Академический Документы
Профессиональный Документы
Культура Документы
Kaspersky Lab
www.kaspersky.com
L1.11
Lab 1.1. Installing Kaspersky Security Center
Lab 1.1
Installing Kaspersky Security Center
Lab objective. Study custom installation of the Kaspersky Security Center.
Scenario. You are an antivirus security administrator at ABC Company. The decision was made to protect
the network with Kaspersky Endpoint Security. First, you need to install Kaspersky Security Center. A computer
running Windows Server 2008 R2 was chosen for the installation of the Administration Server and Microsoft SQL
Server 2008 R2 Express, which is necessary for storing Administration Server data.
1. Install the Administration Server together with Microsoft SQL Server 2008 R2 Express Edition
2. Proceed through the Quick Start Wizard to configure the Administration Server
Preparation
Task 1
Install the Administration Server
Despite the fact that the installer of Kaspersky Security Center has the Standard mode where almost no solutions are
to be taken, the administrators often prefer the Custom installation. Usually, they do not actually intend to modify
the standard installation parameters; they are rather eager to explore the system capabilities and understand its
operation principles.
In this task, you will install MS SQL 2008 R2 Express Edition and Administration Server in the custom installation
mode.
L1.12 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
L1.16 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 2
Proceed through the Quick Start Wizard to configure
the Administration Server
In this task, you will proceed through the Quick Start Wizard. When setting up notifications for the administrator,
you will need to specify e-mail parameters. Ask the instructor about them.
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
Conclusion
In this lab, we installed all the components of Kaspersky Security Center on one server. This is a typical approach
for small and middle-size networks. In large networks, the database can be created on a separate server, and
the commercial version of MS SQL Server is usually chosen.
Installation of the Administration Server and the database server on different computers is out of the scope of this
lab. This configuration is described in the Students Guide.
L1.21
Lab 1.2. Deploying Kaspersky Endpoint Security
Lab 1.2
Deploying Kaspersky Endpoint Security
Lab objective. Learn how to install Kaspersky Endpoint Security using the remote installation wizard.
Scenario. You are an antivirus security administrator in ABC Company and proceed with the deployment of
Kaspersky Endpoint Security in the network. Now you need to install Kaspersky Endpoint Security for Windows on
the desktop computers accessible over the network. All computers are in the domain and firewalls are disabled on
them according to the domain policy.
1. Install Kaspersky Endpoint Security for Windows on the computers by the standard remote installation
wizard
Preparation
Desktop
Task 1
Install Kaspersky Endpoint Security for Windows
In this task, you will install Kaspersky Endpoint Security for Windows on Security-Center and Desktop computers
using the standard remote installation wizard.
L1.22 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
L1.29
Lab 1.2. Deploying Kaspersky Endpoint Security
Task 2
Check the installation success
In this task, you will make sure that Kaspersky Endpoint Security for Windows is installed and running.
Security-Center
Security-Center
L1.211
Lab 1.2. Deploying Kaspersky Endpoint Security
Conclusion
In this lab, we remotely installed Kaspersky Endpoint Security on the computers with the Network Agent and
without it. One of the target computers was the Administration Server, which already includes the Network Agent
component. Since the installation was from the Administration Server on to itself, it wasnt really remote. However,
the installation procedure on a remote computer with the installed Network Agent is the same.
If the Network Agent is already installed on the computer and connected to the Administration Server, it saves
the administrator a lot of trouble. They do not have to worry about how to access the computer, how to ensure
the task has sufficient rights to install the Kaspersky Endpoint Security, how to get around local firewalls and
restrictions imposed by security policies, etc. If a Network Agent can connect to the Administration Server, it can
download the installation package and run it under the system account, which is enough.
Installation on the computers without the Network Agent runs smoothly only if these computers have been properly
prepared beforehand; in this case, firewall was disabled on the Desktop computer by the domain policy.
L1.212 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L1.31
Lab 1.3. Installing Kaspersky Endpoint Security 10 for Windows on a Mobile Computer
Lab 1.3
Installing Kaspersky Endpoint Security 10 for
Windows on a Mobile Computer
Lab objective. Install Kaspersky Endpoint Security 10 for Windows using a one-click installation package
downloaded from the web server.
Scenario. You are an antivirus security administrator in ABC Company and proceed with the deployment of
Kaspersky Endpoint Security in the network. Your task is to remotely install Kaspersky Endpoint Security 10 for
Windows on mobile computers. You need to create an installation package with which even an unskilled user can
successfully install the Network Agent and Kaspersky Endpoint Security 10 for Windows. Then send the users
an email with installation instructions.
1. Get acquainted with the installation parameters of Kaspersky Endpoint Security 10 for Windows specified in
the properties of the installation package
Preparation
Laptop
Task 1
Get acquainted with installation parameters of Kaspersky
Endpoint Security 10 for Windows
In this task, you will need to study the installation parameters of Kaspersky Endpoint Security 10 for Windows
specified in the properties of the standard installation package. These parameters will also be used in the 1-click
installation package.
L1.32 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Security-Center
Security-Center
11. Click OK
Task 2
Create a standalone installation package
In this task, you will create a standalone installation package for Kaspersky Endpoint Security 10 for Windows and
Network Agent by a special wizard.
Security-Center
Security-Center
Security-Center
Task 3
Send a link to the created standalone package
In this task, you will e-mail a link to the installation file of Kaspersky Endpoint Security for Windows.
L1.37
Lab 1.3. Installing Kaspersky Endpoint Security 10 for Windows on a Mobile Computer
Security-Center
Security-Center
Task 4
Install Kaspersky Endpoint Security for Windows
In this task, you are the user of a mobile computer who will receive the message from the administrator, download
the installation file of Kaspersky Endpoint Security for Windows and install the program.
ClamWin Anti-Virus is installed on the Laptop computer, which theoretically complicates the installation. You will
see that it will be uninstalled automatically during the installation of Kaspersky Endpoint Security for Windows.
Laptop
Laptop
Security-Center
Conclusion
In this lab, we implemented the use case of deploying Kaspersky Endpoint Security for Windows with the users
help. All the user has to do is download the installation file of Kaspersky Endpoint Security for Windows published
via the web server and run it. The installation runs automatically without user intervention.
Also the lab demonstrates that the installer of Kaspersky Endpoint Security for Windows automatically recognizes
and uninstalls protection tools by other manufacturers.
L1.41
Lab 1.4. Monitoring Protection Deployment
Lab 1.4
Monitoring Protection Deployment
Lab objective. Get acquainted with protection deployment monitoring tools.
Scenario. You are an antivirus security administrator in ABC Company. All the planned Kaspersky Endpoint
Security deployment work is completed, and you are coming down to protection maintenance. Meanwhile, you want
to make sure that all network computers are protected by the current version of Kaspersky Endpoint Security. Also,
to simplify adding new computers to the protection system, you want to configure notifications about the new
computers detected in the network.
1. Gather data about Kaspersky Endpoint Security deployment status and versions of the installed programs
2. Set up notifications about new computers
Preparation
Task 1
Gather data about Kaspersky Endpoint Security
deployment status and versions of the installed programs
In this task, you will gather data about Kaspersky Endpoint Security deployment status in the protected network, and
check the versions of installed programs. Use reports for this purpose.
Security-Center
Security-Center
Security-Center
Security-Center
Task 2
Configure notification for the New computer is found
event
In this task, you will configure e-mail notification for the administrator about new computers discovered in
the protected network.
Security-Center
Security-Center
Security-Center
7. Click Settings
Security-Center
Conclusion
This lab demonstrates some of the tools that help detect unprotected or inadequately protected computers in
the network. In practice, those may include new computers, computers restored from an image, computers where
users have managed to uninstall Network Agent or KES, or computers where management and protection tools have
not been installed yet. The administrators task is to make these computers managed and protected as soon as
possible.
In addition to the described tools, the administrator can use event and computer selections. In particular, the built-in
selection of new computers found in the network.
If the administrator deliberately leaves some computers or other network devices without protection, it might be
worthwhile to move them into a separate group, so as they are not mixed with unassigned computers that need
protection.
L1.48 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L1.51
Lab 1.5. Creating the Managed Computers Structure
Lab 1.5
Creating the Managed Computers Structure
Lab objective. Create subgroups for servers, workstations and mobile computers, and also automatic relocation
rules that populate the groups with computers having the specified operating systems and IP addresses.
Scenario. You are an antivirus security administrator in ABC Company who configures a centralized protection
system based on Kaspersky Lab products. According to the project plan, all workstations are to be placed in
the Desktops subgroup; servers, in the Servers subgroup; and mobile computers, in the Laptops subgroup. Your task
is to automate the process so as protected computers are automatically moved to their respective groups.
Preparation
Task 1
Create subgroups for workstations and servers
In this task, you will create two subgroups in the Managed computers container: Servers and Workstations. Then
in the Workstations subgroup, create Desktops and Laptops subgroups. All subgroups are created manually via
the toolbar or via the shortcut menu of the parent container.
Security-Center
Security-Center
Security-Center
Task 2
Automate computers relocation to the subgroups
In this task, you will create rules that will automatically relocate computers with the Network Agent and Microsoft
Windows Server 2008 R2 operating system into the Servers subgroup; computers having IP addresses belonging to
the IP range allocated for mobile computers, into the Laptops subgroup; and computers having IP addresses
belonging to the IP range allocated for workstations, into the Desktops subgroup.
Security-Center
Security-Center
3. Click Add
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
37. Make sure that the other rules also work fine and
the Desktop and Laptop computers are located in
their respective groups
Conclusion
In this lab, you learned how to create subgroups in the managed computers structure, and how to enable automatic
relocation of computers to the subgroups.
The theoretical part of the course addresses the details that are not covered in this lab.
L1.510 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L1.61
Lab 1.6. Creating Tasks and Policies
Lab 1.6
Creating Tasks and Policies
Lab objective. Create separate tasks and policies for servers and workstations
Scenario. You are an antivirus security administrator in ABC Company whose network is protected with Kaspersky
Endpoint Security. The protection is managed via the Kaspersky Security Center. You want to create separate
policies, virus scan tasks and vulnerability scan tasks for the Windows servers and workstations. This will allow
optimization of the settings for real-time protection and scan tasks for servers and workstations. In addition, you
want to separate database updates and Kaspersky Endpoint Security module updates on Windows Servers, because
module updates may require a restart, which must be planned in advance on servers.
Preparation
Task 1
Create separate policies for Windows workstations and
servers
In this task, you will make separate policies for Windows workstations and servers from the default policy.
Security-Center
Security-Center
Security-Center
Security-Center
12. Click OK
Security-Center
18. Click OK
Security-Center
Task 2
Modify real-time protection parameters for servers
In this task, we will edit the real-time protection settings for servers, because the default policy settings are geared
towards workstations rather than servers. Servers are less prone to the infections resulting from the actions of users.
At the same time, high performance is an important requirement for servers, which is why some protection
components can work in resource saving mode, and some can be disabled on servers.
Security-Center
Security-Center
Security-Center
8. Click OK
Security-Center
11. Click OK
Security-Center
L1.611
Lab 1.6. Creating Tasks and Policies
Task 3
Create separate virus and vulnerability scan tasks for
Windows workstations and servers
In this task, you will create virus and vulnerability scan tasks for Windows workstations and servers, and also adjust
their settings and schedule.
Security-Center
Security-Center
Security-Center
Security-Center
12. Click OK
Security-Center
19. Click OK
L1.616 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Security-Center
25. Click OK
Security-Center
Security-Center
33. Click OK
L1.620 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 4
Create separate update tasks for Windows workstations
and servers
In this task, you will create separate update tasks for Windows workstations and servers from the update task created
by the Quick Start wizard.
Security-Center
4. Click OK
L1.621
Lab 1.6. Creating Tasks and Policies
Security-Center
Security-Center
10. Click OK
Conclusion
This lab demonstrates how to quickly make separate tasks and policies for Windows servers and workstations. This
separation facilitates further maintenance from the point of view of optimized settings of policies and tasks. In small
networks, where clients mainly consist of Windows workstations, such separation might be excessive.
L2.11
Lab 2.1. File Anti-Virus Testing
Lab 2.1
File Anti-Virus Testing
Lab objective. Make sure that File Anti-Virus protects the file system.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. A user complains that files cannot be copied
from a shared resource, and when copied archives are unpacked, the files disappear. Your task is to deal with this
situation on the users computer.
Preparation
Security-Center
Task 1
Attempt to copy and open infected files on the client
computer
In this task, you will copy files containing test viruses from the kl_002.10_files folder located on the DC computer
to the Desktop. Unpack the archive and make sure that File Anti-Virus is functional.
Desktop
1. Click Start
L2.13
Lab 2.1. File Anti-Virus Testing
Task 2
Examine the results of virus processing
In this task, you will study the File Anti-Virus operation results.
Desktop
2. Click Reports
L2.14 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Conclusion
In this lab, we studied Kaspersky Endpoint Security reaction to copying infected files from a shared folder to
the protected computer. The lab demonstrated that an archive with an infected file was copied to the protected
computer without being scanned. However, as soon as the infected object was extracted from the archive, it was
automatically processed by File Anti-Virus and deleted. The administrator should remember that by default, KES
File Anti-Virus does not show notifications about detected and deleted malware to the user. This behavior (file
disappearing) can make the users react unpredictably. That is why the administrator should not only delete
the infected files from the shared resource and try to find out how they have got there, but also consider enabling
notification about processed infected objects for the users.
L2.21
Lab 2.2. Identifying Unreliable Users
Lab 2.2
Identifying Unreliable Users
Lab objective. Get acquainted with Web Anti-Virus and Attack Blocker components and KSC capabilities for
monitoring incidents on client computers.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. You know that an infected computer can
cause serious problems for the network security, because many viruses can spread over the network and attack other
computers using the operating system vulnerabilities and shared folders. Your task is to view a special network
attack report and if an attack is detected, find its source and study the situation on the attacking computer.
2. Create a report about network attacks, find the computer that performed the attack and the user who worked
on this computer
Preparation
Security-Center
Desktop
Task 1
Simulate actions of a malevolent user
In this task, you will try to download special files imitating infected objects from the Internet and imitate a network
attack on the Desktop computer.
L2.22 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Laptop
2. Go to www.eicar.org
4. Click DOWNLOAD
L2.23
Lab 2.2. Identifying Unreliable Users
Laptop
Laptop
Laptop
Task 2
Generate the Network attack report and find the problem
computer
In this task, you will create a report about network attacks, find the IP address of the attacking computer, find this
computer in the KSC structure using the search utility, analyze the events registered on this computer, and identify
the user who worked on this computer.
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
L2.212 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 3
Send a message prompting for restart to the problem
computer
In the previous task, the administrator analyzed the events on the computer and discovered that a malicious object
was detected, which will be deleted on restart. In this task, the administrator needs to write and send the user
a message asking to restart the computer where the incident was registered.
Security-Center
Security-Center
7. Click Finish
Laptop
Laptop
9. Click OK
Conclusion
In this lab, we examined Kaspersky Endpoint Security reaction to an attempted downloading of infected objects
over HTTP and HTTPS. As you noticed, Web Anti-Virus, unlike File Anti-Virus, by default notifies the user about
the detected infected objects. Web Anti-Virus does not scan the objects downloaded over https, but they are scanned
by File Anti-Virus when the user attempts to write such objects on the hard drive.
If network attacks were registered in the network, Kaspersky Security Center helps the administrator find out which
computers performed the attacks and names of the users who worked on these computers. The administrator should
do two things with this information: disinfect the computer to stop attacks as soon as possible, and educate the user
who caused the incident.
L2.31
Lab 2.3. Configuring the Firewall
Lab 2.3
Configuring the Firewall
Lab objective. Forbid all computers except for the administrators from remote desktop connections to the server
where the Kaspersky Security Center is installed.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. You want to be able to connect to the server
using Remote Desktop Connection; however, access should be restricted for security reasons. Your task is to change
the policy for servers so that only the administrators computer can use Remote Desktop to connect to the server
where KSC is installed.
Preparation
Task 1
Restrict connections in the policy for servers
In this task, you will create two Firewall rules in the policy: a rule denying all connections on port 3389, and a rule
allowing the specified computers to connect to port 3389.
Security-Center
Security-Center
7. Click Add
L2.34 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
10. Select the Protocol check box and make sure that
the TCP protocol is selected
13. Click OK
Security-Center
18. Select the Protocol check box and make sure that
the TCP protocol is selected
23. Click OK
Security-Center
Task 2
Test the restriction
In this task, you will use Remote Desktop to connect to the computer where the Kaspersky Security Center is
installed, first from the administrators computer (Desktop), then from the users computer (Laptop).
Desktop
Desktop
3. Click Connect
6. Click OK
14. Click OK
L2.38 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Conclusion
In this lab, we studied the access control capabilities of the Kaspersky Endpoint Security Firewall. It should be noted
that Firewall rules can be created not only for packets, but also for applications. The list of rules is applied from
the top down.The rules for packets are applied first, then the rules for applications.
L2.41
Lab 2.4. Processing Virus Incidents
Lab 2.4
Processing Virus Incidents
Lab objective. Study KSC capabilities for investigating virus incidents.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. Analysis of the Kaspersky Security Center
reports shows that on some computers a high number of viruses is detected. Your task is to perform additional
scanning on the computers where these incidents are registered.
Preparation
Desktop
Task 1
View the reports on detected viruses
In this task, you will view the reports on detected viruses and most infected computers.
Security-Center
Security-Center
Security-Center
L2.45
Lab 2.4. Processing Virus Incidents
Task 2
Create a selection of computers where viruses are
detected
In this task, you will enable the "Many viruses detected" condition for computer statuses and consult the
corresponding selection.
Security-Center
Security-Center
6. Click OK
Security-Center
L2.48 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 3
Scan the computers where viruses are detected
In this task, you will create and run a scan task for the computers where viruses are found. Include in the task scope:
System Memory, Startup Objects and Disk boot sectors.
Security-Center
Security-Center
Security-Center
9. Click Start
Security-Center
Security-Center
19. Click OK
Laptop
Conclusion
This lab shows how to diagnose and solve problems on client computers using statuses and selections. Selections are
especially convenient in large networks with numerous computers and groups, because they help find computers
having similar problems by their statuses.
L2.51
Lab 2.5. Configuring Exclusions
Lab 2.5
Configuring Exclusions
Lab objective. Study how application exclusions are configured in Kaspersky Endpoint Security.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. You have decided to interact with remote
desktops using the DameWare Mini Remote Control program. Your task is to configure an exclusion for Dame
Ware Mini Remote Control in the policy, in order to use this program for interacting with the local interface of
Kaspersky Endpoint Security.
Preparation
Desktop
Task 1
Make sure that remote management of KES interface is
limited
In this task, you will connect to a remote desktop using the DameWare Mini Remote Control program and make
sure that the management of Kaspersky Endpoint Security interface is restricted.
L2.52 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
3. Click OK
Security-Center
Security-Center
Task 2
Create an exclusion rule for DameWare
In this task, you will configure an exclusion for the server part of DameWare (i.e. the part which is installed on
remote computers and ensures connectivity), which will lift the restrictions imposed by the KES self-defense
component.
Security-Center
Security-Center
Security-Center
12. Click OK
L2.57
Lab 2.5. Configuring Exclusions
Task 3
Test the exclusion
In this task, you will make sure that the Kaspersky Endpoint Security interface is manageable through remote
connections using DameWare Mini Remote Control.
Security-Center
L2.58 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Conclusion
This lab demonstrates an example of configuring exclusion rules for applications. Remember that the full path to
the executable file must be specified in an exclusion (environment variables are allowed); otherwise, the exclusion
will not work. In this lab, we specified the path to the executable file manually. An alternative method can also be
employed: configure the exclusion in the local KES interface, export it into a file and import in the policy.
L3.11
Lab 3.1. Browser Start Control
Lab 3.1
Browser Start Control
Lab objective. Study how Application Startup Control works.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center.
According to the company security policy, Internet Explorer is the only allowed web browser. All available security
updates are regularly and centrally downloaded for it, while the status of other browsers is not controlled.
Considering the fact that most threats use browsers for penetrating the network today, the decision to prohibit all
other browsers was made.
Your task is to enforce the security policy requirements. Using Application Startup Control, you need to block all
browsers except for Internet Explorer.
2. Using Kaspersky Lab categories, create a category "All browsers except for Internet Explorer 8.0 or later";
3. Prohibit all users from starting the programs belonging to the created category ("All browsers except for
Internet Explorer 8.0 or later");
4. Make sure that the users may start Internet Explorer, but cannot start Firefox.
Preparation
Security-Center
Task 1
Configure the Administration Console
In this task, we will configure the Kaspersky Security Center Administration Console to be able to manage
the control components in the policies.
Security-Center
Security-Center
L3.14 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 2
Create an application category that includes all browsers
except for Internet Explorer
In this task, you will create an application category that includes all browsers except for Internet Explorer 8.0 or
later. We will use Kaspersky Lab categorization (KL category) for convenience. Internet Explorer will be excluded
from the category based on the information about its executable file (iexplore.exe).
Security-Center
Security-Center
7. Click KL category
L3.16 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Security-Center
Security-Center
20. Click OK
Security-Center
Task 3
Change the policy: prohibit all users from starting
the programs belonging to the Browsers category
In this task, you will prohibit the users from starting the undesired programs comprising the Browsers category. For
this purpose, you will configure the Application Startup Control component in the policy of the Kaspersky Endpoint
Security for Windows.
Security-Center
Security-Center
6. Click Add
Security-Center
9. Click OK
11. Click OK
L3.112 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Task 4
Make sure that the settings work correctly
In this task, you will make sure that the specified settings work correctly.
Desktop
Desktop
Conclusion
If it is necessary to allow or block a class of programs, Kaspersky Lab categories come in very handy. They are
updated together with the databases, and you can always be sure that the latest version of a popular browser is
automatically added to the list.
When configuring rules, remember that prohibiting rules always have a higher priority than allowing ones. That is
why, if you need to prohibit a program category, except for several applications, create a denial category with
an exclusion, which was demonstrated in this lab. Any other variant will not work.
L3.114 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L3.21
Lab 3.2. Application Startup Control
Lab 3.2
Application Startup Control
Lab objective. Study how Application Startup Control works.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center. When analyzing the programs installed in
the network, you find out that Skype is installed on some mobile computers. According to the security policy, Skype
is prohibited in the corporate network. Your task is to enforce the security policy requirements. You will use
Application Startup Control to block Skype.
Preparation
Laptop
Task 1
Configure transfer of data about started programs to
the Administration Server
In this task, you will configure transfer of data about started programs to the Administration Server.
Security-Center
Security-Center
Security-Center
Security-Center
L3.25
Lab 3.2. Application Startup Control
Task 2
Create and run an inventory task
In this task, you will create and run an Inventory task on the Laptop computer and make sure that data about started
files is transferred to the Administration Server. Eventually, this data would be transferred to the Administration
Server automatically anyway, but the Inventory task helps to speed up this process.
Security-Center
Security-Center
Security-Center
L3.28 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 3
Create a program category for Skype
In this task, you will examine the list of programs used in the network and create a program category for Skype.
Security-Center
Security-Center
8. Click Next
L3.210 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
L3.211
Lab 3.2. Application Startup Control
Task 4
Change the policy so as to prohibit the users from
starting Skype
In this task, you will prohibit the users from starting the programs included in the Skype category. For this purpose,
you will configure the Application Startup Control component in the policy of the Kaspersky Endpoint Security for
Windows.
Security-Center
4. Click Add
L3.212 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
7. Click OK
9. Click OK
L3.213
Lab 3.2. Application Startup Control
Task 5
Make sure that the settings work correctly
In this task, you will make sure that the specified settings work correctly.
Laptop
Conclusion
This lab demonstrates how the administrator can control new programs appearing in the network (this is not the only
way, though), and quickly block programs that violate the company security policy.
L3.214 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L3.31
Lab 3.3. Blocking USB Flash Drives
Lab 3.3
Blocking USB Flash Drives
Lab objective. Get acquainted with the device control capabilities.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center.
Incident analysis revealed that many computers get infected through USB flash drives. The decision was made to
block this entry point for infected objects. Your task is to block access to USB flash drives using Kaspersky
Endpoint Security for all workstations in ABC network.
Preparation
Desktop
Task 1
Block access to USB flash drives
Desktop
Desktop
Security-Center
Security-Center
Security-Center
13. Click OK
Desktop
18. Note that despite the fact that the removable disk
is visible, it is inaccessible
Desktop
Security-Center
Security-Center
Conclusion
In this lab, we studied the functionality that blocks access to devices. Access is allowed or blocked completely.
A typical use for this functionality is blocking removable data carriers, through which malware may spread, or
blocking data transfer devices, to reduce the risk of probable information leakage.
L3.38 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L3.41
Lab 3.4. Access Rights for USB Flash Drives
Lab 3.4
Access Rights for USB Flash Drives
Lab objective. Study the settings that control access rights for USB flash drives.
Scenario. You are an administrator in ABC Company whose network is protected with Kaspersky Endpoint
Security. The protection is managed via the Kaspersky Security Center.
You have prohibited access to USB flash drives in the whole company. However, the measure turned out to be too
harsh:some users need USB flash drives in their work.
Now you will allow the users read and copy files from USB flash drives, and allow full access to your USB flash
drive with drivers and distributions that you use at work.
1. Allow the Read right for all USB flash drives to all users
2. Grant yourself complete rights for your USB flash drive
Preparation
Desktop
Task 1
Allow the Read right for all USB flash drives to all users
In this task, you will grant the Read and View rights for all types of USB drives to all users.
L3.42 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Desktop
Security-Center
Security-Center
Security-Center
Security-Center
14. Click OK
16. Click OK
Desktop
19. Copy any file from the USB flash drive to your
desktop
L3.46 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Desktop
Task 2
Grant yourself complete rights for your USB flash drive
Allow the domain administrator full access to a specific USB flash drive.
Security-Center
4. Click Add
Security-Center
9. Click OK
L3.48 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
10. Click OK
14. Copy any file from the USB flash drive to your
desktop
15. Copy the file from your desktop back to the USB
flash drive
Conclusion
In this lab, we studied how to control user access rights for USB flash drives, and make exclusions for specific types
of USB flash drives. There are always users in the company who need to receive data from various USB flash drives
whose model and serial number are never known in advance.
The administrators, on the contrary, usually have USB flash drives whose models and serial numbers are known.
These USB flash drives can be exempt from the restrictions beforehand. The described exclusion mechanism is
quite flexible and allows excluding not only specific USB flash drives, but also the users and/or groups of users.
L3.51
Lab 3.5. Web Access Control
Lab 3.5
Web Access Control
Lab objective. Get acquainted with the capabilities that help the administrator control access to web resources.
Scenario. You are an antivirus security administrator in ABC Company whose network is protected with Kaspersky
Endpoint Security. The protection is managed via the Kaspersky Security Center. When analyzing the company
Internet traffic, you have found out that many users visit social networks during business hours. You want to
prohibit that. Your task is to block access to social networks by the policy.
Contents. In this lab, we will configure blocking access to social Web Access Control networks for all users during
business hours.
Preparation
Task 1
Block access to social networks
In this task, we will use the policy to block access to social networks for all users during business hours. Then we
will make sure that the rule is applied, and does not require restarting the client computers.
Security-Center
Security-Center
6. Click Add
L3.53
Lab 3.5. Web Access Control
Security-Center
Security-Center
16. Click OK
17. Click OK
L3.55
Lab 3.5. Web Access Control
Security-Center
18. Click OK
21. Go to www.facebook.com
L3.56 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Conclusion
In this lab, we studied the functionality that blocks access to web resources. Access can be allowed or blocked by
content category, data type or both. Access can be blocked during the specified time only and be configured for user
groups or separate users. A typical use example for this functionality is blocking access to social resources,
executable files, or external e-mail, through which information may leak, and/or infected objects can be
downloaded.
L4.11
Lab 4.1. Password Protection for KES
Lab 4.1
Password Protection for KES
Lab objective. Protect KES from the user.
Scenario. You are an antivirus security administrator in ABC Company. The protection is managed via
the Kaspersky Security Center. Right after the system deployment, every computer in the network is protected with
Kaspersky Endpoint Security, but after a while you can see that KES does not work or is uninstalled on some
network computers. The investigation reveals that the users were granted enough permissions to exit or uninstall
KES. Your task is to make the users unable to do that again.
Preparation
Desktop
Task 1
Diagnose critical protection status
Kaspersky Endpoint Security has been exited on the Laptop computer. In this task, you will learn about this from
the Administration Console and remotely start Kaspersky Endpoint Security.
Security-Center
Security-Center
Security-Center
L4.15
Lab 4.1. Password Protection for KES
Task 2
Protect Kaspersky Endpoint Security from the users
In this task, you will set a password for all operations with Kaspersky Endpoint Security. After this, as a user who
does not know the password, you will check whether you can exit or uninstall Kaspersky Endpoint Security.
Security-Center
Security-Center
Security-Center
11. Click OK
L4.18 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
Laptop
Laptop
Laptop
Task 3
Set a password for Network Agent uninstallation
In this task, you will create a policy for Network Agents and set there a password for the Agent uninstallation. After
this, login as a user who does not know the password and check whether you can uninstall Network Agent.
Security-Center
Security-Center
Security-Center
7. Click Modify
Security-Center
10. Click OK
Laptop
Conclusion
This lab demonstrates how you can limit the users capability to hamper KES operation by setting a password in
the policy. However, even if the users cannot hinder KES, they can disturb the administrator by complaining that
KES slows down the computer or creates other problems.
Sometimes administrators prefer to conceal the anti-virus. Often it turns out that users do not complain about
computer performance if they cannot see KES. The following lab explains how to hide Kaspersky Anti-Virus from
the users.
L4.116 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
L4.21
Lab 4.2. Hiding KES on Client Computers
Lab 4.2
Hiding KES on Client Computers
Lab objective. Hide KES on the client computers.
Scenario. You are an antivirus security administrator of a network protected with Kaspersky Endpoint Security.
The protection is managed via the Kaspersky Security Center. Some of the users complain that they are unable to
download some files, and some of the users complain that their computers have become slower since KES was
installed. These users even tried to stop and uninstall KES despite the fact that their privileges are insufficient for
that. From the internal testing results, you know that their computers are no slower than the computers of the other
users, so the real reason is psychological, not technical. Your task is to make KES interface invisible on the client
computers and enable KES notifications for infected objects.
1. Enable notifications for the users about the detected infected objects
2. Conceal Kaspersky Endpoint Security
Preparation
Desktop
Task 1
Notify users about detected infected objects
In this task, you will enable local notifications. After this, if KES detects a dangerous object on a computer, it will
inform the user about this by a pop-up notification, not just block the action.
Desktop
Security-Center
Security-Center
Security-Center
Security-Center
Desktop
L4.26 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Task 2
Hide Kaspersky Endpoint Security
In this task, you will hide the Kaspersky Endpoint Security interface. Users will not be able to open the programs
main window; and KES icon will not be shown either in the notification area or in the list of installed programs.
After this, most users will hardly know that KES is installed on the computer.
Security-Center
Security-Center
5. Click OK
Desktop
Desktop
Conclusion
This lab demonstrates how to hide Kaspersky Endpoint Security to some extent on a computer. Of course, you
cannot conceal KES completely. An advanced user can find KES files on the hard drive, KES service and drivers,
and KES log among other Windows event logs.
Completely concealing KES contradicts Microsoft company guidelines and, generally speaking, is unethical. If KES
could not be found without special tools, this would closely resemble rootkit behavior.
L4.31
Lab 4.3. Configuring Roaming Computer Protection
Lab 4.3
Configuring Roaming Computer Protection
Lab objective. Create a policy that will be enforced on the roaming computers when they are not connected to
the corporate network.
Scenario. You are an antivirus security administrator of a network protected with Kaspersky Endpoint Security.
The protection is managed via the Kaspersky Security Center. Some computers (notebooks) are occasionally out of
the protected network. You want these computers to automatically use tougher protection settings when they are
outside the protected network. Your task is to create a policy that will be enforced on the roaming computers.
Contents. In this lab, we will create and test a policy for roaming users.
Preparation
Laptop
Task 1
Create and test a policy for roaming users
In this task, you will create a policy for roaming users by copying the active policy and editing the settings. After
this, you will test the roaming policy by disabling the network connection on the Laptop computer.
Security-Center
Security-Center
Security-Center
Security-Center
Security-Center
18. Click OK
20. Click OK
L4.36 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Security-Center
24. Click OK
Security-Center
Security-Center
29. Click OK
Laptop
Laptop
Laptop
Conclusion
This lab demonstrates the configuration and operation of a roaming policy. If the Network Agent can connect to
the Administration Server, the roaming policy is inactive. When the connection is broken, the roaming policy
replaces the active policy.
L4.41
Lab 4.4. Backup and Restore in Kaspersky Security Center
Lab 4.4
Backup and Restore in Kaspersky Security
Center
Lab objective. Create a backup copy of Kaspersky Security Center and recover the management system
configuration on another computer.
Scenario. You are an antivirus security administrator in ABC Company whose network is protected with Kaspersky
Endpoint Security. The protection is managed via the Kaspersky Security Center. You will create a backup copy of
the Kaspersky Security Center, and then recover the management system configuration from the backup copy on
another computer.
Preparation
Task 1
Create a backup copy of Kaspersky Security Center
In this task, you will create a backup copy of Kaspersky Security Center; but first you will configure the backup task
so that the notification about the task results is e-mailed, because during the backup copying the Administration
Server is inaccessible, and the task cannot be monitored from the console.
Security-Center
Security-Center
Security-Center
Security-Center
11. Click OK
Security-Center
Task 2
Restore Kaspersky Security Center on another computer
In this task, you will recover the administration system configuration on the Titanic computer, where Kaspersky
Security Center is installed already. We will use a special recovery utility in the wizard mode. After the data are
restored, make sure that the old settings are applied successfully.
L4.46 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
Titanic
Titanic
Laptop
Titanic
Conclusion
This lab demonstrates the procedure of management system recovery from a backup copy on another computer
where Kaspersky Security Center is installed in advance.
L4.410 KASPERSKY LAB
KL 002.10. Kaspersky Endpoint Security and Management
Fundamentals
v1.1