Support

Support for business applications

Kaspersky Security for Virtualization 5.x Agentless

Managing the application via Kaspersky Security Center

Creating a policy

Kaspersky Security for Virtualization 5.x Agentless
Нет результатов
Online Help
Advice & Solutions FAQ System requirements Switch to Kaspersky Security for Virtualization 6.x Agentless Forum Contact support Recovery tools Product videos

Creating a policy

25 March 2022

ID 83454

After installing Kaspersky Security, you must configure the application settings by applying a policy. Anti-Virus protection and Network Threat Protection are disabled by default. You can use the policy created by default, or create and configure a new policy.

To create a policy:

  1. Open the Administration Console of Kaspersky Security Center.
  2. In the console tree, perform one of the following actions:
    • If you want to create a policy for one KSC cluster, in the Managed devices folder of the console tree select the administration group containing the KSC cluster.
    • If you want to create a policy for all KSC clusters, select the Managed devices folder.
  3. In the workspace, select the Policies tab.
  4. Click the Create policy button to launch the policy wizard.
  5. At the first step of the Wizard, select Kaspersky Security for Virtualization 5.0 Agentless from the list and proceed to the next step of the Wizard.
  6. Enter the name of the new policy and proceed to the next step of the wizard.
  7. The Wizard establishes a connection to the Integration Server to receive information about the VMware virtual infrastructure.

    If the computer hosting the Administration Console of Kaspersky Security Center belongs to a domain or your domain user account belongs to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, your domain user account is used by default to connect to the Integration Server. The Use domain account check box is selected by default. You can also use the Integration Server administrator account (admin). To do so, clear the Use domain account check box and enter the administrator password in the Password field.

    If the computer hosting the Kaspersky Security Center Administration Console does not belong to a domain, or the computer belongs to a domain but your domain account does not belong to the KLAdmins group or to the group of local administrators on the computer hosting the Integration Server, you can use only the account of the Integration Server administrator (admin) to connect to the Integration Server. Enter the administrator password in the Password field.

    If the connection to the Integration Server is established using the Integration Server administrator account (admin), you can save the administrator password. To do so, select the Save password check box. The saved administrator password will be used the next time a connection is established with this Integration Server. If you clear the check box selected during the previous connection to the Integration Server, Kaspersky Security removes the previously saved password of the Integration Server administrator.

    The Save password check box may be unavailable if Windows updates KB 2992611 and/or KB 3000850 have been installed on the computer hosting the Kaspersky Security Center Administration Console. To restore the capability to save the administrator password, you can uninstall these Windows updates or modify the operating system registry as described in the Knowledge Base.

    Proceed to the next step of the Policy Wizard.

  8. The wizard checks the SSL certificate received from the Integration Server. If the received certificate contains an error, the Certificate verification window containing the error message opens. The SSL certificate is used to establish a secure connection to the Integration Server. If there are problems with the SSL certificate, you are advised to make sure that the utilized data transfer channel is secure. To view information on the received certificate, click the View the received certificate button in the window containing the error message. You can install the certificate you received as a trusted certificate to avoid receiving a certificate error message at the next connection to the Integration Server. To do so, select the Install received certificate and stop showing warnings for <Integration Server address> check box.

    To continue connecting, click the Continue button in the Certificate verification window. If you selected the Install received certificate and stop showing warnings for <Integration Server address> check box, the received certificate is saved in the operating system registry on the computer where the Kaspersky Security Center Administration Console is installed. The application also checks the previously installed trusted certificate for the Integration Server. If the received certificate does not match the previously installed certificate, a window opens to confirm replacement of the previously installed certificate. To replace the previously installed certificate with the certificate received from the Integration Server and continue connecting, click the Yes button in this window.

  9. After the connection is established, the Choice of protected infrastructure window opens. Select one of the following options:
    • If you are creating a policy for one KSC cluster, select the One VMware vCenter Server option, then in the list select the VMware vCenter server corresponding to the KSC cluster.

      If the selected VMware vCenter server does not correspond to the KSC cluster for which the policy is being created, Kaspersky Security does not protect the virtual machines.

    • If you are creating a policy for all KSC clusters, select the All VMware vCenter Servers option.

    If there is no connection to any VMware vCenter server configured in the Integration Server Management Console, you can only create a policy for all KSC clusters.

    Click OK in the Choice of protected infrastructure window.

  10. At the next step, you can change the main protection profile settings that were defined by default. If you are creating a policy for one KSC cluster, after the policy is created the main protection profile is assigned to all virtual machines within the KSC cluster protected infrastructure. In a policy for all KSC clusters, the main protection profile is not assigned to any object by default. After the policy for all KSC clusters is created, you have to manually assign protection profiles to VMware inventory objects.

    Proceed to the next step of the Wizard.

  11. At the next step, you can enable SNMP monitoring of the status of SVMs and create a list of IP addresses to which the SNMP Agent must relay SVM status information to prevent unauthorized access to the SNMP service.

    Proceed to the next step of the Wizard.

  12. Decide on whether or not to participate in Kaspersky Security Network. To do so, carefully read the Kaspersky Security Network Statement, then perform one of the following actions:
    • If you want the application to use KSN in its operations and you agree to all the terms of the Statement, select I have read, understand, and accept the terms of this Kaspersky Security Network Statement.
    • If you do not want to participate in KSN, select the I do not accept the terms of this Kaspersky Security Network Statement option and confirm your decision in the window that opens.

    If you want to use Kaspersky Security Network with Kaspersky Security, make sure that the KSN Proxy service is enabled in Kaspersky Security Center (see Kaspersky Security Center documentation).

    If you want the application to use Private KSN in its operations, select the Use Private KSN if it is configured in Kaspersky Security Center check box.

    If the use of Private KSN is not configured in Kaspersky Security Center, it is impossible to use Private KSN in the application. Please see the Kaspersky Security Center documentation for details.

    If necessary, you will be able to change the settings for KSN usage in the application at a later time.

    Proceed to the next step of the Wizard.

  13. Exit the Policy Wizard.

The created policy will be displayed in the list of policies of the administration group on the Policies tab and in the Policies folder of the console tree.

If you have created the policy for all KSC clusters, you have to manually assign protection profiles to VMware inventory objects in the policy properties. Kaspersky Security protects only those virtual machines and other VMware inventory objects, which were assigned a protection profile.

The policy will be applied to SVMs after the Kaspersky Security Center Administration Server relays the information to Kaspersky Security at the next SVM connection. Kaspersky Security will start protecting virtual machines according to the policy settings.

If no key has been added on an SVM or the application databases are missing, the application does not protect the virtual machines.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.