KASPERSKY Endpoint Security Smartphone 8.0 User Manual

Kaspersky Endpoint Security 8 for Smartphone

Implementation guide

PROGRAM VERSION: 8.0

Dear User!

Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers regarding this software product.

Note! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by applicable law.

Reproduction or distribution of any materials in any format, including translations, is only allowed with the written permission of Kaspersky Lab.

This document, and graphic images related to it, may be used exclusively for informational, non-commercial, and personal purposes.

Kaspersky Lab reserves the right to amend this document without additional notification. You can find the latest version of this document at the Kaspersky Lab website, at http://www.kaspersky.com/docs.

Kaspersky Lab shall not be liable for the content, quality, relevance, or accuracy of any materials used in this document for which the rights are held by third parties, or for any potential or actual losses associated with the use of these materials.

Document last revised on: February 8, 2012

http://www.kaspersky.com

http://support.kaspersky.com

TABLE OF CONTENTS

ABOUT THIS HELP ....................................................................................................................................................... 6

In this document ....................................................................................................................................................... 6

Document conventions ............................................................................................................................................. 7

ADDITIONAL SOURCES OF INFORMATION ............................................................................................................... 8

Information sources for further research ................................................................................................................... 8

Discussion of Kaspersky Lab applications on the Web forum .................................................................................. 9

Contacting the User Documentation Development Group ........................................................................................ 9

KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE ................................................................................... 10

What's new ............................................................................................................................................................. 11

Distribution kit ......................................................................................................................................................... 12

Hardware and software requirements ..................................................................................................................... 14

ABOUT KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE COMPONENTS ........................................... 15

Anti-Virus ................................................................................................................................................................ 15

Protection .......................................................................................................................................................... 16

On-demand scans ............................................................................................................................................. 16

Update .............................................................................................................................................................. 17

Anti-Theft ................................................................................................................................................................ 17

Block ................................................................................................................................................................. 18

Data Wipe ......................................................................................................................................................... 18

SIM Watch ........................................................................................................................................................ 18

GPS Find .......................................................................................................................................................... 19

Privacy Protection ................................................................................................................................................... 19

Anti-Spam ............................................................................................................................................................... 19

Firewall ................................................................................................................................................................... 20

Encryption ............................................................................................................................................................... 20

MANAGING LICENSES ................................................................................................................................ ............... 21

About the License Agreement ................................................................................................................................ 21

About Kaspersky Endpoint Security 8 for Smartphone licenses ............................................................................. 21

A bout Kaspersky Endpoint Security 8 for Smartphone key file .............................................................................. 22

Activating the application ........................................................................................................................................ 23

DEPLOYING THE APPLICATION THROUGH KASPERSKY SECURITY CENTER ................................................... 24

Framework for managing the application through Kaspersky Security Center ....................................................... 24

Schemes of deployment through Kaspersky Security Center ................................................................................. 25

Deploying the application through a workstation ............................................................................................... 26

Scheme for deploying the application by sending an email .............................................................................. 26

Preparing to deploy the application through Kaspersky Security Center ................................................................ 27

Installing the Administration Server ................................................................................................................... 28

Updating the Administration Server component ................................................................................................ 28

Configuring Administration Server settings ....................................................................................................... 29

Installing the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone ......................................... 30

Placing the application distribution package on the ftp/http server. ................................................................... 30

Installing the application through a workstation ...................................................................................................... 30

Creating an installation package. ...................................................................................................................... 31

Configuration of installation package settings ................................................................................................... 32

I M P L E M E N T A T I O N G U I D E

Creating a deployment task .............................................................................................................................. 34

Delivering the application distribution package to a mobile device through a workstation ................................ 41

Installing the application on a mobile device through a workstation .................................................................. 42

Installing the application by sending an email......................................................................................................... 42

Creating a message with the application distribution package .......................................................................... 42

Installing the application on a mobile device after receiving an email message................................................ 44

Installing a license through Kaspersky Security Center .......................................................................................... 44

Using policies ......................................................................................................................................................... 44

Creating a policy ............................................................................................................................................... 45

Configuring policy settings ................................................................................................................................ 54

Applying a policy ............................................................................................................................................... 54

Allocating devices to the Managed computers group ............................................................................................. 54

Allocating devices to a group manually ............................................................................................................. 55

Configuring automatic allocation of devices to a group ..................................................................................... 56

Configuring local application settings ..................................................................................................................... 58

Settings of Kaspersky Endpoint Security 8 for Smartphone ................................................................................... 59

Settings for Scan on request ............................................................................................................................. 60

Settings for Protection ................................................................................................................................ ....... 61

Settings for Update ........................................................................................................................................... 63

Settings for Anti-Theft ....................................................................................................................................... 65

Settings for Firewall .......................................................................................................................................... 70

Settings for synchronization of devices with the Administration Server ............................................................ 71

Settings for Anti-Spam and Privacy Protection ................................................................................................. 72

Settings for Encryption ...................................................................................................................................... 73

Uninstalling the application ..................................................................................................................................... 74

DEPLOYING THE APPLICATION THROUGH MS SCMDM ........................................................................................ 75

Framework for managing the application through MDM ......................................................................................... 76

Scheme of application deployment through MDM .................................................................................................. 77

Preparing for deployment of the application through MDM ..................................................................................... 78

A bout the administrative template .................................................................................................................... 78

Installing the administrative template ................................................................................................................ 78

Configuring the administrative template ............................................................................................................ 79

Activating the application ................................................................................................................................ 102

Installation and deletion of the application on mobile devices .............................................................................. 103

Creating an installation package. .................................................................................................................... 103

Installing the application on mobile devices .................................................................................................... 114

Deleting the application from mobile devices .................................................................................................. 115

DEPLOYING THE APPLICATION THROUGH SYBASE AFARIA ............................................................................. 116

Framework for managing the application through Sybase Afaria ......................................................................... 116

Scheme for deploying the application through Sybase Afaria............................................................................... 117

Preparing to deploy Kaspersky Endpoint Security 8 for Smartphone ................................................................... 118

Installing the policy administration utility ............................................................................................................... 119

Creating a policy. Configuring settings for Kaspersky Endpoint Security 8 for Smartphone ................................. 119

Configuring the settings for the Protection option ........................................................................................... 121

Configuring the settings for the Scan on request option ................................................................................. 122

Configuring the settings for updating the anti-virus databases ....................................................................... 124

Configuring the settings for the Anti-Theft component .................................................................................... 125

Configuring the settings for the Firewall component ....................................................................................... 132

T A B L E O F C O N T E N T S

Configuring the settings for the Encryption component ................................................................................... 133

Configuring the settings for the Anti-Spam component ................................................................................... 134

Configuring the settings for the Privacy Protection component ....................................................................... 135

Configuring the settings for the license ........................................................................................................... 135

Adding a license through Sybase Afaria ............................................................................................................... 136

Editing a policy ..................................................................................................................................................... 137

Installing the application ....................................................................................................................................... 137

Creating a channel containing an application policy for devices with Microsoft Windows Mobile and Symbian OS

........................................................................................................................................................................ 138

Creating a channel containing a distribution package for devices with Microsoft Windows Mobile and Symbian OS

........................................................................................................................................................................ 139

Associating channels to install the application on devices with Microsoft Windows Mobile and Symbian OS 140

Creating a channel for devices with BlackBerry OS ........................................................................................ 141

Installing the application on mobile devices .................................................................................................... 143

Uninstalling the application ................................................................................................................................... 143

CONTACTING THE TECHNICAL SUPPORT SERVICE ........................................................................................... 144

GLOSSARY ............................................................................................................................................................... 145

KASPERSKY LAB ZAO ............................................................................................................................................. 149

INFORMATION ABOUT THIRD-PARTY CODE ........................................................................................................ 150

Distributed program code ..................................................................................................................................... 150

ADB ................................................................................................................................................................ 150

ADBWINAPI.DLL ............................................................................................................................................ 150

ADBWINUSBAPI.DLL ..................................................................................................................................... 150

Other information .................................................................................................................................................. 152

TRADEMARK NOTICE .............................................................................................................................................. 153

INDEX ........................................................................................................................................................................ 154

ABOUT THIS HELP

IN THIS SECTION

In this document ................................................................................................................................................................ 6

Document conventions ...................................................................................................................................................... 7

Thank you for using our product. We hope that the information provided in this guide will help you to use Kaspersky Endpoint Security 8 for Smartphone.

The guide is aimed at company network administrators. It contains information on how to install and configure the application on users' mobile devices through the following platforms:

 Kaspersky Security Center;

 Microsoft System Center Mobile Device Manager;

 Sybase Afaria.

Information on using Kaspersky Anti-Virus on mobile devices with various operating systems is provided in the Kaspersky Endpoint Security 8 for Smartphone User Guide for each individual operating system.

If you do not find the answer to your question about Kaspersky Endpoint Security 8 for Smartphone in this document, you can refer to other data sources (see "Additional data sources" on page 8).

IN THIS DOCUMENT

The following sections are included in the document:

 Additional sources of information (on page 8). This section includes information on where, other than in the set

of documents included in the distribution kit, you can obtain information about the application and how to approach Kaspersky Lab for information should the need arise.

 Managing licenses (on page 21). This section includes detailed information on the main concepts regarding the

licensing of Kaspersky Endpoint Security 8 for Smartphone, and on how to install and delete the license for Kaspersky Endpoint Security 8 for Smartphone on users' mobile devices.

 Kaspersky Endpoint Security 8 for Smartphone (on page 10). This section lists the main functions of Kaspersky

Endpoint Security 8 for Smartphone, the differences between Kaspersky Endpoint Security 8 for Smartphone and previous versions of the application, and the hardware and software requirements of users' mobile devices and the administrative system.

 About the components of Kaspersky Endpoint Security 8 for Smartphone (on page 15). This section includes,

for each component, a description of its purpose and operational procedure, and information about the operating systems supported by this component and the functions included in it.

 Deploying the application through Kaspersky Security Center (on page 24). This section describes the process

of deploying Kaspersky Endpoint Security 8 for Smartphone through Kaspersky Security Center.

 Deploying the application through MS SCMDM (on page 75). This section describes the process of deploying

Kaspersky Endpoint Security 8 for Smartphone through Mobile Device Manager.

A B O U T T H I S H E L P

SAMPLE TEXT

DOCUMENT CONVENTIONS DESCRIPTION

Please note that...

Warnings are highlighted in red and enclosed in frames. Warnings contain important information, for example, on safety-critical computer operations.

It is recommended to use...

Notes are enclosed in frames. Notes contain additional and reference information.

Example:

...

Examples are given by section, on a yellow background, and under the heading "Example".

Update means...

New terms are marked by italics.

ALT+F4

Names of keyboard keys appear in a bold typeface and are capitalized. Names of the keys followed by a "plus" sign indicate the use of a key

combination.

Enable

Names of interface elements, for example, input fields, menu commands, buttons, etc., are marked in a bold typeface.

To configure a task schedule:

Instructions are marked by the arrow symbol. Instruction introductory phrases are marked in italics.

help

Texts in the command line or texts of messages displayed on the screen have a special font.

Variables are enclosed in angle brackets. Instead of the variables the corresponding values are placed in each case, and the angle brackets are omitted.

 Deploying the application through Sybase Afaria (on page 116). This section describes the process of deploying

Kaspersky Endpoint Security 8 for Smartphone through Sybase Afaria.

 Contacting the Technical Support service. The section describes the rules of getting technical support.

 Glossary. This section lists the terms used in this guide.

 ZAO Kaspersky Lab (see page 149). This section presents information about Kaspersky Lab.

 Information about the use of third-party code. This section gives you information on third-party code used in the

application.

 Index. This section enables you to quickly find the required information in the document.

DOCUMENT CONVENTIONS

Document conventions described in the table below are used in this Guide.

Таблица 1. Document conventions

ADDITIONAL SOURCES OF INFORMATION

IN THIS SECTION

Information sources for further research ........................................................................................................................... 8

Discussion of Kaspersky Lab applications on the Web forum ........................................................................................... 9

Contacting the User Documentation Development Group ................................................................................................ 9

If you have any questions regarding the selection, purchase, installation or use of Kaspersky Endpoint Security 8 for Smartphone, you can find answers to them through various sources of information. You can choose the most suitable source according to how important or urgent your request is.

INFORMATION SOURCES FOR FURTHER RESEARCH

You can view the following sources of information about the application:

 the Kaspersky Lab application website;

 the application Knowledge Base page at the Technical Support Service website;

 the Help system;

 documentation.

Page on Kaspersky Lab website

http://www.kaspersky.com/endpoint-security-smartphone

Use this page to obtain general information about Kaspersky Endpoint Security 8 for Smartphone features and options. You can purchase Kaspersky Endpoint Security 8 for Smartphone or extend your license at our eStore.

The application page at the Technical Support Service website (Knowledge Base)

http://support.kaspersky.com/kes8m

This page contains articles written by experts from the Technical Support Service.

These articles contain useful information, recommendations, and the Frequently Asked Questions (FAQ) page, and cover purchasing, installing and using Kaspersky Endpoint Security 8 for Smartphone. They are arranged in topics, such as "Working with key files", "Database updates" and "Troubleshooting". The articles aim to answer questions about this Kaspersky Endpoint Security 8 for Smartphone, as well as other Kaspersky Lab products. They may also contain news from the Technical Support Service.

A D D I T I O N A L S O U R C E S O F I N F O R M A T I O N

The Help system

The Help system installed with Kaspersky Endpoint Security 8 for Smartphone includes context help for the plug-in for managing the application through Kaspersky Security Center, as well as context help sections for mobile devices with the following operating systems:

 Microsoft Windows Mobile.

 Symbian.

 BlackBerry.

 Android.

The context help contains information about the application's individual windows and tabs.

Documentation

The set of documentation for Kaspersky Endpoint Security 8 for Smartphone contains most of the information needed in order to work with it. The set includes the following documents::

 User Guide. Guides for using the application on Windows Mobile, Symbian, BlackBerry and Android mobile

devices. Each user guide contains information to enable the user to independently install, configure and activate the application on a mobile device.

 Implementation Guide. The implementation guide enables the administrator to install and configure the

application on users' mobile devices through the following platforms:

 Kaspersky Security Center;

 Microsoft System Center Mobile Device Manager.

 Sybase Afaria.

DISCUSSION OF KASPERSKY LAB APPLICATIONS ON THE WEB FORUM

If your question does not require an immediate answer, you can discuss it with Kaspersky Lab experts and other users in our forum at http://forum.kaspersky.com/index.php?showforum=5.

In the forum you can view existing discussions, leave your comments, and create new topics, or use the search engine for specific enquiries.

CONTACTING THE USER DOCUMENTATION DEVELOPMENT GROUP

If you have any questions about the documentation, or you have found an error in it, or would like to leave a comment, please contact our Technical Documentation Development group. To contact the Documentation Development Group send an email to docfeedback@kaspersky.com. Use the subject line: "Kaspersky Help Feedback: Kaspersky Endpoint Security 8".

KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE

Kaspersky Endpoint Security 8 for Smartphone protects mobile devices working with the operating systems Symbian, Microsoft Windows Mobile, BlackBerry and Android from known and new threats, and unwanted calls and SMS messages. The application allows monitoring outgoing SMS messages, network activity, and protect confidential information against unauthorized access. Every type of threat is processed in separate components of the program. This allows to fine-tune the application settings depending on user needs.

Kaspersky Endpoint Security 8 for Smartphone supports these remote administration systems: Kaspersky Security Center, MS SCMDM and Sybase Afaria. The network administrator can use these systems' features to remotely:

 install the application on mobile devices;

 delete the application from devices through MS SCMDM;

 configure application settings, either for several devices at the same time, or for each individual device

separately;

 create in Kaspersky Security Center reports on the operation of the application components installed on mobile

devices.

Kaspersky Endpoint Security 8 for Smartphone includes the following protection components:

 Protection. Protects the mobile device's file system against infections. The Protection component is initiated

when starting the operating system, it is always in the device's operating memory and verifies all open, saved and started files on the device, including on memory cards. Furthermore, the Protection verifies all incoming files for the existence of known viruses. You can continue working with file if the object is not infected or has been successfully disinfected.

 Scanning the device. Helps detect and neutralize malicious objects on the mobile device. It is essential to scan

the device regularly to prevent the spread of any malicious objects that have not been detected by Protection.

 Anti-Spam. Scans all incoming SMS messages and calls for spam. The component allows blocking all SMS

messages and calls, which are regarded as unsolicited. Filtering of messages and calls is carried out by using a Black List and/or White List of numbers. All SMS messages and calls from numbers included in the Black List are blocked. SMS and calls from numbers included in the White List are always delivered to the mobile device. The component also allows you to configure the application's reaction to SMS messages from non-numeric numbers, and to calls and SMS messages from numbers that are not in Contacts.

 Anti-Theft folder. Protects the information on the device from unauthorized access, when it is lost or stolen.

This component allows the blocking of the device in the event of theft or loss, deletes confidential information and controls SIM card usage and determines the geographical coordinates of the device (if a mobile device is equipped with a GPS receiver).

 Privacy Protection. Hides confidential user information when the device is used by other persons. The

component allows the displaying or hiding of all information related to specified subscriber numbers, for instance details in the Contact list, SMS correspondence or entries in the calls log. The component also allows you to hide the delivery of incoming calls and SMS messages from specified numbers.

 Firewall folder. Checks the network connections on the mobile device. The component allows you to specify

connections to be allowed or blocked.

 Encryption folder. Protects information from being viewed by third parties even if access to the device is

achieved. The component encrypts any amount of non-system folders which are in the device's onboard memory or on a storage card. The data in the folder become available only after the secret code is entered.

Furthermore, the application contains a set of service features. They are designed to keep the application up-to-date, enhance its performance and help users.

K A S P E R S K Y E N D P O I N T S E C U R I T Y 8 F O R S M A R T P H O N E

IN THIS SECTION

What's new ...................................................................................................................................................................... 11

Distribution kit .................................................................................................................................................................. 12

Hardware and software requirements ............................................................................................................................. 14

 Updating the application's databases. This function keeps Kaspersky Endpoint Security 8 for Smartphone

databases up-to-date. Updates can be started by the device's user manually, or in accordance with a schedule, which is set in the application settings.

 Protection status. The status of the program components is displayed on screen. On the basis of the information

presented, users can assess the current protection status of their device.

 Events log. Each of the application's components has its own events log, which contains information on the

component's operation (for instance, completed operation, data on a blocked object, scan report, updates).

 License tab. When you purchase Kaspersky Endpoint Security 8 for Smartphone, a license agreement is made

between your company and Kaspersky Lab, according to which the company's employees can use the application and access application database updates and the Technical Support Service for a specified period of time. The terms of use and other information required for full-feature application operation are indicated in the license.

Kaspersky Endpoint Security 8 for Smartphone does not back up and subsequently restore data.

WHAT'S NEW

The differences between Kaspersky Endpoint Security 8 for Smartphone and previous versions of the application are:

 Support for new platforms: Sybase Afaria and Microsoft System Center Mobile Device Manager (MS SCMDM).

 Installation of the application on devices by the delivery of email messages.

 Access to the application is protected by a secret code.

 The list of executable files scanned by the application in the event of a restriction of the type of files scanned by

Protection and Scan is extended. The application's executable files of the following formats are scanned: EXE, DLL, MDL, APP, RDL, PRT, PXT, LDD, PDD, CLASS. If the archive scan function is enabled, the application unpacks and scans archives in the following formats: ZIP, JAR, JAD, SIS, SISX, RAR and CAB.

 Privacy Protection can hide the following information for confidential contacts: entries in Contacts, SMS

correspondence and new incoming SMS messages and incoming calls. Confidential information is accessible for viewing for hiding is disabled.

 Encryption allows encrypting folders saved in the device's memory or on a memory card. The component

protects confidential data in encrypted mode and allows access to encrypted information only when the application secret code is entered.

 A new function GPS Find is enabled in the updated Anti-Theft: if the device is lost or stolen, its geographical

coordinates can be picked up on a telephone number or indicated email address. Also, in Anti-Theft, an updated function Data Wipe can remotely delete not just the user's personal information kept in the memory of the telephone or on the storage card, but also files from the list of folders to be deleted.

 To economize on traffic, an option has been added to automatically disable application database updates when

the mobile device is in a roaming zone.

I M P L E M E N T A T I O N G U I D E

 A new service function has been added, called Display prompts: Kaspersky Endpoint Security 8 for Smartphone

shows a short description of a component before configuration of its settings.

 Support for Android OS devices has been added.

DISTRIBUTION KIT

You can purchase Kaspersky Endpoint Security 8 for Smartphone from one of our partners or an Internet shop (e.g.

http://www.kaspersky.com, eStore section). In addition, Kaspersky Endpoint Security 8 for Smartphone is supplied as

part of all products from the Kaspersky Open Space Security product line.

When purchasing Kaspersky Endpoint Security 8 for Smartphone at eStore, you make an order. On purchasing, you receive an information message by email, which contains a key file for activating the application and a URL that you can use to download the application installation package. For detailed information about purchasing the application and receiving the distribution kit, please contact our sales department at sales@kaspersky.com.

If your organization is using Kaspersky Security Center to deploy Kaspersky Endpoint Security 8 for Smartphone, the distribution package will include klcfginst.exe (installer file for the plug-in enabling administration of Kaspersky Endpoint Security 8 for Smartphone via Kaspersky Security Center) and the self-extracting archive KES8_forAdminKit_ru.exe, which contains the following files necessary to install the application on mobile devices:

 endpoint_8_0_x_xx_en.cab – application installation file for the Microsoft Windows Mobile operating system;

 endpoint8_mobile_8_x_xx_eu4_signed.sis – application installation file for the Symbian operating system;

 Endpoint8_Mobile_8_x_xx_release.zip – application installation file for the BlackBerry operating system;

 Endpoint8_8_x_xx_release.apk – application installation file for the Android operating system;

 AdbWinUsbApi.dll, AdbWinApi.dll, adb.exe – set of files required to install the application on devices with the

Android operating system;

 installer.ini – configuration file containing the settings for connection to the Administration Server;

 kmlisten.ini – configuration file containing the settings for the utility delivering the installation package;

 kmlisten.kpd – the application description file;

 kmlisten.exe – utility delivering the installation package to a mobile device through a workstation;

 Documentation:

 Implementation Guide for Kaspersky Endpoint Security 8 for Smartphone;  User Guide for Kaspersky Endpoint Security 8 for Smartphone for Microsoft Windows Mobile;  User Guide for Kaspersky Endpoint Security 8 for Smartphone for Symbian OS;  User Guide for Kaspersky Endpoint Security 8 for Smartphone for BlackBerry OS;  User Guide for Kaspersky Endpoint Security 8 for Smartphone for Android OS;  Context help for the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone;  Context help for the application for Microsoft Windows Mobile;  Context help for the application for Symbian OS;  Context help for the application for BlackBerry OS;  Context help for the application for Android OS;

K A S P E R S K Y E N D P O I N T S E C U R I T Y 8 F O R S M A R T P H O N E

If your organization is using Mobile Device Manager to deploy Kaspersky Endpoint Security 8 for Smartphone, the distribution package will include the self-extracting archive KES8_forMicrosoftMDM_en.exe, which contains the following files that are necessary to install the application on mobile devices:

 endpoint_MDM_Afaria_8_0_x_xx_en.cab – application installation file for the Microsoft Windows Mobile

operating system;

 endpoint8_en.adm – administrative template file for managing policies, which contains their settings;

 endpoint8_ca.cer – certification center's certificate file;

 endpoint8_cert.cer – certificate file used to sign the application installation file;

 kes2mdm.exe – utility for converting the application key file;

 kl.pbv, licensing.dll, oper.pbv – set of auxiliary files required for the kes2mdm.exe utility;

 Documentation:

 Implementation Guide for Kaspersky Endpoint Security 8 for Smartphone;

 User Guide for Kaspersky Endpoint Security 8 for Smartphone for Microsoft Windows Mobile;

 Context help for the application for Microsoft Windows Mobile;

If your organization is using Sybase Afaria to deploy Kaspersky Endpoint Security 8 for Smartphone, the distribution package will include the self-extracting archive KES8_forSybaseAfaria_en.exe, which contains the following files that are necessary to install the application on mobile devices:

 endpoint_MDM_Afaria_8_0_x_xx_en.cab – application installation file for the Microsoft Windows Mobile

operating system;

 endpoint8_mobile_8_x_xx_eu4.sisx – application installation file for the Symbian operating system;

 Endpoint8_Mobile_Installer.cod – application installation file for the BlackBerry operating system;

 KES2Afaria.exe – utility for managing the policy for Kaspersky Endpoint Security 8 for Smartphone;

 kl.pbv, licensing.dll, oper.pbv – set of required auxiliary files included with the KES2Afaria.exe utility;

 Documentation:

 Implementation Guide for Kaspersky Endpoint Security 8 for Smartphone;

 User Guide for Kaspersky Endpoint Security 8 for Smartphone for Microsoft Windows Mobile;

 User Guide for Kaspersky Endpoint Security 8 for Smartphone for Symbian OS;

 User Guide for Kaspersky Endpoint Security 8 for Smartphone for BlackBerry OS;

 Context help for the application for Microsoft Windows Mobile;

 Context help for the application for Symbian OS;

 Context help for the application for BlackBerry OS;

I M P L E M E N T A T I O N G U I D E

HARDWARE AND SOFTWARE REQUIREMENTS

For Kaspersky Endpoint Security 8 for Smartphone to function correctly, the users' mobile devices must fulfill the following requirements.

Hardware requirements:

 Symbian OS 9.1, 9.2, 9.3, 9.4 Series 60 UI, Symbian^3 (only for Nokia mobile devices), Symbian Belle;

 Windows Mobile 5.0, 6.0, 6.1, 6.5.

 BlackBerry 4.5, 4.6, 4.7, 5.0, 6.0.

 Android 1.6, 2.0, 2.1, 2.2, 2.3, 3.x, 4.0.

To deploy Kaspersky Endpoint Security 8 for Smartphone on a network, the remote administration system must fulfill the following minimum requirements:

Software requirements:

 Kaspersky Security Center 9.0.

 Mobile Device Manager Software Distribution Microsoft Corporation Version: 1.0.4050.0000 (SP).

 System Center Mobile Device Manager Microsoft Corporation Version: 1.0.4050.0000.

 Sybase Afaria 6.50.4607.0.

ABOUT KASPERSKY ENDPOINT SECURITY

IN THIS SECTION

Anti-Virus ......................................................................................................................................................................... 15

Anti-Theft ......................................................................................................................................................................... 17

Privacy Protection ........................................................................................................................................................... 19

Anti-Spam ....................................................................................................................................................................... 19

Firewall ............................................................................................................................................................................ 20

Encryption ....................................................................................................................................................................... 20

IN THIS SECTION

Protection ................................................................ ........................................................................................................ 16

On-demand scans ........................................................................................................................................................... 16

Update............................................................................................................................................................................. 17

8 FOR SMARTPHONE COMPONENTS

Kaspersky Endpoint Security 8 for Smartphone includes the following components:

 Anti-Virus (on page 15).

 Anti-Theft (on page 17).

 Privacy Protection (on page 19).

 Anti-Spam (on page 19).

 Firewall (on page 20).

 Encryption (on page 20).

This section includes, for each component, a description of its purpose and operational procedure, and information about the operating systems supported by this component and the functions included in it.

ANTI-VIRUS

The Anti-Virus component provides anti-virus protection for mobile devices. It includes the following functions: Protection (see page 16), Scan on request (see page 16), Update (see page 17).

I M P L E M E N T A T I O N G U I D E

PROTECTION

Protection scans all running processes in the file system, monitors events on the device, and scans all new, opened and modified files (including ones located on the memory card), and installed applications for malicious code immediately before they are called by the user.

Protection operates as follows:

1. Protection launches when the operating system starts up.

2. Protection scans files of the selected types when the user attempts to access them. Protection works on the basis of the application's anti-virus databases.

3. Based on the results of the analysis, Protection performs an action in accordance with the operating system.

For the Symbian and Microsoft Windows Mobile operating systems, Protection can behave in the following ways:

 If malicious code is detected in the file, Protection blocks the file, performs an action in accordance with the

settings applied, informs the user about the malicious object's detection, and records the information in the application's log;

 If no malicious code is discovered in the file, it will be immediately restored.

For the Android operating system, Protection can behave in the following ways:

 If malicious code was detected in the file, the Protection performs the action specified in the settings;

 If no malicious code is discovered in the file, it will be immediately restored.

4. Protection writes information about events and user actions to the events log (for the Symbian and Microsoft Windows Mobile operating systems).

Reports on events and user actions are not available in Kaspersky Endpoint Security 8 for Smartphone for the Android operating system.

Protection is not supported in the BlackBerry operating system .

ON-DEMAND SCANS

Scan on request scans the mobile device's file system for the presence of malicious objects. Kaspersky Endpoint Security 8 for Smartphone can perform either a full scan of the device's file system or a partial scan – i.e. scan only the content of the device's built-in memory or a specific folder (including those located on the storage card). A full scan can be started manually or automatically in accordance with a schedule. A partial scan can only be started manually by the user directly from the application installed on the mobile device.

The device is scanned as follows:

1. Kaspersky Endpoint Security 8 for Smartphone scans files of the types selected in the scan settings.

2. During the scan, Kaspersky Endpoint Security 8 for Smartphone analyses the file for the presence of malicious objects. Malicious objects are detected by comparison with the application's anti-virus databases.

3. Based on the results of the analysis, the application performs an action depending on the host operating system.

For the Symbian and Microsoft Windows Mobile operating systems, Kaspersky Endpoint Security 8 for Smartphone can behave in the following ways:

 If malicious code is detected in the file, Kaspersky Endpoint Security 8 for Smartphone blocks access to the

file, performs the selected action in accordance with the specified settings, and notifies the user.

A B O U T K A S P E R S K Y E N D P O I N T S E C U R I T Y 8 F O R S M A R T P H O N E C O M P O N E N T S

For the Android operating system, if malicious code is detected during the file analysis, the application performs the action selected in accordance with the settings.

 If no malicious code is detected, the file immediately becomes accessible for operation.

4. Information about the progress of the scan and events are saved in the events log (for the Symbian and Microsoft Windows Mobile operating systems).

Scan reports are not available in Kaspersky Endpoint Security 8 for Smartphone for the Android operating system.

Scan on request functionality is not supported for the BlackBerry operating system.

The settings applied by the administrator through the remote administration system are used for both full and partial scans of the device.

The administrator can also configure automatic starting of device scans in accordance with a schedule. It is not possible to start a partial scan through the remote administration system.

UPDATE

Protection and Scan on request work on the basis of the anti-virus databases, which contain descriptions of all currently known malicious programs and methods for neutralizing them, as well as descriptions of other unwanted objects. It is extremely important to keep your anti-virus databases up-to-date. An update can be started manually or automatically in accordance with a schedule. To ensure that the anti-virus protection system is reliable, the anti-virus databases should be updated regularly.

Application anti-virus databases are updated according to the following algorithm:

1. The application establishes an Internet connection, or uses the current one.

2. The application antivirus databases installed on the mobile device are compared with those located on the specified update server.

3. Kaspersky Endpoint Security 8 for Smartphone performs one of the following:

 If the installed application databases are up-to-date, the update will be cancelled. The application notifies

the user if the anti-virus databases are up-to-date.

 If the installed databases are different, a new update package is downloaded and installed.

When the update process is completed, the connection is automatically closed. If the connection was established before the update started, it will remain open for further use.

4. Information about the update is recorded in the events log.

Update functionality is not supported for the BlackBerry operating system.

ANTI-THEFT

Anti-Theft protects information stored on the mobile device from unauthorized access.

Anti-Theft includes the following functions:

 Block (see page 18).  Data Wipe (see page 18).  SIM Watch (see page 18).  GPS Find (see page 18).

I M P L E M E N T A T I O N G U I D E

Kaspersky Endpoint Security 8 for Smartphone allows the user to remotely start the Anti-Theft functions by sending an

IN THIS SECTION

Block ............................................................................................................................................................................... 18

Data Wipe ....................................................................................................................................................................... 18

SIM Watch ....................................................................................................................................................................... 18

GPS Find ......................................................................................................................................................................... 18

SMS command from another mobile device. The SMS command is sent in the form of an encrypted SMS and also contains the application secret code set on the device receiving the command. Receipt of the SMS command will be unnoticed on the device receiving the SMS command. Delivery of the SMS is paid for at the rate set by the network operator that provides the connection to the device from which the SMS command is sent.

Anti-Theft supports all operating systems.

BLOCK

Block allows you to remotely block the device and set the text to be displayed on the screen of the blocked device.

DATA WIPE

Data Wipe allows you to remotely delete the user's personal data from the device (entries in Contacts, messages, picture gallery, calendar, logs, Internet connection settings), as well as information from memory cards, and folders selected by the administrator and user for deletion. The user cannot restore this data!

The administrator can specify folders for deletion in the policy. The administrator can select folders stored in a memory card or in the device's onboard memory. For Android OS devices, the administrator can select for deletion only folders stored in a memory card. Folders stored in the device's onboard memory cannot be selected for deletion.

Users cannot cancel the deletion of folders set by the administrator, but can indicate additional folders for deletion on their mobile device through the application's local interface (see the User Guide for the corresponding operating system). If the administrator has not set folders for deletion, only folders set by the user will be deleted.

SIM WATCH

SIM Watch allows you to obtain the current phone number in the event that the SIM card is replaced, as well as block the device in the event that the SIM card is replaced or the device is activated without a SIM card. Information about a new phone number is sent as a message to the phone number and / or email that you specified. Furthermore, SIM Watch allows you block the device in the event of changing the SIM card or when switching on the device without it.

A B O U T K A S P E R S K Y E N D P O I N T S E C U R I T Y 8 F O R S M A R T P H O N E C O M P O N E N T S

GPS FIND

GPS Find allows you to locate a device. The geographical coordinates of the device are sent as a message to a phone number from which a special SMS command has been sent, and to a specified email address.

Depending on the operating system, GPS Find works as follows:

 For the Symbian, Microsoft Windows Mobile and BlackBerry operating systems, the function works only on

devices with a built-in GPS receiver. The GPS receiver is enabled automatically after the device receives a special SMS command. If the device is within the satellites signal coverage, the GPS Find function receives and sends the geographical coordinates of the device. If the satellites are unavailable at the time of the query, GPS Find periodically attempts to find them and send device location results.

 For the Android operating system, the built-in GPS receiver, if the device has one, is enabled automatically after

the device receives a special SMS command. If GPS Find cannot receive the device's coordinates, it determines the approximate coordinates of the device using base stations.

PRIVACY PROTECTION

Privacy Protection hides private data on the basis of your Contact List, which lists private numbers. For confidential numbers, Privacy Protection hides Contacts entries, incoming, drafts, and sent SMS as well as call history entries. Privacy Protection suppresses the new SMS signal and hides the message itself in the inbox. Privacy Protection blocks incoming calls from private numbers and does not display incoming call information on the screen. As a result, the caller receives a busy signal. To view incoming calls and SMS for the period of time when Privacy Protection was enabled, disable Privacy Protection. On the repeat enabling of Privacy Protection, the information is not displayed.

Privacy Protection is not supported for the BlackBerry operating system.

ANTI-SPAM

Anti-Spam blocks unwanted calls and SMS based on the user-defined White and Black Lists.

The lists consist of entries. An entry in either list contains the following information:

 The phone number, information from which Anti-Spam blocks for the Black List and delivers for the White List.

 The type of events that Anti-Spam blocks for the Black List and allows for the White List. The following types of

communications are available: calls and SMS, calls only, and SMS only.

 Key phrase used by Anti-Spam to recognize wanted and unwanted SMS. For the Black List, Anti-Spam blocks

SMS messages, which contain this phrase, while delivering the ones, which do not contain it. For the White List, Anti-Spam allows SMS, where this phrase is found and blocks SMS, which do not contain it.

Anti-Spam filters incoming SMS messages and calls in accordance with the mode selected by the user. The following Anti-Spam modes are available:

 Off - all incoming calls and SMS are allowed in.

 Black List – all calls and SMS are allowed in except for those originating from numbers on the Black List.

 White List – only calls and SMS originating from numbers on the White List are allowed in.

 Both lists – incoming calls and SMS from White List numbers are allowed while those from Black List numbers

are blocked. Following a conversation or arrival of an SMS message from a number on neither list, Anti-Spam will prompt the user to add the number to one of the lists.

I M P L E M E N T A T I O N G U I D E

According to the mode settings, Anti-Spam scans every incoming SMS or call and then determines whether this SMS or call is wanted or unwanted (spam). As soon as Anti-Spam assigns the wanted or unwanted status to an SMS or call, the scan is finished.

Information about blocked SMS messages and calls is registered in the events log.

Anti-Spam functionality is supported for all operating systems.

FIREWALL

Firewall monitors the device's network connections in accordance with the selected mode. The following Firewall modes are available:

 Disabled – any network activity allowed.

 Minimum protection: incoming connections only are blocked. Outgoing connections are allowed.

 Maximum protection: all incoming connections are blocked. The user can check e-mails, view websites and

download files. Outgoing connections can only be established using SSH, HTTP, IMAP, SMTP, POP3 ports only.

 Block all – block any network activity except anti-virus database update and connection to the remote

administration system.

Depending on the mode, the Firewall allows you to establish connections that are allowed, and to block connections that are prohibited. Information about blocked connections is recorded in the events log. Firewall also allows configuration of notifications to the user about blocked connections.

Firewall is not supported in BlackBerry and Android operating systems.

ENCRYPTION

Encryption encrypts information in folders specified by the administrator and the user. Encryption works on the basis of the action of the function of the same name that is built into the device's operating system.

The administrator can specify folders for encryption in the policy. Users cannot cancel deletion of folders set by the administrator, but can indicate additional folders for deletion on their mobile device through the application's local interface (see User Guide). If the administrator has not set folders for encryption, only folders set by the user will be encrypted.

The Encryption function allows the encryption of any type of folder with the exception of system folders. There is support for encryption of folders stored either in the device's memory or on a memory card. Encrypted information is accessible to the user after entering the application secret code, which was set by the user when the application was first run.

Encryption allows you to set a time period, upon the expiry of which, access to encrypted folders will be blocked and use of them will require entry of the application secret code. The function becomes activated after the device switches to power-saving mode.

Encryption is not supported in BlackBerry and Android operating systems.

MANAGING LICENSES

IN THIS SECTION

About the License Agreement ......................................................................................................................................... 21

About Kaspersky Endpoint Security 8 for Smartphone licenses ...................................................................................... 21

A bout Kaspersky Endpoint Security 8 for Smartphone key file ...................................................................................... 22

Activating the application................................................................................................................................................. 23

In the context of licensing Kaspersky Lab applications, it is important to know these terms below:

 License Agreement;

 license;

 key file;

 activating the application.

These terms are inseparably interlinked and constitute a single licensing pattern. Let us have a closer look at every term.

ABOUT THE LICENSE AGREEMENT

The License Agreement is an agreement between a private individual or a legal entity which legally owns a copy of Kaspersky Endpoint Security and Kaspersky Lab. The License Agreement is included with each Kaspersky Lab application. It provides detailed information on rights and limitations regarding the use of Kaspersky Endpoint Security.

In accordance with the License Agreement, when purchasing and installing a Kaspersky Lab application, you obtain the unlimited right to owning its copy.

Kaspersky Lab is also pleased to offer the following services:

 technical support

 Kaspersky Endpoint Security database updates

To obtain these, you need to purchase a license and activate the application.

ABOUT KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE LICENSES

A license is the right to use Kaspersky Endpoint Security 8 for Smartphone on one or more mobile devices and the additional services associated with it as provided by Kaspersky Lab or its partners.

Every license has a validity period and type.

The license validity period is the period of time during which you are provided with additional services. The scope of services provided depends on the license type.

I M P L E M E N T A T I O N G U I D E

The following license types are available:

 Trial – a free license with a limited validity period, e.g. 30 days, offered to allow you to get acquainted with

Kaspersky Endpoint Security 8 for Smartphone.

A trial license can be used only once, and cannot be used following the use of a commercial license!

It is delivered with the trial version of the application. Whilst using a trial license, you cannot contact the Technical Support Service. Upon expiration of its validity period, Kaspersky Endpoint Security 8 for Smartphone stops performing all of its functions. When this happens, only the following actions are available:

 disabling the Encryption and Privacy Protection components;

 administrators can decrypt folders previously selected by them for encryption;

 users can decrypt folders previously selected by them for encryption;

 viewing the application's help system;

 synchronization with the remote administration system.

 Commercial – a paid license with a limited validity period (e.g. one year), provided upon purchase of Kaspersky

Endpoint Security 8 for Smartphone. This license extends with the license restriction, for instance, to the number of protected mobile devices.

During the commercial license's period of validity, all functions of the application and additional services are accessible.

On termination of the commercial license's term of validity, the functions of Kaspersky Endpoint Security 8 for Smartphone are restricted. You can continue to use the Anti-Spam and Firewall components, perform an anti-virus scan of the mobile device and use protection components, but only on the basis of anti-virus databases that are up to date on the date of the license terminates. Anti-virus databases are not updated. For the other components, only the following actions are accessible:

 disabling of the Encryption, Anti-Spam, and Privacy Protection components;

 administrators can decrypt folders previously selected by them for encryption;

 users can decrypt folders previously selected by them for encryption;

 viewing the application's help system;

 synchronization with the remote administration system.

In order to use the application and additional services, a commercial license must be purchased and activated.

The application is activated by installing the key file associated with the license.

A BOUT KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE KEY FILE

Key file – The key file is a piece of technical equipment that allows you to install a license and activate the application, and, in addition, constitutes your right to use the application and additional services.

The key file is included in the application's distribution kit if it is purchased from a Kaspersky Lab distributor, or is sent to you by email if the application is purchased through an Internet shop.

M A N A G I N G L I C E N S E S

Example: License validity period: 300 days.

Key file issue date: Sep. 01, 2010. Key file lifetime: 300 days. Date of installation of the key file: 10.09.2010, i.e. 9 days after the date of its subscription. Result: Calculated validity period of the license: 300 days – 9 days = 291 days.

ACTIVATING THE APPLICATION

After installation on a mobile device, Kaspersky Endpoint Security 8 for Smartphone works for three days without activation in full functionality mode.

If after a period of three days the license is not activated, the application automatically switches to limited functionality mode. In this mode, most of the components of Kaspersky Endpoint Security 8 for Smartphone are disabled (see "About Kaspersky Endpoint Security 8 for Smartphone licenses" on page 21).

The application is activated by installing the license on the mobile device. The license is delivered to the device along with the policy that is created in the remote administration system. During the three days following installation of the application, the device automatically establishes a connection with the remote administration system every six hours. The administrator must add the license to the policy within this period. As soon as the policy is transferred to a device, the application installed on the device will be activated.

DEPLOYING THE APPLICATION THROUGH

IN THIS SECTION

Framework for managing the application through Kaspersky Security Center ................................................................ 24

Schemes of deployment through Kaspersky Security Center ......................................................................................... 25

Preparing to deploy the application through Kaspersky Security Center ......................................................................... 27

Installing the application through a workstation ............................................................................................................... 30

Installing the application by sending an email ................................................................................................................. 42

Installing a license through Kaspersky Security Center .................................................................................................. 44

Using policies .................................................................................................................................................................. 44

Allocating devices to the Managed computers group ...................................................................................................... 54

Configuring local application settings .............................................................................................................................. 58

Settings of Kaspersky Endpoint Security 8 for Smartphone ............................................................................................ 59

Uninstalling the application .............................................................................................................................................. 74

KASPERSKY SECURITY CENTER

This section describes the process of deploying Kaspersky Endpoint Security 8 for Smartphone through Kaspersky Security Center.

FRAMEWORK FOR MANAGING THE APPLICATION THROUGH KASPERSKY SECURITY CENTER

Kaspersky Endpoint Security 8 for Smartphone supports management through the centralized remote administration system of Kaspersky Security Center. Management of mobile devices and their respective instances of Kaspersky Endpoint Security 8 for Smartphone is carried out in exactly the same way as the management of client computers and their installations of Kaspersky Lab applications (see the Administrator Guide for Kaspersky Security Center).

The administrator creates groups, to which the mobile devices are added, and then creates a policy for Kaspersky Endpoint Security 8 for Smartphone. The policy is a set of settings relating to the application's operation. You can use policies to set up common values for the settings relating to the application's operation for all mobile devices included in the group. For more details on policies and administration groups, read the Administrator Guide for Kaspersky Security Center.

One feature of Kaspersky Endpoint Security 8 for Smartphone is that there is no creation of tasks for this application. All of the application's settings, including the license, scheduling of application database updates, and scheduling of device scans, are defined through a policy (see "Using policies" on page 44) or local application settings (see "Configuring local application settings" on page 58).

If there is an intention to install and use Kaspersky Endpoint Security 8 for Smartphone on the company network, the administrator must take this into account at the stage of planning the structure of administration groups and during installation of the application components of Kaspersky Security Center.

D E P L O Y I N G T H E A P P L I C A T I O N T H R O U G H K A S P E R S K Y S E C U R I T Y C E N T E R

IN THIS SECTION

Deploying the application through a workstation ............................................................................................................. 25

Scheme for deploying the application by sending an email ............................................................................................. 26

When installing the Administration Server, you must install the component to enable management of the mobile devices through Kaspersky Security Center (see "Installing the Administration Server" on page 28). During installation of this component, the Administration Server for mobile devices certificate is created. This is used for authentication of the mobile devices when exchanging data with the Administration Server. Without the mobile devices certificate, it is not possible to establish a connection between the Administration Server and the mobile devices.

Interaction between the mobile devices and the Administration Server occurs during synchronization of the devices with the Administration Server. This functionality is performed by Kaspersky Endpoint Security 8 for Smartphone, so there is no need to install the Network Agent on the mobile devices.

Data exchanges between mobile devices and the Administration Server occur through an Internet connection. Incoming and outgoing traffic is paid for by the users of the mobile devices at the rates set by their mobile service providers. The average volume of data transferred during a single synchronization is 20-40 kB. The volume of data depends on the quantity of reports transferred. The less frequently that synchronization occurs, the greater the number of reports that will be transferred to the Administration Server.

To manage the protection of mobile devices, you are advised to create in the Managed computers node a separate group or groups (in accordance with the number of different operating systems installed on the devices), and if the application is also installed through user workstations, it is recommended to create a separate group for these computers, too.

SCHEMES OF DEPLOYMENT THROUGH KASPERSKY SECURITY CENTER

The scheme of deployment for Kaspersky Endpoint Security 8 for Smartphone depends on the method chosen by the administrator for installing the application on the mobile devices. The application can be installed in the following ways:

 through workstations, to which the users connect their mobile devices (see "Installing the application through a

workstation" on page 30);

 by sending the users an email with the application distribution package or with instructions on how to download

it (see "Installing the application by sending an email" on page 42).

The administrator ensures the preparation of the distribution package for installation on the users' mobile devices. Copying of the distribution package to the mobile devices and installation of the application on mobile devices are carried out by users independently. After the application is installed, the administrator must include the mobile devices in the Managed computers group and create a policy to transfer the license and the application's settings to the mobile devices.

In the same way, when managing the application through Kaspersky Security Center, the administrator can use the following deployment schemes: deploy the application through workstations (see "Deploying the application through workstations" on page 25) and deploy the application by sending an email (see "Scheme for deploying the application by sending an email" on page 26).

Before deploying the application, the administrator must ensure that the installed version of Kaspersky Security Center supports protection management on mobile devices.

I M P L E M E N T A T I O N G U I D E

DEPLOYING THE APPLICATION THROUGH A WORKSTATION

Deployment of the application through a workstation is used when the users will be connecting the mobile devices to their computers, and consists of the following stages:

1. Configuration of the management of mobile devices through Kaspersky Security Center. This stage enables connection of the mobile devices to the Security Center (see "Preparing to deploy the application through Kaspersky Security Center" on page 27).

2. Creation of the administration groups to which to allocate mobile devices and any workstations through which the Kaspersky Endpoint Security 8 for Smartphone distribution package will be delivered to mobile devices.

3. Creation of the installation package for the Kaspersky Endpoint Security 8 for Smartphone remote installation task.

4. Creation of the installation package for the Kaspersky Endpoint Security 8 for Smartphone remote installation task.

5. Creation of the remote installation task, through which the Kaspersky Endpoint Security 8 for Smartphone distribution package will be delivered to users' workstations and the utility for delivering the distribution package to mobile devices will be installed on them.

6. Delivery of the application distribution package to the mobile device. At this stage, the user copies the application distribution package to the mobile device by using the utility kmlisten.exe.

7. Installing the application on the mobile device. At this stage, the user installs the application on the mobile device.

8. Creating a policy for managing the settings of Kaspersky Endpoint Security 8 for Smartphone.

SCHEME FOR DEPLOYING THE APPLICATION BY SENDING AN EMAIL

The application can be deployed by sending an email if, for any reason, installation of the application through a workstation is impossible or inconvenient. For instance, the method may be used if the user workstation is running Mac OS. This scheme consists of the following stages:

1. Configuration of the management of mobile devices through Kaspersky Security Center.

2. Placing the application distribution package on an FTP / HTTP server. At this stage, the administrator places the application distribution package on an FTP / HTTP server and configures access to it via the Internet. Later, when writing the email message to be sent to the users of the mobile devices, the administrator will be able to indicate the link to this distribution package. If the administrator is planning to include the distribution package in the message as an attachment, this stage is omitted.

3. Creation of the administration groups to which to allocate mobile devices and any workstations through which the Kaspersky Endpoint Security 8 for Smartphone distribution package will be delivered to mobile devices.

4. Creating and sending the message with the application distribution package to users of the mobile devices.

5. Downloading the application distribution package to the mobile device. At this stage, the user downloads to the mobile device the application distribution package that was attached to the message or placed by the administrator on the FTP / HTTP server.

6. Installing the application on the mobile device.

7. Creating a policy for managing the settings of Kaspersky Endpoint Security 8 for Smartphone.

8. Allocating devices to the administration group.

9. Activating the application license on the users' mobile devices.

10. Configuring local application settings.

D E P L O Y I N G T HE A P P L I C A T I O N T H R O U G H K A S P E R S K Y S E C U R I T Y C E N T E R

IN THIS SECTION

Installing the Administration Server ................................................................................................................................. 28

Updating the Administration Server component .............................................................................................................. 28

Configuring Administration Server settings ..................................................................................................................... 29

Installing the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone ....................................................... 30

Placing the application distribution package on the ftp/http server. ................................................................................. 30

PREPARING TO DEPLOY THE APPLICATION THROUGH KASPERSKY SECURITY CENTER

Before beginning to deploy Kaspersky Endpoint Security 8 for Smartphone, the administrator must configure management of the mobile devices through Kaspersky Security Center. To do this, perform the following actions:

1. On the network, install or ensure previous installation of the Kaspersky Security Center components: Administration Server and Administration Console (see the Deployment Guide for Kaspersky Security Center).

2. Check that the installed components meet the application requirements for installation of Kaspersky Endpoint Security 8 for Smartphone.

When installing the Administration Server, you must install the component to enable management of the mobile devices through Kaspersky Security Center (see "Installing the Administration Server" on page 28). If this component is not installed, or if the version of Administration Server does not meet the requirements for installation of Kaspersky Endpoint Security 8 for Smartphone, the administrator should delete the old version of the component and install the version indicated in the application requirements, after first creating a backup of the Administration Server's data.

3. Configuring support for mobile devices in the Administration Server settings (see "Configuring Administration Server settings" on page 29).

4. Install on the administrator's workstation the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone.

I M P L E M E N T A T I O N G U I D E

INSTALLING THE ADMINISTRATION SERVER

Installation of the Administration Server is described in the Deployment Guide for Kaspersky Security Center. To manage the protection of mobile devices through Kaspersky Security Center, at the Select Features stage, it is essential that the Mobile devices support box is checked (see the figure below).

Figure 1. Installing the components of Kaspersky Security Center. Selection of components

When installing the component Support for mobile devices, the Administration Server for mobile devices certificate is created. This is used for authentication of the mobile devices when exchanging data with the Administration Server. Data is exchanged using the SSL protocol (Secure Socket Layer). Without the mobile devices certificate, it is not possible to establish a connection between the Administration Server and the mobile devices.

The mobile devices certificate is stored in the Cert folder within the Kaspersky Security Center installation folder. During the first synchronization of the mobile devices and the Administration Server, a copy of the certificate is delivered to the device and stored on it in a special folder.

If the user renames the mobile devices certificate, or deletes it from the device, during the next synchronization the Administration Server automatically sends a copy of the certificate to the device.

UPDATING THE ADMINISTRATION SERVER COMPONENT

If, during installation of the Administration Server, the Mobile devices support box was not selected, or if an old version of Kaspersky Security Center is installed, which does not support Kaspersky Endpoint Security 8 for Smartphone, the installed version of the Administration Server should be updated.

To update the installed version of the Administration Server component, perform the following actions:

1. Make a backup copy of the Administration Server data (see Kaspersky Security Center Help Guide).

D E P L O Y I N G T H E A P P L I C A T I O N T H R O U G H K A S P E R S K Y S E C U R I T Y C E N T E R

2. Install the Administration Server version which is specified in the application requirements for installing Kaspersky Endpoint Security 8 for Smartphone (see Section "Device and application requirements" on page 14).

To manage the protection of mobile devices through Kaspersky Security Center, at the Selection of

components stage, it is essential that the Mobile devices support box is selected.

3. Restore the Administration Server data from the backup copy (see the Reference Guide for Kaspersky Security Center).

CONFIGURING ADMINISTRATION SERVER SETTINGS

For synchronization of mobile devices with the Administration Server, before installing Kaspersky Endpoint Security 8 for Smartphone, you should configure the settings for mobile device connections in the Administration Server properties.

To configure the settings for mobile device connections in the Administration Server properties, perform the following

actions:

1. In the console tree, select the Administration Server node to which the mobile devices will connect.

2. Open the context menu and select the Properties command.

3. In the Settings section of the Administration Server properties window, under the Administration Server connection settings, select the check box Open port for mobile devices.

4. In the Port for mobile devices field, indicate the port through which the Administration Server should expect to connect with mobile devices. Port 13292 is used by default (see figure below). If the box is not checked, or the port is indicated incorrectly, devices will not be able to connect to the server or send and receive information.

Figure 2. Configuring the connection of mobile devices to the Administration Server

I M P L E M E N T A T I O N G U I D E

INSTALLING THE PLUG-IN FOR MANAGING KASPERSKY ENDPOINT SECURITY 8 FOR SMARTPHONE

To access the application management interface when using Kaspersky Security Center, the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone must be installed on the administrator's workstation.

To install the plug-in for managing Kaspersky Endpoint Security 8 for Smartphone,

copy the installation file for the plug-in from the distribution package and run it on the administrator's workstation.

You can check whether the plug-in is installed by viewing the list of plug-ins in the Administrator Server properties. For details please see the Reference Guide for Kaspersky Security Center.

PLACING THE APPLICATION DISTRIBUTION PACKAGE ON THE

FTP/HTTP SERVER.

If installation by sending an email was selected as the method for installing the application (see "Installing the application by sending an email" on page 42), you can place the installation file, which will be used for installing the application on mobile devices, on an FTP / HTTP server. Access via the Internet must be configured for the folder on the FTP / HTTP server where the application installation file will be placed. If different operating systems are installed on the users' mobile devices, you can add several files, for each operating system, to the folder.

Later, when creating the email message with the distribution package for the users' mobile devices, you should include a link to the installation file in the body of the email. The user will be able to use this link to download the installation file to their mobile device and carry out the application installation (see "Installing the application by sending an email" on page 42).

INSTALLING THE APPLICATION THROUGH A

WORKSTATION

For installing Kaspersky Endpoint Security 8 for Smartphone through a workstation, you should create an installation package and create its settings, create and start a task for remote installation for those workstations to which users will connect their mobile devices. To create a task, the administrator can use any of the methods available in Kaspersky Security Center:

 create a group task for remote installation, if workstations are included in the group;

 create a task for a set of computers, if workstations are included in several groups or are in the Unassigned

computers group;

 use the remote installation wizard.

As a result of executing the remote installation task, the installation package with the distribution package for Kaspersky Endpoint Security 8 for Smartphone will be delivered to the users' workstations, and kmlisten.exe (the utility for delivering the distribution package to mobile devices) will be installed and automatically started. The utility monitors for the connection of mobile devices to the computer. As soon as the user plugs into the workstation any device that fulfills the system requirements for the installation of Kaspersky Endpoint Security 8 for Smartphone, the utility displays on the screen a notification with a prompt to install the application on the connected mobile device. If the user agrees to the installation, the utility transfers the application distribution package to the mobile device. After the completion of loading onto the device, the application installation wizard starts. The user follows the wizard's instructions to independently install Kaspersky Endpoint Security 8 for Smartphone on the device.

+ 125 hidden pages