Setting up access to KSN

You can set up access to Kaspersky Security Network (KSN) on the Administration Server and on a distribution point.

To set up Administration Server access to KSN:

1. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the 常规 tab, select the KSN 代理设置 section.
3. Switch the toggle button to the 在管理服务器上启用 KSN 代理 已启用 position.

   Data is sent from client devices to KSN in accordance with the Kaspersky Endpoint Security policy, which is active on those client devices. If this check box is cleared, no data will be sent to KSN from the Administration Server and client devices through Kaspersky Security Center Linux. However, client devices can send data to KSN directly (bypassing Kaspersky Security Center Linux), in accordance with their respective settings. The Kaspersky Endpoint Security policy, which is active on client devices, determines which data will be sent directly (bypassing Kaspersky Security Center Linux) from those devices to KSN.

4. Switch the toggle button to the 使用卡巴斯基安全网络已启用 position.

   If this option is enabled, client devices send patch installation results to Kaspersky. When enabling this option, make sure to read and accept the terms of the KSN Statement.

   If you are using KPSN, switch the toggle button to the 使用卡巴斯基私人安全网络已启用 position and click the 选择 KSN 代理设置文件 button to download the settings of KPSN (files with the extensions pkcs7 and pem). After the settings are downloaded, the interface displays the provider's name and contacts, as well as the creation date of the file with the settings of KPSN.

   Kaspersky Private Security Network is a solution that gives users of devices with Kaspersky applications installed access to reputation databases of Kaspersky Security Network and other statistical data—without sending data from their devices to Kaspersky Security Network. Kaspersky Private Security Network is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:

   • Devices are not connected to the internet.
   • Transmission of any data outside the country or the corporate LAN is prohibited by law or corporate security policies.

   When you switch the toggle button to the 使用卡巴斯基私人安全网络已启用 position, a message appears with details about KPSN.

   The following Kaspersky applications support KPSN:

   • Kaspersky Security Center Linux
   • Kaspersky Endpoint Security for Linux
   • Kaspersky Endpoint Security for Windows

   If you enable KPSN in Kaspersky Security Center Linux, these applications receive information about supporting KPSN. In the settings window of the application, in the Kaspersky Security Network subsection of the Advanced Threat Protection section, the information about selected KSN provider is displayed — KSN or KPSN.

   Kaspersky Security Center Linux does not send any statistical data to Kaspersky Security Network if KPSN is configured in the KSN 代理设置 section of the Administration Server properties window.

5. If you have the proxy server settings configured in the Administration Server properties, but your network architecture requires that you use KPSN directly, enable the 当连接到 KPSN 时忽略代理服务器设置 option. Otherwise, requests from the managed applications cannot reach KPSN.
6. Configure the Administration Server connection to the KSN proxy service:
   • Under 连接设置, for the TCP 端口, specify the number of the TCP port that will be used for connecting to the KSN proxy server. The default port to connect to the KSN proxy server is 13111.
   • If you want the Administration Server to connect to the KSN proxy server through a UDP port, enable the 使用 UDP 端口 option and specify a port number for the UDP 端口. By default, this option is disabled, and TCP port is used. If this option is enabled, the default UDP port to connect to the KSN proxy server is 15111.
7. Switch the toggle button to the 通过主管理服务器连接从属管理服务器到 KSN 已启用 position.

   If this option is enabled, secondary Administration Servers use the primary Administration Server as the KSN proxy server. If this option is disabled, secondary Administration Servers connect to KSN on their own. In this case, managed devices use secondary Administration Servers as KSN proxy servers.

   Secondary Administration Servers use the primary Administration Server as a proxy server if in the right pane of the KSN 代理设置 section, in the properties of secondary Administration Servers the toggle button is switched to the 在管理服务器上启用 KSN 代理 已启用 position.

8. Click the 保存 button.

The KSN access settings will be saved.

You can also set up distribution point access to KSN, for example, if you want to reduce the load on the Administration Server. The distribution point that acts as a KSN proxy server sends KSN requests from managed devices to Kaspersky directly, without using the Administration Server.

To set up distribution point access to Kaspersky Security Network (KSN):

1. Make sure that the distribution point is assigned manually.
2. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

3. On the 常规 tab, select the 分发点 section.
4. Click the name of the distribution point to open its properties window.
5. In the distribution point properties window, in the KSN 代理 section, enable the 在分发点端启用 KSN 代理 option, and then enable the 通过互联网直接访问 KSN 云/KPSN option.
6. Click 确定.

The distribution point will act as a KSN proxy server.

Please note that the distribution point does not support managed device authentication by using the NTLM protocol.