Kaspersky Security Center 10 SP1 Build 10.2.434 (1/23/2015) Kaspersky Security Center is a single administration console for controlling Kaspersky Lab security solutions and system administration tools that you use. It gives you greater visibility of every endpoint and device on your network, simplifies IT administration tasks and helps to reduce operating costs and increase productivity. This application version can be used both for initial installation of Kaspersky Security Center and for updating earlier versions of the application. ============================================================================== INSTALLATION ------------------------------------------------------------------------------ The following procedure is recommended to install the application: 1) Install Administration Server and Administration Console. To activate the functionality of system administration and mobile devices management, enter the activation code of the corresponding license in the Quick Start Wizard. Use following trial activation code to evaluate system administration and mobile devices management features: GXS26-2KBSW-D4YR6-T83QE. Anti-virus protection management features do not require separate activation code. 2) Create a task for remote installation of Network Agent 10.2 on corporate computers: it can be a group task or a task for specific computers. Run the task manually or according to a schedule. After the task is completed, Network Agent will be updated on client computers. 3) Select some components of Kaspersky Security Center to install and configure: Exchange ActiveSync Mobile devices server, iOS MDM Mobile devices server, and others. For more details on how to install the components of Kaspersky Security Center refer to the Kaspersky Security Center Implementation Guide. 4) For remote installation of Administration Server, please specify the value /v"EULA=1" for the command line options in the installer, in the Administration Server installation package's configuration file, in order to express your acceptance of the License Agreement. ------------------------------------------------------------------------------ The following procedure is recommended to upgrade the application from the previous version: 1) Read this document carefully and determine whether you need this upgrade. 2) Back up Administration Server data using klbackup.exe utility or the Administration Server backup tasks. 3) Start installation of Kaspersky Security Center 10.2 on a computer with an installed previous version of Administration Server and perform the upgrade of Administration Server. Reverse compatibility of Administration Server versions is supported. After the upgrade, data related to the previous version of Administration Server are saved. 4) Create a task for remote installation of Network Agent 10.2 on corporate computers: it can be a group task or a task for specific computers. Run the task manually or according to a schedule. After the task is completed, Network Agent will be updated on client computers. ============================================================================== IMPROVEMENTS IN Kaspersky Security Center 10 SP1 ------------------------------------------------------------------------------ General functions of Administration Console: o Managing updates for Kaspersky Lab products in Administration Console: * Information about applicable product updates; * Installing and removing selected product updates. o Configuration profiles section. They allow modifying the settings of the main policy depending on the parameters of a managed computer: * Importing and exporting profiles in policies; * More than one profile can be created for a policy; * Supporting the profiles hierarchy (if a policies hierarchy is present). o New system of privileges for Kaspersky Security Center: * Extended set of privileges that the administrator can manage. Sets of privileges by functional areas; * "Role" object and options of creating/deleting "Roles" and assigning sets of privileges to them. o Support of subscription license for managed computers; o In Kaspersky Security Center Web Console, the display of MDM policies, users, and mobile devices; o New installer of Kaspersky Security Center; o Option of automatic distribution and installation of patches for Administration Server. When a new patch is available, a notification is sent to the administrator prompting him or her to install it. If the administrator accepts, patch installation starts; o Support of installation by means of standalone installation packages without interaction with the user (silent mode); o Option of deletion of the Administration Server's key; o Option of running the Application Activation Task Creation Wizard from the Keys folder; o The limitation on the number of virtual Administration Servers in the free version of Kaspersky Security Center has been lifted; o Report on the usage of licenses on virtual Servers; o Option of redirecting traffic for a device managed by Kaspersky Security for Android via a connection gateway installed in a DMZ; o Option of explicitly enabling the "guest mode" in the connection profile settings of Administration Server. This guarantees a successful connection of Network Agent to Administration Server when returning to the "home" corporate network; o Option of manually assigning a connection gateway in an administration group; o Option of connecting Network Agent to Administration Server via IPv6; o Dynamic selection of an Update Agent by Network Agent in case of several assigned Update Agents available (based on proximity within the hierarchy of administration groups and the network topology); o Option of simultaneously assigning a tag or a set of tags to all computers selected from the list; o Option of assigning a tag or a set of tags to a computer when installing Network Agent (tags are assigned at the step of creating the installation package of Network Agent); o Option of specifying a selection of computers as the scope of a task (Limitation: if the "Start after other task completes" option is enabled, only a server task can act as the parent task.); o Option of tracking the results of a task run across the entire hierarchy of Administration Servers; o The interval set for random delay of a group task's start changes automatically, depending on the number of computers to which that task has been assigned; o Option of automatic deletion of subgroups that are not present in Active Directory when synchronizing the structure of Kaspersky Security Center administration groups with OU's in Active Directory; o Handling of large Active Directory sets (up to 1,000,000 objects) has been optimized; o Option of retrieving a full list of tasks and policies for Administration Server; o Option of using interactive lists of second-level computers directly when handling reports; o Option of dynamic sorting and filtering of reports by any field; o Two new information panes for vulnerabilities: * Distribution of computers by number of vulnerabilities detected. It summarizes the maximum number of vulnerabilities that have been detected and not fixed over an interval. * Distribution of vulnerabilities by severity level. It summarizes vulnerabilities that have been detected and left unfixed over an interval. o Option of setting up a network scan schedule for all scan types; o The list of supported Kaspersky Lab applications has been updated: latest versions and new applications have been added; o Option of specifying a folder or a folder name mask from which files should be selected for creation of a Silver image category; o Option of searching categorized and non-categorized executable files; o Option of exporting and importing user-defined categories in Application Startup Control; o Support of Local KSN; o Set of ready-for-use *.js scripts to perform the most frequent operations through the API for automation of Kaspersky Security Center (klakaut). ------------------------------------------------------------------------------ Mobile Devices Management functionality: o Self Service Portal: * The user has now opportunities to make the new device managed, view the list and the statuses of all managed devices, send a command to a selected device, and locate a device (for Android only); * Support of devices managed by Kaspersky Security for Android and devices managed via iOS MDM protocol; * User's access to Self Service Portal after accepting the End User License Agreement has been ensured; * Deletion of corporate data from the device (soft wipe); * Creating installation packages on a mobile device for a selected user from Administration Console; * List of iOS MDM device users and option of delivering certificates to users; * For each user: list of certificates handed to the user, list of mobile devices. Support of a list of aliases for domain users; * Encrypting the certificate with a user's password for Kaspersky Security for Android; * Changing the user's password; * Customization of Self Service Portal by the administrator (logo, header, background); o Common (group) policies for devices managed through iOS MDM and through Exchange ActiveSync: * Managing the settings of all protocols through a single user interface; * An MDM policy can be created in any administration group that includes a computer with Exchange ActiveSync Mobile Devices Server and iOS MDM Mobile Devices Server installed on it; * Option of assigning the settings of an MDM policy for a selected user or a security group of Active Directory (using a configuration profile). o Integration with the organization's PKI (Public Key Infrastructure): * Integration with Certificate Authority service in Windows; * Retrieving certificates: to identify a mobile device and associate the device with a user, to use VPN and email; * Configuring handing rules for all types of certificates: which source of certificates should be used, whether certificates should be updated automatically, which template should be used when requesting new certificates from PKI; * Assigning certificates for selected users; * Handling the list of certificates. Retrieving information about a certificate and the user to whom that certificate has been handed. o Support of Kerberos. Using Kerberos Key Distribution Center to simplify the authorization of users located outside of the scope of the organization's network; o A common list of devices has been added to the "Mobile Devices Management" node; o Integration with Google Cloud Messaging (GCM). Option of using GCM for synchronization in case of a change in the policy of Kaspersky Security for Android or when sending commands to devices; o Support of migration from Kaspersky Security Center 10 and Kaspersky Security Center 10 MR1. ------------------------------------------------------------------------------ Encryption (support of enhancements made to KES for Windows 10 SP1): o Support of eToken and smartcard for PreBoot Authentication (PBA) ------------------------------------------------------------------------------ Systems Management functionality: Remote access feature: o Audit of the user's activities during a remote session; o Requesting a selected active user for permission of a remote connection. Feature of OS installation: o Option of running a script or installing additional software after an operating system is installed; o Option of creating a boot flash drive with Windows PE; o Option of importing an OS image from distribution packages (wim); o Support of UEFI. Hardware feature: o Option of identifying the owner of a computer on the list of managed computers; o Information about the motherboard's BIOS; o Information about the CPU: Number of physical and logical cores; o Option of adding a custom text field to the list of devices. Feature of vulnerability scan and application updates installation: o Optimizing and enhancing the fault-tolerance of processes aimed at scanning for vulnerabilities and installing updates; o Events that cover attempts of installing updates for third-party applications, whether successful or returning an error; o Option of delivering files of updates to a managed computer without installing those updates. Integration with third-party SIEMs (Arcsight and Qradar) Using Update Agents and a connection gateway to send WakeOnLan signals to computers when running the "Turn on the computer" task. ------------------------------------------------------------------------------ Fixed issues (as compared with Kaspersky Security Center 10 MR1): • 223315 Periodic crashes of Administration Console; • 224073 Database errors in the event log; • 224190 System error 0x421: failed to install Kaspersky Security Center 10 on the domain controller; • 224377 Administration Console hangs up; • 224917 Administration Server service is restarted cyclically; • 224950 Software update report contains N/A statuses. ------------------------------------------------------------------------------ Fixes also included in the 'a', 'b', and 'c' patches for KSC 10 MR1: • 223787 NAC does not run according to the configured rules; • 224279 Administration Console hangs up during application of multiple software updates; • 224354 Cannot connect to Administration Server after it has been transferred to another server; • 224412 The klnagent and klserver processes are terminated on Administration Server; • 224090 KSN proxy server crashes; • 224351 Unable to deploy Kaspersky Endpoint Security 10 MR1 using Update Agents; • 224358 When Kaspersky Security Center is used as a source of Microsoft updates, the connection to Administration Server is lost periodically in case of a large number of managed computers; • 224523 Deployment using an Update Agent ends with the error "Update Agent could not be found"; • 224727 The computer relocation rule does not work if it includes more than one tag; • 224778 An update task cannot be completed if it is performed using Update Agent. Also: - The efficiency and stability of the operation of Kaspersky Security Center as a WSUS server have been increased; - A rarely occurring error in the network traffic report has been fixed. ============================================================================== LIMITATIONS AND FEATURES OF VERSION The Microsoft failover cluster feature is not available on Windows Server 2012 R2. In case of a failure in any of the nodes of a server cluster, switching to a backup server cannot be performed. ============================================================================== MINIMUM HARDWARE AND SOFTWARE REQUIREMENTS ------------------------------------------------------------------------------ Administration Server Software requirements: Microsoft Data Access Components (MDAC) 2.8 or later Windows DAC 6.0. Microsoft Windows(r) Installer 4.5 Operating system: Microsoft Windows Server 2003 SP2 (all editions); Microsoft Windows Server 2003 õ64 SP2 (all editions); Microsoft Windows Server 2008 (all editions); Microsoft Windows Server 2008 (õ64) (all editions); Microsoft Windows Server 2008 õ64 SP1 (all editions); Microsoft Windows Server 2008 R2 (all editions); Microsoft Windows Server 2012 (all editions); Microsoft Windows Server 2012 R2 (all editions); Microsoft Windows Small Business Server 2003 SP2 (all editions); Microsoft Windows Small Business Server 2008 (all editions); Microsoft Windows Small Business Server 2011 (all editions); Microsoft Windows XP Professional SP2 or later; Microsoft Windows XP Professional x64 SP2 or later; Microsoft Windows Vista Business / Enterprise / Ultimate SP1 or later; Microsoft Windows Vista Business / Enterprise / Ultimate SP1 or later x64; Microsoft Windows 7 Professional / Enterprise / Ultimate; Microsoft Windows 7 Professional / Enterprise / Ultimate x64; Microsoft Windows 8 Professional / Enterprise; Microsoft Windows 8 Professional / Enterprise x64; Microsoft Windows 8.1 Professional / Enterprise; Microsoft Windows 8.1 Professional / Enterprise x64; Database server (can be installed on a different computer): Microsoft SQL 2005 Express; Microsoft SQL 2008 Express; Microsoft SQL 2008 R2 Express; Microsoft SQL 2012 Express; Microsoft SQL 2014 Express; Microsoft SQL Server 2005; Microsoft SQL Server 2008; Microsoft SQL Server 2008 R2; Microsoft SQL Server 2008 R2 Service Pack 2; Microsoft SQL Server 2012; Microsoft SQL Server 2014; MySQL 5.0.67, 5.0.77, 5.0.85, 5.0.87 (SP1), 5.0.91; MySQL Enterprise 5.0.60 (SP1), 5.0.70, 5.0.82 (SP1), 5.0.90 The following virtual platforms are supported: VMware: Workstation 9.x, Workstation 10.x, ESX 4.x, ESXi 4.x, ESXi 5.5); Microsoft Hyper-V: 2008, 2008 R2, 2012, 20012 R2; KVM integrated with: RHEL 5.4 and 5.x above, SLES 11 SPx, Ubuntu 10.10 LTS; Microsoft VirtualPC 6.0.156.0; Parallels Desktop 7 and higher; Oracle VM VirtualBox 4.0.4-70112 (Windows guest login only); Citrix XenServer 6.1, 6.2 Hardware requirements: CPU: with operating frequency of 1 GHz or higher. For a 64-bit OS, the minimum frequency is 1.4 GHz. RAM: 4 GB. Available disk space: 10 GB. When using the Systems Management functionality, at least 100 GB free disk space shall be available. ------------------------------------------------------------------------------ Administration Console Software requirements: Operating systems: Microsoft Windows (supported version of the operating system is determined by the requirements of Administration Server). Microsoft Management Console 2.0 or later. Microsoft Internet Explorer 7.0 or later when working with Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, or Microsoft Windows Vista. Microsoft Internet Explorer 8.0 or later when using Microsoft Windows 7. Microsoft Internet Explorer 10.0 or later when using Microsoft Windows 8. Microsoft Windows Installer 4.5. Hardware requirements: CPU: with operating frequency of 1 GHz or higher. For a 64-bit OS, the minimum frequency is 1.4 GHz. RAM: 512 MB. Available disk space: 1 GB. ------------------------------------------------------------------------------ Administration Server for Kaspersky Security Center Web Console Software requirements: Web server: Apache 2.4.10 or later, 32 bit (for Windows) Apache 2.4.10 or later, 32/64 bit (for Linux) Operating system: Microsoft Windows Server 2003 SP2 (all editions); Windows Small Business Server 2003 SP2 (all editions); Microsoft Windows Server 2003 x64 SP2 (all editions); Microsoft Windows Server 2008 (all editions); Microsoft Windows Server 2008 x64 SP1 (all editions); Microsoft Windows Server 2008 x64 R2 SP1 (all editions); Windows Small Business Server 2008 (all editions); Microsoft Windows Server 2008 (all editions); Microsoft Windows Server 2008 x64 R2 (all editions); Microsoft Windows Server 2012 (all editions); Microsoft Windows Server 2012 R2 (all editions); Windows Small Business Server 2011 (all editions); Microsoft Windows XP Professional SP2; Microsoft Windows XP Professional x64; Microsoft Windows Vista SP1 (all editions); Microsoft Windows Vista SP1 x64 (all editions); Microsoft Windows 7 SP1 (all editions); Microsoft Windows 7 x 64 SP1 (all editions); Microsoft Windows 8 Professional / Enterprise; Microsoft Windows 8 Professional / Enterprise x64; Microsoft Windows 8.1 Professional / Enterprise; Microsoft Windows 8.1 Professional / Enterprise x64; You can manage Kaspersky Security Center Web Console via a web browser. The following are the types and versions of web browsers, and the types and versions of operating systems that you can use to work with the application. Microsoft(r) Internet Explorer(r) 7.0 or later running under one of the following operating systems: Microsoft(r) Windows(r) XP Professional SP2 or later; Microsoft(r) Windows(r) 7 (all editions); Microsoft(r) Windows(r) 8 (all editions); Firefox 16.0 and 17.0 running under one of the following operating systems: Windows(r) operating systems: Microsoft(r) Windows(r) XP Professional SP2 or later; Microsoft(r) Windows(r) 7 (all editions); Microsoft(r) Windows(r) 8 (all editions); Linux(r) 32-bit operating systems: Fedora 16; SUSE Linux(r) Enterprise Desktop 11 SP2; Debian GNU/Linux(r) 6.0.5; Mandriva Linux 2011. Ubuntu 10.04 Server Edition; Ubuntu 12.04 Desktop Edition. Linux(r) 64-bit operating systems: Red Hat(r) Enterprise Linux(r) 6.2 server; SUSE Linux(r) Enterprise Server 11 SP2; SUSE Linux(r) Enterprise Server 11 SP2; OpenSUSE Linux(r) 12.2; Ubuntu 12.04 Server Edition; Safari 4 on one of the following operating Apple systems: Mac OS X 10.4 (Tiger); Mac OS X 10.5 (Leopard); Mac OS X 10.6 (Snow leopard). Hardware requirements: CPU with operating frequency of 1.4 GHz or higher; 512 MB RAM; 1 GB free disk space. ------------------------------------------------------------------------------ Network Agent Software requirements: Operating system: Microsoft Small Business Server 2003 (all editions); Microsoft Small Business Server 2008 (all editions); Microsoft Small Business Server 2011 (all editions); Microsoft Windows 7 Enterprise/Ultimate x86/x64; Microsoft Windows 7 Enterprise/Ultimate x86/x64 SP1 or later; Microsoft Windows 7 Professional x86/x64; Microsoft Windows 7 Professional x86/x64 SP1 or later; Microsoft Windows 8 Enterprise x86/x64; Microsoft Windows 8 Pro x86/x64; Microsoft Windows 8.1 Enterprise x86/x64; Microsoft Windows 8.1 Pro x86/x64; Microsoft Windows 8.1 Update Enterprise x86/x64; Microsoft Windows MultiPoint Server 2011 x64; Microsoft Windows Server 2003 x86/x64 SP2 (all editions); Microsoft Windows Server 2003 R2 x86/x64 SP2 or later (all editions); Microsoft Windows Server 2008 x86/x64 RTM or later (all editions); Microsoft Windows Server 2008 R2 RTM or later (all editions); Microsoft Windows Server 2012 (all editions); Microsoft Windows Server 2012 R2 (all editions); Microsoft Windows Vista x86/x64 SP2 or later (all editions); Microsoft Windows XP Professional x86 SP3 or later; Windows Embedded POSReady 7 x86/x64; Windows Embedded Standard 7 with SP1 x86/x64; FreeBSD; Linux; Mac OS Hardware requirements: CPU: with operating frequency of 1 GHz or higher. For a 64-bit OS, the minimum frequency is 1.4 GHz. RAM: 512 MB. Available disk space: 1 GB. The computer on which Network Agent is installed to act as an Update Agent, too, should meet the following requirements: CPU: with operating frequency of 1 GHz or higher. For a 64-bit OS, the minimum frequency is 1.4 GHz. RAM: 1 GB. Available disk space: 4 GB. ============================================================================== ADDITIONAL SOURCES OF INFORMATION Knowledge Base: http://support.kaspersky.com/ksc10/ Forum: http://forum.kaspersky.com/index.php?showforum=5 Application page on the Kaspersky Lab website: http://www.kaspersky.com/security-center (c) 2015 Kaspersky Lab ZAO. All Rights Reserved.