Transcription
Deploying Kaspersky Endpoint Security for Mac v 10Document purposeDue to the unique nature of the Mac OS X (OS ten) operating system, we cannot install EndpointSecurity for Mac using the same remote installation tasks we would with Windows endpoints. Thefollowing means to describe how to install and partially automate that installation.ContentsDocument purpose . 1I – Getting Started with prerequisites. 2Prerequisite – Download the needed packages . 2Prerequisite – installation of the Network Agent . 3II - Adding KES for Mac to the Security Center. 3III – Creating the Mac Installation package . 4IV – Creating the Mac group, tasks and policy . 10Configure the Automated installation of KES for Mac . 11Create the Update task for Mac . 11Create the Weekly Scan Task for Mac . 14Creating the Mac Policy . 17V - Creating a Mac Relocation Rule. 25P a g e 1 271
I – Getting Started with prerequisites.Prerequisite – Download the needed packages1. Connect to http://support.kaspersky.com/kes10mac#downloads and click on the green Filesbox (Outlined in red, below)2. In this menu, we need to download this item to get the KES for Mac zipNext, to provide connectivity to the KSC, the Network Agent component will also need to bedownloaded and .zipP a g e 2 272
and, finally, download this link to add the ability to create tasks and policies for the uage/workstations/kesmac/klcfginst.exeThe following document outlines the manual installation of the Network Agent, and the automaticinstallation of the KES client for Mac on the Security Center.Prerequisite – installation of the Network AgentAs noted above, the Network Agent is not installed using the KSC remote installation tasks. In order toget the Network Agent installed, there are two means to do this.a. Extract the .DMG file from the klnagentmac 10.1.0.16.mlng en ru.zip and run it manually. As itis installed, you are prompted by the installer for the KSC address – please use the IP Address.b. Use your Mac package management solution or Apple Remote Desktop to install the NetworkAgent – an install.sh script is included in order to automate the installation and addition of the IPaddress of the Kaspersky Security Center.II - Adding KES for Mac to the Security Center.1. When the Endpoint Security package is unzipped, there are the following items in the newfolder:P a g e 3 273
2. Double click the Security Center Console Plugin folder, then the English folder. In here, right clickon the klcfginst.exe file and select Run as Administrator as shown:NOTE: Once the installer begins, you will see some displays flash and the process completes withoutany notification.III – Creating the Mac Installation package1. Open the Kaspersky Security Center console, and in the left hand pane, expand RemoteInstallation, and click on Installation packages.Click Create Installation Package, outlined in red belowP a g e 4 274
2. In the next display, click the top button to ‘ Create an Installation package for a Kaspersky Labapplication’3. In the next screen, type in a package name, such as ‘KES for Mac 10’ as below, click Next:P a g e 5 275
4. In the following screen, click Select to find the package descriptor, found where the KESMAC zipfile was expanded, highlight and click Open:5. At the next screen, uncheck the item to Copy updates from repository to installation package,and click Next to create the installer.P a g e 6 276
Accept the license agreement by checkbox and click Next:The installation package is created:P a g e 7 277
6. In the next screen, select the items to be installed – Take all by default and if needed, check off“I agree to participate in Kaspersky Security Network” at the bottom as well, click Next:7. Click Finish and the package is complete:P a g e 8 278
8. Next, we want to embed the license in the installation package, so the services start the minutethe installation is completed. To do this:a. In the Installation packages window, double click the Mac installation package just createdand in the left hand pane, click KeyP a g e 9 279
Click Select to choose the key and click OK (Not Add – that will move you an incorrect screen.)and then click OK again to exit the package.IV – Creating the Mac group, tasks and policy1. In the left hand pane of the Security Center, right click on Managed Computers and select New, thenGroup and name the group Mac Workstations (Note – groups can easily be renamed)P a g e 10 2710
Configure the Automated installation of KES for Mac1. Right click the Mac Workstations group, and select Properties.In the left hand pane, select Automated Installation and check off the KES for Mac 10 installationpackage created earlier.Now, when the relocation rule is run, the machine will be relocated to the Mac Workstationssubgroup and the software, including the license will be automatically installed.Next, click that same Mac Workstations group in the left hand pane of the Security Center and click onTasks at the top of the displayIn this area we have two tasks to create – Update and Weekly ScanCreate the Update task for Mac1. Click on Create a task in the top center, and name the task Update and click Next:P a g e 11 2711
2. In the next screen, look through the list, finding the Kaspersky Endpoint Security for Mac, andselect Update as shown,3. Click Next through the update type screenP a g e 12 2712
4. In this screen, select the schedule as “When updates are downloaded to the repository” asshown, click Next and then Finish in the last screen to complete the task.P a g e 13 2713
Create the Weekly Scan Task for Mac1. Click on Create a task in the top center, and name the task Weekly Scan and click Next:2. Then, in the list, find Endpoint Security 10 for Mac, select Virus Scan, click NextP a g e 14 2714
3.4. In the next screen, click the top Settings button:In here, check off next to “Scan only new and changed files” as outlined below, and click OKClick the bottom Settings button next and in this screen, uncheck the outlined item “ScanNetwork Drives, click OK, then Next,P a g e 15 2715
5. In this screen, select Weekly from the dropdown menu and pick a day and time for the scan.Click Next and Finish in the next screen to complete the wizardP a g e 16 2716
Creating the Mac PolicyTo define the protection settings for Endpoint Security for Mac, we apply a policy. To create this policy:1.In that same Mac Workstations group, click on the Policies tab in the top center, and then click theCreate a Policy as outlined in red, below:2.In the next screen. Type in a name such as Mac Policy and click NextP a g e 17 2717
3.In the next screen, click on the Endpoint Security 10 for Mac policy type, as shown, click Next:4.In this Protection screen, take the defaults (UNLESS the customer has an application they need anexclusion for – if that is the case, click Edit to put the application in the Trusted Zone, otherwise clickNext:P a g e 18 2718
5.In the File Anti Virus window, again, go with the main defaults at first, but click Settings:In this screen, click the Protection scope tab and unselect the Network Drives item – leave the othersat defaults, click OK, then Next.P a g e 19 2719
6.Web Anti-VirusIn the next screen, click Next to accept the default Settings for Web Anti- Virus – note that youcan click settings if you would like to set certain web sites as excluded from Web AV:7.Network Attack Blocker.P a g e 20 2720
(Click Exclusions if you have a machine that is performing network scans or such to avoid a false positive)In the Update window, take the defauits here as well.Note – if there is a need to change/add update locations, click Settings to edit them. (The KLCorporate servers are the default)8.Next up is the KSN Screen – click the checkbox to participate at the top, click Next:P a g e 21 2721
9.In the next screen, User Interaction, be sure to uncheck the Show Quit item outlined below or theusers will be able to shut down KES for Mac! Click Next to continue.P a g e 22 2722
10. The next screen is the proxy settings – click the top radio button to disable the proxy setting, click Next:11. Click Next to continue through the Reports screen,12. Click Finish to complete the wizard and make the policy active.P a g e 23 2723
P a g e 24 2724
V - Creating a Mac Relocation Rule1. In the left hand pane of the Kaspersky Security Center, select the Unassigned Devices node and right click,selecting Properties.In this first screen, click Add:P a g e 25 2725
2. Then, in the next screen, add the following items:a. Name this the Mac Relocation Ruleb. Click Select to pick the Mac Workstations group from under Managed Computersc. Put a checkmark next to Enable ruleCP a g e 26 2726
3. In the left hand pane of the rule, select Applications – in here:a. Under ‘Network Agent is running’, select the pulldown and select Yes, as shown belowb. Put a checkmark next to Operating system version, as shown belowc. Select Mac OS X under Operating system, as shown belowClick OK twice to close and return to the KSC.P a g e 27 2727
Prerequisite – installation of the Network Agent As noted above, the Network Agent is not installed using the KSC remote installation tasks. In order to get the Network Agent installed, there are two means to do this. a. Extract the .DMG file f
