Kaspersky Security

Center 13 for Linux

Proof of Concept guide

Kaspersky

30.08.2021
Changelog

This version is made for Kaspersky Security Center 13 for Linux and Kaspersky Endpoint Security for Linux 11.2.
Contents

Introduction ...................................................................................................................................................................3
Who should use this guide? ......................................................................................................................................3
About Kaspersky Security Center for Linux ...............................................................................................................3
Prepare the environment ..............................................................................................................................................4
Review the hardware and software requirements .....................................................................................................4
Download required files .............................................................................................................................................4
Setup and deploy ..........................................................................................................................................................5
Install MariaDB server ...............................................................................................................................................5
Install Kaspersky Security Center for Linux ...............................................................................................................8
Install and configure Kaspersky Security Center Web Console ..............................................................................10
Deploy Kaspersky protection for managed devices ................................................................................................15
Capability scenarios ....................................................................................................................................................28
File Threat Protection ..............................................................................................................................................28
Web Threat Protection .............................................................................................................................................30
Network Threat Protection .......................................................................................................................................31
Behavior Detection ..................................................................................................................................................33
Device Control .........................................................................................................................................................35
Useful information .......................................................................................................................................................37
Appendix A: POC success criteria ..............................................................................................................................38
Introduction
Who should use this guide?
This guide is built to help you quickly deploy and configure Kaspersky Security Center for Linux for evaluation1. It
guides you through the process of Kaspersky Security Center for Linux installation and configuration and
Kaspersky Endpoint Security for Linux deployment. It also demonstrates protection capabilities for Linux devices.
This document is intended for use by Kaspersky presales engineers and 3rd parties willing to evaluate Kaspersky
Security Center for Linux.

It’s assumed that the reader will have:

1. Experience in systems administration;

2. A basic knowledge of computer networking.

About Kaspersky Security Center for Linux

Kaspersky Security Center Linux is designed to deploy and manage protection of Linux devices by using Linux-
based Administration Server to meet the requirements of pure Linux environments.

Kaspersky Security Center Linux enables the administrator to install Kaspersky security applications on devices on
a corporate network, remotely run scan and update tasks, and manage the security policies of managed
applications. The administrator can use a detailed dashboard that provides a snapshot of corporate device
statuses, detailed reports, and granular settings in protection policies.

Using Kaspersky Security Center, you can do the following:

• Create a hierarchy of Administration Servers to manage the organization's network, as well as networks at
remote offices or client organizations.
• The client organization is an organization whose anti-virus protection is ensured by the service provider.
• Create a hierarchy of administration groups to manage a selection of client devices as a whole.
• Manage an anti-virus protection system built based on Kaspersky applications.
• Perform remote installation of applications by Kaspersky and other software vendors.
• Perform centralized deployment of license keys for Kaspersky applications to client devices, monitor their
use, and renew licenses.t
• Receive statistics and reports about the operation of applications and devices.
• Receive notifications about critical events during the operation of Kaspersky applications.
• Perform inventory of hardware connected to the organization's network.
• Centrally manage files moved to Quarantine or Backup by security applications, as well as manage files for
which processing by security applications has been postponed.

Feature comparison between the product for Windows and Linux OS is available in Online Help.

1 If you need to deploy Kaspersky Security Center for Linux in production environment, then please refer to Online Help.
Prepare the environment
Review the hardware and software requirements
Administration Server, Database Server, Web Console Server and Network Agent:
https://support.kaspersky.com/KSCLinux/13/en-US/96255.htm .

Note that MariaDB Server versions other than 10.3 are unsupported

Kaspersky Endpoint Security for Linux: Hardware and software requirements (kaspersky.com).

Information about ports used by Kaspersky Security Center 13 for Linux is specified in Online Help.

Download required files

You can download the latest versions of Kaspersky product from the following page:
https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint.

You should download the following:

• Kaspersky Security Center for Linux Full package.

• Kaspersky Security Center for Linux Web console.
• Kaspersky Security Center Network Agent and Files for Agent remote installation.
• Kaspersky Endpoint Security for Linux distributive and Product GUI, and Files for Product remote
installation.
• Administration Plug-in.

How to download and install MariaDB Server is described during the deployment step.
Setup and deploy
Main installation scenario is described in Online Help. However, in purpose of this guide we will cover the following
main steps:

1. Install MariaDB server.

2. Install Kaspersky Security Center for Linux.
3. Install and configure Kaspersky Security Center Web Console.
4. Deploy Kaspersky protection for managed devices.

Install MariaDB server

In this guide MariaDB server is installed on Ubuntu 18.04.1 LTS.

1. Go to official MariaDB Server downloads and

repositories page and specify the required
parameters of your system and MariaDB server.
In this guide it is Ubuntu – 18.04 LTS “bionic”
– 10.3 [Old Stable] – <any mirror>.

2. Installation instructions specific for your Linux Distro will appear. For Ubuntu 18.04 and a repository in UK run
the following commands in terminal:

sudo apt-get install software-properties-common

sudo apt-key adv --fetch-keys

'https://mariadb.org/mariadb_release_signing_key.asc'

sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el]

https://mirrors.ukfast.co.uk/sites/mariadb/repo/10.3/ubuntu bionic main'

sudo apt update

sudo apt install mariadb-server mariadb-client

3. Set a new password for the MariaDB “root” user.

4. Repeat the password.

5. After installation check the status of the MariaDB

Server (one-line command):

sudo systemctl status

mariadb.service

Make sure that no errors returned.

6. Now it is necessary to configure a few security

settings. Run the command:

sudo mysql_secure_installation

and enter current password for root.

6.1. You will be asked for several questions.

They are provided below with the answers
to them:

Change the root password? n.

6.2. Remove anonymous users? Y

6.3. Disallow ‘root’ login remotely? Y

6.4. Remove test databases and access to it? Y

6.5. Reload privilege tables now? Y

Now proceed to the next step.

7. The next step is to configure MariaDB server. Create a backup copy of the my.cnf file:

sudo cp /etc/mysql/my.cnf /etc/mysql/my.cnf.bk

Open /etc/mysql/my.cnf in any text editor. In this guide vim is used, but it requires some knowledge of
management commands. If you want to use vim, then it is necessary to install it first by executing the
following command:
 sudo apt-get install vim

Then open the original file by executing this command:

sudo vim /etc/mysql/my.cnf

Configure the following parameters 2(modify existing or add new if they’re missing):

sort_buffer_size=10M

join_buffer_size=100M

join_buffer_space_limit=300M

join_cache_level=8

tmp_table_size=512M

max_heap_table_size=512M

key_buffer_size=200M

innodb_buffer_pool_size=<value>

innodb_thread_concurrency=20

innodb_flush_log_at_trx_commit=0

innodb_lock_wait_timeout=300

max_allowed_packet=32M

max_connections=151

The value of the "innodb_buffer_pool_size” must be no less than 80 percent of the expected KAV
database size. In this guide 6500M is used. It is completely enough for quick testing purposes.

Note that depending on the MariaDB server version the my.cnf file may contain different
sections. You should add the lines to the [mysqld] section.

Save and close the modified file and restart mariadb.service by the following command:

sudo systemctl restart mariadb.service

Then check the status of mariadb.service

sudo systemctl status mariadb.service

Make sure that no errors returned.

2 Check the latest recommendations in Online Help.

8. By default, the optimizer add-ons
join_cache_incremental, join_cache_hashed,
join_cache_bka are enabled. If these add-ons
are not enabled, you must enable them.

Run the MySQL Command-Line Client:

mysql --user root --password

and run the following command:

SELECT @@optimizer_switch
\g

Make sure that in the command result you see

that these add-ons are enabled.

Quit from the MySQL Command-Line Client:

\q

After completing these steps, you successfully installed and configured MariaDB Server.

Install Kaspersky Security Center for Linux

1. Create a group 'kladmins' and an unprivileged account 'ksc'. The account must be a member of the 'kladmins'
group. To do this, sequentially run the following commands

sudo adduser ksc

sudo groupadd kladmins

sudo gpasswd -a ksc kladmins

sudo usermod -g kladmins ksc

2. Install Kaspersky Security Center for Linux by executing the following command in the terminal:

sudo apt install /<path>/ksc64_[version_number]_amd64.deb

and then run the /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl script.

3. Accept the terms of the EULA and Privacy Policy

4. Enter the address of the Administration Server.

5. Enter the Administration Server port number.

6. Enter the Administration Server SSL port

number.

7. Specify an infrastructure size. In this guide,

More than 1000 networked devices is
selected.

8. Enter the security group name for services. By

default, the 'kladmins' group is used.

9. Enter the account name to start the

Administration Server service. The account must
be a member of the entered security group. By
default, the 'ksc' account is used.

10. Enter the account name to start other services.

The account must be a member of the entered
security group. By default, the 'ksc' account is
used.

11. Enter the IP address of the device on which the

database is installed.

12. Enter the database port number. By default, port

3306 is used.
 13. Enter the database name.

14. Enter the login of the database ‘root’ account

that you use to access the database.

15. Enter the database password.

Wait for the services to be added and started

automatically:
• klnagent_srv
• kladminserver_srv
• klactprx_srv
• klwebsrv_srv

16. Create an account that will act as an

Administration Server administrator. Enter the
user name and password. The user password
cannot have less than 8 or more than 16
characters.

17. Check the status of the Administration Server

(one line command):

systemctl status
kladminserver_srv.service

Make sure that it is running.

After completing these steps, you successfully installed Kaspersky Security Center.

Install and configure Kaspersky Security Center Web Console

1. For installing Kaspersky Security Center 13 Web Console you must create a response file —a .json file that
contains parameters for connecting Kaspersky Security Center 13 Web Console to the Administration Server.
Execute the following command:

sudo vim /etc/ksc-web-console-setup.json

2. Specify the following parameters3:

• address of Kaspersky Security Center 13 Web Console Server,
• port that Kaspersky Security Center 13 Web Console Server uses to connect to the Administration
Server,
• trusted Administration Server address, port, certificate path and Administration server name,
• specify ‘true’ for the acceptEula parameter.

Below is the example of the file content.

3 Full description of available parameters is available in Online Help.

Save and close the file.

3. Run the following command to start Kaspersky Security Center 13 Web Console installation:

sudo dpkg -i KSCWebConsoleInstaller.[version_number].x86_64.deb

Wait for the installation to finish.

4. Run a web browser and go to

https://server_address:8080/ .

Enter credentials.

5. You will see the main Kaspersky Security Center

13 Web Console window.

You can either watch a full Kaspersky Security

Center tutorial or just changes in a new version.

6. After a tutorial the Quick Start Wizard appears.

Click Next to go through its steps.
7. Select your Internet connection parameters. In
this guide Direct connection is used.

8. Specify your activation code or add a key file.

9. Create basic tasks and policies.

10. Configure email notification settings.

11. Close the Quick Start Wizard.

12. The DISCOVERY & DEPLOYMENT -

DISCOVERY – IP RANGES section
automatically appears. It is necessary to allow IP
ranges polling. To do that in the right pane select
a required IP range and click Properties.
13. In the appeared windows allow polling and save
the settings.

14. Now check if the license has been applied to

Kaspersky Security Center successfully.

In the main Kaspersky Security Center 13 Web

Console window click the gear icon to open the
Administration Server properties.

15. Select License keys – and if there is no license

in the right pane under the Current license,
then click Select.

16. Click +Add new license key.

17. Add an activation code or a key file.

18. Close the window.

19. Make sure that the license is shown in the

properties of the Administration Server. Click
Save and close the Administration Server
properties.

After completing these steps, you successfully install Kaspersky Security Center 13 Web Console and performed
initial configuration of the Administration Server.

Deploy Kaspersky protection for managed devices

To deploy Kaspersky Endpoint Security for Linux using Kaspersky Security Center you should perform the
following basic steps:

1. Add the Kaspersky Endpoint Security for Linux management plug-in to Kaspersky Security Center 13 Web
Console.
2. Create installation packages for both Network Agent and Kaspersky Endpoint Security for Linux.
3. Create and run remote installation tasks for Network Agent and Kaspersky Endpoint Security for Linux.
4. Create and configure tasks for Kaspersky Endpoint Security for Linux.
5. Create an administration policy for Kaspersky Endpoint Security for Linux.
1. To add the Kaspersky Endpoint Security for
Linux management plug-in to Kaspersky
Security Center 13 Web Console click
CONSOLE SETTINGS – WEB PLUG-INS.
2. In the appeared window click + Add from file.

3. Unzip the contents of the downloaded archive

with the Kaspersky Endpoint Security web plug-
in.
Upload the unpacked files to the Kaspersky
Security Center 13 Web Console.

4. One you uploaded the plugin.zip and

signature.txt files click Add at the bottom of the
page.

5. Make sure that the plug-in has been added

successfully.
6. Now create installation packages for Network
Agent and Kaspersky Endpoint Security for
Linux.

Go to DISCOVERY & DEPLOYMENT –

DEPLOYMENT & ASSIGNMENT –
INSTALLATION PACKAGES.

In the right pane click + Add.

7. Select Create an installation package from a

file.

8. Place the files for remote installation and the

Network Agent distribution package within one
archive. For instance, you can unzip the archive
with the files for remote installation to a folder,
copy the Network Agent distribution package to
this folder and add the contents of the folder to
an archive.

Specify a package name and select the newly

created archive containing the files for remote
installation and the Network Agent distribution
package.

9. Accept the terms of the EULA.

10. Close the New Package Wizard.

11. Create an installation package for Kaspersky
Endpoint Security for Linux.

Click + Add.

12. Select Create an installation package from a

file.

13. Place the files for remote installation and the

Kaspersky Endpoint Security for Linux
distribution package + Product GUI within one
archive. For instance, you can unzip the archive
with the files for remote installation to a folder,
copy the Kaspersky Endpoint Security for Linux
distribution package + Product GUI to this folder
and add the contents of the folder to an archive.

Specify a package name and select the newly

created archive containing the files for remote
installation and the Kaspersky Endpoint Security
for Linux distribution package + Product GUI.

14. Accept the Privacy Policy and the terms of

EULA.
15. Close the New Package Wizard.

16. Prior to Kaspersky applications deployment prepare a Linux device to remote deployment. Do the following:
• Make sure that sudo is installed on the target Linux device.
• Test the device configuration:
o Check whether you can connect to the device through an SSH client (such as PuTTY).
If you cannot connect to the device, open the /etc/ssh/sshd_config file and make sure
that the following settings have the respective values listed below:
PasswordAuthentication no
ChallengeResponseAuthentication yes
Save the file and restart the SSH service by using the sudo service ssh restart
command.
o Disable the sudo password for the user account under which the device is to be connected.
Use the visudo command in sudo to open the sudoers configuration file. In the file you
have opened, specify the following: username ALL = (ALL) NOPASSWD: ALL. This file
is processed in the “top-to-bottom” order, therefore add this new line to the end of the file. In
this case, username is the user account, which is to be used for the device connection using
SSH.
o Save the sudoers file and then close it.
o Connect to the device again through SSH and make sure that the Sudo service does not
prompt you to enter a password; you can do this using the sudo whoami command.

17. Select the Network Agent installation package

and click + Deploy.
18. Select the Using the remote installation task
deployment method.

19. Select a device for installation.

20. Specify a task name and clear the selection of

the Using Network Agent item.

21. Select Move unassigned devices to group and

choose Managed devices.

22. Specify an account having administrator’s rights

on a device where you’re installing Network
Agent.
23. Select Run the task after the Wizard finishes
and close the Wizard.

24. Go to Devices – Tasks.

Select the newly created installation task and

click Result.

25. Make sure that this task completed successfully.

26. Select the Kaspersky Endpoint Security for Linux
installation package and click + Deploy.

27. Select the Using the remote installation task

deployment method.

28. Select the Network Agent package to be

installed with Kaspersky Endpoint Security for
Linux. It is impossible to skip Network Agent
selection on this step.
29. Select a device for installation.

30. Specify a task name.

31. Select Do not move devices, because the

device is already in the Managed devices
group.

32. Select No account required (Network Agent

installed).

33. Select Run the task after the Wizard finishes

and close the Wizard.
34. Go to Devices – Tasks.

Select the newly created installation task and

click Result.

Make sure that this task completed successfully.

35. Now it is necessary to create tasks to activate

Kaspersky Endpoint Security for Linux
databases and update its databases.

Make sure that you are in the DEVICES –

TASKS section.

In the right pane click + Add.

36. Select Kaspersky Endpoint Security for Linux

in the Application field and Update in the Task
type.

37. Select Managed devices to assign the task.

38. Select Open task details when creation is

complete and close the wizard.
39. In the Update task properties switch to the
SCHEDULE tab. In the Scheduled start: select
When new updates are downloaded to the
repository.

Close the task properties.

40. Create the Add a key task.

In the DEVICES – TASKS section in the right

pane click + Add.

41. Select Kaspersky Endpoint Security for Linux

in the Application field and Add a key in the
Task type.

42. Select Managed devices to assign the task.

43. Choose a key from the Kaspersky Security
Center key storage.

44. Do not use this key as additional key. Skip this

step.

45. Close the wizard.

46. Select the Add a key task and click Start.

47. Wait for a while. Click on Result. Make sure that

the task completed successfully.
48. Create an administration policy for Kaspersky
Endpoint Security for Linux.

Go to DEVICES – POLICIES & PROFILES.

In the right pane click + Add.

49. Select Kaspersky Endpoint Security for Linux.

50. Read the terms of the Kaspersky Security

Network agreement and select I agree to use
Kaspersky Security Network.

51. Configure the policy settings if necessary and

save the policy.

After completing these steps, you successfully deployed Kaspersky protection in your network.
Capability scenarios
File Threat Protection
In this scenario we will demonstrate File Threat Protection of Kaspersky Endpoint Security 11 for Linux.

Evaluation steps:

1. Disable Web Threat Protection.

2. Download the EICAR test file from the Internet.
3. Check the event log.

Expected results:

The EICAR test virus file will be deleted by a File Threat Protection On-Access Scan as soon as it’s downloaded.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the DEVICES –
POLICIES & PROFILES section.

Click on the KES for Linux policy properties,

switch to the APPLICATION SETTINGS tab –
Essential Threat Protection section and in the
right pane click on Web Threat Protection

2. Disable Web Threat Protection and close this

window.
3. Click on File Threat Protection.

4. Make sure that File Threat Protection is

enabled and close the policy properties.

5. Switch to the protected Linux device and open

Firefox.

Go to https://www.eicar.org/?page_id=3950 and
try to download the eicar.com file.
Check that the file has been downloaded and
that it’s been deleted after downloading.

6. You can also view the event either in the local

KES GUI or in the Kaspersky Security Center
Administration Console.

To do that in the Kaspersky Security Center Web

Console go to MONITORING & REPORTING –
EVENT SELECTION – click on Critical events.
7. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated File Threat Protection of Kaspersky Endpoint
Security 11 for Linux.

Web Threat Protection

In this scenario we will demonstrate that using Kaspersky Endpoint Security 11 for Linux you will protect your
computer from the web threats.

Evaluation steps:

1. Enable the Web Threat Protection component in the administration policy.

2. Try to access a malicious web-page (test page in this case).
3. Review the events.

Expected results:

Access to the malicious web-page will be blocked by the Web Threat Protection component.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the DEVICES –
POLICIES & PROFILES section.

Click on the KES for Linux policy properties,

switch to the APPLICATION SETTINGS tab –
Essential Threat Protection section and in the
right pane click on Web Threat Protection.

2. Check that Web Threat Protection is enabled. If

not, enable it and close the policy properties.
 3. On the protected machine open a web browser
and try to access one of the following pages:

https://www.kaspersky.com/test/wmuf
https://www.kaspersky.com/test/aphish_h

Check that they are blocked by Web Threat

Protection.

4. You can also view the event either in the local

KES GUI or in the Kaspersky Security Center
Administration Console.

To do that in the Kaspersky Security Center Web

Console go to MONITORING & REPORTING –
EVENT SELECTION – click on Critical events.

5. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can protect your computer from the web threats.

Network Threat Protection

In this scenario we will demonstrate that Kaspersky Endpoint Security 11 for Linux can detect and block network
attacks.

Evaluation steps:

1. Ensure that Network Threat Protection component is enabled.

2. Download and install Nmap to the “attacker” computer.
3. Download and install the Netcat utility on the protected system.
4. Try to transfer a test file from the “attacker” host to the protected system.
5. Check the event log.

Expected results:

The Network Threat Protection component will detect the network attack and block the attacking computer.

Instructions:
1. Open the Kaspersky Security Center Web
Console and switch to the DEVICES –
POLICIES & PROFILES section.

Click on the KES for Linux policy properties,

switch to the APPLICATION SETTINGS tab –
Essential Threat Protection section and in the
right pane click on Network Threat Protection.

2. Make sure Network Threat Protection is

enabled.

If not, enable it and set the following value for

the Block the attacking host for (min) option: 1
min.

Save and close the policy properties.

3. To install the Netcat utility it is necessary to do the following:

• For Windows: download and install the Nmap utility. Ncat is included in the distribution package of Nmap
• For Linux: download and install Ncat from the following link https://nmap.org/download.html or you can
install the Netcat utility via a terminal, e.g. for Ubuntu execute the following command:

sudo apt install netcat

4. On the protected computer open terminal and run the following command with elevated rights:

nc -l 80 > umids_Test.Eicar.Ban.pcap

where umids_Test.Eicar.Ban.pcap – is arbitrary file name.

Netcat will start listening port 80 in order to receive a file.

5. On the attacker host in the Command Prompt open a folder with Ncat (it is in the nmap installation folder) and
run the following command:
Ncat 10.0.0.3 80 < umids_Test.Eicar.Ban.pcap
where umids_Test.Eicar.Ban.pcap is the test file to be transferred to the protected host. If the file is not
in the same folder as Ncat, then you should specify the full path to the file.
 For Kaspersky employees: request the umids_Test.Eicar.Ban.pcap file from [email protected].

6. Check that the connection was forcibly closed by

the protected host.

You can view the event in the Kaspersky

Security Center Administration Console.

To do that in the Kaspersky Security Center Web

Console go to MONITORING & REPORTING –
EVENT SELECTION – click on Critical events

7. Check that there are events related to the recent

network attack detection.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can detect and block network attacks.

NB: if you performed this attack from the Kaspersky Security Center host, it may be blocked on the protected
host, so there it may be delay in the event appearing on Kaspersky Security Center.

Behavior Detection
In this scenario we will demonstrate that Kaspersky Endpoint Security 11 for Linux can detect and block malicious
activity by using behavior detection.

Evaluation steps:

1. Try to run a test file on a target Linux device.

2. Check the results.

For Kaspersky employees: request a test file for this scenario from [email protected] .

Expected results:

The Behavior Detection task will detect and delete the test file.

Instructions:
1. Open the Kaspersky Security Center Web
Console and switch to the DEVICES –
POLICIES & PROFILES section.

Click on the KES for Linux policy properties,

switch to the APPLICATION SETTINGS tab –
Advanced Threat Protection section and in the
right pane click on Behavior Detection.

2. Check that Behavior Detection is enabled.

Otherwise enable it and close the policy
properties.

3. Switch to a protected Linux device.

Run a test file and check that it’s disappeared.

Check reports in the KES GUI. Check that you

see the appropriate event in the Behavior
Detection section.

4. You can also view the event in the Kaspersky

Security Center Administration Console.

To do that in the Kaspersky Security Center Web

Console go to MONITORING & REPORTING –
EVENT SELECTION – click on Critical events.

5. Check that you see the appropriate event.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can detect and block malicious activity by using behavior detection.

Device Control
In this scenario we will demonstrate how to restrict certain types of devices on managed computers using
Kaspersky Endpoint Security 11 for Linux.

Evaluation steps:

1. Configure a policy to restrict using CD/DVD drives.

2. Insert a disk into a CD/DVD drive on the protected system.
3. Review the event log.

Expected results:

Use of CD/DVD drive will be blocked by Kaspersky Endpoint Security 11 for Linux.

For most cases it is common to show the restriction for USB devices, however in a cloud environment it is
easier to demonstrate the Device Control functionality for CD/DVD drives. The process of demonstration is
the same for USB devices and other types of devices.

Instructions:

1. Open the Kaspersky Security Center Web

Console and switch to the DEVICES –
POLICIES & PROFILES section.

Click on the KES for Linux policy properties,

switch to the APPLICATION SETTINGS tab –
Advanced Threat Protection section and in the
right pane click on Device Control.

2. Check that Device Control is enabled and click

Configure settings for devices types.
3. In the Access to storage devices section find
CD/DVD drives and set Block in the Access
column.

Save and close the policy.

4. Switch to a managed computer.

Try to insert a CD/DVD disk or an iso image into

a CD/DVD drive of the protected system. The
use of the drive will be blocked.

You can view the event in the local KES GUI in

the Device Control section.

After completing these steps, you have successfully demonstrated that Kaspersky Endpoint Security 11 for Linux
can block access to forbidden types of devices.
Useful information
1. Online Help is the main source of information.
2. Kaspersky Security Center page on the Kaspersky website. On the Kaspersky Security Center page on the
Kaspersky website, you can view general information about the application, its functions, and features.
3. The Knowledge Base is a section on the Kaspersky Technical Support website. On the Kaspersky Security
Center 13 Linux page in the Knowledge Base, you can read articles that provide useful information,
recommendations, and answers to frequently asked questions on how to buy, install, and use the
application. Articles in the Knowledge Base may provide answers to questions that relate both to
Kaspersky Security Center as well as to other Kaspersky applications. Articles in the Knowledge Base may
also contain Technical Support news.
4. If your question does not require an immediate answer, you can discuss it with Kaspersky experts and
other users in our community. In the community, you can view discussion topics, post your comments, and
create new discussion topics.
5. If you cannot find a solution to your problem, contact Technical Support.
Appendix A: POC success criteria
# Task Success criteria Notes

1. Prepare environment

1.1. Review the requirements POC environments meets all the imposed
requirements

1.2. Download required files All required installation files are downloaded.

2. Setup and deploy

2.1. Install MariaDB server MariaDB server is installed and configured.

Service status check does not return errors.

2.2. Install Kaspersky Security Kaspersky Security Center Administration

Center Server and Administration Consoles are
installed. Kaspersky Security Center is
activated with a valid license

2.3. Install Kaspersky Security You can successfully log into Kaspersky
Center Web Console Security Center Web Console. Basic
configuration is performed without errors in
accordance with the guide instructions.

2.4. Deploy Kaspersky protection Network Agents for Linux and Kaspersky
Endpoint Security for Linux are installed on
the target devices

3. Capability scenarios

3.1. File Threat Protection EICAR test virus file is detected

3.2. Web Threat Protection Access to the malicious web-page is blocked

by the Web Threat Protection component

3.3. Network Threat Protection Network attack is detected

3.4. Behavior Detection Behavior Detection detected and deleted the

test file

3.5. Device Control Use of the forbidden device type is denied