on a virtual machine" section on page 51)................... virus or trojan)................................................ and how you can configure the virtual machine protection settings......PROTECTION OF VIRTUAL MACHINES This section describes how Kaspersky Security protects virtual machines on VMware ESXi hosts controlled by a VMware ESXi hypervisor against viruses and other threats............ it assigns one of the following statuses to this file:   A status that indicates the type of malicious object detected (for example...................................... If Kaspersky Security detects a threat in the file... SVMs protect the virtual machines according to the settings configured in the protection profiles assigned to them (see the "Concept of administering the application through Kaspersky Security Center" on page 18)............... or modified code of a known virus.......   If a file is free from viruses and other threats.......... and the action in the policy settings is set to Skip.................................. For example........... Kaspersky Security then subjects the file to the action configured in the protection profile of this virtual machine.. 50 Viewing the protected infrastructure of the KSC cluster ..

2.ADMINISTRATOR'S GUIDE EDITING PACKER SCAN SETTINGS The packer scan settings are specified in the settings of a policy upon its creation (see the "Getting started" section on page 32). specify the following settings (see "Step 4. you can edit packer scan settings. To edit packer scan settings: 1. Open the Administration Console of Kaspersky Security Center. select a folder with the name of the KSC cluster. By double-clicking. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:    5. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:  By clicking the Edit policy settings link. In the list on the left. 2. 7. In the right part of the window. select the folder with the name of the KSC cluster whose policy you want to edit. Select Properties. Multi-packed files. By double-clicking. In the Administered computers folder of the console tree. The Edit policy settings link is located on the right of the list of policies in the section with policy settings. Right-click to open the context menu of the policy. Configure advanced settings" on page 37):   Packed files that may cause harm. 6. Select the Policies tab in the workspace. The Edit policy settings link is located on the right of the list of policies in the section with policy settings. Open the Administration Console of Kaspersky Security Center.   50 . Select Properties. 3. select Advanced settings. 4. In the Administered computers folder of the console tree. Click OK. Right-click to open the context menu of the policy. By clicking the Edit policy settings link. Select the Policies tab in the workspace. 4. VIEWING THE PROTECTED INFRASTRUCTURE OF THE KSC CLUSTER To view the protected infrastructure of the KSC cluster: 1. After creating a policy. 3.

The details of protection profiles are shown as follows:    The name of an expressly assigned protection profile is highlighted in black. Kaspersky Security Center establishes a connection to VMware vCenter Server. The Protection profile column shows the name of the protection profile whose settings are used by SVMs to protect the virtual machines. In the Properties: <Policy name> window. The name is formed as follows: "inherited: <N>". the value in the Protection profile column is (Unprotected).PROTECTION OF VIRTUAL MACHINES 5. Password of the user account under which a connection to the VMware vCenter Server is established. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established. DISABLING PROTECTION ON A VIRTUAL MACHINE To disable protection on a virtual machine: 1. If this virtual machine has been assigned a protection profile. resource pools. data centers. where N represents the name of a protection profile inherited from a parent object. 8. If no connection has been established. 6. 2. VMware clusters. In the Administered computers folder of the console tree.  Password. vApp objects. Click OK. the settings of this protection profile are applied to all virtual machines that have the same ID (vm-ID). Name of the user account under which a connection to the VMware vCenter Server is established.  User name. The protected infrastructure of the KSC cluster is shown in the right part of the window: VMware vCenter Server. and virtual machines. Specify the settings of Kaspersky Security Center connection to VMware vCenter Server:  VMware vCenter Server address. select the folder with the name of the KSC to which the relevant virtual machine belongs. Open the Administration Console of Kaspersky Security Center. If the VMware virtual infrastructure contains two or more virtual machines with the same ID (vm-ID). which has been created by the administrator of VMware vCenter Server. 7. Kaspersky Security uses a view of the protected infrastructure of the KSC cluster in the form of a tree of VMware ESXi hosts and VMware clusters (Hosts and Clusters view) (for details see VMware product manuals). only one virtual machine appears in the tree of objects. If a virtual machine has been excluded from protection. Specify the name of a user account with privileges to view VMware inventory objects. which has been created by the VMware vCenter Server administrator. The VMware vCenter Server connection settings window opens. 51 . make sure VMware vCenter Server is available over the network and establish the connection again. The name of a protection profile inherited from a parent object is highlighted in gray. Password should not contain spaces. Specify the password of a user account with privileges to view VMware inventory objects. Click the Connect button in the right part of the window. VMware ESXi hosts that are not part of the VMware cluster. in the list on the left select Protected infrastructure.

the value show in their Protection profile column is (Unprotected). 7.ADMINISTRATOR'S GUIDE 3. Protection is removed from the parent object and those of its daughter objects that inherited their protection profiles from the parent object. By double-clicking. data centers. If no connection has been established. resource pools. Right-click to open the context menu of the policy. If objects have been excluded from protection. in the list on the left select Protected infrastructure. VMware clusters. To disable protection on several virtual machines that are daughter objects of a single VMware inventory object. Name of the user account under which a connection to the VMware vCenter Server is established. select it in the table. In the Properties: <Policy name> window.  User name. which has been created by the administrator of VMware vCenter Server. 4. Kaspersky Security Center establishes a connection to VMware vCenter Server. Do one of the following:   To disable protection on one virtual machine. Select the Policies tab in the workspace. Specify the name of a user account with privileges to view VMware inventory objects. 52 .  Password. The VMware vCenter Server connection settings window opens. 5. Specify the settings of Kaspersky Security Center connection to VMware vCenter Server:  VMware vCenter Server address. make sure VMware vCenter Server is available over the network and establish the connection again. Password of the user account under which a connection to the VMware vCenter Server is established. 8. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established. Click the Connect button in the right part of the window. 6. Password should not contain spaces. 9. VMware ESXi hosts that are not part of the VMware cluster. Select Properties. Click OK. 10. which has been created by the VMware vCenter Server administrator. The Edit policy link is located on the right of the list of policies. select this VMware inventory object in the table. Specify the password of a user account with privileges to view VMware inventory objects. Click the Disable protection button. vApp objects. The protected infrastructure of the KSC cluster is shown in the right part of the window: VMware vCenter Server. and virtual machines. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:    By clicking the Edit policy link.

.......... In the Administered computers folder of the console tree......... Open the Administration Console of Kaspersky Security Center.... 3............ Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:    5...................... 4....... enter the name of the protection profile and click OK.... 56 Deleting a protection profile.... 6............................................ perform one of the following: 53 ................................... In the window that opens....................... select Protection profiles................. In the list on the left.... Configure the root protection profile" on page 33)........... 55 Assigning a protection profile to a virtual machine ...... 7.................................................................. A list of protection profiles appears in the right part of the window............ Click the Add button. 8... Right-click to open the context menu of the policy....... Select Properties.................................................... The Protection settings window opens................... By double-clicking.................. the list of protection profiles is empty........ 2....................... In the Security level section..............................................................................PROTECTION OF VIRTUAL MACHINES MANAGE PROTECTION PROFILES You can manage protection profiles as follows:     Create protection profiles Edit protection profile settings Assign protection profiles to virtual machines Delete protection profiles IN THIS SECTION: Creating a protection profile ...... select the folder with the name of the KSC cluster for whose policy you want to create a protection profile..... By clicking the Edit policy settings link.................. 53 Editing protection profile settings ... The Edit policy settings link is located on the right of the list of policies in the section with policy settings..... The settings of a protection profile are identical to the settings of the root protection profile (see "Step 3.. If the protection profile you are creating for this policy is the first one.... Select the Policies tab in the workspace.. 57 CREATING A PROTECTION PROFILE To create a protection profile: 1.....

To change the security level to Recommended. 10. Do not unpack large compound files. Scan self-extracting archives. Recommended. and the action in the settings of the protection profile assigned to the virtual machine is set to Skip. Low). b. Probably infected objects. Block if disinfection fails or Block. In the Performance section. the application skips the object that has been blocked in the course of the task. click ОK. Auto-dialers. d. Scan objects for no longer than N second(s). Maximum size of a compound object to scan N MB. To exclude certain files of virtual machines from protection. In the Security level settings window. Limit objects scan time. In the Action on threat detection section. click the Default button. specify the values of the following settings:   Infected objects. Adware. Scan embedded OLE objects. 9. To configure a custom security level. specify the values of the following settings:       Scan archives. In the Threat types section. In the Threats window. After you have configured the security level settings manually. click the Settings button in the Exclusions from protection section. select it by means of the slider. Others.ADMINISTRATOR'S GUIDE    To apply one of the preset security levels (High. e. click the Settings button and specify the following settings in the Security level settings window that opens: In the Scan of archives and compound objects section. c. a. Delete archives if disinfection failed. click ОK. 54 . click the Settings button and specify the values of the following settings in the Threats window that opens:     Malicious tools. the security level name in the Security level section changes to Custom. If the action to be taken on infected or probably infected objects in the custom scan task settings is set to Disinfect. specify the values of the following settings:    Heuristic analyzer level.

specify a list of extensions of files that should not be scanned while a virtual machine is being protected. 4. edit the settings of the root protection profile. click ОK. By double-clicking. Right-click to open the context menu of the policy. Open the Administration Console of Kaspersky Security Center. In the entry field on the right. In the Administered computers folder of the console tree. Select the Policies tab in the workspace. In the Protection settings window. In the entry field on the right. File extensions should be separated with a comma. 55 . 11. By clicking the Edit policy settings link. File extensions should be separated with a comma. In the Folders table. b. Scan all but these file types. For each folder. 2. 12. To edit protection profile settings: 1. you can specify whether the exclusion from protection should be used to embedded folders. select the folder with the name of the KSC cluster for whose policy contains a root protection profile that you want to edit. Do the following:  To edit the root protection profile settings: a. in the list on the left select Root protection profile. In the Properties: <Policy name> window. Select Properties. 14. you can assign it to virtual machines (see the "Assigning a protection profile to a virtual machine" on page 56). Click OK. In the Properties: <Policy name> window. click ОK. specify a list of extensions of files that should not be scanned while a virtual machine is being protected. Select one of the following options:   Scan these file types only. The Edit policy settings link is located on the right of the list of policies in the section with policy settings.  In the Properties: <Policy name> window. 3. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:    5. To edit protection profile settings: a. EDITING PROTECTION PROFILE SETTINGS You can edit the settings of both a protection profile and a root protection profile.PROTECTION OF VIRTUAL MACHINES The Exclusions from protection window opens. In the Exclusions from protection window. 13. After creating a protection profile. a new protection profile appears in the list of protection profiles. in the list on the left select Protection profiles. c. specify a list of extensions of files that should be scanned while a virtual machine is being protected. In the right part of the window.

By clicking the Edit policy settings link. c. Password of the user account under which a connection to the VMware vCenter Server is established. b. The VMware vCenter Server connection settings window opens. In the Properties: <Policy name> window. e. select the protection profile whose settings you want to edit. all VMware inventory objects are assigned a root protection profile (see the "About the root protection profile" section on page 20). In the list of protection profiles. Specify the name of a user account with privileges to view VMware inventory objects. In the Properties: <Policy name> window. click OK. Select Properties. Click the Connect button in the right part of the window. select the folder with the name of the KSC cluster to whose virtual machine you want to assign a protection profile. By double-clicking. Open the Administration Console of Kaspersky Security Center. Password should not contain spaces.  User name. You can assign a custom protection profile to virtual machines. Specify the password of a user account with privileges to view VMware inventory objects. To assign a protection profile to a virtual machine: 1. Select the Policies tab in the workspace. 2. The new protection profile settings will be applied after data between Kaspersky Security Center and SVMs has been synchronized. which has been created by the VMware vCenter Server administrator. Specify the settings of Kaspersky Security Center connection to VMware vCenter Server:  VMware vCenter Server address. which has been created by the administrator of VMware vCenter Server. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:    5. Right-click to open the context menu of the policy.ADMINISTRATOR'S GUIDE A list of protection profiles appears in the right part of the window. The Edit policy settings link is located on the right of the list of policies in the section with policy settings. Edit the protection profile settings. click ОK. 56 . and click the Edit button. 4. d. IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established. In the Protection settings window. in the list on the left select Protected infrastructure. The Protection settings window opens. 3. 6. In the Administered computers folder of the console tree.  Password. ASSIGNING A PROTECTION PROFILE TO A VIRTUAL MACHINE After a policy has been created. 7. Name of the user account under which a connection to the VMware vCenter Server is established.

Do one of the following:   To assign a protection profile to one virtual machine. The assigned protection profile is shown in the Protection profile column of the table. Open the Administration Console of Kaspersky Security Center. 3. the settings of this protection profile are applied to all virtual machines that have the same ID (vm-ID). In the Assigned protection profile window. VMware ESXi hosts that are not part of the VMware cluster. 4. The virtual machine is assigned the protection profile of the parent object. The selected protection profile is assigned to the VMware inventory objects and those of its daughter objects which have not been assigned a protection profile expressly and which have not been excluded from protection. Specified. where N represents the name of the protection profile assigned to the parent object. resource pools. Click OK. 2. If this virtual machine has been assigned a protection profile. Kaspersky Security Center establishes a connection to VMware vCenter Server. choose one of the following options:   Parent "N". If no connection has been established. Click the Assign protection profile button. 57 . data centers. Select a policy in the list of policies and open the Properties: <Policy name> window in one of the following ways:   By clicking the Edit policy settings link. select it in the table. make sure VMware vCenter Server is available over the network and establish the connection again. 12. Select the Policies tab in the workspace. DELETING A PROTECTION PROFILE To delete a protection profile: 1. 11. 10. The virtual machine is assigned a protection profile from among the existing profiles of the policy. To assign the same protection profile to several virtual machines that are daughter objects of a single VMware inventory object. Kaspersky Security uses a view of the protected infrastructure of the KSC cluster in the form of a tree of VMware ESXi hosts and VMware clusters (Hosts and Clusters view) (for details see VMware product manuals). and virtual machines.PROTECTION OF VIRTUAL MACHINES 8. vApp objects. The Edit policy settings link is located on the right of the list of policies in the section with policy settings. only one virtual machine appears in the tree of objects. select this VMware inventory object in the table. VMware clusters. The Assigned protection profile window opens. In the Administered computers folder of the console tree. 9. The protected infrastructure of the KSC cluster is shown in the right part of the window: VMware vCenter Server. select the folder with the name of the KSC cluster from whose policy you want to delete a protection profile. Click OK. By double-clicking. If the VMware virtual infrastructure contains two or more virtual machines with the same ID (vm-ID).

The protection profile is deleted.ADMINISTRATOR'S GUIDE  5. 8. In the list of protection profiles. Click OK. In the Properties: <Policy name> window. If the parent object has been excluded from protection. click OK. the application does not protect such virtual machines. along with a list of virtual machines that are protected using this protection profile. Select Properties. and click the Delete button. prompting you to confirm deletion. If this protection profile has been assigned to virtual machines. 6. in the list on the left select Protection profiles. In the Properties: <Policy name> window. The application will protect those virtual machines to which this protection profile had been previously assigned using the settings of the protection profile of their parent object in the VMware virtual infrastructure. 58 . Right-click to open the context menu of the policy. 7. select the protection profile that you want to delete. a dialog opens. A list of protection profiles appears in the right part of the window.

.. one SVM simultaneously scans the files of no more than four virtual machines................... The packer scan settings are specified in the policy settings (see the "Editing packer scan settings" section on page 50)............... You can run a scan task manually or schedule it. The scan task progress is shown on the Tasks tab of the workspace of the folder with the name of the KSC cluster for whose virtual machines you have launched the scan task (see Kaspersky Security Center Administrator's Guide). Kaspersky Security uses the following scan tasks:   Full scan.. After a scan task has ended................ Virtual machine files have to be scanned regularly with new anti-virus databases to prevent the spread of malicious objects.............................................. 64 Starting and stopping a full scan task or custom scan task ............ 59 Creating a full scan task ............... CREATING A FULL SCAN TASK If a VMware vCenter Server platform has been replaced / reinstalled..... it is recommended to view the list of files blocked as a result of the scan task and manage them manually.................... IN THIS SECTION: About virtual machine scan .. You can view the details of blocked files in a virus report or by filtering events by the Object blocked event (see Kaspersky Security Center Administrator's Guide)....................................................... During a scan task.......................................... Information on the scan results and all scan task events are logged in the report (see the "About reports" section on page 75). 59 Creating a custom scan task .............. You first need to exclude from protection those virtual machines on which these files have been blocked.... As part of this task..............................SCANNING OF VIRTUAL MACHINES This section describes how Kaspersky Security scans files of virtual machines on VMware ESXi hosts managed by a VMware ESXi hypervisor and provides instructions for configuring the scan settings.................. You have to delete the tasks and create new ones......................... all previously created full scan tasks will not work.... 68 ABOUT VIRTUAL MACHINE SCAN Kaspersky Security scans virtual machine files for viruses and other threats...................................................................... SVMs scan all virtual machines within all KSC clusters for viruses and other threats... As part of this task............................................... During a scan task................ you can save file copies in a location that is inaccessible for a virtual machine user or delete the files.... an SVM scans those virtual machine files that are specified in the scan task settings............... SVMs scan selected virtual machines within the specified KSC cluster for viruses and other threats..... 59 ....... Custom scan.. For example............................

................ Do one of the following:   To create a full scan task for SVMs of all KSC clusters.......................... specify virtual machine scan settings..................................................... 63 Step 5............... 4....1...................................... To exit the Task Wizard.............. 60 Step 2............... select Full scan as the type of task for Kaspersky Security for Virtualization 1................ Follow the instructions of the Task Wizard.......................... click the Next button.... CONFIGURE SCAN SETTINGS At this step.................................................... Enter the full scan task name ................................... STEP 3.......... Proceed to the next step of the Task Wizard by clicking the Next button. STEP 2................. 5................... 64 STEP 1.......... Open the Administration Console of Kaspersky Security Center................ You can manage the Task Wizard as follows:    To return to the previous step of the Task Wizard.............................. select the Administered computers folder in the console tree....... Select the full scan task run mode ......................... To create a full scan task for SVMs in only one KSC cluster.... 60 ..... click the Back button. enter the full scan task name in the Name field.... IN THIS SECTION: Step 1.................. 3........ Select the task type........... in the Administered computers folder of the console tree select the folder with the name of this KSC cluster.. Create a scan scope ................................... Proceed to the next step of the Task Wizard by clicking the Next button........... Configure scan settings ..... click the Cancel button......... 64 Step 6........ To proceed with the Task Wizard............ Select the Tasks tab in the workspace..............ADMINISTRATOR'S GUIDE To create a full scan task: 1.................. 2. SELECT THE TASK TYPE At this step...... 60 Step 4. Run the Task Wizard by clicking the Create task link...................... ENTER THE FULL SCAN TASK NAME At this step........................ Finish full scan task creation .......... 60 Step 3.................................................................................................................................................

This checkbox is cleared by default. This checkbox is cleared by default. Kaspersky Security deletes archives that could not be disinfected.  Delete archives if disinfection failed. Low).  Scan self-extracting archives. click the Settings button and specify the following settings in the Security level settings window that opens: In the Scan of archives and compound objects section. In the Performance section. Scanning is faster and less resource- 61 . Enables / disables the scanning of objects embedded inside a file. If this check box is selected. click the Default button. specify the values of the following settings:  Heuristic analyzer level.  Scan embedded OLE objects. Kaspersky Security does not unpack and scan objects larger in size than the value specified. Enables / disables the scanning of self-extracting archives. If this check box is cleared. This checkbox is cleared by default.SCANNING OF VIRTUAL MACHINES To specify the virtual machine scan settings: 1. Kaspersky Security does not scan compound files whose size exceeds the value specified in the Maximum size of a compound object to scan field. If the check box is cleared. This checkbox is selected by default. Maximum size of compound objects subject to scanning (in megabytes). perform one of the following:    To apply one of the preset security levels (High. If the check box is selected.  Do not unpack large compound files. Level of heuristic analysis configured for the particular level of security:  Light scan. Kaspersky Security does not delete archives that could not be disinfected. By default. Recommended. At this level of detail. regardless of whether the Do not unpack large compound files check box is selected. To configure a custom security level. Kaspersky Security scans large files that are extracted from archives. the value is set to 8 MB. Heuristic Analyzer does not perform all instructions in executable files while scanning executable files for malicious code. specify the values of the following settings:  Scan archives. In the Security level section. This check box is available when the Scan archives check box is selected. Deletes archives that cannot be disinfected. Kaspersky Security scans compound files of all sizes. This checkbox is cleared by default. select it by means of the slider.  Maximum size of a compound object to scan N MB. the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Enable / disable scanning of archives. To change the security level to Recommended.

If this checkbox is selected. Enables protection against malicious tools. This checkbox is selected by default. When the check box is selected. Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan detail levels of heuristic analysis. If this checkbox is selected. the probability of detecting threats is higher than at the Light scan and Medium scan levels.  Auto-dialers. click the Settings button and specify the values of the following settings in the Threats window that opens:  Malicious tools. This checkbox is selected by default. the security level name in the Security level section changes to Custom. While scanning files for malicious code. In the Action on threat detection section. Kaspersky Security always scans files on virtual machines for viruses. Kaspersky Security stops scanning an object if it takes longer than the time value specified. Maximum duration of object scanning (in seconds). keyloggers. In the Threat types section.ADMINISTRATOR'S GUIDE intensive. This checkbox is selected by default. If the check box is cleared. Kaspersky Security does not limit the duration of object scanning. This checkbox is cleared by default. Scanning consumes more resources of the SVM and takes more time.  Adware. By default. 2. 62 . specify the values of the following settings:  Infected objects. Enables protection against other threats (such as downloaders.  Limit objects scan time. After you have configured the security level settings manually.  Scan objects for no longer than N second(s).   Medium scan. When the check box is selected. and remote administration applications).  Others. While scanning files for malicious code. and trojans. This checkbox is selected by default. Kaspersky Security stops scanning an object when the scan duration reaches the value specified in the Scan objects for no longer than N second(s) field. protection against adware is enabled. worms. Heuristic Analyzer performs the number of instructions in executable files that is recommended by Kaspersky Lab. protection against malicious tools is enabled. Enables protection against auto-dialers. Enables protection against adware. Deep scan. protection against other types of threats is enabled. protection against auto-dialers is enabled. At this level of detail. If the check box is selected. the value is set to 60 seconds.

email databases) that are scanned by an SVM during the scan task. This action is selected by default. Use the Add. Kaspersky Security automatically deletes probably infected objects. which should be checked during the scan task. specify the file extensions to be included in the scan or excluded from it. Kaspersky Security automatically skips probably infected objects without attempting to disinfect them. the scan task is interrupted even if it has not been completed. Action taken by Kaspersky Security on detecting probably infected objects:   Delete.     Disinfect. Delete. When the specified time limit is reached. In the Additional section. CREATE A SCAN SCOPE This step involves specifying the scope of the scan task. Skip. Kaspersky Security automatically blocks infected objects without attempting to disinfect them. If disinfection fails. Block. the application skips the object that has been blocked as a result of the task.  Skip. Use the Add. STEP 4. Proceed to the next step of the Task Wizard by clicking the Next button. Kaspersky Security automatically blocks probably infected objects without attempting to disinfect them. Edit. Kaspersky Security deletes such objects.  Probably infected objects. Block if disinfection fails. startup objects. specify the value of the Execute task no longer than N minute(s) setting. the application skips this file even if its extension places it within the scan scope. 63 . Kaspersky Security automatically skips infected objects without attempting to disinfect them. File extensions should be separated with a comma. Kaspersky Security blocks such objects. and Delete buttons to create a list of files on a virtual machine. 3.  Scan specified files and folders only. and the action in the policy settings is set to Skip.SCANNING OF VIRTUAL MACHINES Action taken by Kaspersky Security on detecting infected objects:  Disinfect. which should not be checked during the scan task. all hard drives. This action is selected by default. Kaspersky Security deletes infected objects. except for specified ones. Select one of the following options:  Scan all folders. The application deletes objects permanently. Proceed to the next step of the Task Wizard by clicking the Next button. Edit. Kaspersky Security automatically attempts to disinfect infected objects. If the action to be taken on infected or probably infected objects in the full scan task settings is set to Disinfect. Kaspersky Security automatically attempts to disinfect infected objects. The scope of the scan task means the locations and types of virtual machine files (for example. Maximum scan task duration (in minutes). and Delete buttons to create a list of files on a virtual machine. Delete if disinfection fails. In the File types section. Block. Block if disinfection fails or Block. Folders excluded from the scan have a higher priority than file extensions included in the scan. This means that if a file is located in a folder excluded from the scan. If disinfection fails.

Distributed launch makes it possible to prevent a large number of SVMs from contacting the Kaspersky Security Center Administration Server at the same time. In the Administered computers folder of the console tree. Run the Task Wizard by clicking the Create task link. Choose the task run mode in the drop-down list. 2. To exit the Task Wizard. This checkbox is cleared by default. In the Manually. FINISH FULL SCAN TASK CREATION Click Finish at this step. and Instantly modes. all previously created custom scan tasks will not work. the task is launched as soon as an SVM appears online. an attempt to run the task is made the next time the application is launched on the virtual machine. To create a custom scan task: 1.  Launch task randomly at intervals of (min). The settings displayed in the window depend on the task run mode chosen. 3. You can also run or stop the scan task at any time manually (see the "Starting and stopping a full scan task or custom scan task" section on page 68). click the Next button. Open the Administration Console of Kaspersky Security Center. The created full scan task appears in the list of tasks on the Tasks tab. Select the Tasks tab in the workspace. 4. click the Back button.ADMINISTRATOR'S GUIDE STEP 5. SELECT THE FULL SCAN TASK RUN MODE At this step. Proceed to the next step of the Task Wizard by clicking the Next button. STEP 6. Once. You have to delete the tasks and create new ones. Run skipped tasks. You can manage the Task Wizard as follows:    To return to the previous step of the Task Wizard. Follow the instructions of the Task Wizard. If the check box is selected. configure full scan task run mode:   Run by schedule. and in the Manually. 5. The Task Wizard finishes. the task is launched on an SVM by schedule only. the full scan task is launched according to this schedule. click the Cancel button. This checkbox is cleared by default. If the check box is cleared. If you have configured a schedule for running the task in the Task run schedule window. and Instantly modes – only on the SVMs that are visible online. If the check box is selected. To proceed with the Task Wizard. you can specify the maximum task launch delay time in the entry field. 64 . CREATING A CUSTOM SCAN TASK If a VMware vCenter Server platform has been replaced / reinstalled. Once. select the folder with the name of the KSC cluster for whose SVMs you want to configure a custom scan task.

....................................... which has been created by the VMware vCenter Server administrator....................... Proceed to the next step of the Task Wizard by clicking the Next button. If the connection settings are specified correctly............ Proceed to the next step of the Task Wizard by clicking the Next button...................... Create a scan scope ......................................... Select the custom scan task run mode ......... Enter the custom scan task name ....... 66 Step 5........... IP address in IPv4 format or domain name of a VMware vCenter Server with which a connection is established............................................................... SELECT THE TASK TYPE At this step.......................................................1 for Virtualization........... The Task Wizard establishes a connection to VMware vCenter Server...... 65 ................................................................. STEP 3.............. Connect to VMware vCenter Server . specify the settings of the Kaspersky Security Center connection to VMware vCenter Server:  VMware vCenter Server address...................... 65 Step 4........................................... Specify the password of a user account with privileges to view VMware inventory objects...................... Select the task type...................... CONNECT TO VMWARE VCENTER SERVER At this step... Finish custom scan task creation ....... Proceed to the next step of the Task Wizard by clicking the Next button.  Password..................................... 68 STEP 1.................................................... Specify the name of a user account with privileges to view VMware inventory objects.......... Password should not contain spaces................................ Configure scan settings .....................  User name...... 68 Step 8.......... enter the custom scan task name in the Name field.................................... Name of the user account under which a connection to the VMware vCenter Server is established.. Password of the user account under which a connection to the VMware vCenter Server is established.......................................................... 67 Step 7................... STEP 2.................................................SCANNING OF VIRTUAL MACHINES IN THIS SECTION: Step 1...... ENTER THE CUSTOM SCAN TASK NAME At this step................................................................ which has been created by the administrator of VMware vCenter Server......... the Next button will become unblocked........................................... Select the action scope ......................... select Custom scan as the type of task for Kaspersky Security 1........................... 65 Step 2.. 65 Step 3........................................ 66 Step 6.

data centers. and restart custom scan task creation. only one virtual machine appears in the tree of objects. Maximum size of a compound object to scan N MB.       Scan archives. VMware ESXi hosts that are not part of the VMware cluster. Scan self-extracting archives. make sure that VMware vCenter Server is available via the network. If the VMware virtual infrastructure contains two or more virtual machines with the same ID (vm-ID). The settings of the custom scan task are identical to the settings of the full scan task (see "Step 3. Do not unpack large compound files. To configure a custom security level. STEP 5. Scan objects for no longer than N second(s). Proceed to the next step of the Task Wizard by clicking the Next button.ADMINISTRATOR'S GUIDE If the connection has not been established. Scan embedded OLE objects. In the Security level section. Delete archives if disinfection failed. The VMware virtual infrastructure of a single VMware vCenter Server platform is shown in the table as a tree of objects: VMware vCenter Server. specify the values of the following settings:    Heuristic analyzer level. select it by means of the slider. Low). To specify the virtual machine scan settings: 1. resource pools. To change the security level to Recommended. Configure scan settings" on page 60). CONFIGURE SCAN SETTINGS At this step. 66 . vApp objects. Recommended. specify the virtual machines whose files you want to scan. and virtual machines. the task is performed on all virtual machines with the same ID (vm-ID). If this virtual machine is selected to be scanned using the custom scan task. specify the values of the following settings: (see "Step 3. Limit objects scan time. specify virtual machine scan settings. click the Default button. VMware clusters. STEP 4. click the Settings button and specify the following settings in the Security level settings window that opens: In the Scan of archives and compound objects section. Select check boxes opposite those virtual machines that you want to scan as part of the scan task being created. In the Performance section. SELECT THE ACTION SCOPE At this step. perform one of the following:    To apply one of the preset security levels (High. Configure scan settings" on page 60). exit the Task Wizard.

startup objects. In the Action on threat detection section. the security level name in the Security level section changes to Custom. File extensions should be separated with a comma. Block if disinfection fails or Block. Use the Add. specify the value of the Execute task no longer than N minute(s) setting. Adware. Probably infected objects. 2. Edit. worms. which should not be checked during the scan task. Folders excluded from the scan have a higher priority than file extensions included in the scan. Select one of the following options:  Scan all folders. and trojans. and Delete buttons to create a list of files on a virtual machine.  Scan specified files and folders only. which should be checked during the scan task. Kaspersky Security always scans files on virtual machines for viruses. Use the Add. 3. Proceed to the next step of the Task Wizard by clicking the Next button. specify the values of the following settings:   Infected objects. Proceed to the next step of the Task Wizard by clicking the Next button.SCANNING OF VIRTUAL MACHINES In the Threat types section. click the Settings button and specify the values of the following settings in the Threats window that opens:     Malicious tools. Edit. the application skips the object that has been blocked as a result of the task. The scope of the scan task means the locations and types of virtual machine files (for example. After you have configured the security level settings manually. except for specified ones. This means that if a file is located in a folder excluded from the scan. 67 . all hard drives. email databases) that are scanned by an SVM during the scan task. specify the file extensions to be included in the scan or excluded from it. and the action in the policy settings is set to Skip. In the Additional section. the application skips this file even if its extension places it within the scan scope. Others. STEP 6. CREATE A SCAN SCOPE This step involves specifying the scope of the scan task. In the File types section. If the action to be taken on infected or probably infected objects in the custom scan task settings is set to Disinfect. Auto-dialers. and Delete buttons to create a list of files on a virtual machine.

The Task Wizard finishes. you can specify the maximum task launch delay time in the entry field. Once. If the check box is cleared. This checkbox is cleared by default. Once. an attempt to run the task is made the next time the application is launched on the virtual machine. and Instantly modes – only on the SVMs that are visible online. You can also run or stop the task at any time manually (see the "Starting and stopping a full scan task or custom scan task" section on page 68). The created custom scan task appears in the list of tasks on the Tasks tab. In the Manually. If you have configured a schedule for running the scan task in the Task run schedule window. 68 . Choose the task run mode in the drop-down list. This checkbox is cleared by default.ADMINISTRATOR'S GUIDE STEP 7. SELECT THE CUSTOM SCAN TASK RUN MODE At this step. the custom scan task is launched according to this schedule. the task is launched on an SVM by schedule only. configure custom scan task run mode:   Run by schedule. FINISH CUSTOM SCAN TASK CREATION Click Finish at this step. If the check box is selected. STEP 8. Distributed launch makes it possible to prevent a large number of SVMs from contacting the Kaspersky Security Center Administration Server at the same time. Proceed to the next step of the Task Wizard by clicking the Next button.  Launch task randomly at intervals of (min). and in the Manually. and Instantly modes. the task is launched as soon as an SVM appears online. If the check box is selected. The settings displayed in the window depend on the task run mode chosen. Run skipped tasks.

you can start or stop the task at any time. 5. Click the Stop button. Open the Administration Console of Kaspersky Security Center. select the task that you want to start or stop. perform one of the following:   Right-click to open the context menu and select Run. 2. 3. Perform one of the following:   Select the Administered computers folder in the console tree if you want to start or stop a full scan task created for SVMs within all KSC clusters. 69 . Click the Run button. In the list of tasks. The button is located on the right of the list of tasks in the Running task section. To stop a task. To start a task. select the folder with the name of the KSC cluster for whose SVMs you want to start or stop a full scan task or custom scan task. 4.SCANNING OF VIRTUAL MACHINES STARTING AND STOPPING A FULL SCAN TASK OR CUSTOM SCAN TASK Regardless of the selected run mode for a full scan task or custom scan task. Select the Tasks tab in the workspace. To start or stop a full scan task or custom scan task: 1. 6. perform one of the following:   Right-click to open the context menu and select Stop. The button is located on the right of the list of tasks in the Running task section. In the Administered computers folder of the console tree.

........................................................ This task downloads the update package from the Kaspersky Security Center update source to the Administration Server storage..  70 .....UPDATING ANTI-VIRUS DATABASES This section contains information on database updates (hereinafter also "updates")........ Only one instance of the update download task can created.. An update source is a resource containing updates for databases and application modules of Kaspersky Lab applications................... 74 ABOUT ANTI-VIRUS DATABASE UPDATES Anti-virus database updates ensure up-to-date protection of virtual machines......................................... AUTOMATIC UPDATES OF ANTI-VIRUS DATABASES Kaspersky Security Center enables automatic distribution of anti-virus database updates and their installation on SVMs................................ The update download task is created automatically by the Kaspersky Security Center Initial Configuration Wizard........................................................... New viruses and other threats appear worldwide on a daily basis.... This is accomplished using:  Update download task..................... Updates require a current license to use the application................... you need to update anti-virus databases regularly................................................ 71 Rolling back the last anti-virus database update ........................ This is why you can create an update download task only if it has been deleted from the list of tasks of the Administration Server.... This task distributes anti-virus database updates and installs them on SVMs as soon as an update package has been downloaded to the Administration Server storage..... To download an update package from the Administration Server storage successfully............................... Downloading this update package may generate additional network traffic (up to several dozen megabytes)...... IN THIS SECTION: About anti-virus database updates ................................................... 72 Running an update rollback task .. 70 Creating an update distribution task ......... The update source for Kaspersky Security is the storage of the Kaspersky Security Center Administration Server....................................................... 70 Automatic updates of anti-virus databases........................................................................ If anti-virus databases have not been updated for a long time.... the size of the update package may be considerable.................................................................................... Anti-virus databases contain information about threats and ways of neutralizing them. Update distribution task............................................. 72 Creating an update rollback task .......................... To enable Kaspersky Security to detect new threats in a timely manner......... an SVM needs to have access to the Kaspersky Security Center Administration Server..... and instructions on how to configure update settings..................... For details see the Kaspersky Security Center Administrator's Guide......

... 72 Step 4............. select the folder with the name of the KSC cluster for whose SVMs you want to update anti-virus databases..... ENTER THE NAME OF THE UPDATE DISTRIBUTION TASK At this step..................1 for Virtualization.... Proceed to the next step of the Task Wizard by clicking the Next button............................ create it (see the Kaspersky Security Center Administrator's Guide).. 2....... IN THIS SECTION: Step 1. To exit the Task Wizard................ Select the Tasks tab in the workspace..... Run the Task Wizard by clicking the Create task link... STEP 2.......... 3....................... Select the task type..... click the Back button............. 2............................................... CREATING AN UPDATE DISTRIBUTION TASK To create an update distribution task: 1...... Select the update distribution task run mode ........... You can manage the Task Wizard as follows:    To return to the previous step of the Task Wizard... click the Cancel button........... Make sure that an update download task exists in Kaspersky Security Center... Enter the name of the update distribution task ....... Finish update distribution task creation ..... 71 Step 3................................................. Open the Administration Console of Kaspersky Security Center...... 4............. 71 Step 2. 5..UPDATING ANTI-VIRUS DATABASES To configure the automatic download of anti-virus database updates: 1... In the Administered computers folder of the console tree............................................................ Proceed to the next step of the Task Wizard by clicking the Next button....... To proceed with the Task Wizard....... Create an update distribution task (see the "Creating an update distribution task" section on page 71) for each KSC cluster on whose SVMs you want to update anti-virus databases. select Update as the type of task for Kaspersky Security 1....................... 72 STEP 1................... If the update download task does not exist.. click the Next button.................... SELECT THE TASK TYPE At this step.. enter the update distribution task name in the Name field... 71 ................... Follow the instructions of the Task Wizard.....

This checkbox is cleared by default. an attempt to run the task is made the next time the application is launched on the virtual machine. Every time an update is launched on an SVM. If the check box is cleared. If the check box is selected. Distributed launch makes it possible to prevent a large number of SVMs from contacting the Kaspersky Security Center Administration Server at the same time. and distributes and installs anti-virus database updates on SVMs. In the Administered computers folder of the console tree. The task is launched every time an update package is downloaded to the Administration Server storage. 72 . 3. Proceed to the next step of the Task Wizard by clicking the Next button. This enables you to revert to the previous version of anti-virus databases. Open the Administration Console of Kaspersky Security Center. you can specify the maximum task launch delay time in the entry field. To roll back the latest anti-virus database update: 1. ROLLING BACK THE LAST ANTI-VIRUS DATABASE UPDATE After the first update of the anti-virus database. The created update distribution task appears in the list of tasks on the Tasks tab. configure the update distribution task run mode:   Run by schedule. 2.ADMINISTRATOR'S GUIDE STEP 3. Create an update rollback task (see the "Creating an update rollback task" section on page 72) for each KSC cluster on whose SVMs you want to roll back the update of anti-virus databases. if necessary. STEP 4. 2. CREATING AN UPDATE ROLLBACK TASK To create an update rollback task: 1. If the check box is selected. Select On update download in the drop-down list. select the folder with the name of the KSC cluster for whose SVMs you want to roll back the anti-virus database update. 4. Run skipped tasks. Run the Task Wizard by clicking the Create task link. the task is launched on the SVM by schedule only. Run the update rollback task (see the "Running the update rollback task" section on page 74). Select the Tasks tab in the workspace. The Task Wizard finishes. FINISH UPDATE DISTRIBUTION TASK CREATION Click Finish at this step. This checkbox is cleared by default. the option of rolling back to the previous version of anti-virus databases becomes available. The update rollback feature is useful if the new database version contains an invalid signature that causes Kaspersky Security to block a safe application.  Launch task randomly at intervals of (min). SELECT THE UPDATE DISTRIBUTION TASK RUN MODE At this step. Kaspersky Security creates a backup copy of the existing anti-virus databases and only then proceeds to update them.

................... Proceed to the next step of the Task Wizard by clicking the Next button................ and in the Manually............ Enter the name of the rollback task.... To exit the Task Wizard.. select Rollback as the type of task for Kaspersky Security 1...... Distributed launch makes it possible to prevent a large number of SVMs from contacting the Kaspersky Security Center Administration Server at the same time...... This checkbox is cleared by default.......................... Follow the instructions of the Task Wizard........................ 74 STEP 1.......... STEP 2.............. and Instantly modes... If the check box is selected. 73 Step 4.......... the task is launched on an SVM by schedule only................... an attempt to run the task is made the next time the application is launched on the virtual machine... you can specify the maximum task launch delay time in the entry field...... IN THIS SECTION: Step 1.... If the check box is cleared. ENTER THE NAME OF THE ROLLBACK TASK At this step.... Proceed to the next step of the Task Wizard by clicking the Next button............. click the Next button.......... STEP 3...................................... the task is launched as soon as an SVM appears online................... select Manually.......................... 73 ............................. In the drop-down list.............1 for Virtualization..... If the check box is selected.......... Proceed to the next step of the Task Wizard by clicking the Next button............. Select the rollback task run mode ......... SELECT THE TASK TYPE At this step... In the Manually....................... and Instantly modes – only on the SVMs that are visible online.. configure the rollback task run mode:   Run by schedule........... enter the rollback task name in the Name field.... To proceed with the Task Wizard. 73 Step 2........... You can manage the Task Wizard as follows:    To return to the previous step of the Task Wizard. SELECT THE ROLLBACK TASK RUN MODE At this step................ click the Back button... Once.......... 73 Step 3...............UPDATING ANTI-VIRUS DATABASES 5. click the Cancel button........ Once................ Select the task type..................  Launch task randomly at intervals of (min)... Run skipped tasks................ This checkbox is cleared by default. Finish rollback task creation .............

The created update rollback task appears in the list of tasks on the Tasks tab. 4.ADMINISTRATOR'S GUIDE STEP 4. 2. In the Administered computers folder of the console tree. Do one of the following:   Right-click to open the context menu and select Run. FINISH ROLLBACK TASK CREATION Click Finish at this step. In the list of tasks. The Task Wizard finishes. Click the Run button. select the folder with the name of the KSC cluster for whose SVMs you want to roll back the anti-virus database update. Select the Tasks tab in the workspace. The button is located on the right of the list of tasks in the Running task section. 74 . 5. 3. RUNNING AN UPDATE ROLLBACK TASK To run an update rollback task: 1. Open the Administration Console of Kaspersky Security Center. select the update rollback task that you want to run.

..... Details of application errors.......... and usage of keys and anti-virus databases. 75 About reports............... Details of the versions of databases used on SVMs................. AND NOTIFICATIONS This section describes the ways to get information about the operation of Kaspersky Security........................ such as the details of infected objects....... protection status.... Error report................ performance of tasks launched. ABOUT REPORTS You can use reports to get information about the operation of Kaspersky Security.................................................................................. Key usage report. Details of keys installed for the application................ 75 Viewing reports ..... errors................................ IN THIS SECTION: About events ............. Most infected computers report........... Kaspersky Security Center offers a selection of reports containing information on the operation of Kaspersky Security:         Kaspersky Lab application versions report..... and threats detected...... REPORTS.............. Incompatible applications report.. Details of the virtual machine scan results.............. For details on managing reports and data contained in reports........ Contains the details of the application versions installed on SVMs and the version of the EPSEC library............. Protection deployment report................... For details on notifications...........STATISTICS...................... Details of protection deployment............... see Kaspersky Security Center Administrator's Guide... 75 ...................... Report on databases in use.......... such as details of protection deployment.............. Kaspersky Security sends the following details of virtual machines to the Administration Server: name and IP address of a virtual machine.... Virus report...... You can use the Administration Console to get detailed information on the operation of Kaspersky Security... Kaspersky Security Center also uses data received in the form of events to generate reports...................... names of files marked by the application as infected or probably infected and paths to such files.......... Kaspersky Security does not collect and transmit over networks any other information about the PVMs........ 76 ABOUT EVENTS SVMs send service messages – events – to the Kaspersky Security Center Administration Server...... see Kaspersky Security Center Administrator's Guide. changes in protection settings.......... Details of virtual machines found to contain the largest number of infected or probably infected objects that cannot be disinfected or deleted..... Specifies the number of virtual machines that host an application version that is incompatible with the Kaspersky Security Center version in use...........

see Kaspersky Security Center Administrator's Guide.ADMINISTRATOR'S GUIDE VIEWING REPORTS To view a report: 1. select the template of the report you want to view. Open the Administration Console of Kaspersky Security Center. 2. chart illustrating the most characteristic report data. 76 . consolidated table with calculated report indicators. A report generated using the selected template is displayed in the workspace. brief report description and reporting period. In the Reports and notifications folder of the console tree. details of the group for which the report has been generated. table with detailed report data. The report shows the following information:     report type and name. For details on managing reports.

.. Before contacting Technical Support.....kaspersky.............com/support/details)................. This method allows you to contact Technical Support specialists through a request form............. This will allow our specialists to help you more quickly..................com/support/rules)...................................................CONTACTING TECHNICAL SUPPORT This section provides information on how to obtain technical support and the requirements for receiving help from Technical Support..................... Users who received a trial license are not entitled to technical support...kaspersky................ 77 Gathering data for Technical Support .......................... 77 ...................kaspersky. we recommend contacting Kaspersky Lab Technical Support....... 79 WAYS TO RECEIVE TECHNICAL SUPPORT If you have not found a solution for your problem in the application manual or in one of the sources of information about the application (see the "Sources of information about the application" section on page 10).... review the technical support rules (http://support............. Before contacting Technical Support.................... This method allows you to consult with specialists from our Russian-language or international Technical Support.... TECHNICAL SUPPORT BY PHONE If an urgent issue arises....... please read the support rules (http://support.. 77 Obtaining technical support via My Kaspersky Account ........com/support/international)........................ OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY ACCOUNT My Kaspersky Account is your personal area (https://support..................................... Technical support is available only to users who have purchased the commercial license..........................kaspersky.............................................. By sending a request from My Kaspersky Account on the Technical Support website (see section "Obtaining technical support via My Kaspersky Account" on page 77)............ IN THIS SECTION: Ways to receive technical support ............ 77 Technical support by phone ........................... you can call specialists from Russian-speaking or international Technical Support by phone (http://support........... Technical Support specialists will answer your questions about installing or using the application..................................... You can contact Technical Support in one of the following ways:   By telephone (see section "Technical support by phone" on page 77)......com/ru/personalcabinet?LANG=en) on the Technical Support website.............

specify the following data:      Request type Application name and version number Request description Customer ID and password Email address A specialist from the Technical Support Service sends an answer to your question to your My Kaspersky Account and to the email address that you have specified in your online request. Under My Kaspersky Account. In the fields of the online request form. You can send requests of the following types to the Anti-Virus Lab:  Unknown malicious program – You suspect that a file contains a virus. View a detailed history of your Technical Support requests. Technical Support by email You can send an online request to Technical Support in English. Online request to the Anti-Virus Lab Some requests must be sent to the Anti-Virus Lab instead of Technical Support. On this page.kaspersky. German. You can also send requests to the Anti-Virus Lab from the request form page (http://support. French.com/ru/personalcabinet/registration/?LANG=en) and receive a customer ID and password for accessing My Kaspersky Account.html) without being registered in My Kaspersky Account. which is available through updates of anti-virus applications.   False alarm – Kaspersky Security classifies the file as a virus.ADMINISTRATOR'S GUIDE To access My Kaspersky Account. complete registration on the registration page (https://support. but you are sure that the file is not a virus. On detecting a previously unknown virus. but Kaspersky Security does not identify it as infected. or Spanish. you do not have to specify the application activation code. Russian. Request for description of malicious program – You want to receive the description of a virus that Kaspersky Security detects. You need to specify your activation code or key file. Track the status of your requests in real time.com/virlab/helpdesk. 78 . you can perform the following actions:      Contact Technical Support and the Anti-Virus Lab Contact Technical Support without using email.kaspersky. they add its signature the database. Receive a copy of the key file if it is lost or deleted. Anti-Virus Lab specialists analyze submitted malicious code. based on the name of the virus.

HA. VMware ESXi hypervisor version VMware vCenter Server platform version VMware vShield Endpoint component version list of VMware technologies used (VIEW. FT). DRS. Kaspersky Security Center version. 79 . DPM. Technical Support specialists may also ask you to provide a trace file. Send the generated report to Technical Support. The trace file allows you to trace the process of performing application commands step by step and determine the stage of application operation at which an error occurs.CONTACTING TECHNICAL SUPPORT COLLECTING INFORMATION FOR TECHNICAL SUPPORT After you notify Technical Support specialists about your issue. they may ask you to generate a report with the following information:       configuration settings of the SVM image.

P POLICY Defines the virtual machine protection settings and packer scan settings. that is. A policy can comprise several protection profiles. The root protection profile is automatically assigned to the root object within the structure of VMware inventory objects – VMware vCenter Server. Kaspersky Security Center rolls back the latest anti-virus database updates on SVMs. KEY INSTALLATION TASK Installs a key on all SVMs within a single KSC cluster. A protection profile is assigned to VMware inventory objects within the protected infrastructure of a KSC cluster. R ROLLBACK TASK As part of this task.GLOSSARY C CUSTOM SCAN TASK Defines the scan settings for virtual machines within the specified KSC cluster. 80 . The SVM protects the virtual machine using the settings configured in the protection profile assigned to it. Only one protection profile may be assigned to a single VMware inventory object. ROOT PROTECTION PROFILE The root protection profile is created by the user during policy creation. PROTECTION PROFILE A protection profile defines the virtual machine protection settings as part of a policy. K KSC CLUSTER A Kaspersky Security Center combination of SVMs installed on VMware ESXi hosts controlled by a single VMware vCenter Server platform and the virtual machines protected by them. F FULL SCAN TASK Defines the scan settings for virtual machines within all KSC clusters. PROTECTED INFRASTRUCTURE OF THE KSC CLUSTER VMware inventory objects as part of a VMware vCenter Server platform corresponding to the KSC cluster. on all SVMs installed on VMware ESXi hosts within a single VMware vCenter Server platform.

U UPDATE DISTRIBUTION TASK As part of this task. Kaspersky Security Center automatically distributes and installs anti-virus database updates on SVMs. Protects virtual machines on this ESXi host against viruses and other threats. UPDATE SOURCE Resource containing updates for databases and application modules of Kaspersky Lab applications. 81 . The update source for Kaspersky Security is the storage of the Kaspersky Security Center Administration Server.GLOSSARY S SVM A virtual machine on a VMware ESXi host controlled by a VMware ESXi hypervisor with Kaspersky Security installed.

kaspersky. In 2010 Kaspersky Anti-Virus won several highest Advanced+ awards as a result of tests held by a renowned Austrian anti-virus laboratory AV-Сomparatives.com/virlab/helpdesk. IBM (USA). Combining those solutions with centralized management tools allows building and using a highly efficient automated system for protection of enterprises against computer threats. The company's products and technologies protect more than 300 million users. China. Alt-N Technologies (USA). The number of its client organizations exceeds 200 thousand.com/ newvirus@kaspersky. Critical Path (Ireland). Those companies include SafeNet (USA). and add them to databases used by Kaspersky Lab applications. Clearswift (UK). The company offers programs and services for protection of workstations. mail gateways. Kaspersky Lab was founded in 1997 in Russia. Juniper Networks (USA). the Americas. The company employs more than 2000 qualified specialists. Every day they find hundreds of new threats. Kaspersky Lab products protect both home computers and corporate networks. Kaspersky Lab was rated among the world's top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Blue Coat Systems (USA). create tools for detecting and neutralizing them. and ZyXEL Communications (Taiwan). LANDesk (USA). Today Kaspersky Lab is an international group of companies headquartered in Moscow and comprising five regional divisions. which manage the company's operations in Russia. Kaspersky Lab products are certified by major testing laboratories. the Middle East. the most important award to Kaspersky Lab is the commitment of users all over the world. Japan. GFI (Malta).com 82 . D-Link (Taiwan).html (for sending requests to virus analysts) Kaspersky Lab web forum: http://forum. smartphones. and firewalls. Many of technologies that make part of any modern anti-virus were first developed by Kaspersky Lab. In 2008. according to the COMCON survey "TGI-Russia 2009".KASPERSKY LAB ZAO Kaspersky Lab is a world-renowned manufacturer of systems protecting computers against such threats as viruses and other malware. Microsoft (USA). Achievements.com (only for sending probably infected files in archive format) http://support. Technologies. WatchGuard Technologies (USA).securelist. SonicWALL (USA). Virus analysts work around the clock at Kaspersky Lab. However. and optimized for work on most hardware platforms. Its range of personal products includes anti-virus applications for desktop and laptop computers. compatible with the applications of most software vendors. web servers.kaspersky.com http://www. unsolicited email (spam). as well as network and hacking attacks. Kaspersky Lab antivirus database is updated hourly. NETASQ (France). Kaspersky Lab official site: Virus Encyclopedia: Anti-Virus Lab: http://www. M86 Security (USA). PDAs. Many of the company's innovative technologies are backed by patents. Products. Anti-Spam database – every 5 minutes. and other mobile devices.kaspersky. Years of struggle against computer threats have brought hundreds of awards to Kaspersky Lab. Africa. file servers. Parallels (Russia). Check Point Software Technologies (Israel). It is therefore logical for many third-party software developers to use the kernel of Kaspersky Anti-Virus in their own applications. Western and Eastern Europe. Kaspersky Lab is the preferred developer of computer protection systems for home users in Russia. NETGEAR (USA). CommuniGate Systems (USA). and other countries of the AsiaPacific region.

INFORMATION ABOUT THIRD-PARTY CODE Information about third-party code is contained in the file legal_notices. in the application installation folder. 83 .txt.

. 84 . Linux is a trademark of Linus Torvalds. in the USA and elsewhere. Inc. Inc. registered in the USA and elsewhere.TRADEMARK NOTICES Registered trademarks and service marks are the property of their respective owners. VMware is a trademark of VMware. registered in the USA and elsewhere. registered in the USA and/or in other jurisdictions. Novell and SUSE are the trademarks or registered trademarks of Novell. Microsoft. Vista and Windows are trademarks of Microsoft Corporation.

........................................................................................................................ 23 C Changing the configuration of SVMs .............. 59 SVM ............................................................................................................................................................................................................................................................................................................................................................................................................. 72 update distribution .......................................... 59 full scan .............................................................. 43 Application architecture ........................ 18 L License ....................................................................................................................................................................................................... 70 85 ................................................................................................................................................................................................................................ 43 P Policies ........................................................................................................................................................................................................................................ 41 K Kaspersky Lab ZAO ...........................INDEX A Activating the application..................................................................................... 70 U Update source ................................................................................................................................................................................................................................................................. 41 renewing .................................. 82 Key file ...... 42 KSC cluster ...................................................................................... 29 Creating policies ... 59 installing a key .................................................................. 19 Protection profile inheritance .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 19 R Removing the application ........................................................................................................................................................................................................................................................ 49 Protection profile ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 38 Reports...................... 15 T Task custom scan ........................................................ 15 Application installation .............................................................. 32 E End User License Agreement ...................................................................................................................................................... 19 Protected infrastructure of the KSC cluster .................................................................................................................................................................................................................................................................................................................... 18 Protection of virtual machines ............................. 20 S Scanning of virtual machines ...................................................................................................................................................................... 43 rollback ................................ 75 Root protection profile ...................................................................................................

............................... 16 86 ..............................ADMINISTRATOR'S GUIDE Updating the application ......................................................................................................................................................... 23 V Virtual machine image ............................................................................