Kaspersky MOBILE SECURITY 7.0 User Manual
KASPERSKY LAB
Kaspersky Mobile Security 7.0
Enterprise Edition
ADMINISTRATOR’S
GUIDE
KASPERSKY M OBIL E S ECURI T Y 7.0 E N TERP R ISE
EDI T I O N
Administrator's Guide
Kaspersky Lab
http://www.kaspersky.com
Revision Date: September, 2009
Table of Contents
CHAPTER 1. MANAGEMENT VIA KASPERSKY ADMINISTRATION KIT ................. 4
CHAPTER 2. APPLICATION DEPLOYMENT ............................................................... 7
2.1. Creating an installation package ........................................................................... 7
2.2. Installing the application using a remote installation task ..................................... 8
2.3. Installing the application using SMS ................................................................... 19
2.4. Adding device to a group .................................................................................... 21
CHAPTER 3. MANAGING POLICIES .......................................................................... 24
3.1. Creating a policy .................................................................................................. 24
3.2. Viewing and editing policy settings ..................................................................... 31
3.2.1. Viewing application information .................................................................... 32
3.2.2. Viewing results of applying of the policy ...................................................... 33
3.2.3. Configuring settings of application operation event registration.................. 34
3.2.4. Configuring anti-virus scan settings ............................................................. 35
3.2.5. Configuring Real-Time Protection operation settings .................................. 37
3.2.6. Selecting the application bases update source ........................................... 37
3.2.7. Configuring Anti-Spam settings .................................................................... 38
3.2.8. Configuring Anti-Theft settings ..................................................................... 40
3.2.9. Configuring additional settings ..................................................................... 41
CHAPTER 4. MANAGING APPLICATION OPERATION SETTINGS ........................ 43
4.1. Viewing application information .......................................................................... 44
4.2. Viewing information about anti-virus scan settings ............................................ 45
4.3. Viewing information about Real-Time protection settings .................................. 46
4.4. Viewing information about update source .......................................................... 47
4.5. Viewing information about Anti-Spam operation settings .................................. 48
4.6. Viewing information about Anti-Theft operation settings .................................... 49
4.7. Viewing information about additional settings .................................................... 50
4.8. Viewing key details .............................................................................................. 51
4.9. Viewing event information ................................................................................... 52
APPENDIX A. KASPERSKY LAB ................................................................................. 54
APPENDIX B. KASPERSKY LAB END USER LICENSE AGREEMENT .................. 56
CHAPTER 1. MANAGEMENT VIA
KASPERSKY
ADMINISTRATION KIT
Kaspersky Administration Kit is a system providing a centralized tool for performing major administrative tasks related to the managing of the security system
of mobile devices.
Figure 1. Kaspersky Administration Kit Administration Console
In case of centralized administration via Kaspersky Administration Kit, the Administrator determines the settings of the policies and the application. The protection
is built based on these settings.
A peculiarity of centralized administration is the arrangement of mobile devices
into groups and managing its settings through creating and defining group policies.
A Policy – is a set of Kaspersky Mobile Security settings in a group of the logical
network. Policies are transferred to the mobile device in the course of any type of
synchronization of the device with the Administration Server.
Management via Kaspersky Administration Kit 5
Note
To ensure that Kaspersky Administration Kit detects mobile devices, open the
Settings tab in the Administration Server properties window and check the Open
port for mobile devices box.
Figure 2. The Settings tab
Note!
Mobile devices connect to the Administration Server using the SSL protocol. To
establish this type of connection you need a certificate on the Server.
To create a certificate for mobile devices:
1. Open Kaspersky Administration Kit installation folder.
2. Run utility klmblcrt.exe.
3. Specify the Administration Server address in the certificate creation wizard window that will open (see Figure 3)
6 Kaspersky Mobile Security 7.0 Enterprise Edition
Figure 3. Creating a certificate for mobile devices
4. Follow wizard steps to complete creation of the certificate.
Note!
Remote installation of Kaspersky Mobile Security is impossible if the Kaspersky
Mobile Security administration plugin is not installed on the administrator‟s
workplace. The plugin installation package is included into the Kaspersky Mobile
Security distribution kit and can be found in the Plugin folder.
CHAPTER 2. APPLICATION
DEPLOYMENT
This section describes installation of Kaspersky Mobile security using a remote
installation task and using an SMS message.
2.1. Creating an installation package
Remote installation of the application is performed using an installation package.
To create an installation package:
1. Connect to the Administration Server.
2. Select the Remote install node in the console tree, open the shortcut
menu and select the New Installation package command or use the
analogous item from the Action menu. This will launch the wizard. Follow its instructions.
3. You will be offered to specify the name of the distribution package and
to specify the application to be installed during the next step (see Figure
4).
4. Using a drop-down list, select option: Create installation package for
Kaspersky Lab's application. Using the Browse button select the file
containing description of the application (this file has extension .kpd
and is included into the application distribution package). As the result,
the fields with the application name and the version number will be filled
automatically.
8 Kaspersky Mobile Security 7.0 Enterprise Edition
Figure 4. Creating an installation package. Selecting application to be installed
5. After this a set of files required to install the application onto mobile devices will be downloaded to a public folder of the Administration Server.
Upon the wizard‟s completion the created installation package will be added to
the Remote installation node and displayed in the results pane.
2.2. Installing the application using
a remote installation task
Installation of the application using a remote installation task is used when mobile devices are connected to the computers of the logical network. The installation of the application is performed at the moment when the device is connection
to the computer.
When performing the task, remote software installation to the client computers
can be performed using one of the two methods: the method of forced installation
or installation using a start script.
Forced installation is used to perform a remote installation of software to the
specific client computers of the logical network. When the task is launched, the
Administration Server copies a set of files required for installation from the public
folder to a temporary folder on each client computer and launches the installer on
each computer. To ensure success of the forced installation task the Administra-
Application deployment 9
Note!
If the connection between the Administration Server and the client computer is
established via Internet or protected with a firewall, public folders cannot be used
for data transfer. In this case the files required for application installation must be
delivered to the client computer using the Network Agent. Installation of the Network Agent onto such computers is performed locally.
Note!
For successful execution of the remote installation task using a start script, users
for which changes in the scripts are entered, must have the rights of the local
administrators on their computers.
tion Server must have the privileges of a local administrator on the client computers of the logical network. This method is used for remote application installation on computers running Microsoft Windows NT/2000/2003/XP, which support
this feature or on computers running Microsoft Windows 98/Me with the Network
Agent installed.
The second method – installation using a start script – allows to assign the
launch of the remote installation task to a specific user account (or users‟ accounts). As the result of the execution of this task a record about launching the
installer located in the public access folder of the Administration Server will be
made in the start script for the specified users. For successful execution of this
task the account under which it is run or the Administration Server must have the
privilege to modify start scripts in the domain controller database. This privilege
is granted to the domain administrator and the task or the entire Administration
Server must be started with the rights of such user. As the result, as the user
registers with the domain, an attempt will be made to install the application to the
client computer from which the user has been registered. This method is recommended for installation Kaspersky Lab's applications onto computers running
Microsoft Windows 98/Me.
Group tasks of remote software installation on client computers are executed
only using the forced installation method. When creating a global task, you can
select the required method: the method of forced installation or installation using
a start script.
To create a global task of remote installation using a forced installation method:
1. Connect to the Administration Server.
2. Select the Global tasks node in the console tree, open the shortcut
menu and select the New/Task command or use the analogous item
from the Action menu. This will launch the wizard. Follow its instructions.
3. Specify the task name.
10 Kaspersky Mobile Security 7.0 Enterprise Edition
4. When selecting the application and determining the task type (see
Figure 5) set values Kaspersky Administration Kit and Product dep-
loyment task respectively.
5. After this specify the installation package the installation of which will
take place during the execution of this task (see Figure 6). Select the
package created for this Administration Server or create a new one using the New button.
Figure 5. Determining the task type
Application deployment 11
Figure 6. Selecting an installation package to be installed
6. At this stage select the Push install option (see Figure 7).
Figure 7. Determining the installation type
12 Kaspersky Mobile Security 7.0 Enterprise Edition
7. In this wizard screen (see Figure 8) you will be offered to determine additional installation options:
Whether you need to reinstall the application if it has already been
installed on the computer;
Check the Do not install application if it is already installed box
to prevent repeated installation of the application (by default the
box is checked). In this case the task will not be started for computers on which the application is already installed locally or as the result of the previously launched remote installation task.
If the box is unchecked, the scheduled remote installation task will
be started until the number of installation attempts has been exhausted.
Define the method to be used to deliver files required to install the
application to the client computers;
To do this, do the following in the Loading installer package
group of fields:
o Check the Using Microsoft Windows resources from
shared folder box if you want the files needed to remove the
program to be copied to the client computers using Windows
tools through the public access folder (check by default). This
downloading option is recommended if Network Agent connected to the particular Administration Server is not installed
on the computer onto which the installation is being performed.
o Check the Using Network Agent box if you want to deliver the
files to client computers through the Administration Agent installed on each of them (checked by default). The Network
Agent must be connected to the particular Administration
Server.
o Specify the maximum number of client computers that can
download information from the Administration Server in the
The maximum number of simultaneous downloads field
Set the number of attempts to install when a task is started by
schedule by specifying the value you need in the Number of at-
tempts field. Attempts will be repeated if errors occur during the
previous installation.
Application deployment 13
Figure 8. Additional installation options
8. During this step (see Figure 9) you will be offered to install the Network
Agent along with the application.
If the Network Agent is not installed on the network computer to which
the mobile device will be connected, but you wish to install it, you can
include the Network Agent distribution Kit into the application‟s distribution package.
To do it, check the Install along with the Network Agent box and the
box next to the name of the required installation package. If it is necessary, create a new installation package using the Create button.
14 Kaspersky Mobile Security 7.0 Enterprise Edition
Figure 9. Selecting joint installation with the Network Agent
9. Determine the method to select computers for which the task will be
created (see Figure 10):
I want to select computers using Windows Networking. In this
case computers for installation will be selected based on the data
obtained by the Administration server by polling the corporate Windows network.
I want to define computer addresses (IP, DNS or NETBIOS)
manually. In this case computers for installation will be selected
manually.
If computers are selected based on data obtained by polling Windows
network, the list will be created using the wizard screen (see Figure 11)
similarly to adding the computers to the logical network (for details see
Kaspersky Administration Kit Reference Guide). You can select client
computers of the logical network (the Groups folder) or computers that
are not yet included into its structure (the Network folder).
Application deployment 15
Figure 10. Determining the methods to select client computers
Figure 11. Creating a list of computers for installation based on Windows network data
If computers will be selected manually, the list will be created by entering NetBIOS names or DNS names, IP addresses (or ranges of IP addresses) of the computers, or by importing the list from a .txt file in
which each address must be entered using a new line (see Figure 12).
16 Kaspersky Mobile Security 7.0 Enterprise Edition
Note!
The account must have the administrator‟s rights on all computers on
which you plan to perform a remote software installation.
When installing software on computers belonging to different domains,
trust relationship is required between such domains and domains in
which the Administration Server is operating.
Figure 12. Creating a list of computers for installation based on IP addresses
10. In the next wizard screen specify the account under which the task of
remote installation to computers will be executed (see Figure 13).
Figure 13. Selecting an account
Application deployment 17
Note!
To perform remote software installation on computers that do not
belong to the domain, the remote installation task must be
launched under the account of a user who has the administration
rights on these computers.
Select one of the following options:
Default account – if the Administration Server is launched under
an account of a domain user and it has the required rights for the
installation of the software.
Specified account – if the Administration Server is launched under
a system account or if the Administration Server account does not
have the right to launch remote installation tasks.
Specify the attributes of the user whose account meets the required
conditions in the fields below.
11. Then create the task launch schedule (see Figure 14).
Select the required task launch mode from the Scheduled run
drop-down list:
o Manually.
o Every N hours.
o Daily.
o Weekly.
o Monthly.
o Once (in this case the launch of the remote installation task on
the computers will be performed only once irrespective of the
result of its execution).
o Immediately (immediately after you have created the task,
upon the wizard‟s completion).
o On completing another task (in this case the remote installa-
tion task will be launched only after the completion of the specified task).
Configure the schedule settings using a group of fields matching
the selected mode (for details see Kaspersky Administration Kit
Reference Guide).
18 Kaspersky Mobile Security 7.0 Enterprise Edition
Figure 14. Daily task launch
Upon the completion of the wizard the remote installation task created will be
added to the Global tasks node and displayed in the result panel.
In order to start the remote installation task.
select the Global tasks node in the console tree, select the required installation package, open the shortcut menu and select the Install command or
use the corresponding item in the Action menu.
Once the installation is complete, kmlisten.exe application will be run in the
background mode; this application will track connection of the mobile devices to
the computer. Once a connected device is detected a window will open (see
Figure 15) containing a prompt to select a device onto which the application will
be installed.
Application deployment 19
Note!
In order to send an SMS you must have a GSM modem connected to the Administration Server. You will also need Microsoft .NET Framework version 2.0 on the
Server. Otherwise sending SMS messages will be impossible
Figure 15. KMListen.exe utility window
Press the Install button to download the application installation package to the
mobile device. Once the download is complete, follow the installation wizard instructions running on the device.
2.3. Installing the application using
SMS
Application installation on mobile devices using SMS is used when mobile devices are not connected to the computers of the logical network.
In order to install the application using SMS:
1. Connect to the Administration Server.
2. Select the Remote install node in the console tree.
3. Select the Properties item from the shortcut menu of the application installation package created.
4. Open the Settings tab and press the SMS Installation button.
20 Kaspersky Mobile Security 7.0 Enterprise Edition
5. In the window that will open (see Figure 16) specify the installation settings:
a) Specify the modem connection settings in the GSM modem sec-
tion: port and rate.
b) In the Distribution package URL field specify a public server on
which Kaspersky Mobile Security distribution package is located
from which the application will be installed.
For example:
ftp://ftp.domain.com/distrib/KMS7EE/kmsecurity_7_
0_15_beta.sis
or:
http://domain_name.ru/distrib/KMS7EE/kmsecurity_e
e_wm_sp_7_0_0_49_ru.cab.
c) Create the list of numbers to which SMS message will be sent. In
order to do it enter the number in the entry field and press the Add
number button. The number entered will be added to this list.
To save the list of numbers into a TXT file or load the list from a
previously created file, use buttons Save to file and Add from file.
Loading...