KL 002.10 Eng Labs sp2 v1.1

SP2 Version 1.
Kaspersky Lab
www.kaspersky.com
L1.11
Lab 1.1. Installing Kaspersky Security Center
Lab 1.1
Installing Kaspersky Security Center
Lab objective. Study custom installation of the Kaspersky Security Center.
Scenario. You are an antivirus security administrator at ABC Company. The decision was made to protect
the network with Kaspersky Endpoint Security. First, you need to install Kaspersky Security Center. A computer
running Windows Server 2008 R2 was chosen for the installation of the Administration Server and Microsoft SQL
Server 2008 R2 Express, which is necessary for storing Administration Server data.
Contents. In this lab, we will:
1. Install the Administration Server together with Microsoft SQL Server 2008 R2 Express Edition
2. Proceed through the Quick Start Wizard to configure the Administration Server
Preparation
1. Turn on the DC domain controller.

Security-Center
2. Boot up the Security-Center computer
3. Log on to the abc\Administrator account,

password Ka5per5Ky
Task 1
Install the Administration Server
Despite the fact that the installer of Kaspersky Security Center has the Standard mode where almost no solutions are
to be taken, the administrators often prefer the Custom installation. Usually, they do not actually intend to modify
the standard installation parameters; they are rather eager to explore the system capabilities and understand its
operation principles.
In this task, you will install MS SQL 2008 R2 Express Edition and Administration Server in the custom installation
mode.
L1.12 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
1. Run the installer from the handout USB flash

drive (setup.exe)
2. Click the Install Kaspersky Security Center

link
3. On the welcome page of the wizard, click Next
4. Accept the license agreement and click Next
5. Select the Custom installation type and click

Next
L1.13
6. On the following page, click Next
7. Choose the Fewer than 100 computers in

the network option and click Next
9. On the Account for services page, click Next

L1.14 KASPERSKY LAB
Fundamentals
10. Keep the Microsoft SQL Server option selected

and click Next
11. Agree to Install Microsoft SQL Server 2008 R2

Express SP2 (Recommended) and click Next
12. Select the Microsoft Windows Authentication

Mode for Administration Server connections to
the database management server
13. Click Next to proceed with the installation
14. On the Shared folder page, click Next
15. On the subsequent page, click Next
16. Select the IP address of the Administration Server

and click Next
L1.15
18. On the following page, click Install
19. On the last page of the wizard, click Finish

L1.16 KASPERSKY LAB
Fundamentals
Task 2
Proceed through the Quick Start Wizard to configure
the Administration Server
In this task, you will proceed through the Quick Start Wizard. When setting up notifications for the administrator,
you will need to specify e-mail parameters. Ask the instructor about them.
Security-Center
1. Select the Administration Server node
3. To add a license, click Activate application with

key file
4. Specify the path to the key file located in

the \Keys directory of the handout USB flash
drive, then click Next
L1.17
Security-Center
5. Select I agree to participate in Kaspersky

Security Network
6. In the Recipients filed, type

the administrator@abc.lab address, and in
SMTP servers, 10.28.0.10
7. When ready, click Notify with message to test

the settings
8. Make sure that the message is sent successfully

L1.18 KASPERSKY LAB
Fundamentals
Security-Center
9. Close the test results window
10. Run Windows Live Mail
11. Make sure that there is the test message from

the Administration Server in the box
12. If the notification is missing, check correctness of

the specified settings and repeat sending the test
message
13. Return to the Quick Start Wizard and click Next

on the notification sending page
14. In the KSN Participation Statement window,

select I accept the terms of participation in
Kaspersky Security Network and click OK
15. Consult the scanning exclusions and trusted

applications that Kaspersky Endpoint Security
can add and click OK
L1.19
Security-Center
16. Wait until the policies and tasks are created
18. Without waiting for update to finish, click Next
19. On the Network poll page, click Next

L1.110 KASPERSKY LAB
Fundamentals
Security-Center
20. On the following page, clear the Run Protection

Deployment Wizard check box and click Finish
21. Select the Managed computers node
22. Switch to the Computers tab. Make sure that

the Security-Center computer is there
23. Close the Administration Console

Conclusion
In this lab, we installed all the components of Kaspersky Security Center on one server. This is a typical approach
for small and middle-size networks. In large networks, the database can be created on a separate server, and
the commercial version of MS SQL Server is usually chosen.
Installation of the Administration Server and the database server on different computers is out of the scope of this
lab. This configuration is described in the Students Guide.
L1.21
Lab 1.2. Deploying Kaspersky Endpoint Security
Lab 1.2
Deploying Kaspersky Endpoint Security
Lab objective. Learn how to install Kaspersky Endpoint Security using the remote installation wizard.
Scenario. You are an antivirus security administrator in ABC Company and proceed with the deployment of
Kaspersky Endpoint Security in the network. Now you need to install Kaspersky Endpoint Security for Windows on
the desktop computers accessible over the network. All computers are in the domain and firewalls are disabled on
them according to the domain policy.
1. Install Kaspersky Endpoint Security for Windows on the computers by the standard remote installation
wizard
2. Make sure that Anti-Virus is installed successfully
Preparation
1. Make sure that the DC and Security-Center

computers are running. If not, power them on.
Security-Center

password Ka5per5Ky
Desktop
3. Boot up the Desktop computer
4. Log on to the abc\Alex account, password

Ka5per5Ky
Task 1
Install Kaspersky Endpoint Security for Windows
In this task, you will install Kaspersky Endpoint Security for Windows on Security-Center and Desktop computers
using the standard remote installation wizard.
L1.22 KASPERSKY LAB
Fundamentals
Security-Center
1. Run Kaspersky Administration Console

(Start\All programs\Kaspersky Security
Center\Kaspersky Security Center)
3. In the Deployment area, click Install Kaspersky

Anti-Virus
4. On the Remote installation page, click Deploy

installation package on managed computers
(workstations)
L1.23
Security-Center
5. On the following page, make sure that

the Kaspersky Endpoint Security 10 for
Windows package is selected and click Next
6. On the Selecting computers for installation

page, click Select computers for deployment
7. Expand Managed computers and select

the Security-Center computer
L1.24 KASPERSKY LAB
Fundamentals
Security-Center
8. Expand Unassigned devices, then the ABC

domain, select the Desktop computer and click
Next
10. On the Selecting a key page, click Next

L1.25
Security-Center
11. On the Selecting action if operating system

restart is required during installation page,
click Next
13. On the Moving to the list of managed

computers page, click Next
L1.26 KASPERSKY LAB
Fundamentals
Security-Center
14. On the following page, select the Account

required (Network Agent not installed) option
15. Click Add
16. Type Administrator, password Ka5per5Ky and

click OK
17. On the Selecting accounts to access

the computers page, click Next
L1.27
Security-Center
19. Click Next once again

L1.28 KASPERSKY LAB
Fundamentals
Security-Center
20. Select the Deploy Kaspersky Endpoint Security

10 for Windows task and make sure that it is
running on two computers
21. Wait for the task to complete successfully

L1.29
Task 2
Check the installation success
In this task, you will make sure that Kaspersky Endpoint Security for Windows is installed and running.
Security-Center
1. Click View results and look through the task

report
3. Switch to the Computers tab. Make sure that

there are two computers there: Desktop and
Security-Center
Fundamentals
Security-Center
4. Open the properties of the Desktop computer
5. Switch to the Applications section
6. Make sure that Network Agent and Kaspersky

Endpoint Security are installed and running
7. Close the properties of the Desktop computer and

Kaspersky Administration Console
Desktop
8. Power off the Desktop computer

L1.211
Conclusion
In this lab, we remotely installed Kaspersky Endpoint Security on the computers with the Network Agent and
without it. One of the target computers was the Administration Server, which already includes the Network Agent
component. Since the installation was from the Administration Server on to itself, it wasnt really remote. However,
the installation procedure on a remote computer with the installed Network Agent is the same.
If the Network Agent is already installed on the computer and connected to the Administration Server, it saves
the administrator a lot of trouble. They do not have to worry about how to access the computer, how to ensure
the task has sufficient rights to install the Kaspersky Endpoint Security, how to get around local firewalls and
restrictions imposed by security policies, etc. If a Network Agent can connect to the Administration Server, it can
download the installation package and run it under the system account, which is enough.
Installation on the computers without the Network Agent runs smoothly only if these computers have been properly
prepared beforehand; in this case, firewall was disabled on the Desktop computer by the domain policy.
Fundamentals
L1.31
Lab 1.3. Installing Kaspersky Endpoint Security 10 for Windows on a Mobile Computer
Lab 1.3
Installing Kaspersky Endpoint Security 10 for
Windows on a Mobile Computer
Lab objective. Install Kaspersky Endpoint Security 10 for Windows using a one-click installation package
downloaded from the web server.
Scenario. You are an antivirus security administrator in ABC Company and proceed with the deployment of
Kaspersky Endpoint Security in the network. Your task is to remotely install Kaspersky Endpoint Security 10 for
Windows on mobile computers. You need to create an installation package with which even an unskilled user can
successfully install the Network Agent and Kaspersky Endpoint Security 10 for Windows. Then send the users
an email with installation instructions.
1. Get acquainted with the installation parameters of Kaspersky Endpoint Security 10 for Windows specified in
the properties of the installation package
2. Export the package into a standalone installation package
3. Send the users the link to the package
4. Install Kaspersky Endpoint Security for Windows
Preparation

Security-Center
2. Log on to the abc\Administrator account.

Password Ka5per5Ky
Laptop
3. Boot up the Laptop computer
4. Log on to the ABC\Tom account, password

Ka5per5Ky
Task 1
Get acquainted with installation parameters of Kaspersky
Endpoint Security 10 for Windows
In this task, you will need to study the installation parameters of Kaspersky Endpoint Security 10 for Windows
specified in the properties of the standard installation package. These parameters will also be used in the 1-click
installation package.
L1.32 KASPERSKY LAB
Fundamentals
Security-Center
1. Start the Administration Console
2. Expand the Advanced | Remote installation

node
3. Select the Installation packages node
4. Select the Kaspersky Endpoint Security 10 for

Windows installation package
5. Click the Show installation package properties

window link to open the corresponding window
L1.33
Security-Center
6. Switch to the Settings section
7. Note that the Standard installation option is

selected by default in the Installation type field
8. Switch to the Key section

L1.34 KASPERSKY LAB
Fundamentals
Security-Center
9. Switch to the Incompatible applications section
10. Select the Uninstall incompatible applications

automatically check box
11. Click OK

Task 2
Create a standalone installation package
In this task, you will create a standalone installation package for Kaspersky Endpoint Security 10 for Windows and
Network Agent by a special wizard.
Security-Center
1. Select the Kaspersky Security 10 for Windows

package
L1.35
Security-Center
2. Click the Create stand-alone installation

package link in the lower-right pane

L1.36 KASPERSKY LAB
Fundamentals
Security-Center
4. On the Moving to the list of managed

computers page, click Next
5. Wait for the results to be displayed
6. On the Result of stand-alone installation

package creation page, click Next
7. On the last page, click Finish

Task 3
Send a link to the created standalone package
In this task, you will e-mail a link to the installation file of Kaspersky Endpoint Security for Windows.
L1.37
Security-Center
1. Click the View the list of stand-alone packages

button
2. Right-click the Web address field
3. On the shortcut menu, click Select all, then click

Copy
4. Click the Send by email button
5. Delete the hyperlink automatically added by

the Administration Console and paste the copied
link
6. Type Tom@abc.lab for the recipients address

L1.38 KASPERSKY LAB
Fundamentals
Security-Center
7. Send the message
8. Close the General list of stand-alone packages

window

Task 4
Install Kaspersky Endpoint Security for Windows
In this task, you are the user of a mobile computer who will receive the message from the administrator, download
the installation file of Kaspersky Endpoint Security for Windows and install the program.
ClamWin Anti-Virus is installed on the Laptop computer, which theoretically complicates the installation. You will
see that it will be uninstalled automatically during the installation of Kaspersky Endpoint Security for Windows.
Laptop
1. On the Laptop computer, run Windows Live

Mail
2. Open the message in the Inbox
3. Click the link in the message
4. In the Security Warning window, click Run

L1.39
Laptop
5. In the User Account Control window, click Yes
6. In the following window, click Start installation
7. Wait for the installation to complete
8. In the following window, click Restart
9. Restart the Laptop computer

Ka5per5Ky
Fundamentals
Security-Center
11. On the Security-Center computer, in Kaspersky

Administration Console, select the Managed
computers node and switch to the Computers
tab
12. Make sure that the Laptop computer is shown in

the Managed computers group

Laptop
14. Power off the Laptop computer

Conclusion
In this lab, we implemented the use case of deploying Kaspersky Endpoint Security for Windows with the users
help. All the user has to do is download the installation file of Kaspersky Endpoint Security for Windows published
via the web server and run it. The installation runs automatically without user intervention.
Also the lab demonstrates that the installer of Kaspersky Endpoint Security for Windows automatically recognizes
and uninstalls protection tools by other manufacturers.
L1.41
Lab 1.4. Monitoring Protection Deployment
Lab 1.4
Monitoring Protection Deployment
Lab objective. Get acquainted with protection deployment monitoring tools.
Scenario. You are an antivirus security administrator in ABC Company. All the planned Kaspersky Endpoint
Security deployment work is completed, and you are coming down to protection maintenance. Meanwhile, you want
to make sure that all network computers are protected by the current version of Kaspersky Endpoint Security. Also,
to simplify adding new computers to the protection system, you want to configure notifications about the new
computers detected in the network.
1. Gather data about Kaspersky Endpoint Security deployment status and versions of the installed programs
2. Set up notifications about new computers
Preparation

Security-Center

password Ka5per5Ky
Task 1
Gather data about Kaspersky Endpoint Security
deployment status and versions of the installed programs
In this task, you will gather data about Kaspersky Endpoint Security deployment status in the protected network, and
check the versions of installed programs. Use reports for this purpose.
Security-Center

L1.42 KASPERSKY LAB
Fundamentals
Security-Center
2. Select the Administration Server node and open

the Reports tab
3. Select the Protection deployment report

L1.43
Security-Center
4. Click Show report
5. Make sure that both Network Agent and KES are

installed on all computers
6. Select the Kaspersky Lab software version

report and click Show report
L1.44 KASPERSKY LAB
Fundamentals
Security-Center
7. Make sure that both Network Agent and KES are

installed on all computers

Task 2
Configure notification for the New computer is found
event
In this task, you will configure e-mail notification for the administrator about new computers discovered in
the protected network.
Security-Center
1. Open the Properties window for

the Administration Server node
L1.45
Security-Center
2. Switch to the Event notification section
3. Open the Info tab
4. Select the New computer is found event
5. Click the Properties button

L1.46 KASPERSKY LAB
Fundamentals
Security-Center
6. Select the Notify by email check box
7. Click Settings
8. Note that by default the e-mail parameters are

inherited from those specified in
the Administration Server notification properties,
but the inheritance can be disabled and you can
provide any event with individual e-mail
parameters.
9. In the other two windows, click OK

L1.47
Security-Center
10. Note that by default the e-mail parameters are In

the Administration Server Properties window,
click OK

Conclusion
This lab demonstrates some of the tools that help detect unprotected or inadequately protected computers in
the network. In practice, those may include new computers, computers restored from an image, computers where
users have managed to uninstall Network Agent or KES, or computers where management and protection tools have
not been installed yet. The administrators task is to make these computers managed and protected as soon as
possible.
In addition to the described tools, the administrator can use event and computer selections. In particular, the built-in
selection of new computers found in the network.
If the administrator deliberately leaves some computers or other network devices without protection, it might be
worthwhile to move them into a separate group, so as they are not mixed with unassigned computers that need
protection.
L1.48 KASPERSKY LAB
Fundamentals
L1.51
Lab 1.5. Creating the Managed Computers Structure
Lab 1.5
Creating the Managed Computers Structure
Lab objective. Create subgroups for servers, workstations and mobile computers, and also automatic relocation
rules that populate the groups with computers having the specified operating systems and IP addresses.
Scenario. You are an antivirus security administrator in ABC Company who configures a centralized protection
system based on Kaspersky Lab products. According to the project plan, all workstations are to be placed in
the Desktops subgroup; servers, in the Servers subgroup; and mobile computers, in the Laptops subgroup. Your task
is to automate the process so as protected computers are automatically moved to their respective groups.
1. Create subgroups for workstations, mobile computers and servers

2. Automate computers relocation to the groups
Preparation

Security-Center

password Ka5per5Ky
Task 1
Create subgroups for workstations and servers
In this task, you will create two subgroups in the Managed computers container: Servers and Workstations. Then
in the Workstations subgroup, create Desktops and Laptops subgroups. All subgroups are created manually via
the toolbar or via the shortcut menu of the parent container.
Security-Center

L1.52 KASPERSKY LAB
Fundamentals
Security-Center
3. Switch to the Computers tab
4. Make sure that all computers where Kaspersky

Endpoint Security for Windows is installed are
located in the Managed computers group
5. Click New group
6. Type Servers for the name and click OK
7. Select the Managed computers node again
8. Add another subgroup named Workstations

L1.53
Security-Center
9. In the Workstations group, create Desktops and Laptops subgroups

Task 2
Automate computers relocation to the subgroups
In this task, you will create rules that will automatically relocate computers with the Network Agent and Microsoft
Windows Server 2008 R2 operating system into the Servers subgroup; computers having IP addresses belonging to
the IP range allocated for mobile computers, into the Laptops subgroup; and computers having IP addresses
belonging to the IP range allocated for workstations, into the Desktops subgroup.
Security-Center
1. Open the Advanced | Network poll node

L1.54 KASPERSKY LAB
Fundamentals
Security-Center
2. Click the Configure rules of computer

allocation to administration groups link
3. Click Add
4. Type Servers for the rule name
5. Click Select and select the Servers subgroup
6. Select the Rule works permanently option
7. Clear the Move only computers not added to

administration groups check box
8. Select the Enable rule check box
10. In the Network Agent is running drop-down list,

click Yes
11. Select the Operating system version check box

L1.55
Security-Center
12. Select the Microsoft Windows Server 2008 and

Microsoft Windows 2008 R2 operating systems
13. Click OK to save the parameters
14. Click Add
15. Type Desktops for the rule name
16. Click Select and select the Desktops subgroup

L1.56 KASPERSKY LAB
Fundamentals
Security-Center
20. Switch to the Network section
21. Select the IP range check box
22. Specify 10.28.0.10010.28.0.199 IP range

L1.57
Security-Center
24. Click Add
25. Type Laptops for the rule name
26. Click Select and select the Laptops subgroup

30. Switch to the Network section
31. Select the IP range check box

L1.58 KASPERSKY LAB
Fundamentals
Security-Center
32. Specify 10.28.0.20010.28.0.254 IP range
34. Click OK again
35. In the Servers group, switch to the Computers

tab
L1.59
Security-Center
36. Make sure that the Servers relocation rule works:

the Security-center computer has been moved
into this subgroup
37. Make sure that the other rules also work fine and
the Desktop and Laptop computers are located in
their respective groups

Conclusion
In this lab, you learned how to create subgroups in the managed computers structure, and how to enable automatic
relocation of computers to the subgroups.
The theoretical part of the course addresses the details that are not covered in this lab.
Fundamentals
L1.61
Lab 1.6. Creating Tasks and Policies
Lab 1.6
Creating Tasks and Policies
Lab objective. Create separate tasks and policies for servers and workstations
Scenario. You are an antivirus security administrator in ABC Company whose network is protected with Kaspersky
Endpoint Security. The protection is managed via the Kaspersky Security Center. You want to create separate
policies, virus scan tasks and vulnerability scan tasks for the Windows servers and workstations. This will allow
optimization of the settings for real-time protection and scan tasks for servers and workstations. In addition, you
want to separate database updates and Kaspersky Endpoint Security module updates on Windows Servers, because
module updates may require a restart, which must be planned in advance on servers.
1. Create separate policies for Windows workstations and servers

2. Modify real-time protection parameters for servers
3. Create separate virus and vulnerability scan tasks for Windows workstations and servers
4. Create separate update tasks for Windows workstations and servers
Preparation

Security-Center

password Ka5per5Ky
Task 1
Create separate policies for Windows workstations and
servers
In this task, you will make separate policies for Windows workstations and servers from the default policy.
Security-Center
2. Open the Managed computers group
3. Switch to the Policies tab

L1.62 KASPERSKY LAB
Fundamentals
Security-Center
4. Select the Kaspersky Endpoint Security 10

Service Pack 1 Maintenance Release 2 for
Windows policy
5. On the shortcut menu of the policy, click Copy

L1.63
Security-Center
6. Open the Servers subgroup and switch to

the Policies tab
7. Right-click the pane intended for the list of

policies
8. Click Paste on the menu

L1.64 KASPERSKY LAB
Fundamentals
Security-Center
9. On the shortcut menu of the pasted policy, click

Properties
10. Change the policy name to Policy Windows

Servers
11. Select the Active policy option
12. Click OK
13. Open the Workstations subgroup and switch to

the Policies tab
L1.65
Security-Center
14. Copy the Kaspersky Endpoint Security 10

Windows policy from the Managed computers
group into the Workstations subgroup
15. Open the properties of the pasted policy
16. Rename the policy to Office policy Windows

Workstations
18. Click OK
19. Open the Managed computers group and switch

to the Policies tab
L1.66 KASPERSKY LAB
Fundamentals
Security-Center
20. Delete the Kaspersky Endpoint Security 10

Windows policy

Task 2
Modify real-time protection parameters for servers
In this task, we will edit the real-time protection settings for servers, because the default policy settings are geared
towards workstations rather than servers. Servers are less prone to the infections resulting from the actions of users.
At the same time, high performance is an important requirement for servers, which is why some protection
components can work in resource saving mode, and some can be disabled on servers.
Security-Center

the Policies tab
L1.67
Security-Center
2. Select Policy Windows Servers
3. Open the policy properties
4. Switch to the File Anti-Virus section
5. Click the Settings button

L1.68 KASPERSKY LAB
Fundamentals
Security-Center
6. Switch to the Performance tab
7. Clear the Heuristic Analysis check box
8. Click OK
9. Switch to the Application Settings section
10. Select the Allow management of group tasks

check box
L1.69
Security-Center
11. Click OK
12. Wait for the policy to be enforced
13. Click Kaspersky Endpoint Security icon in

the notification area to open KES interface
Fundamentals
Security-Center
14. Switch to the Settings tab
15. Select File Anti-Virus
16. Click Settings
17. Switch to the Performance tab
18. Make sure that the settings correspond to

the policy and click OK
19. Close local interface of KES

L1.611
Task 3
Create separate virus and vulnerability scan tasks for
Windows workstations and servers
In this task, you will create virus and vulnerability scan tasks for Windows workstations and servers, and also adjust
their settings and schedule.
Security-Center

to the Tasks tab
2. Copy the Quick Virus Scan task from the

Managed computers group into the Servers
subgroup
3. Open the task properties

Fundamentals
Security-Center
4. Rename the task into Virus Scan Windows

Servers
5. Switch to the Schedule section

L1.613
Security-Center
6. Schedule the task to start every Saturday, at

2 AM
7. Switch to the Properties section
8. Click the Settings button in the Scan scope area
9. Clear all check boxes except for Disk boot

sectors
Fundamentals
Security-Center
10. Click Add
11. Select the All hard drives object
12. Click OK
13. In the other two windows, click OK
14. Copy the Virus Scan task from the Managed

computers group into the Workstations
subgroup
L1.615
Security-Center
15. Open the properties of the pasted task
16. Rename the task into Virus Scan Windows

Workstations
18. Schedule the task to start on Friday at 1:00:00 PM
19. Click OK
Fundamentals
Security-Center
20. Copy the Find vulnerabilities and required

updates task from the Managed computers
group into the Servers subgroup
22. Rename the task into Find vulnerabilities and

required updates Windows Servers
L1.617
Security-Center
24. Schedule the task to start daily at 2:00:00 AM
25. Click OK
26. Copy the Find vulnerabilities and required

updates task from the Managed computers
group into the Workstations subgroup
Fundamentals
Security-Center
28. Rename the task into Find vulnerabilities and

required updates Windows Workstations
30. Set the schedule to On completing another task
31. Click the Select button next to the Task name

field
L1.619
Security-Center
32. Select the Quick Virus Scan Windows

Workstations task and click OK
33. Click OK

to the Tasks tab
35. Delete the Find vulnerabilities and required

updates and Quick Virus Scan tasks

Fundamentals
Task 4
Create separate update tasks for Windows workstations
and servers
In this task, you will create separate update tasks for Windows workstations and servers from the update task created
by the Quick Start wizard.
Security-Center
1. Copy the Install update task from the Managed

computers group into the Workstations
subgroup
3. Rename the task into Install update Windows

Workstations
4. Click OK
L1.621
Security-Center
5. Copy the Install update task from the Managed

computers group into the Servers subgroup
7. Rename the task into Install update Windows

Servers
Fundamentals
Security-Center
9. Note that only approved updates are installed by

default
10. Click OK

to the Tasks tab
12. Delete the Install update task

Conclusion
This lab demonstrates how to quickly make separate tasks and policies for Windows servers and workstations. This
separation facilitates further maintenance from the point of view of optimized settings of policies and tasks. In small
networks, where clients mainly consist of Windows workstations, such separation might be excessive.
L2.11
Lab 2.1. File Anti-Virus Testing
Lab 2.1
File Anti-Virus Testing
Lab objective. Make sure that File Anti-Virus protects the file system.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. A user complains that files cannot be copied
from a shared resource, and when copied archives are unpacked, the files disappear. Your task is to deal with this
situation on the users computer.
1. Copy infected files from a network folder
2. Study the results of a virus download attempt
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
L2.12 KASPERSKY LAB
Fundamentals
Task 1
Attempt to copy and open infected files on the client
computer
In this task, you will copy files containing test viruses from the kl_002.10_files folder located on the DC computer
to the Desktop. Unpack the archive and make sure that File Anti-Virus is functional.
Desktop
1. Click Start
2. In the Run field, type the path to the

kl_002.10_test_files folder and press ENTER.
Ask the instructor about the folder location
3. Copy eicar.com and eicar.zip (separately) from

the kl_002.10_test_files folder to your desktop
4. Click Cancel in the Windows warning
5. Make sure that only the eicar.zip file is copied
6. Unpack the archive into the eicar folder
7. Make sure that the eicar.com file disappears from

the eicar folder almost immediately after
unpacking

L2.13
Lab 2.1. File Anti-Virus Testing
Task 2
Examine the results of virus processing
In this task, you will study the File Anti-Virus operation results.
Desktop
1. Click Kaspersky Endpoint Security icon in

the notification area to open KES interface
2. Click Reports
3. Select the File Anti-Virus report
4. Consult the latest events

L2.14 KASPERSKY LAB
Fundamentals
Conclusion
In this lab, we studied Kaspersky Endpoint Security reaction to copying infected files from a shared folder to
the protected computer. The lab demonstrated that an archive with an infected file was copied to the protected
computer without being scanned. However, as soon as the infected object was extracted from the archive, it was
automatically processed by File Anti-Virus and deleted. The administrator should remember that by default, KES
File Anti-Virus does not show notifications about detected and deleted malware to the user. This behavior (file
disappearing) can make the users react unpredictably. That is why the administrator should not only delete
the infected files from the shared resource and try to find out how they have got there, but also consider enabling
notification about processed infected objects for the users.
L2.21
Lab 2.2. Identifying Unreliable Users
Lab 2.2
Identifying Unreliable Users
Lab objective. Get acquainted with Web Anti-Virus and Attack Blocker components and KSC capabilities for
monitoring incidents on client computers.
Security. The protection is managed via the Kaspersky Security Center. You know that an infected computer can
cause serious problems for the network security, because many viruses can spread over the network and attack other
computers using the operating system vulnerabilities and shared folders. Your task is to view a special network
attack report and if an attack is detected, find its source and study the situation on the attacking computer.
1. Simulate actions of a malevolent user
2. Create a report about network attacks, find the computer that performed the attack and the user who worked
on this computer
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Laptop

Ka5per5Ky
Task 1
Simulate actions of a malevolent user
In this task, you will try to download special files imitating infected objects from the Internet and imitate a network
attack on the Desktop computer.
L2.22 KASPERSKY LAB
Fundamentals
Laptop
1. Run Internet Explorer
2. Go to www.eicar.org
3. Click ANTI-MALWARE TESTFILE
4. Click DOWNLOAD
L2.23
Laptop
5. Download eicar_com.zip over HTTP. In

the Download area using the standard protocol
http, click eicar_com.zip
6. Read the message
7. Return to the previous page

L2.24 KASPERSKY LAB
Fundamentals
Laptop
8. Download eicar.com over HTTPS. In

the Download area using the secure, SSL
enabled protocol https, click eicar.com
9. Save the file to the desktop
10. In the Unsafe Download - Security Warning

window, click Disregard and download unsafe
file
11. In the File Access Denied window, click Cancel
12. When prompted to confirm, click Yes
13. Copy the kltps.exe file to your desktop. Ask

the instructor about the file location
14. Open the command line interface

L2.25
Laptop
15. Carry out the following command:

C:\Users\Tom\Desktop\kltps.exe desktop 110

Task 2
Generate the Network attack report and find the problem
computer
In this task, you will create a report about network attacks, find the IP address of the attacking computer, find this
computer in the KSC structure using the search utility, analyze the events registered on this computer, and identify
the user who worked on this computer.
Security-Center
3. Switch to the Reports tab

L2.26 KASPERSKY LAB
Fundamentals
Security-Center
4. Click Create a report template
5. Type Network attack report for the report name

and click Next
6. Select the Network attack report template and

click Next
7. On the three subsequent pages, click Next

L2.27
Security-Center
9. Select the created Network attack report

L2.28 KASPERSKY LAB
Fundamentals
Security-Center
11. Note that the report shows the address of

the attacking computer
12. Go to the Managed computers group
13. Right-click the Managed computers group
14. On the shortcut menu, click Search

L2.29
Security-Center
15. In the Computer name field, type the IP address

of the computer that performed the attack,
10.28.0.200
16. Click Find now

Fundamentals
Security-Center
17. Right-click the found computer
18. Click Events on the shortcut menu
19. Examine the list of events
20. Select the Object will be deleted on restart

event
21. Open the event properties

L2.211
Security-Center
22. Read the event description
23. Go to the previous event and read its description,

too
24. Close the event settings and the list of events
25. On the shortcut menu of the Laptop computer,

click Properties
26. Open the System Info | Sessions section
27. Note the user who worked on the computer

Fundamentals
Task 3
Send a message prompting for restart to the problem
computer
In the previous task, the administrator analyzed the events on the computer and discovered that a malicious object
was detected, which will be deleted on restart. In this task, the administrator needs to write and send the user
a message asking to restart the computer where the incident was registered.
Security-Center
1. Select the Laptop group and switch to the Tasks

tab
2. Right-click the Laptop group
3. Click All Tasks, Show Message
4. On the Settings page, type the message to be

displayed to the user and click Next

L2.213
Security-Center
6. On the Finish creating the task page, select

the Run task after Wizard finishes check box
7. Click Finish
Laptop
8. Make sure that the user has received the message

Fundamentals
Laptop
9. Click OK
10. Restart the Laptop computer

Conclusion
In this lab, we examined Kaspersky Endpoint Security reaction to an attempted downloading of infected objects
over HTTP and HTTPS. As you noticed, Web Anti-Virus, unlike File Anti-Virus, by default notifies the user about
the detected infected objects. Web Anti-Virus does not scan the objects downloaded over https, but they are scanned
by File Anti-Virus when the user attempts to write such objects on the hard drive.
If network attacks were registered in the network, Kaspersky Security Center helps the administrator find out which
computers performed the attacks and names of the users who worked on these computers. The administrator should
do two things with this information: disinfect the computer to stop attacks as soon as possible, and educate the user
who caused the incident.
L2.31
Lab 2.3. Configuring the Firewall
Lab 2.3
Configuring the Firewall
Lab objective. Forbid all computers except for the administrators from remote desktop connections to the server
where the Kaspersky Security Center is installed.
Security. The protection is managed via the Kaspersky Security Center. You want to be able to connect to the server
using Remote Desktop Connection; however, access should be restricted for security reasons. Your task is to change
the policy for servers so that only the administrators computer can use Remote Desktop to connect to the server
where KSC is installed.
1. Restrict connections in the policy for servers

2. Test the restrictions
Preparation

Security-Center

password Ka5per5Ky
3. Click Start, Control Panel, System
4. Click Remote settings
5. Switch to the Remote tab
6. Select the Allow connections from computers

running any version of Remote Desktop option
7. In the information window, click OK

L2.32 KASPERSKY LAB
Fundamentals
8. In the System Properties window, click OK
9. Close the System window

Desktop

Ka5per5Ky
Laptop

Ka5per5Ky
Task 1
Restrict connections in the policy for servers
In this task, you will create two Firewall rules in the policy: a rule denying all connections on port 3389, and a rule
allowing the specified computers to connect to port 3389.
Security-Center

the Policies tab
3. Select Policy Windows Servers

L2.33
Security-Center
4. Click Change policy settings
5. Switch to the Firewall section
6. Click the Settings button next to Configure rules

for network packets and data streams
7. Click Add
L2.34 KASPERSKY LAB
Fundamentals
Security-Center
8. In the Action drop-down list, select Block
9. In the Name field, type Block Remote Desktop

connections
10. Select the Protocol check box and make sure that
the TCP protocol is selected
11. In the Direction drop-down list, select Inbound
12. In the Local Ports field, type 3389
13. Click OK
14. Move the rule to the top of the list
15. Click Add

L2.35
Security-Center
16. In the Action drop-down list, select Allow
17. In the Name field, type Allow Remote Desktop

connections
18. Select the Protocol check box and make sure that
the TCP protocol is selected
19. In the Direction drop-down list, select Inbound
20. In the Local Ports field, type 3389
21. In the Remote addresses drop-down list, select

Addresses from the list
22. Below, add IP address 10.28.0.100
23. Click OK
24. Move the rule to the top of the list

L2.36 KASPERSKY LAB
Fundamentals
Security-Center
25. Click OK twice

Task 2
Test the restriction
In this task, you will use Remote Desktop to connect to the computer where the Kaspersky Security Center is
installed, first from the administrators computer (Desktop), then from the users computer (Laptop).
Desktop
1. Click Start, All Programs, Accessories, then

Remote Desktop Connection
2. In the Computer field, type IP address 10.28.0.20

L2.37
Desktop
3. Click Connect
4. Click Use another account
5. Type the ABC\Administrator username and

Ka5per5Ky password
6. Click OK
7. In the certificate download window, click Yes
8. Make sure that the connection is established

successfully
9. Close the remote desktop window

Laptop
10. Click Start, All Programs, Accessories, then

Remote Desktop Connection
11. In the Computer field, type IP address

10.28.0.20
12. Click Connect
13. Make sure that the connection cannot be

established
14. Click OK

L2.38 KASPERSKY LAB
Fundamentals
Conclusion
In this lab, we studied the access control capabilities of the Kaspersky Endpoint Security Firewall. It should be noted
that Firewall rules can be created not only for packets, but also for applications. The list of rules is applied from
the top down.The rules for packets are applied first, then the rules for applications.
L2.41
Lab 2.4. Processing Virus Incidents
Lab 2.4
Processing Virus Incidents
Lab objective. Study KSC capabilities for investigating virus incidents.
Security. The protection is managed via the Kaspersky Security Center. Analysis of the Kaspersky Security Center
reports shows that on some computers a high number of viruses is detected. Your task is to perform additional
scanning on the computers where these incidents are registered.
1. View the reports on detected viruses

2. Create a selection of computers where viruses are detected
3. Scan the computers where viruses are detected
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Laptop

Ka5per5Ky
L2.42 KASPERSKY LAB
Fundamentals
Task 1
View the reports on detected viruses
In this task, you will view the reports on detected viruses and most infected computers.
Security-Center
3. Switch to the Reports tab
4. Select the Viruses report

L2.43
Security-Center
6. Consult the data represented in the report

L2.44 KASPERSKY LAB
Fundamentals
Security-Center
7. Open the Most infected computers report. This

report shows how many viruses were discovered
on each computer.
8. Consult the data represented in the report

L2.45
Task 2
Create a selection of computers where viruses are
detected
In this task, you will enable the "Many viruses detected" condition for computer statuses and consult the
corresponding selection.
Security-Center
1. Open the Administration Server node and

switch to the Monitoring tab
2. Pay attention to the Computer protection and

virus scan status
3. Open the properties of the Managed computers

group
L2.46 KASPERSKY LAB
Fundamentals
Security-Center
4. Switch to the Computer status section
5. In the Set computer status to Warning if: area,

select the Many viruses detected condition
6. Click OK
8. Pay attention to the Computer protection and

virus scan status
9. Click the Many viruses detected: 2 computers

link in the Computer protection and virus scan
area
L2.47
Security-Center
10. Open the properties of the Laptop computer
11. Switch to the Protection section
12. Note the status of the Laptop computer
13. Click Cancel to close the Properties window

L2.48 KASPERSKY LAB
Fundamentals
Task 3
Scan the computers where viruses are detected
In this task, you will create and run a scan task for the computers where viruses are found. Include in the task scope:
System Memory, Startup Objects and Disk boot sectors.
Security-Center
1. Select the Desktop and Laptop computers
2. Click Create a task
3. Select the Virus scan task and click Next

L2.49
Security-Center
4. Clear the All removable drives and All hard

drives check boxes; select the System Memory,
Startup Objects, and Disk boot sectors; then
click Next
5. On the three subsequent pages, click Next
6. Type Scan infected computers for the task name

and click Next

Fundamentals
Security-Center
8. Select the created task
9. Click Start
10. Wait for the task to complete

L2.411
Security-Center
11. Open the Many viruses detected selection
12. Select the Desktop and Laptop computers
13. Click Reset Virus Counter
14. Refresh the selection
15. Go to the Managed computers group
16. Open the properties of the Managed computers

group
Fundamentals
Security-Center
17. Switch to the Computer status section
18. In the Set computer status to Warning if: area,

clear the Many viruses detected condition
19. Click OK
Laptop

Conclusion
This lab shows how to diagnose and solve problems on client computers using statuses and selections. Selections are
especially convenient in large networks with numerous computers and groups, because they help find computers
having similar problems by their statuses.
L2.51
Lab 2.5. Configuring Exclusions
Lab 2.5
Configuring Exclusions
Lab objective. Study how application exclusions are configured in Kaspersky Endpoint Security.
Security. The protection is managed via the Kaspersky Security Center. You have decided to interact with remote
desktops using the DameWare Mini Remote Control program. Your task is to configure an exclusion for Dame
Ware Mini Remote Control in the policy, in order to use this program for interacting with the local interface of
Kaspersky Endpoint Security.
1. Make sure that remote management of KES interface is restricted

2. Create an exclusion rule for DameWare
3. Test the exclusion
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Task 1
Make sure that remote management of KES interface is
limited
In this task, you will connect to a remote desktop using the DameWare Mini Remote Control program and make
sure that the management of Kaspersky Endpoint Security interface is restricted.
L2.52 KASPERSKY LAB
Fundamentals
Security-Center
1. Double-click the DameWare Mini Remote

Control icon on the desktop
2. In the Host Name field, type Desktop
3. Click OK
4. In the User ID field, type Administrator
5. In the Password field, type Ka5per5Ky

L2.53
Security-Center
6. In the Domain field, type ABC
7. Click the Connect button
8. In the following window, click OK
9. In the Desktop - Connected window, open

the KES interface: click Start, All Programs,
Kaspersky Endpoint Security 10 for Windows,
Kaspersky Endpoint Security 10 for Windows
10. Make sure that you cannot close the KES

interface, and that interface navigation is disabled
so you cannot modify the KES settings
L2.54 KASPERSKY LAB
Fundamentals
Security-Center
11. Click the Disconnect button on the DameWare

Mini Remote Control toolbar
12. Close the DameWare Mini Remote Control

window

Task 2
Create an exclusion rule for DameWare
In this task, you will configure an exclusion for the server part of DameWare (i.e. the part which is installed on
remote computers and ensures connectivity), which will lift the restrictions imposed by the KES self-defense
component.
Security-Center

the Policies tab
3. Select the Office policy-Windows Workstations

L2.55
Security-Center
5. Switch to the General Protection Settings

section
6. Click the Settings button in the Exclusions and

trusted zone area
7. Switch to the Trusted applications tab
8. Click the Add button
9. In the Path field, type

C:\Windows\dwrcs\DWRCS.exe
10. Clear the Do not scan opened files check box

L2.56 KASPERSKY LAB
Fundamentals
Security-Center
11. Select the Allow interaction with application

interface parameter
12. Click OK
13. Click OK twice

L2.57
Task 3
Test the exclusion
In this task, you will make sure that the Kaspersky Endpoint Security interface is manageable through remote
connections using DameWare Mini Remote Control.
Security-Center
1. Double-click the DameWare Mini Remote

Control icon on the desktop
2. Click the Connect button
3. Make sure that Kaspersky Endpoint Security

interface is manageable via the remote desktop
4. Close Kaspersky Endpoint Security interface
5. Click the Disconnect button on the DameWare

Mini Remote Control toolbar
6. Close the DameWare Mini Remote Control

window

L2.58 KASPERSKY LAB
Fundamentals
Conclusion
This lab demonstrates an example of configuring exclusion rules for applications. Remember that the full path to
the executable file must be specified in an exclusion (environment variables are allowed); otherwise, the exclusion
will not work. In this lab, we specified the path to the executable file manually. An alternative method can also be
employed: configure the exclusion in the local KES interface, export it into a file and import in the policy.
L3.11
Lab 3.1. Browser Start Control
Lab 3.1
Browser Start Control
Lab objective. Study how Application Startup Control works.
Security. The protection is managed via the Kaspersky Security Center.
According to the company security policy, Internet Explorer is the only allowed web browser. All available security
updates are regularly and centrally downloaded for it, while the status of other browsers is not controlled.
Considering the fact that most threats use browsers for penetrating the network today, the decision to prohibit all
other browsers was made.
Your task is to enforce the security policy requirements. Using Application Startup Control, you need to block all
browsers except for Internet Explorer.
1. Configure the Administration Console
2. Using Kaspersky Lab categories, create a category "All browsers except for Internet Explorer 8.0 or later";
3. Prohibit all users from starting the programs belonging to the created category ("All browsers except for
Internet Explorer 8.0 or later");
4. Make sure that the users may start Internet Explorer, but cannot start Firefox.
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
L3.12 KASPERSKY LAB
Fundamentals
Task 1
Configure the Administration Console
In this task, we will configure the Kaspersky Security Center Administration Console to be able to manage
the control components in the policies.
Security-Center
1. Open the Administration Server node
2. Click View on the main menu
3. Click Configure interface
4. Select the Display endpoint control settings

check box and click OK
5. Click OK in the Kaspersky Security Center

information window
6. Disconnect from the Administration Server and

then re-connect
7. In the Workstations node, open the Policies tab

L3.13
Security-Center
10. Make sure that there is now the capability to

manage the Control components in the policy:
the Endpoint control section has appeared
11. Close the policy properties

L3.14 KASPERSKY LAB
Fundamentals
Task 2
Create an application category that includes all browsers
except for Internet Explorer
In this task, you will create an application category that includes all browsers except for Internet Explorer 8.0 or
later. We will use Kaspersky Lab categorization (KL category) for convenience. Internet Explorer will be excluded
from the category based on the information about its executable file (iexplore.exe).
Security-Center
1. Expand the Advanced node and then

the Application management node
2. Open the Application categories container
3. Click Create a category

L3.15
Security-Center
4. Click the top button
5. Type Browsers for the category name and click

Next
6. Expand the drop-down list next to the Add button
7. Click KL category
L3.16 KASPERSKY LAB
Fundamentals
Security-Center
8. Expand the Browsers category
9. Select Web Browsers and click OK
10. Click Next
12. Click From file properties

L3.17
Security-Center
13. Expand the drop-down list next to the Get data

button
14. Click From file
15. In the Open window, find the iexplore.exe file

(C:\Program Files (x86)\Internet
Explorer\iexplore.exe)
16. Select it and click Open

L3.18 KASPERSKY LAB
Fundamentals
Security-Center
17. In the Version drop-down list, select More than

or equal to
18. Clear the Application Name check box
19. In the Application version drop-down list, select

More than or equal to
20. Click OK
21. Click Next

L3.19
Security-Center

Task 3
Change the policy: prohibit all users from starting
the programs belonging to the Browsers category
In this task, you will prohibit the users from starting the undesired programs comprising the Browsers category. For
this purpose, you will configure the Application Startup Control component in the policy of the Kaspersky Endpoint
Security for Windows.
Security-Center
1. In the Workstations node, open the Policies tab

Fundamentals
Security-Center
2. Open the properties of the Office policy

Windows Workstations
3. Open the Application Startup Control section
4. Note that Application Startup Control is

disabled by default in Kaspersky Endpoint
Security 10 Service Pack 1.
5. Select the Application Startup Control check

box
6. Click Add
7. Click the Select button next to the Users and / or

groups that are denied permission field
L3.111
Security-Center
8. Select the Everyone group
9. Click OK
11. Click OK
Fundamentals
Security-Center

Task 4
Make sure that the settings work correctly
In this task, you will make sure that the specified settings work correctly.
Desktop
1. Run the Firefox browser using its icon on

the desktop
2. Note that KES blocks the Firefox start and

displays the corresponding notification
L3.113
Desktop
3. Run the Internet Explorer browser
4. Make sure that Internet Explorer is not blocked

by KES

Conclusion
If it is necessary to allow or block a class of programs, Kaspersky Lab categories come in very handy. They are
updated together with the databases, and you can always be sure that the latest version of a popular browser is
automatically added to the list.
When configuring rules, remember that prohibiting rules always have a higher priority than allowing ones. That is
why, if you need to prohibit a program category, except for several applications, create a denial category with
an exclusion, which was demonstrated in this lab. Any other variant will not work.
Fundamentals
L3.21
Lab 3.2. Application Startup Control
Lab 3.2
Application Startup Control
Lab objective. Study how Application Startup Control works.
Security. The protection is managed via the Kaspersky Security Center. When analyzing the programs installed in
the network, you find out that Skype is installed on some mobile computers. According to the security policy, Skype
is prohibited in the corporate network. Your task is to enforce the security policy requirements. You will use
Application Startup Control to block Skype.
1. Configure transfer of data about started programs to the Administration Server

2. Create and run an inventory task
3. Create a program category for Skype
4. Change the policy so as to prohibit the users from starting the Skype program category
5. Make sure that the users cannot start Skype
Preparation

Security-Center

password Ka5per5Ky
Laptop

Ka5per5Ky
Task 1
Configure transfer of data about started programs to
In this task, you will configure transfer of data about started programs to the Administration Server.
Security-Center

L3.22 KASPERSKY LAB
Fundamentals
Security-Center
2. Expand the Advanced | Applications

management node
3. Select the Applications registry container
4. Note that the Skype program has appeared in

the network
5. Open the Executable files container
6. Note that the Executable files container is empty.

By default, data about started programs is not
transferred to the Administration Server
L3.23
Security-Center
7. Open the Workstations group and switch to

the Policies tab

9. Switch to the Reports and Storages section

L3.24 KASPERSKY LAB
Fundamentals
Security-Center
10. Select the About started applications check box
11. Click OK and wait for the policy to be enforced

L3.25
Task 2
Create and run an inventory task
In this task, you will create and run an Inventory task on the Laptop computer and make sure that data about started
files is transferred to the Administration Server. Eventually, this data would be transferred to the Administration
Server automatically anyway, but the Inventory task helps to speed up this process.
Security-Center
1. Open the Laptops group and switch to the Tasks

tab
2. Click Create a task
3. Select the Inventory task type and click Next
4. On the five subsequent pages, click Next

L3.26 KASPERSKY LAB
Fundamentals
Security-Center
5. On the last page of the task creation wizard,

select the Run task after Wizard finishes check
box and click Finish
6. Wait for the Inventory task to complete

L3.27
Security-Center
7. Go to the Executable files node
8. Make sure that information about executable files

has appeared there

L3.28 KASPERSKY LAB
Fundamentals
Task 3
Create a program category for Skype
In this task, you will examine the list of programs used in the network and create a program category for Skype.
Security-Center
1. Open the Application categories container
2. Click Create a category
3. Click the top button
4. Type Skype for the category name and click Next

L3.29
Security-Center
6. Click From the executable files list on the menu
7. In the list of programs, select the Skype.exe file

and click OK
8. Click Next
Fundamentals
Security-Center
9. On the Configuring conditions for exclusion of

applications from categories page, click Next

L3.211
Task 4
Change the policy so as to prohibit the users from
starting Skype
In this task, you will prohibit the users from starting the programs included in the Skype category. For this purpose,
you will configure the Application Startup Control component in the policy of the Kaspersky Endpoint Security for
Windows.
Security-Center

the Policies tab

3. Open the Application Startup Control section
4. Click Add
Fundamentals
Security-Center
5. Click the Select button next to the Users and / or

groups that are denied permission field
6. Select the Everyone group
7. Click OK
9. Click OK

L3.213
Task 5
Make sure that the settings work correctly
In this task, you will make sure that the specified settings work correctly.
Laptop
1. Run Skype using its icon on the desktop
2. Note that KES blocks the Skype start and

displays the corresponding notification
3. Click OK to close the notification

Conclusion
This lab demonstrates how the administrator can control new programs appearing in the network (this is not the only
way, though), and quickly block programs that violate the company security policy.
Fundamentals
L3.31
Lab 3.3. Blocking USB Flash Drives
Lab 3.3
Blocking USB Flash Drives
Lab objective. Get acquainted with the device control capabilities.
Incident analysis revealed that many computers get infected through USB flash drives. The decision was made to
block this entry point for infected objects. Your task is to block access to USB flash drives using Kaspersky
Endpoint Security for all workstations in ABC network.
Contents. In this lab, we will block access to USB flash drives.
Preparation
1. Plug the USB flash drive with the course

handouts into the host computer.

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Task 1
Block access to USB flash drives
In this task, you will block access to USB flash drives.
Desktop
1. Open the window of the Desktop virtual machine

L3.32 KASPERSKY LAB
Fundamentals
Desktop
2. On the menu of VMware Workstation, click

VM, Removable Devices, <your drive type>,
Connect (Disconnect from Host)
3. On the Desktop computer, click Start, Computer
4. Make sure that the USB flash drive has been

connected successfully
Security-Center

the Policies tab

L3.33
Security-Center
9. Switch to the Device Control section
10. Select the Removable drives device type
11. Click the Access icon corresponding to

Removable drives
12. Click Block

L3.34 KASPERSKY LAB
Fundamentals
Security-Center
13. Click OK

L3.35
Desktop
15. Click Start, Computer
16. Note that the USB flash drive is still shown

among Devices with Removable Storage
17. Open the USB flash drive
18. Note that despite the fact that the removable disk
is visible, it is inaccessible
19. Click Cancel to close the Windows message
20. Click Complain

L3.36 KASPERSKY LAB
Fundamentals
Desktop
21. Read the message
22. Click Send
Security-Center
23. Open the Administration Server node and

switch to the Events tab
24. Expand the Selection events drop-down list
25. Select User requests

L3.37
Security-Center
26. Read the request

Conclusion
In this lab, we studied the functionality that blocks access to devices. Access is allowed or blocked completely.
A typical use for this functionality is blocking removable data carriers, through which malware may spread, or
blocking data transfer devices, to reduce the risk of probable information leakage.
L3.38 KASPERSKY LAB
Fundamentals
L3.41
Lab 3.4. Access Rights for USB Flash Drives
Lab 3.4
Access Rights for USB Flash Drives
Lab objective. Study the settings that control access rights for USB flash drives.
You have prohibited access to USB flash drives in the whole company. However, the measure turned out to be too
harsh:some users need USB flash drives in their work.
Now you will allow the users read and copy files from USB flash drives, and allow full access to your USB flash
drive with drivers and distributions that you use at work.
So, your task is to configure Kaspersky Endpoint Security to
1. Allow the Read right for all USB flash drives to all users
2. Grant yourself complete rights for your USB flash drive
Contents. In this lab, we will complete this task.
Preparation
1. Plug the USB flash drive with the course

handouts into the host computer

computers are running. If not, power them on
Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Task 1
Allow the Read right for all USB flash drives to all users
In this task, you will grant the Read and View rights for all types of USB drives to all users.
L3.42 KASPERSKY LAB
Fundamentals
Desktop
1. Open the window of the Desktop virtual machine
2. On the menu of VMware Workstation, click

VM, Removable Devices, <your drive type>,
Connect (Disconnect from Host)
3. Click Start, Computer
4. Make sure that the USB flash drive is connected
Security-Center

the Policies tab
L3.43
Security-Center

L3.44 KASPERSKY LAB
Fundamentals
Security-Center
10. Select Removable drives
11. Click Modify
12. Click Yes

L3.45
Security-Center
13. Clear the Write check box
14. Click OK
15. Pay attention to the Access icon corresponding to

Removable drives
16. Click OK
Desktop
18. Open the USB flash drive
19. Copy any file from the USB flash drive to your
desktop
L3.46 KASPERSKY LAB
Fundamentals
Desktop
20. Write a file from your desktop to the USB flash

drive
21. Make sure that KES blocks writing to the USB

flash drive, only Read access is allowed

Task 2
Grant yourself complete rights for your USB flash drive
Allow the domain administrator full access to a specific USB flash drive.
Security-Center
3. Switch to the Trusted devices tab
4. Click Add
5. On the drop-down list, select Devices by ID

L3.47
Security-Center
6. In the Computer field, type Desktop and click

Refresh
7. Select the Removable drives device type
8. Click Select and select the Domain Admins

group
9. Click OK
L3.48 KASPERSKY LAB
Fundamentals
Security-Center
10. Click OK

Desktop
12. Log off from the system

password Ka5per5Ky
14. Copy any file from the USB flash drive to your
desktop
15. Copy the file from your desktop back to the USB
flash drive
16. Make sure the administrators have both Read and

Write permissions for USB flash drives

Conclusion
In this lab, we studied how to control user access rights for USB flash drives, and make exclusions for specific types
of USB flash drives. There are always users in the company who need to receive data from various USB flash drives
whose model and serial number are never known in advance.
The administrators, on the contrary, usually have USB flash drives whose models and serial numbers are known.
These USB flash drives can be exempt from the restrictions beforehand. The described exclusion mechanism is
quite flexible and allows excluding not only specific USB flash drives, but also the users and/or groups of users.
L3.51
Lab 3.5. Web Access Control
Lab 3.5
Web Access Control
Lab objective. Get acquainted with the capabilities that help the administrator control access to web resources.
Endpoint Security. The protection is managed via the Kaspersky Security Center. When analyzing the company
Internet traffic, you have found out that many users visit social networks during business hours. You want to
prohibit that. Your task is to block access to social networks by the policy.
Contents. In this lab, we will configure blocking access to social Web Access Control networks for all users during
business hours.
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Task 1
Block access to social networks
In this task, we will use the policy to block access to social networks for all users during business hours. Then we
will make sure that the rule is applied, and does not require restarting the client computers.
Security-Center

the Policies tab
L3.52 KASPERSKY LAB
Fundamentals
Security-Center
5. Open the Web Control section
6. Click Add
L3.53
Security-Center
7. In the Name field, type Social networks
8. In the Filter content field, select By content

categories
9. In the Content categories list, select Internet

communication media
10. Select the Specify users and / or groups check

box
11. Click the Select button and select the Everyone

group
12. In the Action drop-down list, select Block
13. Click the Settings button

L3.54 KASPERSKY LAB
Fundamentals
Security-Center
14. Configure the schedule so as to block access to

social networks Monday to Friday from 9.00 to
18.00 and click OK
15. Type Working hours for the rule name
16. Click OK
17. Click OK
L3.55
Security-Center
18. Click OK

Desktop
20. Start Internet Explorer
21. Go to www.facebook.com
22. Make sure that the rule blocks access to social

networks
23. Close the Internet Explorer window

L3.56 KASPERSKY LAB
Fundamentals
Conclusion
In this lab, we studied the functionality that blocks access to web resources. Access can be allowed or blocked by
content category, data type or both. Access can be blocked during the specified time only and be configured for user
groups or separate users. A typical use example for this functionality is blocking access to social resources,
executable files, or external e-mail, through which information may leak, and/or infected objects can be
downloaded.
L4.11
Lab 4.1. Password Protection for KES
Lab 4.1
Password Protection for KES
Lab objective. Protect KES from the user.
Scenario. You are an antivirus security administrator in ABC Company. The protection is managed via
the Kaspersky Security Center. Right after the system deployment, every computer in the network is protected with
Kaspersky Endpoint Security, but after a while you can see that KES does not work or is uninstalled on some
network computers. The investigation reveals that the users were granted enough permissions to exit or uninstall
KES. Your task is to make the users unable to do that again.
1. Exit Kaspersky Endpoint Security

2. Protect Kaspersky Endpoint Security from the users
3. Set a password for Network Agent uninstallation
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
Laptop

Ka5per5Ky
7. Exit KES using the shortcut menu of the product

icon
L4.12 KASPERSKY LAB
Fundamentals
Task 1
Diagnose critical protection status
Kaspersky Endpoint Security has been exited on the Laptop computer. In this task, you will learn about this from
the Administration Console and remotely start Kaspersky Endpoint Security.
Security-Center
2. Note that the status indicator in the Computer

protection and virus scan area signals critical
problems
3. Click Anti-virus protection is not running in

the Computer protection and virus scan area
4. Note which page the link opens

L4.13
Security-Center
5. Select the Laptop computer
6. Click the Kaspersky Anti-virus is not running

link in the status description on the right
L4.14 KASPERSKY LAB
Fundamentals
Security-Center
7. Start Kaspersky Endpoint Security 10 Service

Pack 1 Maintenance Release 2 for Windows
8. Close the computer properties and go back to the

Administration Server node, Monitoring tab
Pay attention to the status in the Computer

protection and virus scan area

L4.15
Task 2
Protect Kaspersky Endpoint Security from the users
In this task, you will set a password for all operations with Kaspersky Endpoint Security. After this, as a user who
does not know the password, you will check whether you can exit or uninstall Kaspersky Endpoint Security.
Security-Center

the Policies tab
4. Under Advanced Settings, click Interface

L4.16 KASPERSKY LAB
Fundamentals
Security-Center
5. Select the Enable password protection check

box
6. Click the Settings button next to the Enable

password protection option
7. Type KLAdmin for the user name, and root for

both password and confirmation
L4.17
Security-Center
8. Choose the Selected operations option
9. Select the following: Exit the application,

Disable Kaspersky Security Center policy,
Remove / modify / restore the application and
click OK
10. In the following window, click OK
11. Click OK
L4.18 KASPERSKY LAB
Fundamentals
Security-Center
12. Wait for the policy to be enforced on the

computer
Laptop
13. Repeat the attempt to exit KES using the shortcut

menu of its icon located in the notification area
14. In the Password check window, click Cancel
15. Click Start, Control Panel, Programs and

Features
16. Select Kaspersky Endpoint Security 10 for

Windows and click Uninstall/Change
L4.19
Laptop
17. Click the Remove button
18. On the page that prompts for the password, click

Next without entering the password
19. Make sure that the program cannot be uninstalled

without the password
20. Click OK to close the warning
21. In the KES uninstallation wizard, click Cancel
22. When prompted whether to cancel

the uninstallation, click Yes
Fundamentals
Laptop
23. On the Uninstallation wizard interrupted page,

click OK

Task 3
Set a password for Network Agent uninstallation
In this task, you will create a policy for Network Agents and set there a password for the Agent uninstallation. After
this, login as a user who does not know the password and check whether you can uninstall Network Agent.
Security-Center
1. Select the Managed computers node and switch

to the Policies tab
L4.111
Security-Center
2. Copy the Kaspersky Security Center Network

Agent policy to the Workstations node

Fundamentals
Security-Center
6. Select the Use uninstall password check box
7. Click Modify
8. Type root both for password and confirmation

and then click OK
L4.113
Security-Center
9. Make the Use uninstall password setting

required (close the respective lock)
10. Click OK

Fundamentals
Laptop
12. On the shortcut menu of Kaspersky Security

Center Network Agent, click Uninstall
13. On the welcome page of the uninstall wizard,

click Next
14. On the Uninstall password page, click Next

without entering a password
15. Make sure that Network Agent cannot be

uninstalled without the password
16. Click OK to close the error message
17. Click Cancel to quit the uninstaller
18. When prompted whether to cancel

the uninstallation, click Yes
L4.115
19. On the Kaspersky Security Center Network

Agent Uninstall Wizard was interrupted page,
click Finish

Conclusion
This lab demonstrates how you can limit the users capability to hamper KES operation by setting a password in
the policy. However, even if the users cannot hinder KES, they can disturb the administrator by complaining that
KES slows down the computer or creates other problems.
Sometimes administrators prefer to conceal the anti-virus. Often it turns out that users do not complain about
computer performance if they cannot see KES. The following lab explains how to hide Kaspersky Anti-Virus from
the users.
Fundamentals
L4.21
Lab 4.2. Hiding KES on Client Computers
Lab 4.2
Hiding KES on Client Computers
Lab objective. Hide KES on the client computers.
Scenario. You are an antivirus security administrator of a network protected with Kaspersky Endpoint Security.
The protection is managed via the Kaspersky Security Center. Some of the users complain that they are unable to
download some files, and some of the users complain that their computers have become slower since KES was
installed. These users even tried to stop and uninstall KES despite the fact that their privileges are insufficient for
that. From the internal testing results, you know that their computers are no slower than the computers of the other
users, so the real reason is psychological, not technical. Your task is to make KES interface invisible on the client
computers and enable KES notifications for infected objects.
1. Enable notifications for the users about the detected infected objects
2. Conceal Kaspersky Endpoint Security
Preparation

Security-Center

password Ka5per5Ky
Desktop

Ka5per5Ky
L4.22 KASPERSKY LAB
Fundamentals
Task 1
Notify users about detected infected objects
In this task, you will enable local notifications. After this, if KES detects a dangerous object on a computer, it will
inform the user about this by a pop-up notification, not just block the action.
Desktop
1. Copy the eicar.com file from

the kl_002.10_files\Lab _files folder on the DC
computer to the desktop
2. In the Windows message that warns about

the inability to copy the file, click Cancel
3. Note that KES does not notify the user about

the detection of an infected object
Security-Center

the Policies tab

L4.23
Security-Center
9. Click the Settings button in the Notifications

area
L4.24 KASPERSKY LAB
Fundamentals
Security-Center
10. Switch to the File Anti-Virus section
11. Select the check box in the Notify on screen

column for the Malicious object detected event
12. Click OK twice

L4.25
Security-Center
Desktop
14. Copy the eicar.com file from

the KL_002.10_test_files\Lab_files folder on
the DC computer to the desktop
15. Note that KES informs the user about

the Malicious object detected event
16. In the Windows message that warns about

the inability to copy the file, click Cancel

L4.26 KASPERSKY LAB
Fundamentals
Task 2
Hide Kaspersky Endpoint Security
In this task, you will hide the Kaspersky Endpoint Security interface. Users will not be able to open the programs
main window; and KES icon will not be shown either in the notification area or in the list of installed programs.
After this, most users will hardly know that KES is installed on the computer.
Security-Center

L4.27
Security-Center
3. Clear the Display Kaspersky Endpoint Security

for Windows interface check box
4. Clear the Show "Protected by Kaspersky Lab"

on Microsoft Windows logon screen check box
5. Click OK
Desktop
7. Make sure that the KES icon has disappeared

from the notification area
8. Right-click the Computer object
9. Make sure that its shortcut menu contains the

Scan for viruses and Move to Quarantine
commands
10. Notice that Kaspersky Endpoint Security has

disappeared from the Start/All Programs menu
L4.28 KASPERSKY LAB
Fundamentals
Desktop
11. Open the Programs and Features control panel
12. Make sure that Kaspersky Endpoint Security has

disappeared from the list of installed applications
13. Power off the Desktop computer

Conclusion
This lab demonstrates how to hide Kaspersky Endpoint Security to some extent on a computer. Of course, you
cannot conceal KES completely. An advanced user can find KES files on the hard drive, KES service and drivers,
and KES log among other Windows event logs.
Completely concealing KES contradicts Microsoft company guidelines and, generally speaking, is unethical. If KES
could not be found without special tools, this would closely resemble rootkit behavior.
L4.31
Lab 4.3. Configuring Roaming Computer Protection
Lab 4.3
Configuring Roaming Computer Protection
Lab objective. Create a policy that will be enforced on the roaming computers when they are not connected to
the corporate network.
Scenario. You are an antivirus security administrator of a network protected with Kaspersky Endpoint Security.
The protection is managed via the Kaspersky Security Center. Some computers (notebooks) are occasionally out of
the protected network. You want these computers to automatically use tougher protection settings when they are
outside the protected network. Your task is to create a policy that will be enforced on the roaming computers.
Contents. In this lab, we will create and test a policy for roaming users.
Preparation

Security-Center

password Ka5per5Ky
Laptop

Ka5per5Ky
Task 1
Create and test a policy for roaming users
In this task, you will create a policy for roaming users by copying the active policy and editing the settings. After
this, you will test the roaming policy by disabling the network connection on the Laptop computer.
Security-Center

the Policies tab
L4.32 KASPERSKY LAB
Fundamentals
Security-Center
4. Copy the Office policy Windows

Workstations
5. Paste the policy in the Laptops subgroup
6. Select the pasted policy

L4.33
Security-Center
8. Rename the policy into Out-of-office policy
9. Select the Out-of-office policy option

L4.34 KASPERSKY LAB
Fundamentals
Security-Center
10. Open the Interface section
11. Select the Display Kaspersky Endpoint

Security 10 for Windows interface checkbox
12. Select the Show "Protected by Kaspersky Lab"

on Microsoft Windows logon screen check box
13. Switch to the Firewall section
14. Click Settings in the Available networks area

L4.35
Security-Center
15. Select subnet 172.16/12
16. Click Edit
17. Change the network status to Public network
18. Click OK
19. Do the same for networks 192.168/16 and 10/8
20. Click OK
L4.36 KASPERSKY LAB
Fundamentals
Security-Center
21. Switch to the Application Settings section
22. Select the Allow management of group tasks

check box
23. Select the Allow local tasks to be displayed and

managed (except custom scan) check box
24. Click OK
25. Select the Managed computers node and switch

to the Policies tab
L4.37
Security-Center
26. Open the properties of the Kaspersky Security

Center Network Agent policy
27. Open the Network | Connection section
28. Select the Switch to out-of-office policy when

Administration Server is not available check
box
L4.38 KASPERSKY LAB
Fundamentals
Security-Center
29. Click OK
30. Go to the Laptops group
31. Make sure that Mobile policy Windows

Workstations has been enforced
Laptop
32. Click the network connection icon in the

notification area and open the Network and
Sharing Center
33. Click Change adapter settings
34. Disable the Local Area Connection using its

shortcut menu
L4.39
Laptop
35. Wait for the KES icon to appear in the

notification area
36. Open the KES interface
37. Switch to the Settings tab
38. Select the Anti-Virus protection | Firewall node
39. Click Available networks

Fundamentals
Laptop
40. Make sure that the networks that you added in

the policy are displayed in the local interface
41. Click Close
42. Go back to the Network Connections windows

and enable the local area connection
43. Wait for several minutes
44. Make sure that the KES icon has disappeared

from the notification area

Conclusion
This lab demonstrates the configuration and operation of a roaming policy. If the Network Agent can connect to
the Administration Server, the roaming policy is inactive. When the connection is broken, the roaming policy
replaces the active policy.
L4.41
Lab 4.4. Backup and Restore in Kaspersky Security Center
Lab 4.4
Backup and Restore in Kaspersky Security
Center
Lab objective. Create a backup copy of Kaspersky Security Center and recover the management system
configuration on another computer.
Endpoint Security. The protection is managed via the Kaspersky Security Center. You will create a backup copy of
the Kaspersky Security Center, and then recover the management system configuration from the backup copy on
another computer.
1. Create a backup copy of Kaspersky Security Center
2. Restore Kaspersky Security Center on another computer
Preparation

Security-Center

password Ka5per5Ky
Task 1
Create a backup copy of Kaspersky Security Center
In this task, you will create a backup copy of Kaspersky Security Center; but first you will configure the backup task
so that the notification about the task results is e-mailed, because during the backup copying the Administration
Server is inaccessible, and the task cannot be monitored from the console.
Security-Center
2. Open the Tasks node

L4.42 KASPERSKY LAB
Fundamentals
Security-Center
3. Select the Back up Administration Server data

task
4. Click Change task settings
6. Pay attention to the location of the SC_Backup

folder where backup copies are stored
L4.43
Security-Center
7. Type root in both Password and Confirm

password fields
8. Switch to the Notification section
9. Select the Send email check box
10. Clear the Notify of errors only check box

L4.44 KASPERSKY LAB
Fundamentals
Security-Center
11. Click OK
12. Click the Start button to run the backup task
13. Click OK in the Kaspersky Security Center

information window
14. Run Windows Live Mail
15. Wait for the e-mail message about successfully

finished backup copying
L4.45
Security-Center
16. Open the

C:\ProgramData\KasperskySC\SC_Backup
folder
17. Make sure that the SC_Backup folder contains

the klbackup date#time folder with KSC backup
copy files
18. Copy this folder to the DC computer into

the backup directory
19. Close all open windows
20. Turn off the Security-Center computer

Task 2
Restore Kaspersky Security Center on another computer
In this task, you will recover the administration system configuration on the Titanic computer, where Kaspersky
Security Center is installed already. We will use a special recovery utility in the wizard mode. After the data are
restored, make sure that the old settings are applied successfully.
L4.46 KASPERSKY LAB
Fundamentals
Titanic
1. Boot up the computer named Titanic
2. Log on to the system under the Administrator

account, password Qwerty!@
4. Make sure that it can connect to

5. Close the Administration Console window
6. Copy the klbackup date#time folder from

the DC computer (\\dc\backup\) to your desktop
7. Run Kaspersky Lab Backup Utility (Start\All

Programs\Kaspersky Security Center\ Kaspersky
Lab Backup Utility)
9. Select the Restore Administration Server data

option and click Next
10. On the following page, click the Select button

and specify the path to the KSC backup copy files
located on your desktop
L4.47
Titanic
11. Type the root password, confirm it and click

Next
12. Wait for the data to be restored from the backup

copy
13. Click Next
16. Expand the Managed computers group
17. Make sure that the Servers and Workstations

subgroups have been recovered
L4.48 KASPERSKY LAB
Fundamentals
Laptop

Ka5per5Ky
Titanic
20. Open the Laptops subgroup and switch to

the Policies tab
21. Make sure that the out-of-office policy has been

recovered
22. Switch to the Computers tab
23. Select the Laptop computer
24. Open the properties of the Laptop computer

L4.49
Titanic
26. Make sure that Kaspersky Endpoint Security 10

Windows and Kaspersky Security Center
Network Agent are Running

Conclusion
This lab demonstrates the procedure of management system recovery from a backup copy on another computer
where Kaspersky Security Center is installed in advance.
Fundamentals
v1.1

KL 002.10 Eng Labs sp2 v1.1

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

KL 002.10 Eng Labs sp2 v1.1

Загружено:

Авторское право:

Доступные форматы

SP2 Version 1.

Contents. In this lab, we will:

1. Turn on the DC domain controller.

2. Boot up the Security-Center computer

3. Log on to the abc\Administrator account,

1. Run the installer from the handout USB flash

2. Click the Install Kaspersky Security Center

3. On the welcome page of the wizard, click Next

4. Accept the license agreement and click Next

5. Select the Custom installation type and click

6. On the following page, click Next

7. Choose the Fewer than 100 computers in

8. On the following page, click Next

9. On the Account for services page, click Next

10. Keep the Microsoft SQL Server option selected

11. Agree to Install Microsoft SQL Server 2008 R2

12. Select the Microsoft Windows Authentication

13. Click Next to proceed with the installation

14. On the Shared folder page, click Next

15. On the subsequent page, click Next

16. Select the IP address of the Administration Server

17. On the following page, click Next

18. On the following page, click Install

19. On the last page of the wizard, click Finish

1. Select the Administration Server node

2. On the welcome page of the wizard, click Next

3. To add a license, click Activate application with

4. Specify the path to the key file located in

5. Select I agree to participate in Kaspersky

6. In the Recipients filed, type

7. When ready, click Notify with message to test

8. Make sure that the message is sent successfully

9. Close the test results window

10. Run Windows Live Mail

11. Make sure that there is the test message from

12. If the notification is missing, check correctness of

13. Return to the Quick Start Wizard and click Next

14. In the KSN Participation Statement window,

15. Consult the scanning exclusions and trusted

16. Wait until the policies and tasks are created

17. On the subsequent page, click Next

18. Without waiting for update to finish, click Next

19. On the Network poll page, click Next

20. On the following page, clear the Run Protection

21. Select the Managed computers node

22. Switch to the Computers tab. Make sure that

23. Close the Administration Console

Contents. In this lab, we will:

2. Make sure that Anti-Virus is installed successfully

1. Make sure that the DC and Security-Center

2. Log on to the abc\Administrator account,

3. Boot up the Desktop computer

4. Log on to the abc\Alex account, password

1. Run Kaspersky Administration Console

2. Select the Administration Server node

3. In the Deployment area, click Install Kaspersky

4. On the Remote installation page, click Deploy

5. On the following page, make sure that

6. On the Selecting computers for installation

7. Expand Managed computers and select

8. Expand Unassigned devices, then the ABC

9. On the following page, click Next

10. On the Selecting a key page, click Next