KL 302.11 Labs Module1 Managing Multiple Servers v1.6 en PDF

KL 302.
11
Kaspersky
Endpoint Security
and Management.
Scaling
Managing multiple KSC servers
Lab Guide
www.kaspersky.com
Table of contents
Lab 1. How to connect a slave Administration Server of a remote office .................................................................... 2

Task A: Prepare the Administration Server of the remote office ........................................................................... 2
Task B: Connect a slave Administration Server ..................................................................................................... 5
Lab 2. How to collect information in a hierarchy ......................................................................................................... 8
Task A: Configure unprocessed threat events to be saved on the Administration Server ...................................... 8
Task B: Imitate an active threat ............................................................................................................................. 9
Task C: Find a computer with an active threat in the hierarchy ......................................................................... 10
Task D: Create a selection of devices for the hierarchy ...................................................................................... 14
Lab 3. How to configure management in a hierarchy ................................................................................................. 16
Task A: Configure policy propagation down the hierarchy ................................................................................. 17
Task B: Configure Threat Scan task propagation down the hierarchy ................................................................ 19
Lab 4. How to configure updates in a hierarchy ......................................................................................................... 23
Task A: Configure an update source for a slave server located on the same network as the master Administration
Server ................................................................................................................................................................... 23
Task B: Configure an update source for a slave server located in a remote office.............................................. 25
Task C: Configure forced update for slave servers .............................................................................................. 26
Task D: Configure updating client computers throughout the hierarchy ............................................................ 28
Lab 5. How to change the Administration Server ....................................................................................................... 30
Task A: How to change the Administration Server using a task .......................................................................... 30
Task B: Change the Administration Server using the klmover utility .................................................................. 36
L–2 KASPERSKY™
KL 302.11: Kaspersky Security Center. Scaling
Lab 1.
How to connect a slave Administration Server of
a remote office
Scenario. You are an administrator at ABC Inc. that has two offices: Headquarters—HQ and a remote office—LO. Each
office has access to the internet. Connections between the offices are established via a VPN channel.
Each office has its own Kaspersky Security Center Administration Server: hq-ksc1 and lo-ksc. The administrators want to
monitor general protection status in both offices. To achieve this, you need to join the two servers to a hierarchy; this will
permit creating reports with aggregate information.
Contents.
A. Prepare the Administration Server of the remote office

B. Connect the slave Administration Server
Task A: Prepare the Administration Server of the remote office
In a hierarchy, policies of the master Administration Server are automatically inherited by slave servers and can change the
protection settings of their client computers. You do not want any security settings to change after the servers are joined into a
hierarchy.
Therefore, disable inheritance of settings from parent policies in the slave server policies to preserve their unique settings: Scan
exclusions, connection profiles, application control rules, and so on.
The task is performed on lo-ksc.

The hq-router, lo-router, dc, hq-ksс1, lo-ksc, admin-desktop, and bob-desktop machines must be powered on.
1. Log on to the lo-ksc server under

the ABC\LOAdmin account
with the password Ka5per5Ky
2. Run Kaspersky Security Center
Administration Console on the
lo-ksc server
3. Select the Administration
Server lo-ksc node
4. Click Action | Search
L–3
Lab 1.
How to connect a slave Administration Server of a remote office
Find the bob-desktop computer:

5. In the Device name or IP
address box, type bob-desktop
and click Find now
Move the bob-desktop computer

to the Managed devices group:
6. Right-click the bob-desktop
computer and click Move to
group on its shortcut menu
7. Select the Managed devices
group and click OK
8. Make sure that the bob-desktop

computer has been moved to the
Managed devices group:
node and switch to the Devices
tab
L–4 KASPERSKY™

node and switch to the Policies
tab
11. Open the properties of
Kaspersky Endpoint Security
for Windows policy
12. Clear the Inherit settings from

parent policy check box and
save the policy settings
13. Open the properties of the

Kaspersky Security Center 11
Network Agent policy
14. Clear the Inherit settings from
parent policy check box and
save the policy settings
L–5
Lab 1.
Task B: Connect a slave Administration Server
Connect the administration server of the remote office (lo-ksс.abc.lab) to the headquarters’ administration server (hq-
ksc1.abc.lab) using the Add Slave Administration Server Wizard.
The task is performed on admin-desktop.

15. Log on to admin-desktop under the

ABC\KSCAdmin account with the
password Ka5per5Ky
16. On the admin-desktop workstation,
start Remote Desktop Connection
(RDP)
17. Use Remote Desktop Connection to
connect to the hq-ksc1.abc.lab
master Administration Server under
the ABC\KSCAdmin account with
the password Ka5per5Ky
18. Open the KSC Administration

Console on the hq-ksc1.abc.lab
server
19. Open the Managed devices node
and create a group named Lo-office
20. In the Lo-office group, select
the Administration Servers node
21. Click the link Add Slave
Administration Server
22. Specify the IP address of the slave

administration server: 10.28.4.30 and
click Next
L–6 KASPERSKY™
23. Type lo-ksc for the slave

Administration Server name and
click Next
24. Specify the IP address of the master

administration server: 10.28.1.20 and
click Next
25. In the Administration Server

authentication window, click OK
26. Connect to the lo-ksc.abc.lab slave

Administration Server under
the ABC\LOAdmin account with
L–7
Lab 1.
27. Consult the Administration Server

certificate information. Pay attention
to the following data: Subject,
Subject Alternative Name and click
Yes
28. Make sure that the slave server lo-

ksс.abc.lab is connected
successfully and finish the wizard
29. Expand the Administration Server

lo-ksc node
Make sure that all nodes of the slave
Administration Server are accessible
in the console of the master
Administration Server hq-
ksc1.abc.lab
30. End the remote desktop session
Conclusion
You have added one administration server to another as a slave (created a hierarchy). The lab describes the easiest procedure
assuming that the slave server’s ports are accessible from the master and vice versa.
L–8 KASPERSKY™
Lab 2.
How to collect information in a hierarchy
Scenario. Each network computer is connected to one of the two Kaspersky Security Center Administration Servers joined
into a hierarchy. You want to receive notifications about active threats on any network computer, regardless of the server it is
connected to. You need to configure notifications about active threats to achieve this.
Also, you want to be able to find all computers with the “Active threat detected” status in the console and make a selection of
these computers.
Contents.
A. Configure unprocessed threat events to be saved on the Administration Server

B. Imitate an active threat
C. Find a computer with an active threat in the hierarchy
D. Create a selection of devices for the hierarchy
Task A: Configure unprocessed threat events to be saved on the

Enable saving notifications about files that have not been processed by File Threat Protection on the lo-ksc Administration
Server.

1. On the admin-desktop workstation,

open the KSC Administration
Console
2. Select the Managed devices group
of the lo-ksc.abc.lab slave
Administration Server and switch to
the Policies tab
3. Open the properties of the non-
inherited Kaspersky Endpoint
Security for Windows policy
L–9
Lab 2.
4. Switch to the Event configuration

section
5. Open the Warning tab, select the
event There are unprocessed files,
and click Properties
6. Select the check box On

Administration Server for (days)
7. Set the storage time for the events of
this type to 15 days
8. Select the check box Notify by email
and click OK
9. Save the policy settings
Task B: Imitate an active threat
Imitate an active threat on bob-desktop. For this purpose, make Kaspersky Endpoint Security detect a threat in a network
folder where it has no Write permissions.
The task is performed on bob-desktop.

10. Power on the bob-desktop computer

11. Log on to the ABC\Bob account, password Ka5per5Ky
12. Open the \\DC\Pub folder and run the eicar.com file
L–10 KASPERSKY™
13. Close the Network error window

14. Wait for 2-4 minutes
Task C: Find a computer with an active threat in the hierarchy
In the Kaspersky Security Center Administration Console, find the computer where the file protection was not able to process
malicious files. Find out which Administration Server the computer is connected to.

15. On the admin-desktop machine,

start Mozilla Thunderbird
16. Open the message with the
subject Warning: There are
unprocessed files and read it.
Find the name of the computer
where unprocessed files were
found
17. Go to the KSC Administration

Console
Server hq-ksc1 node
L–11
Lab 2.
20. In the Device name or IP

address box, type bob-desktop
and click Find now
21. Open the Add/Remove

Columns window: Right-click
the header of the table that
contains search results and select
Add/Remove Columns
22. Move the Name of virtual or

slave Administration Server
column to the second position on
the list and click OK
L–12 KASPERSKY™
Note that according to the search

results, the bob-desktop
computer is connected to server
10.28.1.20 (which is the address
of the master Administration
Server) and neither KSC Agent,
nor Kaspersky Endpoint Security
are installed on it. This
contradicts our expectations,
because according to the emailed
notification, Kaspersky Endpoint
Security detected a threat on this
computer and did not manage to
process it. Obviously, it is a
wrong record
23. Open the properties of the bob-
desktop computer
Note that the bob-desktop

computer belongs to the
Unassigned devices group of the
master Administration Server
hq-ksc1
24. Close the properties of the bob-
desktop computer
25. In the search window, switch to

the Hierarchy of
Administration Servers tab
26. Select the check box Include
from slave Administration
Servers (down to level) and
click Find now
Note that there are two bob-
desktop computers in the results
now; the second one is connected
to the lo-ksc.abc.lab server, the
KSC Agent and Kaspersky
Endpoint Security are installed
on it, and it has the Warning
status
27. Open the properties of the bob-
desktop computer that has the
Warning status
L–13
Lab 2.
Note that the bob-desktop

computer belongs to the
Managed devices group of the
slave Administration Server lo-
ksc
28. Switch to the Protection section
Read the status description

29. Close the computer properties
and the search window
L–14 KASPERSKY™
Task D: Create a selection of devices for the hierarchy
Create a selection of devices with the “Active threat detected” status on the Master Administration Server. The selection is to
include devices connected to master and slave Administration Servers.

30. Open the Device selections node of

the master Administration Server
31. Choose the Active threats are
detected selection and click Run
selection
32. Click the tab Selection results

“Active threats are detected”
Note that the selection does not
include devices of the slave servers
by default.
The administrator cannot change the
settings of pre-set selections that are
created when the KSC is being
installed
33. Return to the Selection tab and click

Advanced | Create a selection
L–15
Lab 2.
34. Type All active threats for

the selection name and click OK
35. Choose the created selection and
click Selection properties
36. Select the check box Include data

from slave Administration Servers
and switch to the Conditions section
37. In the Conditions list, select All

active threats and click Properties
L–16 KASPERSKY™
38. Switch to the Device status section

39. Under Device status description,
select Active threats are detected
and click OK
40. Click OK to save all the changes to
the selection settings
41. Run the selection All active threats

and go to the tab Selection results
“All active threats”
Make sure that the bob-desktop
computer connected to the slave
Administration Server is displayed in
the selection of the master
Conclusion
The lab demonstrates how to find computers from slave Administration Servers using the Search window and computer
selections.
Lab 3.
How to configure management in a hierarchy
Scenario. When creating the hierarchy, you configured it so that the policies of the master Administration Server are not
allowed to overwrite security settings on the slave Administration Server. Now, when you have centralized management on
the Master Administration Server, you want to propagate its policies to Slave Administration Servers. Also, you want to reduce
the number of policies to maintain. You also want to create a single threat scan task for all computers in the hierarchy.
L–17
Lab 3.
Contents.
A. Configure policy propagation down the hierarchy

B. Configure task propagation down the hierarchy
Task A: Configure policy propagation down the hierarchy
The policies of the master Administration Server are applied to slave servers by default. To apply the inherited policies to the
computers of the slave server, make the local policies of the slave Administration Server inactive.

1. Log on to the admin-desktop workstation

under the ABC\KSCAdmin account with
2. Select the Policies node on the object tree
of the lo-ksc slave server
Pay attention to the Inherited column.
Note that the policies of the master
Administration Server hq-ksc1 are
distributed to the slave server lo-ksc by
default.
Inherited policies have a green arrow mark
3. Select the inherited policy of Kaspersky

Endpoint Security for Windows and
click the Details link in the right pane
Note that an inherited policy does not

apply to the devices connected to the
Slave Server by default
4. Close the Results of policy
enforcement window
L–18 KASPERSKY™
5. Select the non-inherited policy of

Kaspersky Endpoint Security for
Windows and click the Details link
6. Note that by default, the devices

connected to the slave server use the
policy created on the lo-ksc server rather
than the inherited policy
7. Close the Results of policy
enforcement window
8. Open the properties of the non-inherited
Kaspersky Endpoint Security for
Windows policy
9. Change the policy status to Inactive

policy and click OK
L–19
Lab 3.
10. Select the inherited policy of Kaspersky

Endpoint Security for Windows and
click the Details link
11. Note that when the non-inherited is

inactivated, the policy inherited from the
master server hq-ksc1 is automatically
applied to the computers connected to the
slave administration server
12. Open the properties of the non-inherited

Kaspersky Security Center Network
Agent policy
13. Change policy status to Inactive policy
and click OK
Task B: Configure Threat Scan task propagation down the hierarchy
Tasks of the master server are not applied to slave servers by default. To apply a scan task to the slave servers, enable the
distribution mode in the task properties on the master server.
After that, switch the local scan task of the slave server to the manual mode. Otherwise, both tasks will run on the slave
server’s computers and waste resources.
L–20 KASPERSKY™

14. Open the Tasks node of the slave

server lo-ksc
15. Click the link Add/Remove columns
16. Move the Group column to the third

position on the list and click OK
17. Pay attention to the Group column.

Unlike policies, tasks of the Master
Administration Server are not applied
to computers connected to slave
servers by default.
18. Open the properties of the Threat
scan task
L–21
Lab 3.
19. Switch to the Schedule section

20. Set the schedule to Manually and click
OK
21. Select the Managed devices node of

the master server hq-ksc1 and switch
to the Tasks tab
22. Open the properties of the Threat
scan task
23. Select Distribute to slave and virtual

Administration Servers and click OK
L–22 KASPERSKY™
24. Select the Tasks node on the object

tree of the lo-ksc slave server
25. Pay attention to the Group column.
Make sure that the Threat scan task of
the master Administration Server
applies to slave server’s devices now
26. Select the inherited Threat scan task
27. Click the link Ready for execution on

devices in the description area on the
right
28. Note that the Threat scan task

inherited from the master
Administration Server applies to
computers bob-desktop and lo-ksc
29. Power off the bob-desktop computer
Conclusion
You applied the policies and tasks of the main server to the computers connected to the slave server.
With policies, you simply made the policies of the slave server inactive; after that, the policies of the master server propagated
to the computers of the slave server automatically.
In case of tasks, you enabled distribution of the required tasks to slave servers in their properties. You also switched the local
tasks of the slave server to the manual start mode to prevent running two instances of each task on the computers.
L–23
Lab 4.
How to configure updates in a hierarchy
Lab 4.
Scenario. You need to configure updates for all slave servers in the hierarchy. For the slave servers located in the same site as
the master Administration Server, you want to configure the master Administration Server to be the update source and enable
forced update for the slave servers. For the slave server lo-ksc, you want to use Kaspersky update servers on the internet as the
update source. Also, you need to propagate the task that updates client devices from the master server to slaves where
necessary, and delete the unnecessary update tasks on the slave servers.
Contents.
A. Configure an update source for a slave server located on the same network as the master Administration Server
B. Configure an update source for a slave server located in a remote office
C. Configure forced update for slave servers
D. Configure updating client computers throughout the hierarchy
Task A: Configure an update source for a slave server located on the same
network as the master Administration Server
In this task, you will change the update source for the slave server hq-ksc2 from Kaspersky update servers in the Internet to the
master Administration Server hq-ksc1

The hq-router, lo-router, dc, hq-ksс1, hq-ksc2, lo-ksc, and admin-desktop machines must be powered on.
1. Power on the hq-ksc2 machine

2. Log on to the admin-desktop
workstation under the
ABC\KSCAdmin account
with the password Ka5per5Ky
Console
4. Find and expand the node of
the slave server
Administration Server hq-
ksc2
5. Select the Tasks node on the
tree of the hq-ksc2 slave
server
6. Open the properties of the
Download updates to the
repository task
L–24 KASPERSKY™
7. Switch to the Settings section
8. In the Sources of updates

area, click the link Configure
9. Click Add
L–25
Lab 4.
10. Select Master Administration

Server and click OK
11. Move the Master

Administration Server to the
top and click OK
12. Click OK to save the task
settings
Task B: Configure an update source for a slave server located in a remote

office
In this task, you will configure a source of updates for the slave Administration Server lo-ksc.
The remote office lo-office has its own connection to the internet; therefore, to optimize the load on the VPN channel between
the offices, you should leave the default update source for the Administration Server lo-ksc: Kaspersky update servers

13. Expand the Administration Server lo-ksc

node
14. Select the Tasks container on the tree of
thelo-ksc slave server
15. Open the properties of the Download
updates to the Administration Server
repository task
17. In the Sources of updates area, click the
link Configure
L–26 KASPERSKY™
18. The remote office lo-office has its own

internet access channel; therefore, you do
not need to change the update source for
the slave server
19. Close the task properties
Task C: Configure forced update for slave servers
Enable forced distribution of updates to slave administration servers in the properties of the task Download updates to the
repository on the master Administration Server.

20. Select the Tasks container on the tree of

the hq-ksc1 master server
21. Open the properties of the Download
updates to the Administration Server
repository task
L–27
Lab 4.

23. In the Other settings area, click the link
Configure
24. Select the check box Force update of

slave Administration Servers and click
OK
25. Click OK to save the task settings
L–28 KASPERSKY™
Task D: Configure updating client computers throughout the hierarchy

Configure updating client computers of slave servers. Propagate the update task from the master Administration Server to slave
servers. Exclude the lo-ksc slave server from the inherited task scope. Delete the non-inherited update task from the slave
Administration Server hq-ksc2.
26. Open the properties of

the Install update task
27. Select Distribute to slave and

virtual Administration
Servers in the General section
28. Switch to the section
Exclusions from task scope
L–29
Lab 4.
29. Exclude the lo-office group

from the task scope and click
OK
30. Select the Tasks node on the

tree of the hq-ksc2 slave
server
31. Make sure that an inherited
Install update task has
appeared on the list.
The tasks inherited from
another Administration Server
have a green down arrow mark
on the icon. The Group
column shows that the task
was created on the Master
L–30 KASPERSKY™
32. Select the non-inherited Install

update task and click the link
Delete task on the right
Conclusion
You have forced distribution of updates from the master server to a slave server located in the same subnet. For a slave server
in another office with independent access to the internet, you have left the standard update source.
You also propagated an update task from the master server on a slave. With centralized management, it makes no sense to keep
several update tasks if one is enough.
To prevent a task from distributing to slave servers with autonomous administration, you can use exclusions from the task
scope in its properties. For this purpose, place the slave servers into a subgroup, since scope exclusions are specified in terms
of groups.
Lab 5.
How to change the Administration Server
Scenario. You have recently added another Administration Server to the hierarchy to reduce the load on the other servers.
Now you want to move some of the computers to the new server. Use a Change Administration Server task for this purpose. If
there is an error in the connection parameters, use the klmover.exe utility to restore computer management.
Contents.
A. Change the Administration Server using a task

B. Change the Administration Server using the klmover utility
Task A: How to change the Administration Server using a task
Move the managed devices alex-desktop and tom-laptop from the master Administration Server hq-ksc1 to the slave
Administration Server hq-ksc2 using the Change Administration Server task.
L–31
Lab 5.

The hq-router, lo-router, dc, hq-ksc1, hq-ksc2, admin-desktop, alex-desktop, and tom-laptop machines must be powered
on.
1. Power on the alex-desktop and

tom-laptop computers
2. Log on to the admin-desktop
workstation under the
ABC\KSCAdmin account with
Console
Server hq-ksc1 node
6. Find the alex-desktop and tom-

laptop computers
7. Select the IP range check box,
type 10.28.2.100 to 10.28.2.225,
and click Find now
8. Select all computers and open

their shortcut menu
9. To move the computers to the
Managed devices group, click
Move to group
group and click OK
L–32 KASPERSKY™

node of the hq-ksc1 master
server and switch to the Devices
tab
12. Make sure that the alex-desktop
and tom-laptop computers are
connected to the Administration
Server hq-ksc1
13. Select the Tasks container on the
tree of the hq-ksc1 master server
14. Click New task
15. Expand the Advanced node,

select the Change
Administration Server task
type, and click Next
L–33
Lab 5.
16. In the Administration Server

address field, enter the domain
name (hq-ksc2.abc.lab) or the IP
address of the Administration
Server to which you need to
connect computers and click
Next
17. Click the top button

L–34 KASPERSKY™
18. Expand the Managed devices

node
19. Select the alex-desktop and
tom-laptop computers and click
Next
20. On the subsequent 2 pages, click
Next
21. Type Move to hq-ksc2 for the

task name and click Next
L–35
Lab 5.
22. Wait for the Change

Administration Server task to
complete

node of the hq-ksc1 master
server and switch to the Devices
tab
24. Click the Refresh link. Make
sure that the hq-ksc1 server
shows the alex-desktop and
tom-laptop computers as
unmanaged without the Network
Agent or protection
25. Delete the alex-desktop and

tom-laptop computers
26. Expand the Managed devices |
Administration Server node
L–36 KASPERSKY™

Server hq-ksc2 node
28. In the Management scheme
area, click the link Unassigned
devices that have Network Agent
installed
29. Select the alex-desktop and

tom-laptop computers and move
them to the Managed devices
node of the slave Administration
Server hq-ksc2
Task B: Change the Administration Server using the klmover utility
Change the administration server for the alex-desktop and tom-laptop computers from hq-ksc2 to hq-ksc1 using the klmover
utility.
The task is performed on alex-desktop.

The hq-router, lo-router, dc, hq-ksc1, hq-ksc2, admin-desktop, alex-desktop, and tom-laptop machines must be powered
on.
30. Log on to the alex-desktop workstation

under the ABC\Alex account with the
password Ka5per5Ky
31. Run the cmd console as administrator
32. Carry out the following command to go to
the Network Agent folder
— cd “c:\Program Files (x86)\Kaspersky
Lab\NetworkAgent”
L–37
Lab 5.
33. Change the Administration Server for the

alex-desktop computer from hq-ksc2 to
hq-ksc1. Carry out
— klmover –address hq-ksc1.abc.lab
34. Carry out

— klnagchk.exe
35. Pay attention to the administration server
address.
The task is performed on tom-laptop.
36. Log on to the tom-laptop workstation

under the ABC\Tom account with the
password Ka5per5Ky
37. Run the cmd console as administrator
38. Carry out the following command to go to
the Network Agent folder
— cd “c:\Program Files (x86)\Kaspersky
Lab\NetworkAgent”
39. Change the Administration Server for the
tom-laptop computer from hq-ksc2 to
hq-ksc1. Carry out
— klmover –address hq-ksc1.abc.lab
L–38 KASPERSKY™
40. Log on to the admin-desktop workstation

under the ABC\KSCAdmin account with
41. On the admin-desktop workstation, open
the KSC Administration Console
42. Select the Managed devices node of the
hq-ksc2 master server and switch to the
Devices tab
43. Delete the alex-desktop and tom-laptop
computers
44. Select the Administration Server hq-

ksc1 node
45. In the Management scheme area, click
the link Unassigned devices that have
Network Agent installed
46. Select the alex-desktop and tom-laptop

computers and move them to Managed
devices of hq-ksc1
47. Power off all machines except dc, hq-router, lo-router
Conclusion
You can change the administration server for client devices without reinstalling the Network Agent in two ways. Remotely
using the Change Administration Server task or locally via the command line using klmover.exe.

KL 302.11 Labs Module1 Managing Multiple Servers v1.6 en PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL 302.11 Labs Module1 Managing Multiple Servers v1.6 en PDF

Uploaded by

Copyright:

Available Formats

KL 302.

Lab 1. How to connect a slave Administration Server of a remote office .................................................................... 2

A. Prepare the Administration Server of the remote office

Task A: Prepare the Administration Server of the remote office

The task is performed on lo-ksc.

1. Log on to the lo-ksc server under

Find the bob-desktop computer:

Move the bob-desktop computer

8. Make sure that the bob-desktop

10. Select the Managed devices

12. Clear the Inherit settings from

13. Open the properties of the

Task B: Connect a slave Administration Server

The task is performed on admin-desktop.

15. Log on to admin-desktop under the

18. Open the KSC Administration

22. Specify the IP address of the slave

23. Type lo-ksc for the slave

24. Specify the IP address of the master

25. In the Administration Server

26. Connect to the lo-ksc.abc.lab slave

27. Consult the Administration Server

28. Make sure that the slave server lo-

29. Expand the Administration Server

A. Configure unprocessed threat events to be saved on the Administration Server

Task A: Configure unprocessed threat events to be saved on the

The task is performed on admin-desktop.

1. On the admin-desktop workstation,

4. Switch to the Event configuration

6. Select the check box On

Task B: Imitate an active threat

The task is performed on bob-desktop.

10. Power on the bob-desktop computer

13. Close the Network error window

Task C: Find a computer with an active threat in the hierarchy

The task is performed on admin-desktop.

15. On the admin-desktop machine,

17. Go to the KSC Administration

20. In the Device name or IP

21. Open the Add/Remove

22. Move the Name of virtual or

Note that according to the search

Note that the bob-desktop

25. In the search window, switch to

Note that the bob-desktop

Read the status description

Task D: Create a selection of devices for the hierarchy

The task is performed on admin-desktop.

30. Open the Device selections node of

32. Click the tab Selection results

33. Return to the Selection tab and click

34. Type All active threats for

36. Select the check box Include data

37. In the Conditions list, select All

38. Switch to the Device status section

41. Run the selection All active threats

A. Configure policy propagation down the hierarchy

Task A: Configure policy propagation down the hierarchy

The task is performed on admin-desktop.

1. Log on to the admin-desktop workstation

3. Select the inherited policy of Kaspersky

Note that an inherited policy does not

5. Select the non-inherited policy of