CON_038_Using Kaspersky Antivirus Software with Ovation (March 2013).pdf

Using Kaspersky Antivirus Software with Ovation CON_038

March 2013

Copyright Notice

Since the equipment explained in this document has a variety of uses, the user and those responsible for applying this equipment must satisfy themselves as to the acceptability of each application and use of the equipment. Under no circumstances will Emerson Process Management be responsible or liable for any damage, including indirect or consequential losses resulting from the use, misuse, or application of this equipment. The text, illustrations, charts, and examples included in this manual are intended solely to explain TM the use and application of the Ovation Unit. Due to the many variables associated with specific uses or applications, Emerson Process Management cannot assume responsibility or liability for actual use based upon the data provided in this manual. No patent liability is assumed by Emerson Process Management with respect to the use of circuits, information, equipment, or software described in this manual. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording or otherwise without the prior express written permission of Emerson Process Management. The document is the property of and contains Proprietary Information owned by Emerson Process Management and/or its subcontractors and suppliers. It is transmitted in confidence and trust, and the user agrees to treat this document in strict accordance with the terms and conditions of the agreement under which it was provided. This manual is printed in the USA and is subject to change without notice. Ovation is the mark of Emerson Process Management. Other marks are the property of their respective holders. Copyright © Emerson Process Management Power & Water Solutions, Inc. All rights reserved. Emerson Process Management

Power & Water Solutions 200 Beta Drive Pittsburgh, PA 15238 USA E-Mail: [email protected] Web site: https://www.ovationusers.com

Summary of Changes Using Kaspersky Antivirus Software with Ovation CON_038 March 2013

This version of Using Kaspersky Antivirus Software with Ovation includes the following new information: 

Updated the procedures for installing the Kaspersky software (see page 10).



Made miscellaneous corrections and clarifications.

Contents 1

Introduction to Kaspersky antivirus software

1.1 1.2

What is antivirus software? ................................................................................................. 1 1.1.1 Why is antivirus software important? ..................................................................... 2 What are the components of Kaspersky antivirus software? .............................................. 2

1

1.3 1.4

1.2.1 Management Station? ......................................................................... 3 1.2.2 What What is is the a Client station? ........................................................................................ 3 Performing signature wave deployment .............................................................................. 4 What are ports and services? ............................................................................................. 4

2

Installing and configuring the Administration Kit on the Management Station 7

2.1

Hardware and software requirements for the Management Station ................................... 7 2.1.1 Hardware requirements for the Management Station ............................................ 7 2.1.2 Software requirements for the Management Station ............................................. 8 Before installing the Administration Kit ............................................................................... 8 Migrating from a Symantec Management Station to a Kaspersky Management Station ... 9 Installing the Administration Kit ......................................................................................... 10 2.4.1 To install the Kaspersky software ........................................................................ 10 Configuring the Administration Kit ..................................................................................... 13 2.5.1 To access the Kaspersky Administration Kit window ........................................... 13

2.2 2.3 2.4 2.5

2.6

2.5.2 To To import import Update Kaspersky protection policies .............................................................. 17 15 2.5.3 Groups (Waves) ...................................................................... 2.5.4 To import Group Tasks ........................................................................................ 23 2.5.5 To configure workstation protection ..................................................................... 25 2.5.6 To update definitions in the Administration Repository ........................................ 27 2.5.7 To install protection on the Management Station ................................................ 32 Configuring Management Station scan exceptions .......................................................... 34

3

Installing and configuring the Client antivirus software

3.1 3.2 3.3 3.4

Selecting the correct software for Ovation client drops .................................................... 41 Hardware requirements for clients .................................................................................... 41 Migrating from Symantec clients to Kaspersky clients ...................................................... 42 Installing client software .................................................................................................... 42 3.4.1 To push the install to the clients from the Management Station .......................... 42 3.4.2 To manually install the client ................................................................................ 51 Assigning and installing clients to waves .......................................................................... 54 3.5.1 To assign clients to waves ................................................................................... 54 Importing a new license key .............................................................................................. 55 3.6.1 To import a new license key................................................................................. 55

3.5 3.6

CON_038

41

i

Table of Contents

4

Getting signature updates

4.1 4.2 4.3 4.4

What is signature distribution? .......................................................................................... 59 To obtain signature updates.............................................................................................. 60 To transfer signature updates to the Management Station ............................................... 60 Rolling back to previous signatures .................................................................................. 61 4.4.1 To roll back signatures on Ovation workstation and server clients ...................... 61

5

Generating reports

5.1

What reports are available with the Kaspersky antivirus software?.................................. 65 5.1.1 To generate antivirus reports ............................................................................... 66 5.1.2 To save a generated report .................................................................................. 68 5.1.3 To schedule reports to run automatically ............................................................. 70

6

Kaspersky Troubleshooting tools

6.1 6.2

What are the Kaspersky troubleshooting tools? ............................................................... 75 What is the GetSystemInfo utility? .................................................................................... 76 6.2.1 To generate a GetSystemInfo file ........................................................................ 76 6.2.2 To send a GetSystemInfo file to the Kaspersky Help Desk ................................. 78 6.2.3 To use the online parser to view the GetSystemInfo file ..................................... 79 What is the Kaspersky Lab Remote Diagnostic utility?..................................................... 80 6.3.1 Remote Diagnostic utility usability limitations ...................................................... 81 6.3.2 To use the Remote Diagnostic utility to connect to a remote client computer ..... 81 6.3.3 To use the Remote Diagnostic utility to perform tracing ...................................... 86 6.3.4 To use the Remote Diagnostic utility to download application settings and upload a utility .................................................................................................................. 88

6.3

59

65

75

6.3.5 6.3.6 6.3.7

6.4

6.5

6.6 6.7

6.8

To use the Remote Diagnostic utility to load system information ........................ 89 To use the Remote Diagnostic utility to download event logs ............................. 90 To use the Remote Diagnostic utility to run diagnostics on the Kaspersky Network Agent ...................................................................................................... 91 6.3.8 To use the Remote Diagnostic utility to stop and restart applications ................. 93 Generating trace files ........................................................................................................ 94 6.4.1 To generate trace files ......................................................................................... 94 6.4.2 To access trace files ............................................................................................ 96 6.4.3 To delete trace files .............................................................................................. 97 Using a Rescue CD ........................................................................................................... 98 6.5.1 Before downloading the Rescue CD .................................................................... 98 6.5.2 To download a Rescue CD .................................................................................. 99 What is the Kaspersky Virus Removal Tool? .................................................................. 103 6.6.1 To install the Kaspersky Virus Removal Tool .................................................... 103 What is the RipRep System Preparation Utility?............................................................. 104 6.7.1 To use the RipRep utility from a graphical user interface .................................. 105 6.7.2 To use the RipRep Utility from a command line................................................. 106 What is the Kaspersky Backup and Restore Utility? ....................................................... 107 6.8.1 6.8.2

ii

To use the Backup and Restore Utility from a command prompt ...................... 107 To use the Backup and Restore Utility from a graphical user interface ............. 109

CON_038

Table of Contents

7

Additional Kaspersky protection components

7.1

What other protection components does Kaspersky offer? ............................................ 113

Index

CON_038

113

115

iii

S

ECTION

1

Introduction to Kaspersky antivirus software

IN THIS SECTION What is antivirus software? ................................................................................................ . 1 What are the components Kaspersky............................................................................. antivirus software? ............................................. .. 2 Performing signature waveofdeployment 4 What are ports and services? ............................................................................................ . 4

1.1

What is antivirus

software?

Using antivirus software to protect your Distributed Control System (DCS) is an important step towards meeting the NERC CIP cyber security requirements, and protecting your plant's safety and profitability. Emerson is confident that Kaspersky Lab's antivirus software provides the best protection possible for your DCS. However, the Kaspersky software must be deployed on your Ovation DCS correctly in order to maintain performance and reliability and not introduce any operational risks to your plant. Though Emerson designed the Ovation control system to be fully compliant with openarchitecture standards, running, installing, or configuring untested third-party applications on Ovation drops can introduce security risks that have the potential to impact the robustness of your plant's control system and ultimately the operation of your plant. Even adding standard Microsoft/Solaris tools that have not been fully tested and certified with the Ovation system can pose undue risk.system. Unvalidated freeware and computer games are especially dangerous to the security of your Emerson strongly recommends that only Ovation-validated applications that are absolutely necessary for the operation of your plant or control system be installed on Ovation workstations. If you are interested in installing an application that has not been validated with Ovation, contact your Emerson representative before you install or execute software. Emerson has rigorous design and testing standards in place to ensure system stability with many third-party packages, and the open architecture of the Ovation network makes it easy to interface to a multitude of business systems using standard communications protocols, without installing software on critical components of your control system.

CON_038

1

1.2 What are the components of Kaspersky antivirus software?

1.1.1

Why is antivirus software important? The types of attacks aimed at power generation plants are diverse and increasingly coming from outside sources. External attacks, in the forms of viruses, worms, and other products of malicious hackers are an increasing concern. Viruses or other external elements can cause damage to your system in the form of: 

A disruption in the balance of your operating parameters, which can lead to a plant shutdown.



A disruption to operation in a way that causes temporary plant shutdown and permanent equipment damage.



A trip that interferes with proper shutdown procedures, potentially causing catastrophic damage and endangering plant personnel.



A denial-of-service attack that locks up your DCS server, preventing your server from performing legitimate operations for legitimate users.



An infection in your DCS servers by viruses or worms that can cause malicious activity such as emailing critical information to unauthorized users.

Improving the security of your DCS is an important consideration for your plant safety and profitability. In addition, improving your DCS security is now a necessary requirement to comply with the NERC CIP standards, which detail the actions your plant must take to ensure its cyber security. Emerson also provides an Ovation Security Center (OCS). The OCS is a suite of hardware and software tools (appliances) that provide electronic security management functions. The OSC appliances are designed to enhance and manage the cyber security of Ovation Distributed Control Systems (DCS) without disrupting the controlled process (see Ovation Security Center User Guide for additional information about OCS).

1.2

What are the component s of Kaspersky

antivirus

software?

In order to protect your system from known viruses, you must properly install an antivirus software program and its components on your system. The following Kaspersky software components are needed to ensure antivirus protection for your Ovation system: 

Kaspersky Administration Kit 8.0.2090 -- The Administration Kit is loaded on the

Management Station (see page 3). The Kit includes the software for the management station, clients (workstations and servers), and Network Agent 8.0.2090 which handles the communication between the management station and the clients. 

Kaspersky 6.0 Anti-Virus for Workstations MP4 (6.0.4.1424) -- This software is loaded on

Ovation client workstation drops (see page 3). 

Kaspersky 6.0 Anti-Virus for Servers MP4 (6.0.4.1424) -- This software is loaded on

Ovation client server drops (see page 3). Note: The procedures discussed in this manual document how Kaspersky antivirus software is

installed and configured with the Ovation software. Additional information on Kaspersky applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.

2

CON_038

1.2 What are the components of Kaspersky antivirus software?

1.2.1

What is the Management Station? An antivirus (AV) Management Station is a non-Ovation PC that enables you to distribute updates to antivirus signatures. Antivirus signatures represent the most current list of known viruses that can harm your system. Antivirus software is only as good as its signatures are current (refer to What is signature distribution? (see page 59)). All of the client machines (see page 3) communicate with the Management Station in order to receive updates to their set of antivirus signatures. An antivirus management station is used to:  

Install the client software.



Configure and manage the Ovation clients. Distribute AV signatures.



Generate AV status reports.

The AV Management Station enables you to run reports on your system's health and perform status checks, which help you meet the NERC CIP security standards. Antivirus management software also helps you meet NERC and Sarbanes-Oxley reporting requirements without impacting your DCS operation or nullifying the Ovation validation process. You must install the Kaspersky Administration Kit 8.0.2090 on your dedicated AV Management Station. Emerson recommends isolating this software from Ovation by installing it on one dedicated PC connected to your DCS network with an IP-only port on one of the DCS switches. This dedicated PC is not loaded with any Ovation software. Dedicating a PC on each DCS ensures that the client's antivirus signatures can be updated even if there is no connection to any outside or corporate LAN (local area network). Note: To preserve the integrity of the Management Station, it should n o t have internet access.

Signature updates (see page 59) are obtained from a website that is accessed from another non-Ovation PC.

1.2.2

What is a Client station? A Client station is an Ovation drop that has antivirus software loaded on it. Clients are Ovation workstations (Operator Station, Engineering Station, and so forth) and Ovation servers (Database Server, Software Server, and so forth). A Controller is not a client since AV software is not loaded on it. The client antivirus software continually monitors the client machine's own hard drive for known viruses. The client antivirus software must be installed and configured so that it does not adversely impact the operation of your control system, inhibit or delay operator actions, or require extensive modifications to the standard, validated, Ovation software. The type of client software that you install differs based on the type of the client station, its performance requirements, and its operating system, as well as the station's ability to display AV information. To correctly install client drops, you will need the following software: 

Kaspersky 6.0 Anti-Virus for Workstations MP4 (6.0.4.1424) -- to load on Ovation client

workstation drops that are running the Windows XP or Windows 7 operating systems. 

CON_038

Kaspersky 6.0running Anti-Virus for Servers MP42003 (6.0.4.1424) -- ToServer load on Ovation clientsystems. server drops that are the Windows Server or Windows 2008 operating

3

1.3 Performing signature wave deployment

1.3

Performing

signature

wave deployment

Per the CIP guidelines, it is your responsibility to ensure that the installation of new antivirus signatures (see page 59) does not disrupt your DCS operation. To accomplish this, Emerson recommends a staged process that consists of three waves of deployment: 

New signatures should be installed on a first wave of non- critical “early adopter” clients. These clients should be strategically selected so that they can be easily observed by the operators and the operators can use other clients to continue controlling the process in the event of a problem. If a problem is detected, you can immediately stop deploying the new signatures and roll back to the previous version.



If the first wave of drops continues to operate normally for a pre-determined period of time, the newtosignatures can bebut deployed of that clients. drops are more critical plant operations should to notthe besecond the onlywave drops can These be used to control the process. Again, if a problem occurs, immediately stop deploying the new signatures.



Finally, if the second wave of clients operates normally, you can proceed to the final (third) wave of clients. This group consists of critical drops as well as any drops that do not have local displays (monitors) or keyboards.

Note: For super critical applications, a fourth wave of deployment (Wave3-OPH) is used.

1.4

What are ports and services? In security terminology, an open port is used to mean a TCP/IP port number that is configured to accept data packets. In contrast, a port which ignores all packets directed at it is commonly referred to as a closed port. Ports are the channels through which applications (or services as they are known in security terminology) on the client computer can reach the software on the management station. Services require their respective ports to be "open" on the management station in order to be reachable. However, a port being open is not enough for a communication channel to be established. There needs to be a service "listening" on that port, accepting the incoming packets and processing them. If there is no service listening on a port, incoming packets to that port will simply be rejected by the computer's operating system. Ports can be closed through the use of a firewall. The firewall will filter incoming packets, only letting through those packets for which it has been configured. Packets directed at a port which the firewall is configured to "close" will simply be dropped in transit, as though they never existed. The following tables identify and describe the ports and services that must be open for communication to take place between the management station and the clients. Note: These ports and services are automatically opened during installation.

4

CON_038

1.4 What are ports and services?

Ports

PORT

D ESCRIPTION

U SED BY

13000/TCP

SSL connection to clients (encryption protocol)

Management Station Only

14000/TCP

Non-SSL connection to clients


13000/UDP

SSL connection to client for system shutdown information


15000/UDP

Network Agent communication

Clients

Services

S ERVICE N AM E

F ILE N A M E

S ERVICE D ESCRIPTION

R UNS O N

CSAdminServer

Klserver.exe

Kaspersky Management Station

Management Station

MSSQL$KAV_CS_ADMIN_KIT

Sqlservr.exe

SQL Server (KAV_CS_ADMIN_KIT)

Management Station

MSSQL$SQLEXPRESS

Sqlservr.exe

SQL Server (SQLEXPRESS)

Management Station

SQLWriter

Sqlwriter.exe

SQL Server VSS Writer

Management Station

AVP

Avp.exe

Kaspersky Anti-Virus 6.0

Client

Klnagent

Klnagent.exe

Kaspersky Network Agent

Client

CON_038

5

S

2

ECTION

Installing and configuring the Administration Kit on the Management Station

IN THIS SECTION Hardware and software requirements for the Management Station .................................. . 7 Before installing the Administration Kit .............................................................................. . 8 Migrating from a Symantec Management Station to a Kaspersky Management Station ... 8 Installing the Administration Kit .......................................................................................... . 9 Configuring the Administration Kit ..................................................................................... 12 Configuring Management Station scan exceptions........................................................... 34

2.1

Hardware Station

and software

requirements

for the Management

In order to effectively use the Kaspersky antivirus software, you must have a PC designated as a Management Station. The Management Station must be a non-Ovation PC and have the following hardware and software requirements:

2.1.1

Hardware requirements for the Management Station 

1 GB of hard drive space.

 

Intel Pentium III 800MHz or higher. 256MB of RAM.



One of the following operating systems: 

CON_038

Windows XP Professional (32-bit or 64-bit) SP2 or higher. (Not for use with Ovation 3.5 systems.)



Windows Server 2003 SP2 (32-bit or 64-bit). (Not for use with Ovation 3.5 systems.)



Windows Server 2008 SP2 (32-bit).



Windows Server 2008 R2 SP1 (64-bit).



Windows 7 Professional SP1 (32-bit or 64-bit).

7

2.2 Before installing the Administration Kit

2.1.2

Software requirements for the Management Station 

Kaspersky Administration Kit Installation CD (version 8.0.2090).



kasp8.0.2090_adminkiten.exe (Admin Server install).



Kaspersky License Key file (xxxxxxxx.key).



Sqlexpr.exe (SP4 for SQL Express 2005).



Copy of latest virus definitions (see Getting signature updates (see page 59) for more information).



ServerPolicyv3.klp (Server Policy file).



WorkstationPolicyv3.klp (Workstation Policy file).

Note: Ovation software should n o t be loaded on the Management Station.

2.2

Before installing

the Administration

Kit

Before you begin creating your management station, you will be required to have an account with administration privileges on the management station and on the Ovation domain controller. For illustration purposes, this document displays "admin" as a user ID and "ovation" as a password. These terms are for example only; for security purposes, create a user ID and password unique to your system. You are responsible for changing all your user IDs and passwords prior to the system being put into service. If your Management Station has two or more Network Interfaces (NICs) connecting the workstation to multiple networks (for instance, to the Ovation DCS LAN and to a DMZ network), you should temporarily disable all network interfaces except those that connect to the Ovation DCS: 1. Access the Windows Control Panel on your Ovation AV Management Station. 2. Select Network Connections. 3. Right-click on the non-Ovation connections to select Disable. Note: The procedures discussed in this manual document how Kaspersky antivirus software is


8

CON_038

2.3 Migrating from a Symantec Management Station to a Kaspersky Management Station

2.3

Migrating from a Symantec Managem ent Station

Management

Station to a Kaspersky

There are two recommended ways to migrate from Symantec antivirus software to Kaspersky antivirus software: 

Add a new machine to your network and make it the Kaspersky Management Station. 

Follow the procedures in Installing the Administration Kit (see page 9) and Configuring the Administration Kit (see page 12) to create the Kaspersky Management Station .



Once the Kaspersky Management Station is installed and configured, remove the Symantec software. . antivirus software from the machines and install the Kaspersky antivirus client

 

Remove the old Symantec Management Station.

Re-use the old Symantec Management Station by rebuilding the machine:

Note: During the migration period, you will not be able to update Symantec AV signatures on

clients. 

Remove the machine from the domain, reload the operating system, OS patches, and so forth. Refer to Hardware and software requirements for the Management Station (see page 7) for system requirements.



Once the machine has been rebuilt, make it the Kaspersky Management Station by following the procedures in Installing the Administration Kit (see page 9) and Configuring the Administration Kit (see page 12).



CON_038

Once the Kaspersky Management Station is installed and configured, remove the Symantec antivirus software from the client machines and install the Kaspersky antivirus client software.

9

2.4 Installing the Administration Kit

2.4

Installing

the Administration

Kit

The Administration Kit is loaded on the Management Station (see page 3). The Kit includes the software for the management station, clients (workstations and servers), and Network Agent 8.0.2090 which handles the communication between the management station and the clients. The following sections discuss installing and configuring the management station with the Administration Kit.

2.4.1

To install the Kaspersky software 1. Join the computer to the domain (if not already done). a) From the desktop, right-click on the computer and select Properties. b) In the computer name, domain, and workgroup settings, select Change Settings. c) In System Properties, click the CHANGE button d) Change the radio button to domain and type in the full domain address (that is, BigDC.ovation.local) and click Ok. e) A login prompt appears. Enter the domain administrator username and password and click Ok. f)

When you receive the success dialog, click Ok and allow the machine to reboot.

Note: The Management Station must be joined to the domain.

2. Log in to the machine with local admin rights (if not already done). Note: Kaspersky Administration Kit requires Microsoft .NET Framework 2.0 SP1. If you have not

already installed .NET Framework, you will not be able to launch the installation wizard. Install Microsoft .NET Framework 2.0 SP1 before proceeding.

3. Insert the Kaspersky Administration Kit installation CD and launch kasp8.0.2090_adminkiten.exe . 4. On the Welcome screen, click Next. 5. On the Location to save files screen, click Next. Note: This folder location is only used for unpacking and installing. You do not need to keep this

folder after the installation.

A progress bar appears while the installation files are expanded. 6. On the Welcome to Installshield Wizard screen, click Next. 7. On the License agreement screen, click Yes. 8. On the Select Installation Type screen, select Standard and click Next. 9. On the Network Size screen, select From 1 to 100 computers in the network . Note: This selection only sets some timing values for clients to check in and get updates. The

number of clients is not limited by this selection.

10. On the Start Copying Files screen, click Next.

10

CON_038

2.4 Installing the Administration Kit Installation continues while components are installed. 11. On the Installation Wizard Completed screen, click Finish. After the initial installation of the Administration Kit, it is necessary to configure the following basic settings on the Management Station: 12. After you select the Finish button, the Quick Start Wizard appears. On the Welcome to Quick Start Wizard screen, click Next. 13. On the License screen, select Load from Key File and click Next. 14. On the Choose Key File screen, click Select and browse to your key file (xxxxxxxx.key). Once selected, click Next. 15. On the Network Discovery screen, click Next. 16. On the Notifications screen, click Next. 17. On the Update screen, click Next. Note: The Management Station attempts to contact outside servers to pull down updates. Do

not wait for it to finish. It will fail eventually.

18. On the Initial Setup is complete screen, remove the checkmark from Start Deployment and click Finish. The Kaspersky Administration Kit window appears.

Figure 1 : Kaspersky Adm

CON_038

inistra tion Kit main windo

w

11

2.4 Installing the Administration Kit

19. Open a command prompt. 20. Go to the Kaspersky CD and type: sqlexpr.exe /qb UPGRADESQL_Engine,SQL_Data_Files,Client_Components,Conectivity INSTANCENAME=KAV_CS_ADMIN_KIT

Fi gure 2 : Command window

showing comm

and

21. A series of messages appear detailing the installation process. When complete, Service Pack 4 for SQL2005 Express is installed. Note: Emerson recommends that you wait until all pop-up screens close and the command

prompt is visible before proceeding.

12

CON_038

2.5 Configuring the Administration Kit

2.5

Configuring

the Administration

Kit

The following items are needed to properly configure the Administration Kit and setup the Management Station:

2.5.1



Install the Administration Kit software (see page 9).



Import protection policies (see page 15).



Import the group (wave) structure (see page 17).



Import group tasks (see page 22).



Run the setup.ini program that ensures that only Kaspersky antivirus is installed (see page



25). Update antivirus definitions (see page 27).

To access the Ka spersky A dministration Kit window Once the Kaspersky Administration Kit is installed, use the following procedures to access the Administration Kit window which allows you to perform various functions: 1. Go to Windows Start ->All Programs -> Kaspersky Administration Kit -> Kaspersky Administration Kit. The Kaspersky Administration Kit window appears. Note: If you have created a shortcut on your desktop, you can also access the Kaspersky

Administration Kit window from an icon on your screen.

Figure 3 : Kaspersky Adm

CON_038

inistra tion Kit main windo

w

13

2.5 Configuring the Administration Kit Understanding the Kaspersky Administration Kit window

The Kaspersky Administration Kit main window is divided into two parts. The left side of the window displays the hierarchy tree. When you click on an item in the tree, the right side of the window updates with information that pertains to the selected item in the tree. Activating wizards, selecting tasks, and defining groups are some of the functions that are performed from the right side of the window.

Figure 4 : Kaspersky Ad

ministration Kit window

panel e xample

Note: It is beyond the scope of this manual to discuss all of the Kaspersky Administration Kit

window features. Additional information on Kaspersky windows and applications is provided in the Kaspersky Lab documentation which is provided on the installation CD.

14

CON_038

2.5 Configuring the Administration Kit Many procedures in this manual require you to browse to a directory. Unlike the standard Browse windows that are part of Microsoft Windows, the Kaspersky browse feature is accessed from an Open window (see the following figure).


2.5.2

ministration Kit - Open window

To import Kaspersky protection policies Protection policies define how the clients operate (for example, what processes to use, what processes to ignore, and so forth). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Under Managed computers, expand the Policies item in the tree. a) If default policies exists, right-click on them, and select Delete. 4. Right-click on Policies and select Import.

5. The Open window appears (see page 14). Browse to where ServerPolicyv3.klp exists. 6. Select ServerPolicy and select the Open button. The Open window selects the file and exits. 7. Right-click on Policies and select Import again to access the Open window. 8. On the Open window, browse to where WorkstationPolicyv3.klp exists.

CON_038

15

2.5 Configuring the Administration Kit 9. Select WorkstationPolicy and click Open. The Policies tree structure should look like the following figure:

Figure 6 : Kaspersky A

16

dministration Kit tree -- showing com

plete d Policies structure

CON_038

2.5 Configuring the Administration Kit 10. Click on Emerson Server Protection Policy and select Active Policy on the right side of the window.

Figure 7 : Kaspersky A

dministration Kit - Emerson

Se rver Protection Policy

11. Return to the tree and select on Emerson Workstation Protection Policy . Select Active Policy from the window's right pane..

2.5.3

To import Update Groups (Waves) The following procedures discuss importing the group (wave) structure (for example, Wave1, Wave2, and so forth). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Expand the Group tasks item in the tree.

CON_038

17

2.5 Configuring the Administration Kit 4. Right-click on each task located under Group tasks and select Delete.

5. Click on the Managed Computers item in the tree. On the right side of the window, select Import group structure.


18

ministration Kit - Import Group Structure

CON_038


6. The Welcome to New Administration Group Structure Wizard appears. Click Next. 7. On the first Creating administration group structure screen, select a method for creating the group structure. Select the Text File radio button and click Next.

Figure 9: Cre

CON_038

ati ng administrati

on g roup structure screen

19

2.5 Configuring the Administration Kit 8. The Creating administration group structure screen updates. Go to the Target group field and click Browse button.

9. The Select group window appears. Select Managed computers and click OK.

Figure 1 0: Se lect group w

20

indow

CON_038

2.5 Configuring the Administration Kit 10. Go to the Text file with group names field and click the Browse button.

CON_038

21

2.5 Configuring the Administration Kit 11. The Open window appears (see page 14). Browse to the CD in the directory called groups. Select the file groups then click Open.

12. You will be returned to the Group structure management window. Click Next, and then click Finish. Your groups should look similar to this:

22

CON_038


2.5.4

To import Group Tasks Each group (wave) in the Administration Kit tree has its own set of update tasks. These tasks define when to update the virus definitions (for example, every Wednesday at 3:00 PM). 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, expand the Managed computers items in the tree. 3. Select Group tasks under Managed computers. 4. On the right side of the window, select Import Task from File .

Figure 1 1: Kaspersky Adm

inistra tion Kit wind

ow - I mpo rt task from file

5. The Open window appears (see page 14). Browse to the \Groups directory on the CD. 6. Select VirusScanServers.klt, and click Open. The Open window makes the selection and exits. 7. Select Import task from file again to access the Open window. 8. Browse to the \Groups directory on the CD. 9. Select VirusScanWorkstations.klt , and click Open. The Open window makes the selection and exits. 10. Return to the Kaspersky Administration Kit hierarchy tree. Expand the Managed computers item and expand Wave 1.

CON_038

23

2.5 Configuring the Administration Kit 11. Right-click on Group Tasks for Wave 1. Pull-right and select All Tasks and Import.



ow -- Import All Group Tasks

12. The Open window appears. Browse to the \Groups directory on the CD. 13. Select Wave1ServersUpdate , and click Open. The Open window selects the file and exits. 14. Right-click on Group Tasks for Wave 1-> All Tasks -> Import to access the Open window again. 15. Browse to the \Groups directory again on the CD. 16. Select Wave1WorkstationsUpdate , and click Open. 17. Under the Managed computers item in the tree, expand Wave 2. 18. Right-click on Group Tasks for Wave 2. Pull-right and select All Tasks and Import. 19. The Open window appears. Browse to the \Groups directory on the CD. 20. Select Wave2ServersUpdate , and click Open. The Open window selects the file and exits. 21. Right-click on Group Tasks for Wave 2-> All Tasks -> Import to access the Open window again. 22. Browse to the \Groups directory again on the CD. 23. Select Wave2WorkstationsUpdate , and click Open. 24. Repeat Steps 17 through 23 for Wave 3 and Wave 3 OPH.

24

CON_038


2.5.5

To configure workstation protection Kaspersky Lab provides many types of security applications. However, the Ovation system only requires the antivirus application. The setup.ini allows the install of the antivirus software while restricting the install of all other Kaspersky security software applications. 1. Open the Kaspersky Administration Kit (see page 13). 2. Expand Repositories and select Installation Packages.

Figure 13 : Kaspersky

Adm inistra tion K it -- showing

Insta lla tion packages highlighted

3. Select Kaspersky Anti-Virus 6.0 for Windows Workstations and click Configuring the installation package settings . 4. Click the Properties tab.

CON_038

25

2.5 Configuring the Administration Kit 5. Remove the check marks from everything but File Anti-Virus. Place a check mark in the Add program location to environment variable %PATH% box. Click the Compatibility button.

Figure 14 : All properties unc

hecked except for File Anti-Virus

6. Place a check mark in the Do not install the NDIS5 driver box and click OK.

Figure 1 5: Compatibili

26

ty settings w

indow

CON_038

2.5 Configuring the Administration Kit 7. Click the OK button to close out the properties.

Note: Currently, Ovation only supports the FileMonitoring component due to the acceptable

Ovation configuration. Refer to Additional Kaspersky protection components (see page ) for a general description of each of these components.

2.5.6

To update de finitions in the A dministration Repos itory The Administration Repository is the place where the antivirus definitions are stored on the Management Station. For information on updating antivirus definitions, see Getting signature updates (see page 59). 1. Go to the Emerson subscription website, updates.ovationusers.com/KAV/ , and copy the latest antivirus definitions to a CD or flash drive. They will be in a zip file. Note: The Management Station should not have internet access. To copy the latest antivirus

definitions from the Emerson user site, use a non-Ovation PC that has internet access.

2. On your Management Station, create a local folder for virus definitions (for example, C:\Definitions). 3. Unzip the definitions that you obtained from the Emerson website to the folder you created on the Management Station.

CON_038

27

2.5 Configuring the Administration Kit 4. Access the Kaspersky Administration Kit window (see page 13). 5. On the left side of the window, expand the Repositories item in the tree, and select Updates.

6. Click on Configure update settings on the right side of the window.

7. The Download updates to repository Properties window appears. Select the Settings tab on the window.

28

CON_038

2.5 Configuring the Administration Kit 8. Click the Configure link under Update Sources.

Figure 1 6: Download updates to repository Properties window

9. The Update sources window appears. Click on the Add button.

Figure 1 7: Update sources window

CON_038

29

2.5 Configuring the Administration Kit 10. The Update source properties window appears. Select the Local or network update folder radio button. Then click the Browse button.

Figure 18 : Update source prop

erti es windo w

11. The Open window appears (see page 14). Browse to folder where you unzipped the virus definitions and click OK. The Open window accepts the file and exits. 12. Click OK on the Update source properties window. 13. You will be returned to the Update sources window. Select Kaspersky Lab update servers and select the red X to delete it.

14. Only the local folder (C:\Definitions\) should remain on the Update sources window. Click OK. 15. You will be returned to the Download updates to repository Properties window. Select the Schedule tab

30

CON_038

2.5 Configuring the Administration Kit 16. Go to the Scheduled start: drop-down menu, and select Daily. Select a start time of 7:00:00 AM from the Start time menu.

Figure 19 : Downlo ad updates to repository Pro

perties wind

ow -- S elect start time

17. Click the OK button on the Download updates to repository Properties window.

CON_038

31

2.5 Configuring the Administration Kit 18. The update task will run on the schedule you defined or it can be forced immediately by clicking Download Updates.

2.5.7

To install protection on the Manage ment Station 1. Access the Kaspersky Administration Kit window (see page 13). 2. On the left side of the window, navigate to Event and computer selections -> Computer selections -> No Kaspersky Anti-Virus installed . The Management Station name should appear on the right side of the window.

Figure 2 0: Kaspersky Ad antivirus installed

32

ministration Kit windo

w -- f inding Management Sta

tion w ith no

CON_038

2.5 Configuring the Administration Kit 3. Click on the name of the Management Station, and the menu on the left changes. See the following figure.

Figure 21 : Start deploym ent of antivirus to Management Station

4. Click on the Deployment Wizard link. The Deployment Wizard starts. Click Next on the initial screen. 5. On the Installation Package screen, the Deployment Wizard should auto-select the appropriate Kaspersky antivirus to install. Click Next. 6. On the License screen, the only license installed should already be selected. Click Next. 7. On the Account screen, there is no account needed for a local install. Click Next. 8. On the Restart screen, select whether or not you want to reboot (note that a reboot is not necessary). Click Next. 9. On the Incompatible Applications screen, click Next. 10. On the Computer Relocation screen, the default location is Managed Computers. Click Next. 11. On the Install Application screen, click Next. The installation task starts. Wait for the install to finish, and click Next. 12. Click Finish to end the wizard. The name of the Management Station will appear in the Managed computers folder. At this point, it must be assigned to a Wave (Wave 1 is and installing clients to waves (see suggested) order to receive updates. to Assigning page 53) forininformation in assigning thisRefer station to a wave.

CON_038

33

2.6 Configuring Management Station scan exceptions

2.6

Configuring

Management

Station scan exceptions

The following exception configurations are needed to optimize the interactions between Emerson applications with the Kaspersky AntiVirus software, as well as eliminate potential sources of application irregularities. Use the following procedure to configure Management Station scan exceptions: 1. Access the Kaspersky Administration Kit window (see page 13) on a Management Station. 2. On the left side of the window, expand the Managed computers items in the tree. 3. Under Managed computers, expand the Policies item in the tree.


34

Adm inistra tion K it tree - - showing

comp lete d Policies structure

CON_038

2.6 Configuring Management Station scan exceptions 4. For each of the policies configured in the location (Emerson Server Protection Policy and Emerson Workstation Protection Policy ), right-click on the policy and select Properties. 5. The Emerson Protection Policy Properties window appears. From the Protection tab, make sure Protection is selected in the top drop-down menu. Then click on the Trusted Zone button in the Exclusions section.

Figure 23 : Emerson

CON_038

Ser ver Protection Policy Propertie

s w indow

35

2.6 Configuring Management Station scan exceptions 6. The Trusted Zone window appears. Click the Add button. The Exclusion mask window appears.

Figure 2 4: Exclusion Mask window

7. Accept the default Object selection in the Properties section, then click on the Select Object link (see the figure above). The Object Name window appears.

Figure 2 5: Object name window

36

CON_038


8. Add a single entry from the list below in the entry field. Make sure that the "Include subfolders" checkbox is not checked. Select the OK button. Repeat for each additional entry. The disk letters in the list below reflect the Ovation installation defaults, and may need to be adjusted on certain systems: 

C:\Ovation\shc\config\mmidbrma\*.dbd



C:\Ovation\shc\config\mmidbrma\*.ddl



C:\Ovation\shc\config\mmidbrma\*.df1


















C:\Ovation\shc\config\mmidbrma\*.kf1


















C:\Oracle\OraData\ptdb\*.DBF



C:\Oracle\OraData\ptdb\*.DBS



D:\Oracle\OraIndex\ptdb\*.DBF



D:\Oracle\OraIndex\ptdb\*.DBS



*.ohif

9. Return to the Trusted Zone window, and delete the following default entries from the Exclusion Rules list: 

D:\oracle\oraindex\ptdb\



D:\oracle\oradata\ptdb\



C:\oracle\oraindex\ptdb\



C:\oracle\oradata\ptdb\



C:\ovation\shc\config\mmidbrma\

10. Select OK on the Trusted Zone window and then click OK on the Protection Policy Properties window to return to the main Kaspersky Administration Kit window. 11. Repeat the Steps 8 and 9 for any remaining policies. Note: Make sure that you perform these procedures for both Emerson Policy and Emerson Work station Protecti on Policy .

CON_038

Serve r Protection

37


12. Review the setting results on the applicable client machines by performing the following steps: a) Navigate to Kaspersky Administration Kit -> Managed Computers -> Wave X -> Client Computers. b) Right-click on the applicable machine and select Properties.

Figure 26:

Review setting results

c) The Drop Properties window appears. Select the Applications tab and click on the Kaspersky AntiVirus for Windows entry. Then, select the Properties button.

38

CON_038

2.6 Configuring Management Station scan exceptions d) The Kaspersky AntiVirus for Windows Properties window appears.

Figure 27:

Review setting pro

perties

e) Select the Properties tab. Make sure that Protections is selected from the drop-down menu, then click the Trusted Zone button in the Exclusions section. f)

CON_038

Verify that the settings above have taken affect in the Exclusion Rules list.

39

S

3

ECTION

Installing and configuring the Client antivirus software

IN THIS SECTION Selecting the correct software for Ovation client drops..................................................... 41 Hardware requirements for clients .................................................................................... 41 Migrating from Symantec clients to Kaspersky clients ...................................................... 42 Installing client software ................................................................................................... . 42 Assigning and installing clients to waves .......................................................................... 53 Importing a new license key .............................................................................................. 55

3.1

Selecti ng the correct software

for Ovation client drops

Ovation drops can be either one of two types of clients: 

Workstation (Operator Station, Engineering Station, and so forth).



Server (Database Server).

The type of Kaspersky client software that you install depends on the type of client drop and the operating system that it is running. Make sure you are installing the correct software that goes with each client type. For Ovation client workstations, install Kaspersky Anti-Virus for Workstations MP4 (6.0.4.1424) (for XP or Windows 7 operating systems). For Ovation client servers, install Kaspersky Anti-Virus for Servers MP4 (6.0.4.1424) (for Server 2003 or Server 2008 operating system).

3.2

Hardware

requireme nts for clients

The following hardware is required to load client workstations : 

300 MB of free hard drive space.



Intel Pentium 800MHz or higher.



512MB of RAM.



One of the following operating systems:

CON_038



Windows XP SP2 or higher. (Not for use with Ovation 3.5 systems.)



Windows 7 Business/Enterprise/Ultimate. (Not for use with Ovation 3.5 systems.)



Windows 7 Professional SP1 (32-bit or 64-bit versions).

41

3.3 Migrating from Symantec clients to Kaspersky clients The following hardware is required to load client servers:

3.3



300 MB of free hard drive space.



Intel Pentium 1 GHz or higher.



1GB of RAM.



One of the following operating systems: 

Windows Server 2003 SP2. (Not for use with Ovation 3.5 systems.)



Windows Server 2008 SP2 (32-bit version).



Windows Server 2008 R2 SP1 (64-bit version).

Migrating

from Symantec

clients to Kaspersky

clients

If you are installing Kaspersky antivirus software on a machine that previously had Symantec antivirus software installed, contact an Emerson representative to discuss the best means for cleanly uninstalling the Symantec antivirus software with minimal impact to Ovation.

3.4

Installing

client software

The following sections describe the installation of Ovation clients. The installation can be performed from either a "push" from the management station or it can be done manually. Note: The procedures discussed in this manual document how Kaspersky antivirus software is


3.4.1

To push the install to the clients from the Management Station Use the following procedure to download or "push" the application antivirus software from the management station to the Ovation clients. 1. Access the Kaspersky Administration Kit window (see page 13) on the Management Station.

42

CON_038

3.4 Installing client software 2. On the left side of the window, select Tasks for specific computers from the tree.

Figure 2 8: Kaspersky Ad

CON_038

ministration Kit windo

w h iera rchy tree

43

3.4 Installing client software

3. Depending on the type of client you are pushing the install to, select one of the following items on the right side of the Administration Kit window: 

Deploy Kaspersky Anti-Virus for Windows Workstations (for XP or Windows 7 operating systems)



Deploy Kaspersky Anti-Virus for Windows Servers (for Windows Server 2003 or Windows Server 2008 operating systems).

Figure 2 9: Ta sks fo r specific com

puters

Note: The following steps are the same regardless of whether you chose to deploy the

workstation or server antivirus software.

4. On the Welcome to the Deployment Task Creation Wizard, click Next. 5. On the New Deployment Task name screen, define your task name (the default is fine). Click Next. 6. On the Installation Method screen, the Push install radio button should be selected (if not, select it). Click Next. 7. On the Settings screen, keep the items that are checked. Click Next.

44

CON_038

3.4 Installing client software 8. On the Advanced screen, select the Install Network Agent along with this application check the Network Agent checkbox. Click Next.

Figure 30:

Adv anced screen - I

nstall Network A

gent

9. will On require the Restart screen, select how are: you want to handle the restart after the install (the machine a restart). The choices 

Do not restart.



Restart the computer (will force a restart without notification).



Prompt User for action (will prompt the user about the restart and can be cancelled, if desired).

10. After you make your restart selection, click Next. 11. On the Computer Relocation screen, click Next. Note: Clicking Next on the Computer Relocation screen places any installed machines into a

single location. Then they can be moved to the various "waves."

CON_038

45


12. On the Select target computers screen, select how you will define which machine(s) to install to. The choices are: 

I want to select computers using Windows Networking (if you would like to select machines auto-discovered via Active Directory). See Step 13.



I want to define computer addresses (IP, DNS or NETBIOS) manually (if you know the target IP(s)). See Step 14.

13. If you clicked "Windows Networking," the Client computers screen appears. Expand Unassigned computers in the tree and place a checkmark beside the individual machine(s) you are installing to, and then click Next.

Figure 31 : Clie nt co mpu ters screen - Unassigned com

46

puters

CON_038

3.4 Installing client software 14. If you selected "define computer addresses," the Client computers screen appears with a space to enter an IP address. Click the Add button and an entry field appears. Type in the IP addresses of the individual machine(s).

Figure 32:

Client comp

uters sc reen - Add IP addresses

15. Once you have added all the IP addresses, click Next.

CON_038

47

3.4 Installing client software 16. The Account screen appears. Click the Add button.

Figure 3 3: Account

screen

17. The Account pop-up window appears. Enter the account information that has install rights to the target machine (can be a domain account) and click OK.

Figure 34 : Account po

48

p-up window

CON_038

3.4 Installing client software 18. Repeat Steps 16 and 17 if more than one account is needed. Then click Next on the Account screen when finished.

CON_038

49

3.4 Installing client software 19. On the Task scheduling settings screen, select when you would like this install to occur. Pull down the Scheduled start menu to select the desired time. Select Immediately if you want to force the install now. Click Next.

Figure 35 : Task sch

eduling settings screen

20. On the Completing the Deployment Task Creation Wizard, click Finish. Note: The task will remain and can be edited to be reused for different targets, schedules, and

so forth.

21. Reboot the client.

50

CON_038


3.4.2

To manually install the client Use the following procedure to manually install the Ovation client software. Note: This procedure cannot be performed if the Management Station is not connected to the

domain.

1. Access the Kaspersky Administration Kit window (see page 13) on the management station. 2. On the left side of the window, expand the Repositories item in the tree, and select Installation packages.

CON_038

51

3.4 Installing client software 3. On the right side of the window, select the product you want to install (in this example, it shows Kaspersky Anti-Virus 6.0 for Windows Workstations). Then select Create Standalone installation package.

Figure 36: I nstallation pack

ages screen

4. The Welcome to the Wizard for Standalone Installation Package Creation screen appears. Click Next. 5. On the License screen, click Next. 6. On the Network Agent installation package screen, click Next. 7. On the Computer Relocation screen, click Next.

52

CON_038

3.4 Installing client software 8. A progress bar appears and a single setup file is created. The Administration Kit tells you where this setup.exe file is located. You can also click the Open folder link to go directly to the setup.exe file. See the following figure.

9. Copy this setup.exe file to the applicable Ovation client machine and install. The installation will be silent, meaning that no progress bar or window will appear. 10. Reboot the client.

CON_038

53

3.5 Assigning and installing clients to waves

3.5

Assigning

and installing

clients to waves

Once you have installed the client software, you must assign the correct Ovation drops to the applicable waves.

3.5.1

To assign clients to waves 1. Access the Kaspersky Administration Kit (see page 13) on the management station. 2. On the left side of the window, expand the Managed computers item in the tree. 3. Click on Client computers. (Note that this is the default location that machines go to after the install.)

54

CON_038

3.6 Importing a new license key 4. The right side of the window updates with the Client computers screen. Find the machine that you want to move and select it.

5. Return to the hierarchy tree on the left side of the window, and expand the Wave folder you are going to move the selected machine to. 6. Drag the machine that you have highlighted from the right side of the window to the Client computers item under the desired Wave folder on the left side of the window.

7. Repeat Steps 4 through 6 for all client computers and all waves.

3.6

Importing

a new license key

The Kaspersky license key is available on the installation CD. When you perform the install, you determine how many "seats" you need from the license key. If additional licenses are required after the installation, you must import a new license key.

3.6.1

To import a new license key 1. Access the Kaspersky Administration Kit (see page 13) on the management station. 2. On the left side of the window, expand the Repositories item in the tree. 3. Click on Licenses.

CON_038

55

3.6 Importing a new license key 4. On the right side of the window, select Add License.



ow -- Add L icense

5. The Welcome to Install License Wizard appears. Click Next on the window. 6. On the License screen, select the Load from key file radio button and click Next. 7. In the Choose Key File field, click the Select button and the Open window appears. Browse to where the key is kept. Find the .key file (example: 1234ABCD.key), and click Open.

56

CON_038

3.6 Importing a new license key 8. Select the Automatically deploy license to managed computers checkbox, and click Next.

Figure 38:

License sc reen

9. On the Completing the Install License screen, click Finish.

CON_038

57

S

ECTION

4

Getting signature updates

IN THIS SECTION What is signature distribution? .......................................................................................... 59 To .............................................................................................. To obtain transfersignature signatureupdates updates to the Management Station ............................................... 59 60 Rolling back to previous signatures .................................................................................. 61

4.1

What is signature

distribution?

Antivirus signatures represent the most current list of known viruses that can harm your system.

Antivirus software is only as good as its signatures are current. Since viruses and worms are constantly being developed by malicious hackers, weekly signature updates are extremely important. Every week, a new set of antivirus signatures that are designed to combat the latest viruses are posted on the Emerson website. There are several steps in the safe distribution of new antivirus signatures: 



Emerson obtains the newly released signatures from the antivirus vendor and validates that the signatures do not report any false positives on files included in the supported Ovation releases. Emerson further verifies that the new signature does not adversely impact system performance. Emerson posts the tested signature files on their subscription website. Access to this website requires a paid SureService subscription agreement for the Software Updates with Antivirus module that entitles you to signature updates. Contact your Emerson representative for more information.



Using a non-Ovation PC with internet access, you are able to download the latest signature updates from the website and save them to some type of removable media (CD, USB flash drive, and so forth). The signature updates will be contained in a .zip file.



Insert the USB flash drive or CD into the Management Station. Install the signatures updates on your Management Station by extracting the files from the zip file.



"Push" the updated signatures to the Ovation client drops from the Management Station.

CON_038

59

4.2 To obtain signature updates

4.2

To obtain signature

updates

To obtain signature updates, you must have a PC with internet access that is not connected to the Ovation system. Also, this PC should not be the same machine that is being used as the Management Station. CAUTION: In order to preserve the integrity of the Ovation system, internet access should be

prohibited from any machine running Ovation software. 1. In your web browser, enter the URL: updates.ovationusers.com/KAV/ . Note: In order to access this link, you must have a paid SureService subscription agreement for

the Software Updates with Antivirus module that entitles you to signature updates.

You are prompted for your Subscription Information. 2. Enter the login name and password assigned in your SureService agreement. Your browser displays the Updates page. Note that the login name and password are case sensitive. The top section of the page lists the available AV definition zip archives starting with the most recent at the top. The display includes the File size (bytes), the date it was posted, the MD5 Hash of the file, and a description. Note: Other important information regarding Kaspersky AV updates might be displayed on this

page. Emerson recommends that you check this page for other announcements when you visit this site.

3. Click the desired file to download. You will be prompted to use the Ovation Download Manager. Note: TheBrow file download will start automatically. If it does not start automatically, you should press the se D ownload button.

4. You will be prompted to save the file. Emerson recommends that you save the zip file to a USB memory stick or CD. 5. Finish the task by transferring your AV definition files to your Management Station (see page 60).

4.3

To transfer

signature

updates to the M anagement

Station

1. On your Management Station, create a local folder for virus definitions (for example, C:\Definitions ). 2. Insert the USB flash drive or CD that contains the updated signature zip file into the Management Station. 3. Transfer the AV signatures from the flash drive or CD to your Management Station. Unzip the file to the folder you created (for example, C:\Definitions ). 4. Update the definitions in the Administration Repository (see page 27). 5. Push the updated virus definitions from the Management Station to the client machines (see page 42).

60

CON_038

4.4 Rolling back to previous signatures

4.4

Rolling back to previous

signatures

If an updated set of antivirus signatures causes a false report of an infected file or any DCS operational problems, you may have to roll the signature files back to the previous signatures that were functioning correctly. You can perform a roll back on your client machines.

4.4.1

To roll back signatures on Ovation workstation and server c lients 1. From a client computer, click the Kaspersky icon in the system tray. The main Kaspersky (client) window appears. Note: The procedures and figures discussed below depict a rollback for workstation clients. The

procedures for server clients are the same except that the windows say "Windows Servers."

2. Select Update.


CON_038

Anti-Vi rus 6.0 for Window

s Wo rkstations

61

4.4 Rolling back to previous signatures 3. The Update screen appears. Click on Roll back to the previous databases.

Figure 40: Update screen --

62

Rollback to p

revious d atabases

CON_038

4.4 Rolling back to previous signatures The rollback process begins.

Figure 41 : Rollback runn

ing

4. When the rollback completes, select the Close button.

CON_038

63

4.4 Rolling back to previous signatures 5. On the Update screen, verify that the roll back was a success by checking the Databases release date.

Figure 42: Verify Databases release date

64

CON_038

S

ECTION

5

Generating reports

IN THIS SECTION What reports are available with the Kaspersky antivirus software? ................................. . 65

5.1

What reports are available software?

with the Kaspersky

an tivirus

The Kaspersky antivirus software provides a standard set of reports. These reports are listed and described below: 

Antivirus database usage report -- contains information about the database versions used

by the applications. 

Errors report -- contains information about errors (functional failures), registered in the

operation of applications installed on client computers. 

Incompatible applications report -- contains information about the antivirus applications of

other vendors installed on client computers or Kaspersky Lab's applications that do not support management via Kaspersky Administration Kit. 

Kaspersky Lab software version report -- contains information about the versions of

Kaspersky Lab's antivirus applications installed on client computers. 

License usage report -- contains information about the status of licenses used by Kaspersky



Lab's applications and observance of the restrictions provided for in those licenses. Most infected users report -- includes information about client computers, the scanning of which has revealed the largest number of suspicious objects.



Protection coverage report -- contains a list of network computers and information about the

antivirus applications installed on those hosts. 

Protection status report -- contains information about client computers that have insufficient

level of antivirus security. 

Users of infected computers report -- contains information about the most dangerous

network users. 

Viruses report -- provides information about the results of antivirus scanning of client

computers. Note: You can also create custom reports. Information on creating custom reports is provided in

the Kaspersky Lab documentation which is provided on the installation CD.

CON_038

65

5.1 What reports are available with the Kaspersky antivirus software?

5.1.1

To generate antivirus reports When you select a report to run, the information for that report displays on the right side of the Administration Kit window. The information provided can be a general summary or be detailed to the drop level. Once the report is saved to a selected file format (see page 67), it can be printed. In addition, reports can be scheduled to run automatically at a specific time interval (see page 70). Use the following procedure to run a report: 1. On the Management Station, access the Kaspersky Administration Kit window (see page 13). 2. Expand the Reports and notifications item in the tree. A list of reports displays.

Figure 43 : Re ports and no

66

tifications

CON_038

5.1 What reports are available with the Kaspersky antivirus software? 3. Click on the report that you want to run. The report processes and the results are shown in the right pane of the Administration Kit window. An example report is shown in the following figure.

Figure 44:

CON_038

Example report -- Antivirus d

atabase us age re port

67

5.1 What reports are available with the Kaspersky antivirus software?

5.1.2

To save a generated report Once you have generated a report, it can be saved to a specified file format, where it can be printed or archived. 1. Generate the desired report (see page 66). 2. Right-click on the name of the report in the hierarchy tree that you just generated. Select Save from the menu that displays. 3. The Report saving wizard appears. Click Next.

Figure 45:

Report saving w

izard

4. The Folder screen appears. Specify the folder where the report should be saved to. Click the Select button to browse for a folder.

68

CON_038

5.1 What reports are available with the Kaspersky antivirus software? 5. Select a file format for the report. The report can be saved as html, pdf, or xml.

Figure 46: Re port s aving w izard -- Folder screen

6. Click the Next button.

CON_038

69

5.1 What reports are available with the Kaspersky antivirus software? The save processes. When it is finished, the Report saving wizard Complete screen appears.

Figure 47 : Report saving wizard com

plete screen

7. By default the Open the report folder checkbox will be checked. When you click the Finish button, the report will open format you the software package that itinisthe displayed in. selected. The report can then be printed using

5.1.3

To schedule reports to run automatically You can schedule reports to run automatically at a specific time interval. To do this, use the following steps: 1. Generate the desired report (see page 66). 2. Right-click on the name of the report in the hierarchy tree that you just generated. Select Send reports from the menu that displays.

70

CON_038

5.1 What reports are available with the Kaspersky antivirus software? 3. The Report autosend task creation wizard appears. Click Next.

Figure 48:

Report autosen

d task creation wizard

4. The Report autosend task name screen appears. Enter the name of the task that is going to be run. A default name is provided for you. Click Next.

Figure 49 : Report autosend task nam

CON_038

e screen

71

5.1 What reports are available with the Kaspersky antivirus software? 5. The Settings screen appears. a) Select the reports that will be part of the task you defined. A checkmark appears in the box beside the name. Note that more than one report can be run in a defined task. b) If you want to save the report(s) to a folder after the task runs, place a checkmark in the Save report to folder box. Then define the name of the folder in the entry field where the report(s) should be saved. You can also select the Browse button to search for a folder. c) Click Next.

Figure 50:

72

Settings scr

een

CON_038

5.1 What reports are available with the Kaspersky antivirus software? 6. The Task scheduling settings screen appears. Pull down the Scheduled start menu and select how often you want to run the task. Note that if you select Manually, it means that you will run the task on demand.

Figure 51 : Task sch

eduling settings sc

ree n

7. Once you select a time interval from the Scheduled start menu, the Task scheduling settings screen updates with menus and entry fields that allow you to define start times. The following figure shows an example of how the screen will look if the Scheduled start is set to Weekly.

Figure 5 2: Example of scheduling task to

CON_038

run w ee kly

73

5.1 What reports are available with the Kaspersky antivirus software? 8. Make the desired time selections on the Task scheduling settings screen and press the Next button. Note: Select the Run missed tasks checkbox if you want to automatically run any task(s) that

are skipped. For example, a task could be missed if the machine was down during the scheduled start time.

9. The task completion screen appears. Select the Finish button. 10. Notice in the tree on the left side of the Administration Kit window, that a new task appears under the Kaspersky Administration Kit tasks heading. If you select the task, on the right side of the window, you can choose the option to run the task now.

74

CON_038

S

ECTION

6

Kaspersky Troubleshooting tools

IN THIS SECTION What are the Kaspersky troubleshooting tools? ............................................................... 75 What .................................................................................... What is is the the GetSystemInfo Kaspersky Lab utility? Remote Diagnostic utility?..................................................... 76 80 Generating trace files ........................................................................................................ 94 Using a Rescue CD ........................................................................................................... 98 What is the Kaspersky Virus Removal Tool? ................................................................. . 103 What is the RipRep System Preparation Utility? ............................................................ . 104 What is the Kaspersky Backup and Restore Utility? ...................................................... . 107

6.1

What are the Kaspersky

troubleshootin

g tools?

Undiagnosed problems with antivirus software can leave your system vulnerable to virus attacks. Having the proper tools to diagnose and fix problems early will save time and money. With the Kaspersky antivirus software and technical support site, several utilities can be accessed to help with maintenance and troubleshooting. 

GetSystemInfo (see page 76).



Kaspersky Lab Remote Diagnostic Utility (see page 80).



Trace file generation (see page 94).



Kaspersky Rescue CD (see page 98).



Kaspersky Virus Removal Tool (see page 103).



RipRep System Preparation Utility (see page 104).



Kaspersky Backup and Restore Utility (see page 107).

Note: This manual provides an overview of these troubleshooting tools. More detailed

information can be found in the Kaspersky Lab articles that pertain to the tool. Contact Kaspersky Lab Technical Support for questions that are not addressed in the articles.

CON_038

75

6.2 What is the GetSystemInfo utility?

6.2

What is the GetSystemInfo

utility?

The GetSystemInfo utility is an online parser that can be used to diagnose problems on a computer running Kaspersky software. After the installation of a Kaspersky Lab product, Windows may "blue screen" or freeze. This could happen while the computer is being started or if some task is being executed. The problem might be a conflict with either your computer software or with some drivers and a Kaspersky Lab product. If such a problem arises, Kaspersky Lab Technical Support should receive a report file from the GetSystemInfo utility. The directions to submit a GetSystemInfo report file are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/kis6mp2/error?qid=193238548 . Once the report is generated, the file can be uploaded in the GetSystemInfo online parser by accessing http://www.getsysteminfo.com/ .

6.2.1

To generate a GetSystemInfo file The following procedures describe how to create a GetSystemInfo utility log for the Windows XP, Windows Vista, Windows 7, Windows 2003 Server, and Windows 2008 Server operating systems. 1. Download the archive GetSystemInfo4.zip [ZIP, 202KB] from the Kaspersky Lab server. 2. Unpack the archive GetSystemInfo4.zip file using an archiver such as WinZip. A file named GetSystemInfo4.exe will be unpacked. 3. Run GetSystemInfo.exe on the computer that is having the problem. 4. In the End User License Agreement screen, click I agree.

Figure 53:

76

GetSystemInfo

-- End User License Ag

reement screen

CON_038

6.2 What is the GetSystemInfo utility? 5. On the next screen that appears, click the Create report button on the right side of the window.

Figure 54: Ge tSystem Info -- C reate R eport bu tton

6. Wait until the utility processing completes. Note that you can run the GetSystemInfo utility from the command line using the following arguments: 

/quiet - run without dialogue boxes; the utility will automatically create a default log.



/qr - utility system tray icon only; the utility will automatically create a default log.



/qn - no GUI and utility system tray icon; the utility will automatically create a default log.



/path - utility log folder (created on the desktop, by default).



/l - log detail level: 

1 - Minimum



2 - Recommended (default)



3 - Maximum

Example: gsi4.1.0.243.exe /qn /path="C:/reports" /l=3 7. See To send a GetSystemInfo file to the Kaspersky Help Desk (see page 77) to send the report to the Kaspersky help desk.

CON_038

77


6.2.2

To se nd a GetSystemInfo file to the Kaspersky Help Desk 1. If you have direct access to the Internet, the GetSystemInfo application will close automatically and a web page with your GetSystemInfo report will open in your default Internet browser. The page address will be copied to clipboard. You can add the report address to the Help Desk request by pressing the combination of keys . Note: If you connect to the Internet via a proxy-server, the report will be uploaded onto the

server and the message will be displayed informing you that an error occurred when uploading to the GSI server. Click Cancel . Close the window with the message suggesting to manually upload the file from your browser and click O K .

2. In the Help Desk form, give the detailed description of your problem and the actions to perform in order to reproduce the problem. 3. Attach the created file (with the default name GetSystemInfo__YYYY_MM_DD.zip) to the Help Desk form. You can choose one of the following ways to attach a file to the form: 

Upload of your files via web-form. You can attach the necessary files to the message using this web form.



Upload your files on Kaspersky Lab's FTP server manually. You can attach the necessary files to your message by uploading them on the Kaspersky Lab's FTP server in the folder with your request number.

Figure 55:

78

HelpDesk form

CON_038


6.2.3

To use the online parser to view the GetSystemInfo file You can read the GetSystemInfo file by using the online parser. 1. Type the following URL into your web browser: http://www.getsysteminfo.com . The GetSystemInfo parser displays.

Figure 56:

GetSystemInfo p

arser

2. Click the Browse button to locate the GetSystemInfo file that you generated. 3. Select the file. It appears in the entry field. 4. Pull down the menu to select a description of the problem you are having (this information is optional). 5. Select the Submit button.

CON_038

79

6.3 What is the Kaspersky Lab Remote Diagnostic utility?

6.3

What is the Kaspersky

Lab Remote Diagnostic

utility?

The Kaspersky Lab Remote Diagnostic utility (klactgui) performs diagnostic tests on remote client computers. The klactgui utility performs the following actions: 

Enables/disables tracing, changes tracing level, and downloads the tracing file.



Downloads application settings.



Downloads system information.



Downloads event logs.

 

Starts/stops applications. Performs Network Agent diagnostics (executes klnagchk utility and downloads its results).



Generates and downloads application dumps.



Uploads and executes any utilities and downloads their results (the utility can write the results into the folder %KLACDT_SAVE_SETTINGS% and/or to stdout).

The klactgui utility can perform these actions on the following software: 

Network Agent 5.0 / 6.0 / 8.0.



Administration server 5.0 / 6.0 / 8.0.



Kaspersky Ant-Virus 5.0 for Windows Workstations (builds 5.0.225 - 5.0.712).



Kaspersky Ant-Virus 6.0 for Windows Workstations (builds 6.0.2.* - 6.0.4.*).



Kaspersky Ant-Virus 5.0 for Windows File Servers.



Kaspersky Ant-Virus 6.0 for Windows Servers (builds 6.0.2.* - 6.0.4.*).

The klactgui utility can work in two modes: 

Access using the Management Station. This mode is recommended to access computers with installed Network Agent yet inaccessible by Microsoft Windows network means. The utility connects via the Management Station to which the problematic computer connects. If the problematic client computer belongs to a slave Station, and this Station cannot be accessed directly, it is possible to connect to it via the master Station.



Access using Microsoft Windows network. This mode requires certain conditions to be met: 1. The remote target computer must have an operating system other than Windows 98 and Windows ME. 2. The following ports must be open on the remote target computer: TCP 139, TCP 445, UDP 137, UDP 138. 3. You must connect to the remote target computer under its local administrator account (accessible Admin$ and permission to create services).

The data will be downloaded into a folder on the desktop of the computer used to start the klactgui utility. To open this folder, click the Download folder link in the interface of the utility. The directions to use the Lab Remote Diagnostic utility are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/ak8/utilities?qid=208280778 .

80

CON_038


6.3.1

Remote Diagnostic utility usability limitations The following limitations should be noted when using the Remote Diagnostic utility.

6.3.2



The Remote Diagnostic utility application cannot be stopped if the corresponding service does not support the stop command. Stopping Kaspersky Ant-Virus for Windows Workstations/Servers service is supported for version 6.0.3.837 (and above) only and if there is Network Agent version 6.0.1572 (and above) installed on the client computer.



In order to be able to enable/disable tracing of applications with self-protection there must be Network Agent (even inoperable) installed on the remote computer.

To use the Remote Diagnostic utility to connect to a remote client computer 1. From the Management Station, go to Start > All Programs > Kaspersky Administration Kit > Kaspersky Lab Remote Diagnostic Utility . The main troubleshooting window displays.


Adm inistra tion K it remote trou

bleshooting utility (klactgui)

2. From the top drop-down menu, select one of the following working modes:

CON_038



Access using Microsoft Windows network.



Access using Administration Server (the term Administration Server refers to the Management Station).

81


3. Refer to one of the following topics depending on the working mode that you selected: 

To connect using the Management Station (see page 82).



To connect using the Microsoft Windows network (see page 84).

To connect using the Management Station

1. If you selected Access using the Administration Server (Management Station), the main utility window appears as shown in the following figure:

Figure 58 : Kaspersky Adm inistra tion K it remote troub using th e M anagement Station

leshooting utility -- acce

ss clients

2. Enter the name of the Management Station that the client computer connects to in the Administration Server entry field. You can use localhost if the Management Station is installed on the same computer which you used to start the remote troubleshooting utility. Note: If the client computer belongs to a slave Management Station which cannot be accessed

directly, enter the master Management Station name in the Administration Server field. Check Computer belongs to slave Administration Server the boxname Server in the Slave Server field.

, and enter the slave Management

3. Enter a client computer name in the Computer entry field or click the Browse button to browse for a name.

82

CON_038

6.3 What is the Kaspersky Lab Remote Diagnostic utility? 4. In the drop-down menu under the Computer field, select an account having permissions for connecting: 

Use provided user name and password to connect. A User name and Password entry

fields will appear on the screen. 

Connect as current user. Select this option if you want to use the account used to start the remote troubleshooting utility.

5. Select the Enter button. The utility downloads files from client computers to the Management Station from which the utility was started. 6. Once a connection is established, the following window appears. From this window, you can enable/disable tracing, load system information, start/stop applications, and so forth.

Figure 5 9: Kaspersky Ad functions

CON_038

ministration Kit remote troub

leshooting utility -- a

ccess various

83

6.3 What is the Kaspersky Lab Remote Diagnostic utility? To connect using the Microsoft Windows network

1. If you selected Access using Microsoft Windows network , the main utility window appears as shown in the following figure:


Adm inistra tion K it remote troub

leshooting utility (kla

ctgui)

2. Enter a client computer name in the Computer entry field. 3. In the drop-down menu under the Computer field, select an account having permissions for connecting: 

Use provided user name and password to connect. A User name and Password entry

fields will appear on the screen. 

Connect as current user. Select this option if you want to use the account used to start the remote troubleshooting utility.

4. Select the Enter button. The connection is established. The utility downloads files from client computers to the Management Station from which the utility was started.

84

CON_038

6.3 What is the Kaspersky Lab Remote Diagnostic utility? 5. Once a connection is established, the following window appears. From this window, you can enable/disable tracing, load system information, start/stop applications, and so forth.

Figure 6 1: Kaspersky Ad functions

CON_038


leshooting utility -- a

ccess various

85


6.3.3

To use the Remote Diagnostic utility to perform tracing The Remote Diagnostic utility can be used to enable/disable tracing, change the trace level, and download trace files. 1. Connect to a client computer (see page 81). 2. Select the application you want to trace and click Enable trace on the left side of the window.


Adm inistra tion K it remote trou

bleshooting utility -- Enabl

e trace

Note: In order to be able to enable/disable tracing of applications with self-protection, Network

Agent must be installed on the remote computer.

86

CON_038

6.3 What is the Kaspersky Lab Remote Diagnostic utility? 3. When the tracing is enabled, trace files become available as items in the directory tree. To download an entire file, select it and click the Download file link. Large files provide an option to download only parts of traces.



leshooting utility -- Download file

4. You can also delete a selected file; however, you can only delete it when tracing is disabled. To disable tracing, select a desired application (Step #2 above) and click Disable trace on the left side of the window.

CON_038

87


6.3.4

To use the Remote Diagnostic utility to download application upload a utility

settings and

The Remote Diagnostic utility can be used to download application settings, generate and download application dumps, upload and execute a utility, and download its results. 1. Connect to a client computer (see page 81). 2. Select the computer name in the tree, and click the corresponding link on the left side of the window: 

Load application settings -- to download the settings of Kaspersky Lab software

installed on this computer.

88



Start utility -- to upload a given utility to the client computer, start it, and download the results of its execution.



Generate process memory dump -- to generate and download a memory dump of an application. If you select this link, another window will appear so you can enter the application name.

CON_038


6.3.5

To use the Remote Diagnostic utility to load sy stem information 1. Connect to a client computer (see page 81). 2. Select the computer name in the tree and click the Load system information link on the left side of the window.

Figure 6 4: Kaspersky Adm information

CON_038

inistra tion Kit remote troub

leshooting utility - Load system

89


6.3.6

To use the Remote Diagnostic utility to download ev ent logs 1. Connect to a client computer (see page 81). 2. Select the desired even log and click the Download event log link on the left side of the window.

Figure 6 5: Kaspersky Ad logs

90


leshooting utility - Download event

CON_038


6.3.7

To use the Remote Diagnostic utility to run diagnostics on the Kaspersky Network Agent 1. Connect to a client computer (see page 81). 2. Select the Kaspersky Network Agent application, and click the Run diagnostics link on the left side of the window.


CON_038

inistra tion Kit remote troub

leshooting utility - Run diagnostics

91

6.3 What is the Kaspersky Lab Remote Diagnostic utility? 3. After you run the report, it appears in the tree under the Kaspersky Network Agent item. To download this generated report, click on the Download file link on the left side of the window.

Figure 6 7: Kaspersky Ad

92


leshooting utility - Download file

CON_038


6.3.8

To use the Remote Diagnostic utility to stop and restart applications 1. Connect to a client computer (see page 81). 2. Select the desired application in the tree, and click one of the following links on the left side of the window: 

Stop application.



Restart application.

Figure 68 : Kaspersky application

CON_038


leshooting utility - Stop/Re

start

93

6.4 Generating trace files

6.4

Generating

trace files

Trace files allow you to track (or trace) a problem that may be occurring as a result of the Kaspersky Lab software and your operating system. If you receive messages about operating system errors displayed at system startup or when you start a task, it could be that the Kaspersky application is conflicting with some other software installed on your PC or with hardware drivers. The Kaspersky Lab Technical support service may ask you to generate a trace file. With version 6.0 MP4 of the Kaspersky Antivirus software, it is possible to enable/disable trace files from a Kaspersky graphical user interface displayed on a client computer. The directions for generating trace files are found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/wks6mp4/error?qid=208280606 .

6.4.1

To generate trace files Perform the following steps to generate trace files: 1. From a client computer, click the Kaspersky icon in the system tray. The main Kaspersky (client) window appears. For this example, the Kaspersky Anti-Virus for Windows Workstations screen appears. Note: The procedures and figures discussed below depict generating a trace file for Workstation

clients. The procedures for Server clients are the same except that the windows say "Windows Servers."

2. Click on the Support link in the lower left corner of the window.

Figure 69 : Main Kaspersky

94

Cli ent window

CON_038

6.4 Generating trace files 3. Click on the Traces link in the lower left corner of the Support window.

Figure 7 0: Kaspersky window

CON_038

for clients --

Support w

indow

95

6.4 Generating trace files 4. Use the Level drop-down menu to choose the desired tracing level. Unless advised otherwise by a Technical support specialist, set the tracing level to Normal (500) .

Figure 71 : Information for

Technica l Support

Ser vice window

5. Click the Enable button to start gathering traces, and then press the OK button. 6. Reproduce the problem. 7. Click the Disable button to stop the tracing process, and then press the OK button. Note: Do not forget to disable tracing after you have gotten the necessary report. If you leave

tracing enabled, the reports folder size may become extremely large.

6.4.2

To access trace files The folders for trace files are hidden in the operating system. The location of the trace files vary depending on the operating system you are running. The trace files are found in the following folders by operating system: 

For Windows 7: C:\ProgramData\Kaspersky Lab\



For Windows XP/2003: C:\Documents and Settings\All Users\Application Data\Kaspersky

Lab\ Use the following procedure to access trace files: 1. Go to Start -> Control Panel -> Folder Options -> View tab.

96

CON_038

6.4 Generating trace files 2. Find and check the Show hidden files and folders option in the Advanced settings list.

Figure 7 2: Folde r Options

window

3. Select the OK button and close the Control Panel window.

6.4.3

To delete trace files 1. Exit the Kaspersky client window. 2. Right-click on the Kaspersky Antivirus icon in the system tray and click Exit. 3. Delete the trace files from the folder (see page 96). 4. Restart the Kaspersky client window: Start -> All Programs -> Kaspersky Antivirus for Windows Workstations/Kaspersky Antivirus for Windows Workstations MP4 .

CON_038

97

6.5 Using a Rescue CD

6.5

Using a Rescue CD A Rescue CD is a disk for scanning and disinfecting a PC that contain viruses, worms, or other malware. A Rescue CD can be used if your operating system cannot be started as the result of a virus attack. You need a bootable disk image file (.iso) to start the operating system. You can download this file from the Kaspersky Lab server or update an existing one. The directions to obtain a Rescue CD can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/wks6mp4/rescue?qid=208280571 . The .iso file can be downloaded from the following website: http://devbuilds.kasperskylabs.com/devbuilds/RescueDisk10/kav_rescue_10.iso .

6.5.1

Before downloading the Rescue CD Downloading a Rescue CD must be performed on a non-infected system. Therefore, before creating a rescue disk, make sure you have updated the antivirus databases for Kaspersky Antivirus 6.0. To do this: 1. Go to a client machine running one of the following applications: 

Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.



Kaspersky Anti-Virus 6.0 for Windows Servers MP4.

2. On the lower left corner of the screen in the system tray, click the Kaspersky icon. The main Kaspersky (client) window appears. 3. Click on the Update link, and then view the Databases release date to make sure you are running the most up-to-date version of Kaspersky software.

Figure 73: Vie

98

wing Database status

CON_038


6.5.2

To download a Rescue CD Use the following procedure to download a Rescue CD. 1. Go to a client machine running one of the following applications: 

Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.



Kaspersky Anti-Virus 6.0 for Windows Servers MP4.

2. On the lower left corner of the screen in the system tray, click the Kaspersky icon. The main Kaspersky (client) window appears. 3. In the lower right corner of the window, click the Rescue Disk icon.

Figure 74:

CON_038

Kaspers ky (client) main windo

w -- Rescue Disk icon

99


4. The Rescue Disk Creation Wizard appears. Click Next. 5. The Step 1 Select Rescue Disk image source screen appears. Select one of the following radio buttons: 



Copy ISO image from CD/DVD disk or local network -- choose this option if you have already downloaded an ISO image from the Kaspersky Lab server and saved it on the PC or on a CD/DVD disk. Download ISO image from Kaspersky Lab server -- select this option if you will

download the ISO image via an internet connection.

Figure 75: Rescue Disk

Creation Wizard -- Step 1 screen

6. Click the Next button.

100

CON_038

6.5 Using a Rescue CD 7. The Step 2 ISO image downloading screen appears. Wait for a rescue disk image to be downloaded on the PC from the source chosen in the previous screen (Step 1). When complete, click Next.



8. The Step 3 ISO image update screen appears. Select a method of how the PC with the damaged operating system will be started: 



Remote startup -- this startup is performed from an administrator's workstation or from another PC within the network. This method requires you to enter the IP address of the PC, as well as the user name and password of an account with administrator access rights on the remote PC. Startup from CD/DVD disk -- for this startup method, the PC must have a CD/DVD-ROM

drive.

CON_038

101


Note: After downloading an ISO image from the internet or folder, Kaspersky Antivirus 6.0 for

Windows Workstations (or Servers) MP4 will automatically update the antivirus databases within the rescue disk.



9. Make your selection on the Step 3 screen and click Next. 10. Once the Rescue Disk Creation Wizard has created an image, a folder with the rescuecd.iso file will open. This file is a writable ISO disk image. The following list gives the rescue disk folder locations by operating system: 

For Windows XP: 



For Windows 7: 



%SystemDrive%:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\Data\Rdisk

For Windows Server 2008: 

102

•%SystemDrive%:\ProgramData\Kaspersky Lab\AVP60MP4\Data\Rdisk

For Windows Server 2003: 



%SystemDrive%:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP60MP4\Data\Rdisk

%SystemDrive%:\ProgramData\Kaspersky Lab\AVP60MP4\Data\Rdisk

CON_038

6.6 What is the Kaspersky Virus Removal Tool?

6.6


Virus Removal Tool?

The Kaspersky Virus Removal Tool is a stand-alone virus scan and removal application. It can be downloaded onto a USB flash drive or CD and used on any machine that does not have antivirus software loaded on it, or that has old, outdated antivirus software. The directions to use the Virus Removal Tool can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/avptool2010/main?qid=208280888 . The Virus Removal Tool can be downloaded from the following website: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ .

6.6.1

To install the Kaspersky Virus Removal Tool Use the following procedure to install Kaspersky Virus Removal Tool 2010 : 1. Go to the following website: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ and download the application. 2. Run the downloaded file using the following syntax: setup___.exe

For example: setup_9.0.0.722_22.01.2010_10-04.exe 3. The Select Setup Language window appears. Select the required language to use during the installation and click OK.

Figure 78 : Sele ct Setup Langu

CON_038

age window

103

6.7 What is the RipRep System Preparation Utility? 4. The Virus Removal Tool Setup Wizard appears. Click the Next button.

Figure 79: Virus Removal Tool Setup Wizard

5. Read the license agreement and select I accept the agreement . Click the Next button. 6. for Select the folder where want to install the application the Browse button to search a bolder), or use the you default folder (C:\Documents and(click settings\\desktop\Virus Removal Tool). 7. Click the Next button The Setup Wizard automatically copies the files on your hard disk and runs the Kaspersky Virus Removal Tool 2010 application.

6.7

What is the RipRep System Preparation

Utility?

The RipRep utility prepares client PCs for deployment of Kaspersky antivirus software. RipRep performs the following functions:

104



Disables Simple File Sharing. This option is not available for the following operating systems: Microsoft Windows Vista, Microsoft Windows 7, and Microsoft Windows Server 2008.



Starts the Server service.



Creates an account having all permissions required to perform remote installation.



Disables User Account Control (UAC). This option is available for the following operating systems only: Microsoft Windows Vista, Microsoft Windows 7, and Microsoft Windows Server 2008.

CON_038

6.7 What is the RipRep System Preparation Utility?



Opens the following ports which are necessary to be able to install applications: 

TCP 139, 445, 13000, 14000, 18000.



UDP 137, 138, 13000.

The RipRep utility is located in the Kaspersky Administration Kit installation folder ( C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit , by default). The utility should be run on the client PC which you want to prepare for deployment under an account having local administrator permissions for that PC. RipRep can be run from a graphical user interface or from a command prompt. More information on the RipRep Utility can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/faq/?qid=208280774 .

6.7.1

To use the RipRep utility from a graphical user interface 1. From the Administration Kit CD, copy the riprep.exe file to a client PC and run it. 2. The Deployment preparation utility window appears. Check the boxes for the functions that you want to run on the client.

Figure 80 : Deployment pr

eparation utility

3. During account creation, an additional window will appear prompting you to enter a user login name and password.

CON_038

105

6.7 What is the RipRep System Preparation Utility?

6.7.2

To use the RipRep Utility from a command line Use the following syntax: riprep.exe [-silent] [-cfg ] [-tl traceLevel]

Possible syntax parameters are: -silent – runs the utility in non-interactive mode. -tl traceLevel – sets the trace level, where traceLevel is a number between 0 and 5. Without

this parameter, the trace level is set to 0. -cfg – specifies the riprep.ini configuration file path. You

should manually create this configuration file under this exact name. Riprep.ini configuration file contains two sections: 



Specify which tasks should be run in the Common section: 

DisableSFS – disable simple file sharing (0 – disable task; 1 – enable task).



StartServer – start the service Server (0 – disable task; 1 – enable task).



OpenFirewallPorts – open necessary ports (0 – disable task; 1 – enable task).



DisableUAC – disable User account control (0 – disable task; 1 – enable task).

Specify a login ( user) and password ( Pwd) in the UserAccount section.

An example configuration file is shown below: [Common] DisableSFS=0 StartServer=1 OpenFirewallPorts=1 DisableUAC=0 [UserAccount] user=Admin Pwd=Pass123

After the utility processing is over, the following files will be created:

106



riprep.txt – a utility-run log containing a full utility runtime report with reasons.



riprep.log – a trace file (it is created if the utility trace level is set to more than 0).

CON_038

6.8 What is the Kaspersky Backup and Restore Utility?

6.8


Backup and Restore Utility?

The Kaspersky Backup and Restore Utility ( klbackup) is designed for backing up and restoring the Management Station database. The following data is saved: 

Management Station database (policies, tasks, application settings, events saved on the Management Station).



Information about configuration of the logical network and client computers.



Storage of remote installation packages.



Management Server certificate.

After installing the Management Station, the klbackup utility is saved in the installation folder (C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit). The utility can be started from a command line or from a graphical user interface. More information on the Backup and Restore Utility can be found in the Kaspersky Lab Technical Support article: http://support.kaspersky.com/faq/?qid=208280813 .

6.8.1

To use the Backup and Restore Utility from a command prompt Use the syntax below to run the klbackup utility: klbackup [-logfile LOGFILE] -path BACKUP_PATH [-use_ts]|[-restore] [-password PASSWORD]

Depending on the parameters that are used in the syntax, the klbackup utility can backup or restore data. A description of the possible parameters are listed below: 

-logfile LOGFILE – saves a Management Station data backup copying process log.



-path BACKUP_PATH – this parameter must be used in the syntax. It is used to save data in

the BACKUP_PATH folder. The Management Station and the SQL server housing the Management Station database should have Write permission for this folder. Note: The database server account and the klbackup utility must have permissions to modify

the BACKUP_PATH folder. 

-use_ts – saves the data into a subfolder with a name containing the current operation date and time in the format klbackup YYYY-MM-DD # MM-HH-SS. This subfolder is located inside the BACKUP_PATH root folder. For example, if the folder is C:\KLBackups, then the subfolder will be named klbackup 2009-10-19 # 11-30-18. The subfolder name will refer to the

Management Station backup of October 19, 2009 at 11:30:18 AM. Note: Without the -use_ts

parameter, the data will be saved in the BACKUP_PATH root folder. An attempt to save data into a folder already containing a backup copy will fail. The data will not be saved, and you will get an error message.

CON_038

107

6.8 What is the Kaspersky Backup and Restore Utility? 

restore – restores the Management Station data. The data will be restored according to the

information provided in the BACKUP_PATH folder. Without this parameter the utility will save a backup copy into the folder BACKUP_PATH. 

-password PASSWORD – this parameter must be used in the syntax. It saves the

Management Station certificate using PASSWORD as a password for encryption/decryption of the certificate. Without the [-password PASSWORD] parameter, the utility opens a window prompting you to enter a password. Use double quotes to indicate a password containing more than one word. Note: Be sure to save this password because you will not be able to restore the certificate

without it.

Refer to the following examples for possible uses of the klbackup utility with various parameters: Example 1

Create and save a Management Station data backup copy to E:\Backup in a folder with the time and date of creation. Create a log, and save the Management Station certificate with the password 12345. To do this, you should type the following syntax on the command line: klbackup -logfile E:\Backup\log.txt -path E:\Backup -use_ts password 12345 Example 2

Restore a Management Station data backup copy from the folder E:\Backup with the time and date of creation. Create a log, and save the Management Station certificate with the password 12345. To do this, you should type the following syntax on the command line: klbackup -logfile E:\Backup\log.txt -path E:\Backup -use_ts password 12345

108

CON_038

6.8 What is the Kaspersky Backup and Restore Utility?

6.8.2

To use the Backup and Restore Utility from a graphical user interface Use the following procedure to execute the Backup and Restore Utility (klbackup) from a graphical user interface: 1. Go to a Management Station and select Start -> All Programs ->Kaspersky Administration Kit -> Kaspersky Lab Backup Utility . 2. The Kaspersky Administration Kit backup and restore wizard appears. Click Next. 3. On the Choose action screen, select the action to perform: Backup data or Restore data.

Figure 81 : Kaspersk y backup and resto

re wizard - - C hoo se a ction s creen

Note: Check the Restore or backup

Adm inistrati on server certi ficate only , if you only want to restore or backup the Management Station certificate. This option also allows you to restore certificates from a full backup copy.

4. Click the Next button. See Steps 5 and 6 for backup procedures. See Steps 7 and 8 for restore procedures.

CON_038

109

6.8 What is the Kaspersky Backup and Restore Utility? 5. If you selected backup, the following window appears:

Figure 82 : Backup

settings screen

6. Perform the following steps: a) Choose a destination folder for the backup or browse for a folder by clicking the Select button. b) Place a checkmark in the For backups, include current date and time in destination folder name if you desire this information. c) Enter a password and then enter it again in the Confirm password field. d) Select the Next button.

110

CON_038

6.8 What is the Kaspersky Backup and Restore Utility? 7. If you selected restore, the following window appears:

Figure 83:

Restore settings sc

reen

8. Perform the following steps: a) Choose the folder containing the backup copy (from which you will restore) or browse for a folder by clicking the Select button. b) Enter a password and then enter it again in the Confirm password field. c) Select the Next button.

CON_038

111

S

ECTION

7


IN THIS SECTION What other protection components does Kaspersky offer? ........................................... . 113

7.1

What other protection

components

does Kaspersky

offer?

Below is a list of other Kaspersky components. Currently, Ovation only supports the FileMonitoring component due to the acceptable Ovation configuration. For more information on these components, refer to the Kaspersky Lab documentation. 

FileMonitor -- protects files against getting infected with viruses, trojans, and other malware.



MailMonitor -- scans and eliminates viruses sent by email.



WebMonitor -- scans all objects downloaded through HTTP protocol, providing protection

from viruses or other malware when surfing the Internet. 

ProactiveDefense -- detects a malicious program before it inflicts damage. It analyzes the “behavior” of applications and prompts the user to confirm execution of the program.



AntiSpy -- intercepts and blocks unauthorized attempts to display commercial materials

(banners, pop-up windows, and so forth) and unauthorized calls to payable Internet resources. 

AntiHacker -- filters the netw ork activity of the user’s PC. It intercepts every network packet

and determines whether to permit or deny its transfer on the basis of the configured filtration rules. 

AntiSpam -- intercepts each incoming e-mail and determines whether or not it is spam.



LockControl -- (called Access Control in the software) used to control a user's access to web

resources and external devices installed on a PC. You can limit a user's access to web resources and set a time limit on how long they can be used.

CON_038

113

Index A

I

Accessing the Kaspersky Administration Kit

Importing a new license key • 55 Importing Group Tasks • 23 Importing Kaspersky protection policies • 15 Importing Update Groups (Waves) • 17

window • 13 Accessing trace files • 96


Installing and configuring the Administration

• 113 Antivirus 1 Antivirus software software •(importance) •2 Assigning and installing clients to waves • 54 Assigning clients to waves • 54

Kit on the Station • 7antivirus Installing andManagement configuring the Client software • 41 Installing client software • 42

Installing protection on the Management

B

Station • 32

Backup and Restore Utility • 107

Backup and Restore Utility -- using from a command prompt • 107

Backup and Restore Utility -- using from a graphical user interface • 109 Before downloading the Rescue CD • 98 Before installing the Admini stration Kit • 8

C

Installing the Administration Kit • 10 Installing the Kaspersky software • 10

Installing the Kaspersky Virus Removal Tool • 103

Introduction to Kaspersky antivirus software •1

K Kaspersky Virus Removal Tool • 103

Client station • 3

Components of Kaspersky antivirus software •2

Configuring Management Station scan exceptions • 34 Configuring the Administration Kit • 13 Copyright Notice • 2

M Management Station • 3 Manually installing the client • 51

Migrating from a Symantec Management Station to a Kaspersky Management Station • 9

Migrating from Symantec clients to

D

Kaspersky clients • 42

Deleting trace files • 97 Downloading a Rescue CD • 99

O

G

Obtaining signature updates • 60 Other protection components • 113

Generating Generating Generating Generating

a GetSystemInfo file • 76 antivirus reports • 66 reports • 65 trace files • 94

P Performing signature wave deployment • 4 Ports and services • 4

GetSystemInfo file -- view with online parser

Pushing the install to the clients from the

• 79 GetSystemInfo utility • 76 Getting signature updates • 59

R

Management Station • 42

H

Remote Diagnostic utility -- connect using

Hardware and software requirements for the

Remote Diagnostic utility -- connect using the Microsoft Windows network • 8 4 Remote Diagnostic utility -- used to download application settings and upload

the Management Station • 82

Management Station • 7 Hardware requirements for clients • 41

Hardware requirements for the Management Station • 7

CON_038

a utility • 88

115

Index Remote Diagnostic utility -- used to download event logs • 90

Remote Diagnostic utility -- used to load system information • 89

Remote Diagnostic utility -- used to perform tracing • 86

Remote Diagnostic utility -- used to run diagnostics on the Kaspersky Network Agent • 91

Remote Diagnostic utility -- used to stop and restart applications • 93

Remote Diagnostic utility usability limitations • 81

Reports are available with Kaspersky antivirus software • 65 Rescue CD • 98 RipRep System Preparation Utility • 104

RipRep Utility -- using from a command line • 106

RipRep utility -- using from a graphical user interface • 105

Rolling back signatures on Ovation workstation and server clients • 61 Rolling back to previous signatures • 61

S Saving a generated report • 68 Scheduling reports to run automatically • 70

Selecting the correct software for Ovation client drops • 41

Sending a GetSystemInfo file to the Kaspersky Help Desk • 78 Signature distribution definition • 59

Software requirements for the Management Station • 8 Summary of Changes • 3

T To configure workstation protection • 25 Trace files • 94

Transfering signature updates to the Management Station • 60 Troubleshooting tools • 75

U Understanding the Kaspersky Administration Kit window • 14

Updating definitions in the Administration Repository • 27

Using the Remote Diagnostic utility to connect to a remote client compute r • 81

W What is the Kaspersky Lab Remote Diagnostic utility? • 80

116

CON_038

CON_038_Using Kaspersky Antivirus Software with Ovation (March 2013).pdf

Recommend Documents