Automatic creation of a default policy and tasks

When the Kaspersky Security Center Administration Console starts for the first time after the Kaspersky Security administration plug-in is installed, the Quick Start Wizard for the managed application is automatically started. The Wizard lets you create a default policy, application database update task, and full scan task.

Default policy

A default policy is created for all KSC clusters (in the Managed devices administration group) under the name Kaspersky Security for Virtualization 5.0 Agentless policy.

Default policy settings take the following values:

• Anti-Virus protection is disabled (a protection profile is not assigned to objects of the protected infrastructure).
• SNMP monitoring of the status of SVMs is disabled.
• Use of Backup is enabled. Storage period for backup copies of files is 30 days.
• Use of Kaspersky Security Network is disabled.
• Network Threat Protection is disabled.

All settings of the default policy can be redefined in nested policies. You can use this policy to configure the general application settings on all SVMs, and use a KSC cluster policy to define individual settings for SVMs of each KSC cluster.

The availability of a default policy lets you use the following capabilities of Kaspersky Security Center immediately after SVM deployment and before you manually create a policy:

• Display the list of protected virtual machines in KSC cluster properties.
• Register events received from SVMs.
• Display information about the virtual machines whose protection involves the use of a key in a key report.
• Display information about protected virtual machines in a protection status report.

If you want to delete the default policy, make sure that one of the policies created by you is applied on all SVMs. If a policy is not applied on an SVM, Kaspersky Security Center does not register events from this SVM, and does not display virtual machines protected by this SVM.

Database update task

A database update task is created for the Managed devices administration group and lets you update databases on all SVMs. This task is started every time an update package is downloaded to the Kaspersky Security Center Administration Server repository.

Full scan task

The full scan task is created for the Managed devices administration group and lets you run a virus scan of all virtual machines that are under the protection of all SVMs.

The settings of the full scan task take the following values:

• Security level – Recommended:
  • Archive scanning is disabled.
  • Scanning of self-extracting archives and embedded OLE objects is enabled.
  • Kaspersky Security does not scan compound files larger than 8 MB.
  • File scan duration is unlimited.
  • Kaspersky Security scans files of virtual machines to detect viruses, worms, Trojans, malicious tools, auto-dialers, adware, and multi-packed files.
• Kaspersky Security automatically attempts to disinfect infected files. If disinfection fails, the application deletes such files. If deletion fails, Kaspersky Security blocks the infected files.
• Kaspersky Security does not scan powered off virtual machines, virtual machine templates, or files on optical drives.
• The scan task ends 120 minutes after the task was started.
• Scan task exclusions are not defined.

You can manually run this task.