Configuring protection for managed applications
Configuring network protection
Ensure that you have completed the Kaspersky Security Center Cloud Console initial configuration scenario. This scenario also includes performing the steps of the quick start wizard.
When the quick start wizard is running, policies and tasks with default parameters are created. These parameters may not be optimal or may even be prohibited in your organization. Therefore, we recommend configuring the created policies and tasks, and create additional policies and tasks if necessary for your organization network.
Specifying the password for disabling protection and uninstalling the application
To prevent intruders from disabling Kaspersky security applications, we strongly recommend enabling password protection for disabling protection and deinstallation of Kaspersky security applications. You can set the password, for example, for Kaspersky Endpoint Security for Windows, Kaspersky Security for Windows Servers, Network Agent, and other Kaspersky applications. After you enable password protection, we recommend locking these settings by closing the "lock."
Specifying the password for manual connection of a client device to the Administration Server (klmover utility)
The klmover utility allows you to manually connect a client device to the Administration Server. When Network Agent is installed on a client device, the utility is automatically copied to the Network Agent installation folder.
To prevent intruders from moving devices out of your Administration Server's control, we strongly recommend enabling password protection for running the klmover utility. To enable password protection, select the Use uninstallation password option in the Network Agent policy settings.
Enabling the Use uninstallation password also enables password protection for the Cleaner tool (cleaner.exe).
The klmover utility is used only for moving managed devices under management of a virtual Administration Server.
Using Kaspersky Security Network
In all policies of managed applications and in the properties of Kaspersky Security Center Cloud Console, we recommend enabling the use of Kaspersky Security Network (KSN) and accepting the KSN Statement. When you update or upgrade Kaspersky Security Center Cloud Console, you can accept the updated KSN Statement.
Discovering new devices
We recommend properly configuring device discovery settings: set up integration with Active Directory and specify IP address ranges for discovering new devices.
For security purposes, you can use the default administration group that includes all new devices and the default policies affecting this group.