Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and
Forefront TMG
APPLICATION VERSION: 8.5
Page 2
2
Dear User!
Thank you for choosing our product. We hope that this document will help you in your work and provide answers to the
majority of your questions.
Attention! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to
this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegal
reproduction or distribution of this document or parts hereof will result in civil, administrative, or criminal liability under
applicable law.
Any type of reproduction or distribution of any materials, including translations, may be allowed only with written
permission from Kaspersky Lab.
This document and the graphic images it contains may be used exclusively for information, non-commercial or personal
purposes.
This document may be amended without additional notification. The latest version of this document can be found on the
Kaspersky Lab website at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any third-party materials used
herein, or for any potential harm associated with the use of such materials.
ABOUT THIS GUIDE .............................................................................................................................................. 5
In this document ................................................................................................................................................ 5
SOURCES OF INFORMATION ABOUT THE APPLICATION ................................................................................... 8
Sources of information for unassisted search ..................................................................................................... 8
Discussing Kaspersky Lab applications in the forum ........................................................................................... 9
Contacting the Sales Department....................................................................................................................... 9
Contacting the Technical Writing & Localization Unit .......................................................................................... 9
KASPERSKY ANTI-VIRUS 8.5 FOR MICROSOFT ISA SERVER AND FOREFRONT TMG .................................... 10
HARDWARE AND SOFTWARE REQUIREMENTS ............................................................................................... 11
STANDARD APPLICATION DEPLOYMENT MODELS .......................................................................................... 16
Standalone server ........................................................................................................................................... 16
Preparing for installation .................................................................................................................................. 22
Removing previous Kaspersky Anti-Virus versions and other anti-virus applications for
Microsoft ISA Server / Forefront TMG ......................................................................................................... 23
Configuring user rights ............................................................................................................................... 23
Preparing the SQL server ........................................................................................................................... 24
Installing the application .................................................................................................................................. 24
Connecting Management Console to the configuration storage ......................................................................... 33
Steps before connecting Management Console .......................................................................................... 33
Connecting the configuration storage .......................................................................................................... 34
Activating the application ................................................................................................................................. 36
System changes caused by application installation ........................................................................................... 36
Relocating Forefront TMG servers with Kaspersky Anti-Virus ............................................................................ 37
Connecting a Forefront TMG EE server to a standalone array ..................................................................... 38
Connecting a Forefront TMG EE server to an existing array administered using EMS .................................. 39
Connecting a Forefront TMG EE server within a new array to an enterprise ................................................. 39
Connecting a Forefront TMG SE server to an enterprise ............................................................................. 41
Disconnecting a server from an array or enterprise ..................................................................................... 41
Repairing the application ................................ ................................................................................................. 42
Removing the application ................................................................................................................................ 43
About Kaspersky Anti-Virus removal ........................................................................................................... 43
Removing the application from a server ...................................................................................................... 44
CONTACTING THE TECHNICAL SUPPORT SERVICE ........................................................................................ 45
Ways to receive technical support .................................................................................................................... 45
Technical support by phone ............................................................................................................................. 45
Obtaining technical support via My Kaspersky Account..................................................................................... 45
INDEX .................................................................................................................................................................. 53
Page 5
5
ABOUT THIS GUIDE
IN THIS SECTION
In this document .........................................................................................................................................................5
This document is the Deployment Guide to Kaspersky Anti-Virus 8.5 for Microsoft® ISA Server and Forefront® TMG
(herein also referred to as "Kaspersky Anti-Virus").
This Guide is intended for technical specialists in charge of installing and administering Kaspersky Anti-Virus for
Microsoft ISA Server and Forefront TMG, as well as supporting organizations that use Kaspersky Anti-Virus for Microsoft
ISA Server and Forefront TMG.
This Guide is intended for technical specialists who have an experience in managing Microsoft ISA Server / Forefront TMG.
The Guide serves the following purposes:
To provide descriptions of main principles of operation of Kaspersky Anti-Virus for Microsoft ISA Server and
Forefront TMG, system requirements, standard deployment models, and features of integration with third-party
applications.
To help plan the deployment of Kaspersky Anti-Virus for Microsoft ISA Server and Forefront TMG in an
enterprise network.
To describe preparation steps for the installation of Kaspersky Anti-Virus for Microsoft ISA Server and Forefront
TMG, as well as the application installation and activation.
References additional sources of information about the application and describes ways to receive technical
support.
IN THIS DOCUMENT
This Guide comprises the following sections.
Sources of information about the application (see page 8)
This section references sources of information about the application and lists websites where application usage can be
discussed.
Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG (see page 10)
This section describes the main features of the application.
Hardware and software requirements (see page 11)
This section contains information about the requirements to software and hardware used for installation of Kaspersky
Anti-Virus.
Application architecture (see page 13)
This section contains the descriptions of the Kaspersky Anti-Virus components and their interaction logic.
Page 6
I N S T A L L A T I O N G U I D E
6
Standard application deployment models (see page 16)
TEXT SAMPLE
DESCRIPTION OF DOCUMENT CONVENT ION
Please note that...
Warnings are highlighted in red and enclosed in frames.
Warnings provide information about possible unwanted actions that may lead to
data loss or failures affecting hardware or the operating system.
It is recommended that you use...
Notes are enclosed in frames.
Notes may contain useful tips, advice, specific settings or important case studies
of program operation.
This section covers the standard models of application deployment on a corporate network and the particulars of
integration with third-party software.
Application deployment (see page 22)
This section describes the steps to be taken prior to Kaspersky Anti-Virus installation and use, as well as instructions for
installing, repairing, and removing Kaspersky Anti-Virus.
Contacting Technical Support (see page 45)
This section provides information on how to obtain technical support and the requirements for receiving help from
Technical Support.
Glossary (see page 47)
This section lists common application terms and provides their brief definitions.
Kaspersky Lab ZAO (see page 50)
This section contains information about Kaspersky Lab.
Information on third-party code (see page 51)
This section contains information about third-party software used in the application.
Trademark notices (see page 52)
This section lists third-party trademarks used in this document.
Index
The index offers a quick way to locate information in the document.
DOCUMENT CONVENTIONS
The text in this document is accompanied by semantic elements – warnings, tips and examples that you are advised to
read thoroughly.
Document conventions are used to highlight semantic elements. The following table shows document conventions and
examples of their use.
Table 1. Document conventions
Page 7
A B O U T T H I S G U I D E
7
TEXT SAMPLE
DESCRIPTION OF DOCUMENT CONVENT ION
Example:
...
Examples are shown in blocks on yellow background titled "Example".
An update is...
The Databases are outdated event
occurs.
The following semantic elements are italicized in the text:
New terms
Names of application statuses and events
Press ENTER.
Press ALT+F4.
The names of keyboard keys appear in bold and are capitalized.
Names of keys that are connected by a + (plus) sign indicate the use of a key
combination. Such keys should be pressed simultaneously.
Click the Enable button.
The names of application interface elements, such as entry fields, menu items,
and buttons, are set off in bold.
To configure a task schedule:
Introductory phrases in procedures are italicized and accompanied with the
arrow character.
Type help in the command line
The following message appears:
Specify the date in mm:dd:yy format.
The following types of text content are set off with a special font:
Command line text
Text of onscreen messages
Data that the user is prompted to enter
<User name>
Variables are enclosed in angle brackets. You should replace the variable with
the corresponding value, omitting the angle brackets.
Page 8
8
SOURCES OF INFORMATION ABOUT THE
IN THIS SECTION
Sources of information for unassisted search ...............................................................................................................8
Discussing Kaspersky Lab applications in the forum ....................................................................................................9
Contacting the Sales Department ................................................................................................................................9
Contacting the Technical Writing & Localization Unit ....................................................................................................9
APPLICATION
This section references sources of information about the application and lists websites where application usage can be
discussed.
You can choose the most suitable source of information with regard to the importance and urgency of your issue.
SOURCES OF INFORMATION FOR UNASSISTED SEARCH
You can use the following sources for unassisted search of information about the application:
Page on the Kaspersky Lab website
Page on the Technical Support Service website (Knowledge Base)
Help system
Documentation.
If you cannot find the solution to an issue on your own, we recommend that you contact Kaspersky Lab Technical
Support (see section "Technical support by phone" on page 45).
To use sources of information on the Kaspersky Lab website, you should have an Internet connection established.
Page on the Kaspersky Lab website
The Kaspersky Lab website provides a dedicated page for each application.
On this page (http://www.kaspersky.com/anti-virus-microsoft-isa-server-forefront-tmg) you can obtain general information
about the application, its features and functions.
Page http://www.kaspersky.com contains a link to eStore. There you can purchase the application or renew your license.
Page on the Technical Support Service website (Knowledge Base)
Knowledge Base is a section of the Technical Support Service website that contains recommendations on how to
manage Kaspersky Lab applications. Knowledge Base consists of reference articles grouped by topics.
Page 9
S O U R C E S O F I N F O R M A T I O N A B O U T T H E A P P L I C A T I O N
9
On the page of the application in the Knowledge Base (http://support.kaspersky.com/tmg_8_ee) you will find articles
providing useful information, recommendations, and answers to the frequently asked questions on how to purchase,
install, and use the application.
The articles can provide answers to questions not only related to Kaspersky Anti-Virus, but to other Kaspersky Lab
applications, too; they can also contain news from the Technical Support Service.
Help system
The application Help system is provided as context help. The context help contains a list of settings for each of the
application windows with the corresponding descriptions.
Documentation
The distribution kit includes documents that help you to install and activate the application on the computers of a local
area network, configure its settings, and find information about the basic techniques for using the application.
DISCUSSING KASPERSKY LAB APPLICATIONS IN THE
FORUM
If your issue does not require an immediate solution, you can discuss it with Kaspersky Lab specialists and other users in
our Forum (http://forum.kaspersky.com).
There you can view existing topics, leave your comments, and create your own topics for discussion.
CONTACTING THE SALES DEPARTMENT
If you have any questions on how to choose, purchase, or renew the application, you can contact our specialists from the
Sales Department in one of the following ways:
By calling our central office in Moscow by phone (http://www.kaspersky.com/contacts).
By sending a message with your question to sales@kaspersky.com.
Service is provided in Russian and English.
CONTACTING THE TECHNICAL WRITING &LOCALIZATION
UNIT
To contact the Technical Writing & Localization Unit, send an email to docfeedback@kaspersky.com. The subject line
should contain the following text: "Kaspersky Help Feedback: Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and
Forefront TMG".
Page 10
10
KASPERSKY ANTI-VIRUS 8.5 FOR
MICROSOFT ISA SERVER AND FOREFRONT
TMG
Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG scans HTTP, FTP, SMTP, and POP3 traffic for
viruses as it passes through the Microsoft ISA Server / Forefront TMG network interface. To perform an anti-virus scan,
Kaspersky Anti-Virus components are installed on LAN physical servers where the Microsoft ISA Server / Forefront TMG
firewall is deployed (hereinafter also "servers"). Depending on the Microsoft ISA Server / Forefront TMG deployment
scenario, servers can operate as standalone servers or be combined into an array or enterprise.
Kaspersky Anti-Virus operating together with Forefront TMG also scans HTTPS traffic. HTTPS traffic scanning requires
traffic inspection to be enabled in Forefront TMG Management Console.
Kaspersky Anti-Virus features:
Real-time scanning of HTTP, FTP, SMTP, and POP3 traffic for malware and probably infected objects.
Kaspersky Anti-Virus disinfects or blocks such objects depending on the active settings.
Management of protocol policy rules, anti-virus scan rules, and exclusion rules for different groups of network
objects.
Configurable application performance settings for each server, making it possible to distribute the workload
across server processors.
Possibility to configure common application settings for all servers in the array, such as update settings, Backup
settings, and log settings.
Scheduled or manual updates of Kaspersky Anti-Virus databases. Possible update sources include HTTP
update servers of Kaspersky Lab, user HTTP or FTP servers or a network folder storing a current update
package.
Possibility to configure application settings sensitive to traffic volume. Data rate can be configured to optimize
scan performance.
Storage of copies of objects detected by Kaspersky Anti-Virus in Backup.
Centralized database logging of information on objects in Backup.
Key management. Kaspersky Anti-Virus license covers the entire application, not just individual servers.
Real-time monitoring of application performance on servers.
Viewing consolidated statistics of application performance on servers in the array.
Management of application event logs.
Generation application performance reports.
Page 11
11
HARDWARE AND SOFTWARE
REQUIREMENTS
Kaspersky Anti-Virus can run simultaneously with the following products:
Microsoft ISA Server 2006 with Service Pack 1, Standard Edition release ("Microsoft ISA Server SE").
Microsoft ISA Server 2006, Enterprise Edition release ("Microsoft ISA Server EE").
Microsoft Forefront TMG 2010 with Service Pack 1, Standard Edition release ("Forefront TMG SE").
This section contains the descriptions of the Kaspersky Anti-Virus components and their interaction logic.
COMPOSITION OF KASPERSKY ANTI-VIRUS COMPONENTS
AND SUBSYSTEMS
Kaspersky Anti-Virus comprises the following components:
Security Server – a component that ensures anti-virus functionality. During installation, the component
integrates with the Microsoft ISA Server / Forefront TMG server.
Management Console – a component designed as a snap-in for Microsoft Management Console ("MMC"). The
Console provides tools for managing and monitoring Kaspersky Anti-Virus.
Backup and Reporting database – an SQL server database that stores statistics of application performance
and information about dangerous objects detected by Kaspersky Anti-Virus and moved to Backup.
The Security Server and Management Console components are installed on the server where the Microsoft ISA Server /
Forefront TMG firewall is deployed. Management Console can also be installed on a client computer with access to the
server on which the Security Server component is installed. If several administrators are working jointly, the Management
Console can be installed on each administrator's computer.
The Microsoft ISA Server / Forefront TMG console must be installed on the computer before Kaspersky Anti-Virus
Management Console can be installed.
The Security Server component comprises the following subsystems:
Kaspersky Anti-Virus filters intercept HTTP, FTP, SMTP, and POP3 traffic, download objects requested by
client computers, and redirect downloaded objects to the scanning subsystem. After the scanning has been
completed, filters return requested objects to client computers or generate notifications about blocked objects.
The application comprises the following filters:
Kaspersky Anti-Virus Web filter intercepts traffic over HTTP protocol.
Kaspersky Anti-Virus operating together with Forefront TMG also scans HTTPS traffic. HTTPS traffic
scanning requires traffic inspection to be enabled in Forefront TMG Management Console.
Kaspersky Anti-Virus FTP filter intercepts traffic over FTP protocol.
Kaspersky Anti-Virus SMTP filter intercepts traffic over SMTP protocol.
Kaspersky Anti-Virus POP3 filter intercepts traffic over POP3 protocol.
Kaspersky Anti-Virus filters are embedded into the Microsoft ISA Server / Forefront TMG firewall when the
application is installed.
Page 14
I N S T A L L A T I O N G U I D E
14
Scanning subsystem is designed for anti-virus scanning of objects. Scanning subsystem receives downloaded
objects from the Anti-Virus filters and checks them for the presence of threats. The subsystem uses a heuristic
analyzer that allows detecting unknown viruses. After scanning, the application assigns each object a status that
determines how the object will be handled further. Safe objects are passed without any changes, while others
are processed according to the anti-virus scan settings.
Updating subsystem updates Kaspersky Anti-Virus databases by downloading new data from Kaspersky Lab
update servers or other specified sources.
Backup subsystem stores backup copies of objects detected by Kaspersky Anti-Virus during anti-virus
scanning, and relays information about objects to the Backup and Reporting database. Backup objects can be
eventually deleted or saved to a local or network drive. Copies of objects are stored in Backup located on the
server where the objects have been detected. Information about objects moved to Backup is saved in the
Backup and Reporting database.
Configuration subsystem stores Kaspersky Anti-Virus settings.
Licensing subsystem lets you manage keys and determine the Kaspersky Anti-Virus license state. If any
violation of the License Agreement is detected, Kaspersky Anti-Virus functionality is limited.
Monitoring subsystem collects information about the status of Kaspersky Anti-Virus.
Statistics subsystem collects statistics of object scanned. Information is saved in the Backup and Reporting
database.
Diagnostics subsystem keeps logs of all application components. Information can be recorded in text files,
saved in the Microsoft Windows Log, and transferred to the notification subsystem of Microsoft ISA Server /
Forefront TMG.
Reports subsystem generates reports on Kaspersky Anti-Virus performance.
CONFIGURING KASPERSKY ANTI-VIRUS
Kaspersky Anti-Virus can run simultaneously with the Microsoft ISA / Forefront TMG firewall under the following
deployment scenarios:
Standalone Microsoft ISA Server SE / EE server or Forefront TMG SE / EE server.
Standalone Forefront TMG EE server array administered with an array manager.
Enterprise based on Microsoft ISA Server EE servers – one or several Microsoft ISA Server EE arrays
controlled by the Configuration Storage Server ("CSS").
Enterprise based on Forefront TMG EE servers – one or several Forefront TMG EE server arrays controlled by
the Enterprise Management Server ("EMS").
Forefront TMG SE server administered with EMS.
Configuration data of Kaspersky Anti-Virus is recorded in the configuration storage of Microsoft ISA Server / Forefront
TMG when the application is installed. The Kaspersky Anti-Virus configuration is divided into logical levels, repeating the
division of the Microsoft ISA Server / Forefront TMG configuration into logical levels.
When deploying Kaspersky Anti-Virus at an enterprise, the application settings are distributed by three configuration levels:
server level – settings applied to an individual server only
array level – settings applied to all servers in a single array on which Kaspersky Anti-Virus has been deployed.
enterprise level – settings applied to all servers of an enterprise on which Kaspersky Anti-Virus has been
deployed
When Kaspersky Anti-Virus is deployed on a server or in a standalone array, the application configuration consists of two
logical levels: server level and array level.
Page 15
A P P L I C A T I O N AR C H I T E C T U R E
15
The server-level configuration consists of the Kaspersky Anti-Virus settings that depend on the hardware and software
parameters of the server hosting the Security Server component. The rest of the settings of Kaspersky Anti-Virus make
part of the array level and enterprise level configuration.
Kaspersky Anti-Virus settings are managed using the Management Console connected to the configuration storage of
Microsoft ISA Server / Forefront TMG.
Server-level settings of Kaspersky Anti-Virus can be configured only for an individual server because they depend on the
hardware and software parameters of the host computer. Other Kaspersky Anti-Virus settings are managed at the array
level and/or enterprise level. The array level settings of Kaspersky Anti-Virus are adjusted in centralized mode for all
servers within an array. The enterprise level settings of Kaspersky Anti-Virus are adjusted in centralized mode for all
servers at an enterprise.
When the application is installed on a standalone server, all settings are configured individually for this server.
SUPPORTED TRAFFIC SCAN SCENARIOS
This section covers the specifics of Kaspersky Anti-Virus operation under the following common traffic scenarios:
a client within the internal corporate network attempts to access external resources (outbound connection)
a client within the internal corporate network attempts to access the resources of a different network over a
secure channel (VPN)
a client outside the corporate network attempts to access resources located within the internal corporate
network and published by means of Microsoft ISA Server / Forefront TMG (inbound connection)
a client outside the corporate network attempts to access internal resources of the corporate network over a
secure channel (VPN)
When a client within the corporate network attempts to access external resources (outbound connection), traffic is
scanned as follows:
When monitoring HTTP, HTTPS, and FTP traffic, the application scans objects downloaded from external
servers, while skipping objects uploaded to external servers.
HTTPS traffic is scanned only if Kaspersky Anti-Virus operates together with the Forefront TMG server and the
scanning of inbound HTTPS traffic has been enabled.
All emails transferred over SMTP and POP3 protocols are scanned.
When a client within the corporate network attempts to access the resources of a different network over a secure channel
(VPN), the application scans traffic in the same way as it does when a client within the corporate network tries to access
external resources.
When a client outside the corporate network attempts to access published corporate resources (inbound connection),
traffic is scanned as follows:
The application scans HTTP, HTTPS, and FTP traffic passing from the corporate resources to the client, while
skipping traffic passing from the client to the corporate resources.
HTTPS traffic is scanned only if Kaspersky Anti-Virus operates together with the Forefront TMG server and the
scanning of outbound HTTPS traffic has been enabled.
All emails transferred over SMTP and POP3 protocols are scanned.
When a client outside the corporate network attempts to access corporate resources over a secure channel (VPN), the
application scans traffic in the same way as it does when a client outside the corporate network tries to access published
corporate resources (inbound connection).
The scanning of traffic over each type of protocol can be configured in Kaspersky Anti-Virus settings or disabled.
Page 16
16
STANDARD APPLICATION DEPLOYMENT
IN THIS SECTION
Standalone server .................................................................................................................................................... 16
This section covers the standard models of application deployment on a corporate network and the particulars of
integration with third-party software.
The following deployment models are available for Kaspersky Anti-Virus:
Standalone server – Kaspersky Anti-Virus is integrated with a standalone Microsoft ISA Server / Forefront TMG
SE or EE server (see section "Standalone server" on page 16).
Standalone array – Kaspersky Anti-Virus is integrated with servers in a standalone array of Forefront TMG
servers (see section "Standalone array" on page 17).
Enterprise – Kaspersky Anti-Virus is integrated with Microsoft ISA Server / Forefront TMG servers in arrays that
are part of an enterprise administered using CSS or EMS (see section "Enterprise" on page 19).
Regardless of the Kaspersky Anti-Virus deployment model, the application is deployed on each server separately.
If Kaspersky Anti-Virus is deployed on a server array, it is recommended to install the application on each server in the
array to ensure anti-virus protection of the network.
STANDALONE SERVER
The Standalone server deployment model involves integrating Kaspersky Anti-Virus with a standalone Microsoft ISA /
Forefront TMG SE or EE server.
Kaspersky Anti-Virus settings are stored in the Microsoft ISA Server / Forefront TMG configuration storage located on
the server.
The configuration of Kaspersky Anti-Virus includes server-level and array-level settings (see section "Kaspersky AntiVirus configuration" on page 14). All settings are customizable for the server.
The Standalone server deployment model includes the following steps:
1. Installation preparation. Perform the following before deploying Kaspersky Anti-Virus:
Remove previous versions of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA
Server / Forefront TMG from the server on which the application will be deployed (see section "Removing
previous Kaspersky Anti-Virus versions and other anti-virus applications for Microsoft ISA Server / Forefront
TMG" on page 23).
Install additional applications needed for the operation of Kaspersky Anti-Virus components on the server
(see section "Installing additional software" on page 23).
Page 17
S T A N D A R D A P P L I C A T I O N D E P L O Y M E N T M O D E L S
17
Configure the rights of the user performing installation (see section "Configuring user rights" on page 23).
Prepare the SQL server on which the Backup and Reporting database of Kaspersky Anti-Virus will be
deployed (see section "Preparing the SQL server" on page 24).
2. Installing Kaspersky Anti-Virus. Complete installation of the application is performed on the server: the Security
Server and Management Console components are installed (see section "Complete installation" on page 25).
At one of the Installation Wizard steps, the application connects to the Backup and Reporting database (see
figure below). Specify the server hosting the Backup and Reporting database and the database connection
settings. If no Backup and Reporting database has been created at the installation preparation step (see section
"Preparing the SQL server" on page 24), you must also specify the database creation settings.
Figure 1. Standalone server deployment model
3. Installing an additional Management Console (see figure above). If remote management of Kaspersky Anti-Virus
is required, the Management Console component should be installed on an individual computer (see section
"Installing Management Console" on page 31).
4. Getting started. Before you can start using Kaspersky Anti-Virus, you have to activate the application (see
section "Activating the application" on page 36),if it was not activated upon the completion of installation (see
section "Initial configuration of the application" on page 30).
STANDALONE ARRAY
The Standalone array deployment model involves integrating Kaspersky Anti-Virus with servers that are part of a
standalone Forefront TMG server array.
To ensure anti-virus protection of the network, it is recommended to install Kaspersky Anti-Virus on each server in the array.
Kaspersky Anti-Virus settings are stored in the configuration storage of Forefront TMG on one of the array servers (array
manager).
The configuration of Kaspersky Anti-Virus includes server-level and array-level settings (see section "Kaspersky AntiVirus configuration" on page 14). Array-level settings are specified in centralized mode for all servers of the array.
All servers of the array are connected to the single Backup and Reporting database.
Page 18
I N S T A L L A T I O N G U I D E
18
The Standalone array deployment model includes the following steps:
1. Installation preparation. Perform the following before deploying Kaspersky Anti-Virus:
Remove previous versions of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA
Server / Forefront TMG from each server on which the application will be deployed (see section "Removing
previous Kaspersky Anti-Virus versions and other anti-virus applications for Microsoft ISA Server / Forefront
TMG" on page 23).
Install additional applications needed for the operation of Kaspersky Anti-Virus components on the servers
(see section "Installing additional software" on page 23).
Configure the rights of the user performing installation (see section "Configuring user rights" on page 23).
Prepare the SQL server on which the Backup and Reporting database of Kaspersky Anti-Virus will be
deployed (see section "Preparing the SQL server" on page 24).
2. Installing Kaspersky Anti-Virus on the first server in the array. Complete installation of the application is
performed on the server: the Security Server and Management Console components are installed (see section
"Complete installation" on page 25).
At one of the Installation Wizard steps, the application connects to the Backup and Reporting database (see
figure below). Specify the server hosting the Backup and Reporting database and the database connection
settings. If no Backup and Reporting database has been created at the installation preparation step (see section
"Preparing the SQL server" on page 24), you must also specify the database creation settings.
3. Installing Kaspersky Anti-Virus on the second and subsequent servers in the array. Complete installation of the
application is performed on each server of the array. The Security Server and Management Console
components are installed on the servers (see section "Complete installation" on page 25).
All servers are automatically connected to the Backup and Reporting database specified when installing
Kaspersky Anti-Virus on the first server in the array.
Figure 2. Standalone array deployment model
Page 19
S T A N D A R D A P P L I C A T I O N D E P L O Y M E N T M O D E L S
19
4. Installing an additional Management Console (see figure above). If remote management of Kaspersky Anti-Virus
is required, the Management Console component should be installed on an individual computer (see section
"Installing Management Console" on page 31).
5. Getting started. Before you can start using Kaspersky Anti-Virus, you have to activate the application (see
section "Activating the application" on page 36), if it was not activated upon the completion of installation (see
section "Initial configuration of the application" on page 30).
ENTERPRISE
The Enterprise deployment model involves integrating Kaspersky Anti-Virus with Microsoft ISA 2006 servers that form
arrays within an enterprise administered using CSS, or with Forefront TMG servers that form arrays within an enterprise
administered using EMS.
The option of Kaspersky Anti-Virus integration with a Forefront TMG SE server administered using EMS is a particular
case of the Enterprise deployment model. A Forefront TMG SE server is connected to an enterprise from within an array
that contains only this server.
Kaspersky Anti-Virus can be installed on servers of one or several arrays within an enterprise.
If Kaspersky Anti-Virus is deployed on a server array, it is recommended to install the application on each server in the
array to ensure anti-virus protection of the network.
Kaspersky Anti-Virus settings are stored in the Microsoft ISA Server / Forefront TMG configuration storage located in
CSS (for Microsoft ISA Server) or EMS (for Forefront TMG).
The configuration of Kaspersky Anti-Virus includes server-level, array-level, and enterprise-level settings (see section
"Kaspersky Anti-Virus configuration" on page 14). Array-level settings are specified in centralized mode for all servers of
the same array. Enterprise-level settings are common for all servers of the enterprise on which Kaspersky Anti-Virus is
installed; they are specified at the enterprise level.
When installing Kaspersky Anti-Virus on servers of several arrays within an enterprise, a common Backup and Reporting
database can be used for all arrays of the enterprise, or individual Backup and Reporting databases can be used for
every single array or group of arrays.
Centralized (in the scale of the enterprise) statistics and centralized storage of information about objects moved to
Backup, are only supported if all enterprise servers use a common Backup and Reporting database.
The Enterprise deployment model includes the following steps:
1. Installation preparation. Perform the following before deploying Kaspersky Anti-Virus:
Remove previous versions of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA
Server / Forefront TMG from each server on which the application will be deployed (see section "Removing
previous Kaspersky Anti-Virus versions and other anti-virus applications for Microsoft ISA Server / Forefront
TMG" on page 23).
Install additional applications needed for the operation of Kaspersky Anti-Virus components on the servers
(see section "Installing additional software" on page 23).
Configure the rights of the user performing installation (see section "Configuring user rights" on page 23).
Prepare the SQL server on which the Backup and Reporting database of Kaspersky Anti-Virus will be
deployed (see section "Preparing the SQL server" on page 24).
Page 20
I N S T A L L A T I O N G U I D E
20
2. Installing Kaspersky Anti-Virus on the first server of the first array. Complete installation of the application is
performed on the server: the Security Server and Management Console components are installed (see section
"Complete installation" on page 25).
At one of the Installation Wizard steps, the application connects to the Backup and Reporting database (see
figure below). Specify the server hosting the Backup and Reporting database and the database connection
settings. If no Backup and Reporting database has been created at the installation preparation step (see section
"Preparing the SQL server" on page 24), you must also specify the database creation settings.
Figure 3. Enterprise deployment model: single Backup and Reporting database
3. Installing Kaspersky Anti-Virus on the second and subsequent servers in the first array. Complete installation of
the application is performed in a sequence on each server in the array: the Security Server and Management
Console components are installed (see section "Complete installation" on page 25).
All servers of the first array are automatically connected to the Backup and Reporting database specified when
installing Kaspersky Anti-Virus on the first server of the array.
4. Installing Kaspersky Anti-Virus on the first server in the second array. Complete installation of the application is
performed on the server: the Security Server and Management Console components are installed (see section
"Complete installation" on page 25).
Page 21
S T A N D A R D A P P L I C A T I O N D E P L O Y M E N T M O D E L S
21
One of the Installation Wizard steps offers a selection of Backup and Reporting databases for servers in the
second array: you can specify the same Backup and Reporting database to which all servers in the first array
are connected, or specify a hosting server and creation settings for a new Backup and Reporting database or
the settings of the connection to another Backup and Reporting database (see figure below).
Figure 4. Enterprise deployment model: several Backup and Reporting databases
5. Installing Kaspersky Anti-Virus on the second and all other servers of the second array. Complete installation of
the application is performed in a sequence on each server in the array: the Security Server and Management
Console components are installed (see section "Complete installation" on page 25).
All servers of the second array are automatically connected to the Backup and Reporting database specified
when installing Kaspersky Anti-Virus on the first server of the second array.
Kaspersky Anti-Virus is deployed on servers in the third and subsequent arrays of the enterprise in the same
way it was deployed on servers in the second array (see Steps 4 and 5).
6. Installing an additional Management Console (see figure above). If remote management of Kaspersky Anti-Virus
is required, the Management Console component should be installed on an individual computer (see section
"Installing Management Console" on page 31).
7. Getting started. Before you can start using Kaspersky Anti-Virus, you have to activate the application (see
section "Activating the application" on page 36), if it was not activated upon the completion of installation (see
section "Initial configuration of the application" on page 30).
Page 22
22
APPLICATION DEPLOYMENT
IN THIS SECTION
Preparing for installation ........................................................................................................................................... 22
Installing the application ............................................................................................................................................ 24
Connecting Management Console to the configuration storage .................................................................................. 33
Activation of the application ....................................................................................................................................... 36
System changes caused by application installation .................................................................................................... 36
Relocating Forefront TMG servers with Kaspersky Anti-Virus ..................................................................................... 37
Repairing the application........................................................................................................................................... 42
Removing the application .......................................................................................................................................... 43
This section contains the following information:
a description of steps to be taken prior to Kaspersky Anti-Virus installation and before using the application;
instructions for installing and removing Kaspersky Anti-Virus;
information about system changes caused by the installation;
instructions for repairing Kaspersky Anti-Virus;
a description of what happens when you move Forefront TMG EE / SE servers with which Kaspersky Anti-Virus
is integrated, and advice on restoring application functionality after the loss of configuration integrity.
PREPARING FOR INSTALLATION
Perform the following before deploying Kaspersky Anti-Virus:
Remove previous versions of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA Server /
Forefront TMG from the server on which the application will be deployed (see section "Removing previous
Kaspersky Anti-Virus versions and other anti-virus applications for Microsoft ISA Server / Forefront TMG" on
page 23).
Install additional applications needed for the installation and operation of Kaspersky Anti-Virus components on
the server where you deploy the application (see section "Installing additional software" on page 23).
Configure the rights of the user performing installation (see section "Configuring user rights" on page 23).
Prepare the SQL server on which the Backup and Reporting database of Kaspersky Anti-Virus will be deployed
(see section "Preparing the SQL server" on page 24).
Before installation, make sure that the computer hardware and software meets Kaspersky Anti-Virus requirements (see
section "Hardware and software requirements" on page 11).
Page 23
A P P L I C A T I O N D E P L O Y M E N T
23
IN THIS SECTION
Removing previous Kaspersky Anti-Virus versions and other anti-virus applications for Microsoft ISA Server /
Configuring user rights .............................................................................................................................................. 23
Preparing the SQL server ......................................................................................................................................... 24
REMOVING PREVIOUS KASPERSKY ANTI-VIRUS VERSIONS AND
OTHER ANTI-VIRUS APPLICATIONS FOR MICROSOFT ISASERVER /
FOREFRONT TMG
Simultaneous use of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA Server / Forefront TMG can
disrupt normal operation of Kaspersky Anti-Virus.
If other anti-virus applications for Microsoft ISA Server / Forefront TMG or other Kaspersky Anti-Virus versions for
Microsoft ISA Server / Forefront TMG are installed on the computer, we recommend removing them before installing
Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG.
INSTALLING ADDITIONAL SOFTWARE
Before starting the installation of Kaspersky Anti-Virus components, you have to install the following additional
application components on the computer:
Microsoft Windows Installer 3.1.
Microsoft Management Console 3.0.
Microsoft .Net Framework 3.5 SP1.
CONFIGURING USER RIGHTS
The account of the user performing installation must have the rights of one of the following Microsoft ISA Server /
Forefront TMG administrative roles:
Microsoft ISA Server / Forefront TMG array administrator. A user with the Microsoft ISA Server / Forefront
TMG array administrator role has the rights to install Kaspersky Anti-Virus on servers in the array
administered by this user.
Microsoft ISA Server / Forefront TMG enterprise administrator. A user with the Microsoft ISA Server / Forefront
TMG enterprise administrator role has the rights to install Kaspersky Anti-Virus on all servers of the enterprise.
Before starting installation, make sure that your user account has the appropriate rights.
Application installation is not allowed if the user performing installation has the rights of one of the following roles:
Microsoft ISA Server / Forefront TMG enterprise auditor
Microsoft ISA Server / Forefront TMG array auditor
Microsoft ISA Server / Forefront TMG array supervision auditor.
At an attempt to install the application under the account of a user having one of these roles, the Installation Wizard will
inform you that the rights are insufficient for installation.
Page 24
I N S T A L L A T I O N G U I D E
24
PREPARING THE SQL SERVER
During Kaspersky Anti-Virus installation, you have to specify the settings of the Security Server component connection to
the database that will store information about Backup objects and statistics of the server hosting the Security Server
component (that is, to the Backup and Reporting database). The Backup and Reporting database can be created on an
SQL server in advance or during Kaspersky Anti-Virus installation.
To prepare the SQL server:
1. Make sure that the server hosting the DBMS of Microsoft SQL Server can exchange data with the server whose
data it will store.
2. Perform one of the following:
To prepare the database in advance, create a database on the SQL server and configure a user account
with the rights to read and write database data.
If you want the Installation Wizard to create the database during Kaspersky Anti-Virus installation, configure
a user account with rights to create the database and deploy the database model as well as to read and
write database data.
The account specified during Kaspersky Anti-Virus installation is used for subsequent management of the
Backup and Reporting database. If necessary, you can edit the settings of the connection to the Backup and
Reporting database in Management Console after Kaspersky Anti-Virus installation (for details see the
Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
INSTALLING THE APPLICATION
This section describes Kaspersky Anti-Virus installation on a server.
Regardless of the Kaspersky Anti-Virus deployment model, the application is deployed on each server separately.
If Kaspersky Anti-Virus is deployed on a server array, it is recommended to install the application on each server in the
array to ensure anti-virus protection of the network.
The following installation types are available:
Complete installation – the Security Server and Management Console components are installed on the
computer (see section "Complete installation" on page 25). The computer must have Microsoft ISA Server /
Forefront TMG installed (see section "Hardware and software requirements" on page 11 ).
Management Console installation – only Management Console of Kaspersky Anti-Virus is installed on the
computer (see section "Installing Management Console" on page 31). The computer must have Microsoft ISA
Server / Forefront TMG Management Console installed.
It is impossible to install the Security Server component of Kaspersky Anti-Virus without Management Console.
All application installation operations are performed in the windows of the Installation Wizard. You can manage the
installation process using buttons at the bottom of the Installation Wizard window. Click Next to proceed to the next step
of installation. Click Back to return to the previous step of installation.
You can cancel installation at any step of the Installation Wizard. Click Cancel to cancel Kaspersky Anti-Virus
installation. Before closing, the Installation Wizard rolls back all changes it has made to the system.
If an error occurs in the course of installation, the Installation Wizard shows an error message. If the Installation Wizard is
unable to continue installation for any reason, it rolls back all changes it has made to the system. To exit the Installation
Wizard window, click Finish.
Initial configuration of the application ......................................................................................................................... 30
Step 1. Starting the installation .................................................................................................................................. 25
Step 2. Accepting the License Agreement ................................................................................................................. 25
Step 3. Selecting the installation type ........................................................................................................................ 26
Step 4. Selecting the installation folder ...................................................................................................................... 26
Step 5. Selecting the data storage folder ................................................................................................................... 27
Step 6. Configuring the database connection ............................................................................................................. 27
Step 7. Creating the remote management rule ........................................................................................................... 29
Step 8. Starting the copying of files and registration of components ............................................................................ 29
Step 9. Copying files and registering components ...................................................................................................... 29
This section describes the complete installation of Kaspersky Anti-Virus on a server using the Installation Wizard.
STEP 1.STARTING THE INSTALLATION
To start the installation of Kaspersky Anti-Virus, run on the server the kav4isa_8.5.XXXX_ee_ru.exe executable file
(where XXXX is the build number) included in the distribution kit.
The Installation Wizard opens.
If the Installation Wizard detects a previous version of Microsoft ISA Server / Forefront TMG on the server, the
Installation Wizard shows the corresponding message and aborts installation.
The Installation Wizard checks if the server has additional applications needed for the installation and operation of
Kaspersky Anti-Virus components (see section "Installing additional software" on page 23).
If any of the essential additional applications are missing, the Installation Wizard shows the corresponding warning and
aborts installation. Install the essential additional applications and restart the Installation Wizard.
STEP 2.ACCEPTING THE LICENSE AGREEMENT
Review the License Agreement. You have to accept the terms of the License Agreement to proceed with the installation.
To accept the terms of the License Agreement, select the check box I accept the terms of the License Agreement.
Page 26
I N S T A L L A T I O N G U I D E
26
STEP 3.SELECTING THE INSTALLATION TYPE
Click the Complete button to install the Security Server and Management Console components on the server.
The Complete button is unavailable if the computer hardware and software does not meet the Kaspersky Anti-Virus
requirements (see section "Hardware and software requirements" on page 11).
The installation of Kaspersky Anti-Virus components requires 2.5 GB of free disk space.
The Management Console component can be also installed on a separate computer for remote control of Kaspersky
Anti-Virus (see section "Installing Management Console" on page 31).
STEP 4.SELECTING THE INSTALLATION FOLDER
When installing the application on a standalone server or on the first server in an array, specify the folder to which the
Kaspersky Anti-Virus components will be installed.
When Kaspersky Anti-Virus is installed on the second and subsequent servers in an array, the Installation Wizard shows
the path to the folder selected when installing the application on the first server in the array. You cannot change the path
to the installation folder.
Kaspersky Anti-Virus should be installed on the same drive where Microsoft ISA Server / Forefront TMG is deployed. If
the second and subsequent servers in the array do not have the hard drive selected for application installation on the first
server in the array, the Installation Wizard shows the path to the default installation folder.
Click Browse to specify the destination folder for Kaspersky Anti-Virus components (see figure below). In the window
that opens, select a folder or type the path to the folder manually.
Figure 5. Selecting the installation folder: complete installation
Page 27
A P P L I C A T I O N D E P L O Y M E N T
27
If you have specified a non-existing folder, the Installation Wizard creates a folder with the specified name.
By default, Kaspersky Anti-Virus is installed to <ProgramFiles>\Kaspersky Lab\Kaspersky Anti-Virus 8.5 for Microsoft ISA
Server and Forefront TMG, where <ProgramFiles> can take one of the following values:
%ProgramFiles% (in a 32-bit operating system) or %ProgramFiles(x86)% (in a 64-bit operating system) – if
Microsoft ISA Server / Forefront TMG is deployed on the same drive where the Microsoft Windows operating
system is installed;
<Drive with Microsoft ISA Server / Forefront TMG>:\Program Files – if Microsoft ISA Server / Forefront TMG and
the Microsoft Windows operating system are installed on different drives.
STEP 5.SELECTING THE DATA STORAGE FOLDER
You have to specify a folder on the hard drive for storing data created during the operation of Kaspersky Anti-Virus.
Click Edit to specify the folder for storing application data. In the window that opens, select a folder or type the path to
the folder manually.
If you have specified a non-existing folder, the Installation Wizard creates a folder with the specified name.
By default, the folder <CommonAppDataFolder>\Kaspersky Lab\Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and
Forefront TMG\data is used for storing data created during the operation of the application, where
<CommonAppDataFolder> can take one of the following values:
%AllUsersProfile%\Application Data – in the case of Microsoft Windows XP or Microsoft Windows Server 2003;
%ProgramData% – in the case of Microsoft Windows Server 2008 or Microsoft Windows Server 2008 R2.
STEP 6.CONFIGURING THE DATABASE CONNECTION
This step is available only when Kaspersky Anti-Virus is installed on a standalone server or on the first server in an array.
Settings specified during application deployment on the first server are used for the second and subsequent servers.
You have to specify the settings of the Security Server component connection to the database that will store information
about Backup objects and statistics of the server hosting the Security Server component (that is, to the Backup and Reporting database). If the database was not created at the stage of preparation for installation (see section "Preparing
the SQL server" on page 24), the Installation Wizard creates it while installing Kaspersky Anti-Virus.
Page 28
I N S T A L L A T I O N G U I D E
28
Type the name of the SQL server hosting the database in the SQL server name field manually or select it from the list of
available SQL servers. The list of available SQL servers is opened by clicking the Browse button (see figure below).
Figure 6. Configuring the connection to the Backup and Reporting database
Enter the name of the Backup and Reporting database in the Database name field. You can specify the name of an
existing database on the selected SQL server or the name of a database to be created during application deployment.
The Database name field contains the value KAV4ISATMG by default.
Select the mode of user authentication on the server:
Windows authentication – the connection is established using a Windows user account.
SQL authentication – the connection is established using SQL Server authentication.
In the User name and Password fields, specify the login name and password of the account for connecting to the SQL
server and managing the Backup and Reporting database:
If the Windows authentication option has been selected, type the login name manually or select it from a list
that can be opened by clicking the Browse button. Type the password manually.
If the SQL authentication option has been selected, type the login name and password manually (the Browse
button is unavailable).
If you created a database during preparation for installation, you have to use an account with the rights to read and write
database data. If the Installation Wizard created the database during Kaspersky Anti-Virus installation, you have to use
an account with rights to create the database and deploy the database model as well as to read and write database data.
If necessary, you can edit the settings of the connection to the Backup and Reporting database in Management Console
after Kaspersky Anti-Virus installation (for details see the Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
The Installation Wizard checks whether the specified database exists on the selected SQL server and whether the
specified account has the rights to manage this database. If the specified database does not exist on the SQL server, the
Installation Wizard checks whether the specified account has the rights to create the database, deploy the database
model, and manage this database. If the account does not have sufficient rights, the Installation Wizard shows a
corresponding message, making it impossible to proceed to the next step of installation.
Page 29
A P P L I C A T I O N D E P L O Y M E N T
29
STEP 7.CREATING THE REMOTE MANAGEMENT RULE
This step is available only when Kaspersky Anti-Virus is installed on a standalone server or on the first server in an array.
The port number specified during application deployment on the first server in the array is used on the second and
subsequent servers in the array for connecting the remote Management Console to the server.
The Installation Wizard creates the following rules during Kaspersky Anti-Virus installation:
a ISA / TMG Firewall Policy rule in the policy of the Microsoft ISA Server / Forefront TMG firewall;
a Windows Firewall rule (only for Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2).
The ISA / TMG Firewall Policy and Windows Firewall rules allow incoming connections to the specified server port,
thereby making it possible to manage the application using Management Console installed on a remote computer.
To specify the port for connecting the remote Management Console to the server, type the port number in the TCP port field.
Port 5000 is used by default. Possible value range: 1026 – 65535.
The created rule is activated by default, meaning that remote management of Kaspersky Anti-Virus is enabled by default.
STEP 8.STARTING THE COPYING OF FILES AND REGISTRATION OF
COMPONENTS
After configuring the installation settings, start the process of copying files and registering Kaspersky Anti-Virus
components. To do so, click Install in the Installation Wizard.
Click Back to return to previous installation steps and view or edit the installation settings.
STEP 9.COPYING FILES AND REGISTERING COMPONENTS
At this step, the Installation Wizard copies files to the application installation folder, registers the application components
in the operating system, and integrates them with the Microsoft ISA / Forefront TMG server.
The Microsoft Firewall service needs to be restarted in the course of installation and registration of Kaspersky Anti-Virus
filters. The Installation Wizard shows a prompt for the service to be stopped.
Click OK to confirm that you want the service to stop.
Click Cancel if you do not want the service to stop. Kaspersky Anti-Virus installation is aborted and all system changes
are rolled back.
STEP 10.COMPLETING INSTALLATION
The Installation Wizard shows a message saying that Kaspersky Anti-Virus installation has been completed successfully.
Before completing the installation process, the Installation Wizard removes all temporary objects and data created during
the process (except the installation log) and restarts the Microsoft Firewall service that it stopped during installation.
Click the Finish button to close the Installation Wizard.
If you perform complete installation on a standalone server or on the first server in an array, the Initial Configuration
Wizard is launched automatically as soon as Kaspersky Anti-Virus installation is completed (see section "Initial
configuration of the application" on page 30).
Page 30
I N S T A L L A T I O N G U I D E
30
INITIAL CONFIGURATION OF THE APPLICATION
IN THIS SECTION
Step 1. Activation of the application ........................................................................................................................... 30
Initial configuration of Kaspersky Anti-Virus makes it possible to activate the application and configure Kaspersky AntiVirus database update settings immediately after installation. Initial configuration is performed after the application has
been installed on a standalone server or the first server in an array.
The window of the Initial Configuration Wizard opens automatically as soon as application installation is completed.
In the case of Standalone array and Enterprise deployment models, initial configuration of Kaspersky Anti-Virus is not
required after installation on the second and subsequent servers in the array. The application uses the settings specified
during initial configuration on the first server in the array, or default settings if you cancel initial configuration following
Kaspersky Anti-Virus installation on the first server in the array.
All initial configuration operations are performed in the windows of the Initial Configuration Wizard. Click Next to proceed
to the next step of the Wizard. Click Back to return to the previous step of the Wizard. You can cancel initial configuration
at any step of the Wizard. To cancel initial configuration of Kaspersky Anti-Virus, click Cancel. If you have canceled initial
configuration of the application, you can later activate the application (see section "Activating the application" on
page 36) and configure Kaspersky Anti-Virus database update settings using Management Console (for details see the
Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
The window of the Initial Configuration Wizard opens automatically as soon as application installation is completed.
STEP 1.ACTIVATION OF THE APPLICATION
You can activate the application at the first step of the Initial Configuration Wizard. This requires adding a key. If the
application has not been activated, you can only administer Kaspersky Anti-Virus. The application is unable to scan
traffic or update anti-virus databases.
Click Add and select a key file (a file with the .key extension) in the window that opens. The added key turns active (for
details on keys see the Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG.
The details of the added key are shown in the Wizard window.
In the case of the Enterprise deployment model, the Wizard shows the details of the key added in the first server in the
first array during initial configuration of Kaspersky Anti-Virus on the first server of the second and subsequent arrays. You
can replace this key by clicking the Replace button in the Wizard window.
STEP 2.UPDATE SETTINGS CONFIGURATION
At the second step of the Initial Configuration Wizard you can configure Kaspersky Anti-Virus database update settings.
The Update Kaspersky Anti-Virus databases on schedule check box lets you configure hourly updates of Kaspersky
Anti-Virus. The Update Kaspersky Anti-Virus databases on schedule check box is selected by default. Clear the
check box to disable scheduled updates.
If a proxy server is used to connect to the Kaspersky Anti-Virus database update server, configure its settings in the
Proxy server window that can be opened by clicking the Proxy server button. Select the Use proxy server check box
and perform one of the following:
If the Microsoft ISA Server / Forefront TMG proxy server is used to access the update source, select the Local
proxy server option.
If a different proxy server is used to connect to the update source, select the Remote proxy server option. In
the Address and Port fields, specify the IP address and port number of the proxy server.
Page 31
A P P L I C A T I O N D E P L O Y M E N T
31
IN THIS SECTION
Step 1. Starting the installation .................................................................................................................................. 31
Step 2. Accepting the License Agreement ................................................................................................................. 32
Step 3. Selecting the installation type ........................................................................................................................ 32
Step 4. Selecting the installation folder ...................................................................................................................... 32
Step 5. Starting the copying of files and registration of components ............................................................................ 33
Step 6. Copying files and registering components ...................................................................................................... 33
If authentication is enabled on the proxy server used to connect to the update source, select the Authentication required check box and specify the User name and Password.
Close the Proxy server window by clicking the OK button.
Click the Finish button to exit the Initial Configuration Wizard.
Kaspersky Anti-Virus Management Console launches automatically when the Initial Configuration Wizard closes. To start
using the application, you have to connect Management Console to the Microsoft ISA Server / Forefront TMG
configuration storage. (see section "Connecting Management Console to the configuration storage" on page 33).
INSTALLING MANAGEMENT CONSOLE
This section describes the installation of Kaspersky Anti-Virus Management Console using the Installation Wizard.
You can install Management Console on a separate computer with network access to the server hosting the Security
Server component.
The Microsoft ISA Server / Forefront TMG Management Console must be installed on the computer before Kaspersky
Anti-Virus Management Console can be installed.
Before launching the installation of Management Console, install additional applications needed for the installation and
operation of Management Console (see section "Installing additional applications" on page 23) and make sure that
previous versions of Kaspersky Anti-Virus and other anti-virus applications for Microsoft ISA Server / Forefront TMG are
not installed on the computer.
STEP 1.STARTING THE INSTALLATION
To start the installation of Management Console, run the kav4isa_8.5.XXXX_ee_ru.exe executable file (where XXXX is
the build number) included in the distribution kit.
The Installation Wizard opens.
If the Installation Wizard detects a previous version of Microsoft ISA Server / Forefront TMG on the computer, the
Installation Wizard shows the corresponding message and aborts installation.
The Installation Wizard checks if the computer has additional applications needed for the installation and operation of
Kaspersky Anti-Virus Management Console (see section "Installing additional software" on page 23).
If any of the essential additional applications are missing, the Installation Wizard shows the corresponding warning and
aborts installation. Install the essential additional applications and restart the Installation Wizard.
Page 32
I N S T A L L A T I O N G U I D E
32
STEP 2.ACCEPTING THE LICENSE AGREEMENT
Review the License Agreement. You have to accept the terms of the License Agreement to proceed with the installation.
To accept the terms of the License Agreement, select the check box I accept the terms of the License Agreement.
STEP 3.SELECTING THE INSTALLATION TYPE
Click the Management Console button to install only Kaspersky Anti-Virus Management Console on the computer.
The Management Console is unavailable if the computer hardware and software does not meet the Kaspersky Anti-
Virus requirements (see section "Hardware and software requirements" on page 11).
STEP 4.SELECTING THE INSTALLATION FOLDER
You have to specify the folder to which Kaspersky Anti-Virus Management Console will be installed.
Click Browse to specify the destination folder for Kaspersky Anti-Virus Management Console (see figure below). In the
window that opens, select a folder or type the path to the folder manually.
If you have specified a non-existing folder, the Installation Wizard creates a folder with the specified name.
By default, Management Console is installed to <ProgramFiles>\Kaspersky Lab\Kaspersky Anti-Virus 8.5 for Microsoft
ISA Server and Forefront TMG, where <ProgramFiles> can take one of the following values:
%ProgramFiles% (in a 32-bit operating system) or %ProgramFiles(x86)% (in a 64-bit operating system) – if
Microsoft ISA Server / Forefront TMG is deployed on the same drive where the Microsoft Windows operating
system is installed;
<Drive with Microsoft ISA Server / Forefront TMG>:\Program Files – if Microsoft ISA Server / Forefront TMG and
the Microsoft Windows operating system are installed on different drives.
Figure 7. Selecting the installation folder: installing Management Console
Page 33
A P P L I C A T I O N D E P L O Y M E N T
33
IN THIS SECTION
Steps before connecting Management Console ......................................................................................................... 33
Connecting the configuration storage ........................................................................................................................ 34
STEP 5.STARTING THE COPYING OF FILES AND REGISTRATION OF
COMPONENTS
After configuring the installation settings, start the process of copying files and registering the Management Console
component of Kaspersky Anti-Virus. To do so, click Install in the Installation Wizard.
Click Back to return to previous installation steps and view or edit the installation settings.
STEP 6.COPYING FILES AND REGISTERING COMPONENTS
At this stage, the Installation Wizard copies files to the installation folder and registers Kaspersky Anti-Virus Management
Console in the operating system.
STEP 7.COMPLETING INSTALLATION
The Installation Wizard shows a message saying that Kaspersky Anti-Virus Management Console installation has been
completed successfully.
Click the Finish button to close the Installation Wizard.
CONNECTING MANAGEMENT CONSOLE TO THE
CONFIGURATION STORAGE
Kaspersky Anti-Virus Management Console is used for administering Kaspersky Anti-Virus. To start using the application,
you have to connect Management Console to the Microsoft ISA Server / Forefront TMG configuration storage.
STEPS BEFORE CONNECTING MANAGEMENT CONSOLE
Kaspersky Anti-Virus Management Console can be connected to the Microsoft ISA Server / Forefront TMG configuration
storage under the Microsoft Windows user account that started the Management Console (that is, the current user
account) or a different user account specified on establishing the connection.
The user account under which the connection to the Microsoft ISA Server / Forefront TMG configuration storage is
established must have rights to view or read / write the Kaspersky Anti-Virus configuration (see Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
To access the Kaspersky Anti-Virus 8.5 for ISA Server and Forefront TMG service (kavisasrv.exe), which ensures the
operation of Kaspersky Anti-Virus, the user account must belong to one of the following groups of Windows operating
system users: DCOM users (Distributed COM Users), domain administrators or local administrators.
The user account under which the connection to the configuration storage is established is also used for connecting the
Management Console to the Backup and Reporting database. To be able to manage Backup objects, make sure that the
user account under which the connection is established has the rights to read and write data in the Backup and
Reporting database.
Page 34
I N S T A L L A T I O N G U I D E
34
If Kaspersky Anti-Virus is deployed in a work group, the possibility to connect to the Backup and Reporting database
must be ensured additionally. To do so, perform the following:
1. On the physical server hosting the Microsoft SQL Server database management system with the Backup and
Reporting database, use the Microsoft Windows tools to create a user account identical to the account under
which Kaspersky Anti-Virus Management Console is started.
2. Use the Microsoft SQL Server DBMS tools to configure the necessary rights of access to the Backup and
Reporting database for the user account that has been created.
CONNECTING THE CONFIGURATION STORAGE
To connect Kaspersky Anti-Virus Management Console to the Microsoft ISA Server / Forefront TMG configuration
storage:
1. Start Kaspersky Anti-Virus Management Console.
The Connecting to Configuration Storage server window opens (see figure below).
If the Management Console had been previously successfully connected to the configuration storage, the
window shows all settings of the last successful connection except the user password.
2. Select the configuration storage location:
Local computer.
Figure 8. Connecting to Configuration Storage server window
Kaspersky Anti-Virus Management Console connects to the Configuration Storage located on the same
computer on which Management Console is running.
This value is selected by default unless Management Console has previously connected to the
Configuration Storage. On subsequent connection, a window shows the settings of the last successful
connection.
Page 35
A P P L I C A T I O N D E P L O Y M E N T
35
Other computer (remote management).
Kaspersky Anti-Virus Management Console connects to the Configuration Storage located on a different
computer.
Use this connection option if you need to manage Kaspersky Anti-Virus remotely. In this case you must
specify the connection settings and the name / IP address of the computer where the Configuration
Storage is located.
3. If the configuration storage is located on a remote computer, specify the following connection settings:
Computer name.
The name or the IP address of the computer to which you attempt to connect.
If the Management Console connects to the configuration storage for the first time, use this field to
specify the IP address and name of the computer (the full domain name must be specified if the
computer is part of a domain) or the NetBIOS name of the computer that hosts the configuration
storage.
Kaspersky Anti-Virus stores the settings of the last successful Management Console connection to the
Configuration Storage. When you reconnect Management Console to the Configuration Storage, a dropdown list lets you select the name of a computer to which a successful connection had been established
previously.
User account for establishing the connection:
Current account.
Management Console connects to the Configuration Storage under the current user account (a
Microsoft Windows user account under which Management Console has been launched).
This setting is selected by default unless Management Console has previously connected to the
Configuration Storage. On subsequent connection, a window shows the settings of the last successful
connection.
Other account.
Management Console connects to the Configuration Storage under a Microsoft Windows user account
that is different from the current account.
On selecting this option, specify the user name, account password, and name of the domain to which
the user account belongs (if the computer hosting the Configuration Storage is part of a domain).
4. If you connect to a remote computer under a user account that is different from the current account, specify the
values of the User name and Password settings. If the computer hosting the configuration storage belongs to a
domain, you must specify the value in the Domain field.
If the user account under which you attempt to establish the connection has insufficient rights to connect to the
configuration storage, Kaspersky Anti-Virus displays a corresponding message.
5. Click the Connect button.
After Management Console connects to the configuration storage, the console tree shows nodes that can be used to
manage Kaspersky Anti-Virus settings. The composition of nodes in the console tree depends on the Kaspersky
Anti-Virus deployment model used (see section "Standard application deployment models" on page 16) and role of
the user under whose account the Management Console has been connected to the configuration storage (see
Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
If the Management Console connection to the configuration storage has failed (for example, due to a connection error),
the console tree contains only the Kaspersky Anti-Virus root node. You can establish a connection by clicking the Connect button in the results pane of the Kaspersky Anti-Virus node.
Page 36
I N S T A L L A T I O N G U I D E
36
ACTIVATING THE APPLICATION
Before you can start using Kaspersky Anti-Virus, you have to activate the application if it was not activated upon the
completion of installation (see section "Initial configuration of the application" on page 30).
If the application has not been activated, you can only administer Kaspersky Anti-Virus. The application is unable to scan
traffic or update anti-virus databases.
Activating the application requires adding a key. This can be done with a key file.
You can add two keys in Kaspersky Anti-Virus. The key that is added first becomes the active key. An active key unlocks
full application functionality. The second key becomes the additional key. The additional key turns active either upon the
expiration of the active key or when the active key is removed. The availability of an additional key prevents the loss of
application functionality upon the expiration of the current license. For details on keys see the Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG.
To install the active or additional key:
1. Open Management Console and connect to the Microsoft ISA Server / Forefront TMG configuration storage
(see section "Connecting Management Console to the configuration storage" on page 33).
2. Perform one of the following:
If the Enterprise deployment model is used, maximize the Enterprise node and select the nested
Licensing node.
If the Standalone server or Standalone array deployment model is used, maximize the array or server node
and select the nested Licensing node.
3. Click the Add button in the results pane.
4. In the window that opens, select a key file (file with the .key extension).
The additional key must meet the following requirements: the same key should not be currently used as the
active key, and it should not expire before the active key does. An error message appears if the key does not
meet the specified requirements. We do not recommend adding a key for trial license as the additional key.
5. To make the changes effective, click the Apply button in the upper part of the results pane in the main window.
All changes made after the last application of settings will be saved in the Kaspersky Anti-Virus configuration.
New Kaspersky Anti-Virus settings will be used only after the configuration changes have been applied.
The details of the added key appear in the results pane of the Licensing node (for details see the Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG).
SYSTEM CHANGES CAUSED BY APPLICATION
INSTALLATION
The Installation Wizard creates the following folders during the installation of the application:
Installation folder. By default, Kaspersky Anti-Virus is installed to <ProgramFiles>\Kaspersky Lab\Kaspersky Anti-
Virus 8.5 for Microsoft ISA Server and Forefront TMG, where <ProgramFiles> can take one of the following values:
%ProgramFiles% (in a 32-bit operating system) or %ProgramFiles(x86)% (in a 64-bit operating system) – if
<Drive with Microsoft ISA Server / Forefront TMG>:\Program Files – if the Microsoft ISA Server / Forefront
the Microsoft ISA Server / Forefront TMG proxy server is deployed on the same drive where the Microsoft
Windows operating system is installed;
TMG proxy server and the Microsoft Windows operating system are installed on different drives.
Page 37
A P P L I C A T I O N D E P L O Y M E N T
37
Data storage folder. By default, the folder <CommonAppDataFolder>\Kaspersky Lab\Kaspersky Anti-Virus 8.5
for Microsoft ISA Server and Forefront TMG\data is used for storing data created during the operation of the
application, where <CommonAppDataFolder> can take one of the following values:
%AllUsersProfile%\Application Data – if you deploy the application on a computer running under Microsoft
Windows XP or Microsoft Windows Server 2003;
%ProgramData% – if you deploy the application on a computer running under Microsoft Windows Server
2008 or Microsoft Windows Server 2008 R2.
The <CommonAppDataFolder> value is contained in the registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders].
The path to the folder is stored in one of the following system variables:
%CommonProgramFiles%, if the application is installed under a 32-bit operating system;
%CommonProgramFiles(x86)%, if the application is installed under a 64-bit operating system
The <CommonFilesFolder> value is stored in one of the following registry keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir], if the
application is installed under a 32-bit operating system;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)], if the
application is installed under a 64-bit operating system.
Folder in the Start menu: <ProgramMenuFolder>\Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and
Forefront TMG, where <ProgramMenuFolder> is a folder containing Start menu items for all users.
The <ProgramMenuFolder> value is contained in the registry key
The Installation Wizard also performs the following operations during installation:
Registers the service Kaspersky Anti-Virus 8.5 for ISA Server and Forefront TMG (kavisasrv.exe) in the system.
Creates an ISA / TMG Firewall Policy rule in the firewall policy of the Microsoft ISA Server / Forefront TMG
server, which allows Management Console remote access to the computer with Kaspersky Anti-Virus installed.
Creates a Windows Firewall rule for the firewall under Windows Server 2008 and Windows Server 2008 R2
operating systems, which allows Management Console access to a computer with Kaspersky Anti-Virus installed.
Adds two groups of performance counters: Kav for ISA and TMG Filters and Kav for ISA and TMG Service.
Registers the Kaspersky Anti-Virus event notification mechanism in Microsoft ISA Server / Forefront TMG.
RELOCATING FOREFRONT TMG SERVERS WITH
KASPERSKY ANTI-VIRUS
The Microsoft Forefront TMG solution makes it possible to connect a server to a standalone array or an array within an
enterprise as well as disconnect a server from an array or enterprise.
Depending on the deployment model, the Kaspersky Anti-Virus configuration on a server consists of two or three logical
levels (see section "Kaspersky Anti-Virus configuration" on page 14). The server-level settings do not change when a
server is connected to an array or enterprise or disconnected from an array or enterprise. The array- or enterprise-level
settings are overwritten with the settings of from the Microsoft ISA Server / Forefront TMG configuration storage of the
array or enterprise to which the server is connected. Therefore, when a server with Kaspersky Anti-Virus installed is
connected to an array or enterprise or disconnected from an array or enterprise, this may result in the loss of
configuration integrity. Loss of configuration integrity renders Kaspersky Anti-Virus on the server inoperable.
Page 38
I N S T A L L A T I O N G U I D E
38
This section describes possible Kaspersky Anti-Virus configuration integrity loss scenarios resulting from server
IN THIS SECTION
Connecting a Forefront TMG EE server to a standalone array ................................ .................................................... 38
Connecting a Forefront TMG EE server to an existing array administered using EMS ................................................. 39
Connecting a Forefront TMG EE server within a new array to an enterprise ................................................................ 39
Connecting a Forefront TMG SE server to an enterprise ............................................................................................ 41
Disconnecting a server from an array or enterprise .................................................................................................... 41
relocation and offers advice on restoring application functionality.
The following common Forefront TMG EE / SE relocations of servers with which Kaspersky Anti-Virus is integrated are
considered:
Connecting a Forefront TMG EE server to a standalone array.
Connecting a Forefront TMG EE server to an existing array administered using EMS.
Connecting a Forefront TMG EE server within a new array to an enterprise.
Connecting a Forefront TMG SE server to an enterprise.
Disconnecting a Forefront TMG EE / SE server from a standalone array or array within an enterprise.
CONNECTING A FOREFRONT TMGEE SERVER TO A STANDALONE
ARRAY
Before a server is connected to a standalone array, the configuration storage of the server contains server-level and
array-level settings of Kaspersky Anti-Virus. After being connected to the array, the server uses the array-level settings
stored in the configuration storage of the array.
Kaspersky Anti-Virus functionality on the server that has been connected to an array depends on the availability of a
correct array-level configuration of the application in the configuration storage of the array:
If the configuration storage of the array contains a correct Kaspersky Anti-Virus configuration, the application
remains functional on the server because the application configuration on the server still consists of two logical
levels (server level and array level).
Server-level settings of Kaspersky Anti-Virus remain unchanged; settings common to all servers in the array are
used at the array level. Kaspersky Anti-Virus deployed on the server is functional.
If the Kaspersky Anti-Virus configuration in the configuration storage of the array is incorrect or missing,
Kaspersky Anti-Virus is inoperable on the server because the configuration storage contains only the correct
server-level configuration.
At the attempt to connect Management Console to the Forefront TMG configuration storage (see section
"Connecting Management Console to the configuration storage" on page 33), Kaspersky Anti-Virus displays a
message saying that the application configuration has not been located.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Page 39
A P P L I C A T I O N D E P L O Y M E N T
39
Restoration causes the default array-level settings of Kaspersky Anti-Virus to be saved in the configuration storage of
the array.
If Kaspersky Anti-Virus is deployed on a server array, it is recommended to install the application on each server in the
array to ensure anti-virus protection of the network.
CONNECTING A FOREFRONT TMGEE SERVER TO AN EXISTING
ARRAY ADMINISTERED USING EMS
Before a server is connected to an array administered using EMS, the configuration storage of the server contains
server-level and array-level settings of Kaspersky Anti-Virus. After being connected to the array, the server uses the
array-level and enterprise-level settings stored in the configuration storage of the enterprise.
Kaspersky Anti-Virus functionality on the server that has been connected to an array depends on the availability of a
correct array-level and enterprise-level configuration of the application in the configuration storage of the enterprise:
If the configuration storage of the enterprise contains a correct Kaspersky Anti-Virus configuration, the
application remains functional on the server because the application configuration on the server consists of
three logical levels (server level, array level, and enterprise level).
Server-level settings of Kaspersky Anti-Virus remain unchanged; settings common to all servers in the array and
enterprise are used at the array and enterprise levels. Kaspersky Anti-Virus deployed on the server is functional.
If the array-level or enterprise-level configuration of Kaspersky Anti-Virus in the configuration storage of the
enterprise is incorrect or missing, Kaspersky Anti-Virus is inoperable on the server.
At the attempt to connect Management Console to the Forefront TMG configuration storage (see section
"Connecting Management Console to the configuration storage" on page 33), Kaspersky Anti-Virus displays a
message saying that the application configuration has not been located.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Restoration causes the following default settings of Kaspersky Anti-Virus to be saved in the configuration storage of the
enterprise:
array-level settings, if the array-level configuration of Kaspersky Anti-Virus in the configuration storage is
incorrect or missing;
enterprise-level and array-level settings, if the array-level and enterprise-level configuration of Kaspersky Anti-
Virus in the configuration storage is incorrect or missing.
If Kaspersky Anti-Virus is deployed on a server array, it is recommended to install the application on each server in the
array to ensure anti-virus protection of the network.
CONNECTING A FOREFRONT TMGEE SERVER WITHIN A NEW ARRAY
TO AN ENTERPRISE
A Forefront TMG EE server within a new array can be connected to an enterprise. The following options are available for
forming the configuration of a new array:
the array configuration is created on the basis of the server configuration;
the array configuration is created on the basis of the default configuration.
Before a server is connected to an enterprise, the configuration storage of the server contains server-level and arraylevel settings of Kaspersky Anti-Virus.
Page 40
I N S T A L L A T I O N G U I D E
40
Array configuration on the basis of server configuration
If the configuration of a new array as part of which the server is connected to an enterprise has been created on the
basis of the configuration of this server, server-level and array-level settings of Kaspersky Anti-Virus are present in the
configuration storage of the enterprise.
Kaspersky Anti-Virus functionality on the server that has been connected to an enterprise depends on the availability of a
correct enterprise-level configuration of the application in the configuration storage of the enterprise:
The application is functional if the configuration storage of the enterprise contains a correct enterprise-level
configuration of Kaspersky Anti-Virus.
The server uses enterprise-level settings saved in the configuration storage.
If the enterprise-level configuration in the configuration storage is incorrect or missing, Kaspersky Anti-Virus is
inoperable on the server.
At the attempt to connect Management Console to the Forefront TMG configuration storage (see section
"Connecting Management Console to the configuration storage" on page 33), Kaspersky Anti-Virus displays a
message saying that the application configuration has not been located.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Restoration causes the default enterprise-level and array-level settings of Kaspersky Anti-Virus to be saved in the
configuration storage of the enterprise.
Array configuration on the basis of the default configuration
If the configuration of a new array as part of which the server is connected to an enterprise has been created on the
basis of the default configuration, the connection of the server to the enterprise causes the array-level configuration to be
overwritten with the default configuration. Array-level settings of Kaspersky Anti-Virus are not available in the
configuration storage of the enterprise.
Kaspersky Anti-Virus deployed on the server is inoperable:
If the enterprise-level configuration in the configuration storage is incorrect or missing, at the attempt to connect
Management Console to the Forefront TMG configuration storage (see section "Connecting Management
Console to the configuration storage" on page 33), Kaspersky Anti-Virus displays a message saying that the
application configuration has not been located.
If the configuration storage of the enterprise contains a correct enterprise-level configuration of Kaspersky Anti-
Virus, Management Console does not show the node of the new array as part of which the server has been
connected to the enterprise.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Restoration causes the following default settings of Kaspersky Anti-Virus to be saved in the configuration storage of the
enterprise:
array-level settings for the new array as part of which the server is connected to the enterprise, if the
configuration storage contains a correct enterprise-level configuration of Kaspersky Anti-Virus;
enterprise-level and array-level settings, if the enterprise-level configuration of Kaspersky Anti-Virus in the
configuration storage is incorrect or missing.
Page 41
A P P L I C A T I O N D E P L O Y M E N T
41
CONNECTING A FOREFRONT TMGSE SERVER TO AN ENTERPRISE
A Forefront TMG SE server can be connected to an enterprise only within a new array. The configuration of the new
array is formed on the basis of the default configuration.
Before a server is connected to an array, the configuration storage of the server contains server-level and array-level
settings of Kaspersky Anti-Virus. The connection of the server to the array causes the array-level configuration to be
overwritten with the default configuration. Array-level settings of Kaspersky Anti-Virus are not available in the
configuration storage.
Kaspersky Anti-Virus deployed on the server is inoperable:
If the enterprise-level configuration in the configuration storage is incorrect or missing, at the attempt to connect
Management Console to the Forefront TMG configuration storage (see section "Connecting Management
Console to the configuration storage" on page 33), Kaspersky Anti-Virus displays a message saying that the
application configuration has not been located.
If the configuration storage of the enterprise contains a correct enterprise-level configuration of Kaspersky Anti-
Virus, Management Console does not show the node of the new array as part of which the server has been
connected to the enterprise.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Restoration causes the following default settings of Kaspersky Anti-Virus to be saved in the configuration storage of the
enterprise:
array-level settings for the new array as part of which the server is connected to the enterprise, if the
configuration storage contains a correct enterprise-level configuration of Kaspersky Anti-Virus;
enterprise-level and array-level settings, if the enterprise-level configuration of Kaspersky Anti-Virus in the
configuration storage is incorrect or missing.
DISCONNECTING A SERVER FROM AN ARRAY OR ENTERPRISE
A server with Kaspersky Anti-Virus deployed can be disconnected from a standalone array or array within an enterprise.
The configuration of Kaspersky Anti-Virus on a server within an array or enterprise consists of two (in the case of an
array) or three (in the case of an enterprise) logical levels. After a server has been disconnected from an array or
enterprise, only the server-level settings of the application remain in the configuration storage of the server. Kaspersky
Anti-Virus deployed on the server is inoperable. At the attempt to connect Management Console to the Forefront TMG
configuration storage (see section "Connecting Management Console to the configuration storage" on page 33),
Kaspersky Anti-Virus displays a message saying that the application configuration has not been located.
To restore Kaspersky Anti-Virus functionality, perform the process of restoring the application configuration on the server
(see section "Restoring Kaspersky Anti-Virus configuration" on page 41).
Restoration causes the default array-level settings of Kaspersky Anti-Virus to be saved in the configuration storage of
the server.
REPAIRING KASPERSKY ANTI-VIRUS CONFIGURATION
To restore Kaspersky Anti-Virus functionality on a server:
1. Run the ConfigurationRepairTool.exe tool for repairing the configuration in the command line of the server.
The repair tool checks the integrity of the Kaspersky Anti-Virus configuration in the configuration storage.
If the application configuration is missing or corrupted, the tool prompts you to specify the settings needed to
repair the configuration.
Page 42
I N S T A L L A T I O N G U I D E
42
2. When prompted, specify the following settings:
Number of the port for connecting Management Console to the server for the ISA/TMG Firewall Policy rule
(for example, 5000).
Name of the SQL Server hosting the Backup and Reporting database (for example, Server\SQLExpress).
Name of the Backup and Reporting database (for example, kav4isatmg).
Mode of user authentication on the SQL server (1, if the connection is established using a Windows user
account, or 2, if the connection is established using SQL Server authentication).
Login name of the account for connecting to the SQL server (for example, Administrator).
Password of the account for connecting to the SQL server (for example, 1234).
Restoration causes the following default settings of Kaspersky Anti-Virus to be saved in the configuration storage:
array-level settings, if the array-level configuration in the configuration storage was incorrect or missing;
enterprise-level and array-level settings, if the enterprise-level and array-level configuration in the configuration
storage was incorrect or missing.
The server-level configuration of Kaspersky Anti-Virus remains unchanged. The application on the server is functional.
REPAIRING THE APPLICATION
If Kaspersky Anti-Virus files in the installation folder have been corrupted or accidentally deleted, you can restore
application functionality using the repair process.
The repair process is performed using the Repair Wizard.
You can cancel the repair process at any step of the Wizard.
To repair the application, you must close Kaspersky Anti-Virus Management Console.
To repair Kaspersky Anti-Virus on a server:
1. Open the Installation Wizard using the standard software management tools in Microsoft Windows. Click Next.
2. In the Change, Repair or Remove components window click the Repair button.
3. In the Application is ready to repair Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG window, click the Repair button. The Repair Wizard shows the application repair progress.
The Microsoft Firewall service needs to be restarted during the repair process. The Installation Wizard shows a
prompt for the service to be stopped. Click OK to confirm that you want the service to stop.
Click Cancel if you do not want the service to stop. This aborts the Kaspersky Anti-Virus repair process.
4. Click the Finish button to close the Installation Wizard.
Before closing the window, the Installation Wizard removes all temporary objects and data created during the
process, and restarts the Microsoft Firewall service that it stopped during installation.
The restore process does not affect the Kaspersky Anti-Virus settings saved in the Microsoft ISA Server / Forefront TMG
configuration storage.
Page 43
A P P L I C A T I O N D E P L O Y M E N T
43
IN THIS SECTION
About Kaspersky Anti-Virus removal.......................................................................................................................... 43
Removing the application from a server ..................................................................................................................... 44
REMOVING THE APPLICATION
This section covers Kaspersky Anti-Virus removal from a server and contains application removal instructions.
ABOUT KASPERSKY ANTI-VIRUS REMOVAL
Kaspersky Anti-Virus is removed separately from each server.
In the case of the Standalone array and Enterprise deployment models (see section "Standard application deployment models" on page 16), you can remove Kaspersky Anti-Virus from all servers in an array / enterprise or only from one or
several servers. After Kaspersky Anti-Virus has been removed from one or several servers, its operation on the
remaining servers is unaffected.
If Kaspersky Anti-Virus is deployed on servers within arrays, it is recommended to install the application on each server
in the array to ensure anti-virus protection of the network.
While removing Kaspersky Anti-Virus from a server, the Installation Wizard performs the following operations:
Removes Kaspersky Anti-Virus components and data created during the operation of the application (including
the Kaspersky Anti-Virus data storage folder) from the server where the application is being removed.
Removes Backup and Reporting database entries about Backup objects of this server.
Removes Kaspersky Anti-Virus event notifications registered in Microsoft ISA Server / Forefront TMG.
Registered Kaspersky Anti-Virus notifications are removed upon Kaspersky Anti-Virus removal from the current
server only if the deployment model does not contain other servers on which the application is deployed.
Removes the Kaspersky Anti-Virus configuration from the Microsoft ISA Server / Forefront TMG configuration
storage.
The removal of the Kaspersky Anti-Virus configuration from the Microsoft ISA Server / Forefront TMG
configuration storage depends on the Kaspersky Anti-Virus deployment model and the presence of servers that
use settings of each level in the deployment model.
Standalone server deployment model – when Kaspersky Anti-Virus is removed from the current server, the
Kaspersky Anti-Virus configuration and registered Kaspersky Anti-Virus notifications are completely
removed from the configuration storage.
Standalone array deployment model – when Kaspersky Anti-Virus is removed from the current server, the
configuration is removed depending on whether or not the array contains other servers with Kaspersky AntiVirus installed:
If there are other servers with Kaspersky Anti-Virus besides the current server, only the server-level
configuration (for the current server) is removed from the configuration storage.
If there are no other servers with Kaspersky Anti-Virus besides the current server, the Kaspersky Anti-
Virus configuration is removed completely.
Page 44
I N S T A L L A T I O N G U I D E
44
Enterprise deployment model – when Kaspersky Anti-Virus is removed from the current server, the
configuration is removed depending on whether or not the array / enterprise contains other servers with
Kaspersky Anti-Virus installed:
If the array contains other servers with Kaspersky Anti-Virus besides the current server, only the
server-level configuration (for the current server) is removed from the configuration storage.
If the array does not contain other servers with Kaspersky Anti-Virus besides the current server, while
Kaspersky Anti-Virus is installed on servers in other arrays of the enterprise, only the server-level
configuration (for the current server) and the array-level configuration (for the array that contains the
current server) is removed from the configuration storage.
If the enterprise contains no other servers with Kaspersky Anti-Virus besides the current server, the
Kaspersky Anti-Virus configuration is removed completely upon Kaspersky Anti-Virus removal from the
current server.
REMOVING THE APPLICATION FROM A SERVER
Kaspersky Anti-Virus can be removed using standard installation and removal tools for Microsoft Windows applications.
All application removal operations are performed in the windows of the Installation Wizard.
You can cancel the removal process at any step of the Wizard. If the removal process is canceled, the Installation Wizard
rolls back all system changes and closes.
If errors occur during the removal process, an error message is displayed, but the removal process is not interrupted.
To remove the application, you must close Kaspersky Anti-Virus Management Console.
To remove Kaspersky Anti-Virus from a server:
1. Open the Installation Wizard using the standard software management tools in Microsoft Windows. Click Next.
2. In the Change, Repair or Remove components window click the Remove button.
3. In the Application is ready to remove Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG window, click the Remove button. The Installation Wizard shows the application removal progress.
The Microsoft Firewall service needs to be restarted during the removal process. The Installation Wizard shows
a prompt for the service to be stopped. Click OK to confirm that you want the service to stop.
Click Cancel if you do not want the service to stop. This aborts the Kaspersky Anti-Virus removal process.
4. Click the Finish button to close the Installation Wizard.
Before closing the window, the Installation Wizard removes all temporary objects and data created during the
process, and restarts the Microsoft Firewall service that it stopped during installation.
Page 45
45
CONTACTING THE TECHNICAL SUPPORT
IN THIS SECTION
Ways to receive technical support ............................................................................................................................. 45
Technical support by phone ...................................................................................................................................... 45
Obtaining technical support via My Kaspersky Account .............................................................................................. 45
SERVICE
This section provides information on how to obtain technical support and the requirements for receiving help from
Technical Support.
WAYS TO RECEIVE TECHNICAL SUPPORT
If you have not found a solution for your problem in the application manual or in one of the sources of information about
the application (see the "Sources of information about the application" section on page 8), we recommend contacting
Kaspersky Lab Technical Support. Technical Support specialists will answer your questions about installing or using the
application.
Before contacting Technical Support, review the technical support rules (http://support.kaspersky.com/support/rules).
You can contact Technical Support in one of the following ways:
Over the phone. This method allows you to consult with specialists from our Russian-language or international
Technical Support.
Send a request from My Kaspersky Account on the website of Technical Support. This method allows you to
contact Technical Support specialists through a request form.
Technical support is only available to users who have purchased a commercial license. Users who received a trial
license are not entitled to technical support.
TECHNICAL SUPPORT BY PHONE
If an urgent issue arises, you can call specialists from Russian-speaking or international Technical Support by phone
(http://support.kaspersky.com/support/international).
Before contacting Technical Support, please read the support rules (http://support.kaspersky.com/support/details). This
will allow our specialists to help you more quickly.
OBTAINING TECHNICAL SUPPORT VIA MY KASPERSKY
ACCOUNT
My Kaspersky Account is your personal area (https://support.kaspersky.com/ru/personalcabinet?LANG=en) on the
Technical Support website.
Page 46
I N S T A L L A T I O N G U I D E
46
To access My Kaspersky Account, complete registration on the registration page
(https://support.kaspersky.com/ru/personalcabinet/registration/?LANG=en) and receive a customer ID and password for
accessing My Kaspersky Account. You have to specify the key file (for details on key files see the Administrator's Guide to Kaspersky Anti-Virus 8.5 for Microsoft ISA Server and Forefront TMG.
Under My Kaspersky Account, you can perform the following actions:
Contact Technical Support and the Anti-Virus Lab
Contact Technical Support without using email.
Track the status of your requests in real time.
View a detailed history of your Technical Support requests.
Receive a copy of the key file if it is lost or deleted.
Technical Support by email
You can send an online request to Technical Support in English, Russian, German, French, or Spanish.
In the fields of the online request form, specify the following data:
Request type
Application name and version number
Request description
Customer ID and password
Email address
A specialist from the Technical Support Service sends an answer to your question to your My Kaspersky Account and to
the email address that you have specified in your online request.
Online request to the Anti-Virus Lab
Some requests must be sent to the Anti-Virus Lab instead of Technical Support.
You can send requests of the following types to the Anti-Virus Lab:
Unknown malicious program – You suspect that a file contains a virus, but Kaspersky Anti-Virus does not label it
as infected.
Anti-Virus Lab specialists analyze submitted malicious code. On detecting a previously unknown virus, they add
its signature the database, which is available through updates of anti-virus applications.
False alarm – Kaspersky Anti-Virus labels the file as a virus, but you are sure that the file is not a virus.
Request for description of malicious program – You want to receive the description of a virus that Kaspersky
Anti-Virus detects, based on the name of the virus.
You can also send requests to the Anti-Virus Lab from the request form page
(http://support.kaspersky.com/virlab/helpdesk.html) without being registered in My Kaspersky Account.
Page 47
47
GLOSSARY
A
A C T I V A T I O N O F T H E A P P L I C A T I O N
Enabling the fully functional mode of the application. The user performs activation during or after installation of the
application. The user needs a key file to activate the application.
A C T I V E K E Y
A key currently used by the application.
A D D I T I O NA L K E Y
A key entitling the user to use the application, which is not currently in use.
A N T I - V I R U S S C A N P O L I C Y
A policy that defines the settings of threat detection and actions taken on detected objects.
B
B A C K UP
A special storage for backup copies of files that are created before the first attempt at disinfection or deletion.
B A C K UP A N D R E P O R T I N G D A T A B A S E
An SQL server database that stores statistics of application performance and information about objects detected by
Kaspersky Anti-Virus and moved to Backup.
B A C K UP C O P Y I N G
Creation of a backup copy of a file prior to disinfection or deletion, and placement of this copy in Backup with the
possibility of subsequently saving the file to a local or network drive, for example to scan it with updated databases.
B L A C K L I S T O F K E Y S
A database containing information about keys blocked by Kaspersky Lab. The contents of the black list file are updated
along with the databases.
B L O C K I N G O F A N O B J E C T
An instance of third-party applications being prohibited from accessing an object. A blocked object cannot be read,
executed, modified or deleted.
C
C O N T A I N E R O B J E C T
An object consisting of several objects, for example, an archive or a message with an attached letter. Also see "simple
object".
D
D E L E T I N G A N O B J E C T
The method of processing objects which ends in it being physically deleted from its original location (hard drive, folder,
network resource). We recommend that this method be applied to dangerous objects which, for whatever reason, cannot
be disinfected.
D I S I N F E C T I O N
A method of processing infected objects that results in complete or partial recovery of data. Not all infected objects can
be disinfected.
Page 48
I N S T A L L A T I O N G U I D E
48
E
E X C L U S I O N P O L I C Y
A policy that defines the settings of object exclusion from anti-virus scanning.
H
H E U R I S T I C A N A L Y Z E R
A technology for detecting threats whose signatures are not yet present in the Kaspersky Lab databases. Heuristic
analyzer detects objects whose behavior in the system resembles that of threats. Objects detected by the heuristic
analyzer are considered probably infected. For example, an object containing a sequence of commands typical of
malware (opening a file, writing to file) can be flagged as probably infected.
I
I N F E C T E D O B J E C T
An object containing a code portion completely matching the same code portion of a known threat. Kaspersky Lab does
not recommend using such objects.
K
K A S P E R S K Y A N T I -V I R U S D A T A B A S E S
Databases containing descriptions of computer security threats known to Kaspersky Lab at the time of database release.
Records in the databases enable the detection of malicious code in the objects being scanned. The databases are
maintained by Kaspersky Lab experts and updated every hour.
K A S P E R S K Y L A B U P D A T E S E R V E R S
HTTP and FTP servers of Kaspersky Lab from which the application downloads database and module updates.
K E Y F I L E
A file in the xxxxxxx.key format. The key file is provided when you purchase the application. The application can be used
only with a key file.
L
L I C E NS E
A time-limited right to use the application, granted under the End User License Agreement.
L I C E NS E T E R M
License term – a time period during which you are entitled to use the application functionality and additional services.
Available functionality and specific additional services depend on the license type.
P
P O L I C Y
One or several rules defining the anti-virus protection settings applied only to select connections and protocols.
The application uses three types of policies: protocol policy, exclusion policy, and anti-virus scan policy.
P R O B A B L Y I N F E C T E D O B J E C T
An object containing a modified code of a known threat or a code whose behavior resembles the code of a threat.
P R O T OC O L P O L I C Y
A policy that defines the FTP and HTTP traffic handling settings.
Page 49
G L O S S A R Y
49
S
S I M P L E OB J E C T
Message body or simple attachment, for example, an executable file. See also container object.
T
T R A F F I C S C A N N I N G
Scanning of objects transmitted over protocols (such as HTTP, FTP, SMTP, POP3) in real time with the use of data in
the current (latest) Kaspersky Anti-Virus database.
U
U P D A T E
A Kaspersky Lab feature that keeps your computer protection up to date. During the update, the application copies
Kaspersky Anti-Virus database updates from the update source, installs and applies them.
Page 50
50
KASPERSKY LAB
Kaspersky Lab website:
http://www.kaspersky.com
Virus Encyclopedia:
http://www.securelist.com/en/
Anti-Virus Lab:
newvirus@kaspersky.com (only for sending probably infected files
in archives)
http://support.kaspersky.com/virlab/helpdesk.html
(for requests to virus analysts)
Kaspersky Lab web forum:
http://forum.kaspersky.com
Kaspersky Lab is a world-renowned manufacturer of systems for computer protection against threats: viruses and other
malware, unsolicited email messages (spam), network and hacking attacks.
In 2008, Kaspersky Lab entered the Top-4 world leading vendors of software solutions for endpoint data protection
(according to the rating by "IDC Worldwide Endpoint Security Revenue by Vendor"). According to a study held by
COMCON TGI-Russia 2009, Kaspersky Lab is the favorite vendor of protection systems for home users in Russia.
Kaspersky Lab was founded in 1997 in Russia. Today Kaspersky Lab is an international group of companies
headquartered in Moscow and running five regional divisions that manage the company's activities in Russia, Western
and Eastern Europe, the Middle East, Africa, Northern and Southern America, Japan, China, and other countries of the
Asia-Pacific region. Over 2.000 highly skilled specialists are employed by the company.
Products. Kaspersky Lab products protect both home computers and enterprise networks.
The range of personal products includes anti-virus applications for desktop and laptop computers, handheld computers,
smartphones, and other mobile devices.
The company offers applications and services for the protection of workstations, file servers, web servers, mail gateways,
and firewalls. Using those solutions together with centralized management tools allows building and benefiting an
efficient automated protection of your organization against computer threats. Kaspersky Lab products are certified by
major test labs, compatible with applications from numerous software vendors, and optimized for use on many hardware
platforms.
Virus analysts work 24/7 at Kaspersky Lab. Every day they find hundreds of new computer threats, create tools for
detecting and neutralizing them, and add them to the databases used by Kaspersky Lab applications. The anti-virus database of Kaspersky Lab is updated hourly, the Anti-Spam database is updatedevery 5 minutes.
Technologies. Many of the technologies that make part of any modern anti-virus were first developed at Kaspersky Lab.
That is why the anti-virus kernel of Kaspersky Anti-Virus has been integrated by many third-party software vendors into
their own products, such as SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software
Technologies (Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86
Security (USA), GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France),
NETGEAR (USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), and ZyXEL
Communications (Taiwan). Many of the company's innovative technologies have been secured with patents.
Achievements. Over the years at war with computer threats Kaspersky Lab has earned hundreds of awards. For
instance, in 2010, Kaspersky Anti-Virus received several top-level Advanced+ awards after tests held by AVComparatives, a renowned Austrian anti-virus lab. But the most important award to Kaspersky Lab is the loyalty of users
from all over the world. The company's products and technologies protect over 300 million users. The number of
organizations being the company's customers exceeds 200.000.
Page 51
51
INFORMATION ON THIRD-PARTY CODE
Information about third-party code is contained in the file legal_notices.txt, in the application installation folder.
Page 52
52
TRADEMARK NOTICES
Registered trademarks and service marks are the property of their respective owners.
Forefront, Microsoft, SQL Server, Windows, Windows Server и Windows Vista are trademarks of Microsoft Corporation
registered in the USA and elsewhere.
Page 53
53
INDEX
A
Activation of the application .............................................................................................................................. 30, 36
Standalone server ................................................................................................ ........................................... 16
Removing the application ...................................................................................................................................... 43
Repairing the application....................................................................................................................................... 42
Repairing the configuration ................................................................................................................................... 37
S
Security Server ..................................................................................................................................................... 13
T
Types of installation .............................................................................................................................................. 24
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.