Jump to content
OSIPR

How to install and configure Kaspersky in an Remote Desktop Service environment

Recommended Posts

Hello,

I'm configuring a Windows 2019 server with the remote desktop services and I'm confused on how to install and configure Kaspersky. I will have several users connecting with their own desktop session using Microsoft RDP. How do I install/configure Kaspersky in this type of environment? One example is, that for Office365 I only install the suite once for all the users. I didn't have to install the binaries for each user. I will like to know if it is possible to do that with Kaspersky. Or I install the agent not thinking about the remote users but the server and by having the agent protecting the server all "desktop sessions" will be protected.

After the installation, how do I configure the agent in this type of environment.

My other question is about licensing. I have two set of licenses, Kaspersky Endpoint Security for Business - Advanced and Kaspersky Security for Virtualization. I never come to use the licenses for Virtualization and they are near expiration date for renewal. I don't know if I have to buy any other type license, if I'm covered by the virtualization licenses and I do have to renew them or if I don't need those at all or if I'm covered with the advance licenses.

Please advice.

Share this post


Link to post
5 часов назад, OSIPR сказал:

Hello,

I'm configuring a Windows 2019 server with the remote desktop services and I'm confused on how to install and configure Kaspersky. I will have several users connecting with their own desktop session using Microsoft RDP. How do I install/configure Kaspersky in this type of environment? One example is, that for Office365 I only install the suite once for all the users. I didn't have to install the binaries for each user. I will like to know if it is possible to do that with Kaspersky. Or I install the agent not thinking about the remote users but the server and by having the agent protecting the server all "desktop sessions" will be protected.

After the installation, how do I configure the agent in this type of environment.

My other question is about licensing. I have two set of licenses, Kaspersky Endpoint Security for Business - Advanced and Kaspersky Security for Virtualization. I never come to use the licenses for Virtualization and they are near expiration date for renewal. I don't know if I have to buy any other type license, if I'm covered by the virtualization licenses and I do have to renew them or if I don't need those at all or if I'm covered with the advance licenses.

Please advice.

Hello!

Please, specify the versions of products, that you use.

Thank you!

Share this post


Link to post

Hello Dmitry,

If you mean the version of central console it is Kaspersky Security Center 10 if you mean the version of the agent that is running in the computers it is 11.0.0.6499

Please advice.

Share this post


Link to post

Evgeny thanks for your responce,

The document you provided is for initial installation and setup of Kaspersky Security Center. I already have the security center up and running in a dedicated server and also the endpoint agent is installed on more that 60 computers. I'm adding a new setup were the users will be connecting to a new separate "terminal server" (Windows Server 2019 running remote desktop services), and their "desktop sessions" will be running from that new server. The server is part of the domain but is not running the Kaspaersky Security Center, neither the domain controller/active directory. The users will not be running on separate virtual machines, is one server with multiple concurrent sessions.

I search the link you sent me but didn't found anything related to what I'm describing, for example, a new questions:

If I should only care about the server and I install the endpoint agent for the server, then one of the users introduce a virus that gets detected by the anti-virus, How can I determine what particular user introduce the virus?

Please advice.

Share this post


Link to post

Hi,

Цитата

several users connecting with their own desktop session using Microsoft RDP

In that case it`s more suitable to use KSWS10 to protect server(terminal server) and sessions.

 Kaspersky Endpoint Security for Business - Advanced license is suitable for KSWS10.

Thank you!

Share this post


Link to post

Nikolay thanks,

With the information that you provide I check the file "Compatibility List.txt" and this is the list of products covered by the license that I have:

XXXXXXXXX.key
 Kaspersky Anti-Virus for Linux Workstation
 Kaspersky Anti-Virus for Windows File Servers
 Kaspersky Anti-Virus for Windows Workstations
 Kaspersky Anti-Virus for Novell NetWare
 Kaspersky Anti-Virus for Linux File Server
 Kaspersky Anti-Virus for Samba Servers
 Kaspersky Endpoint Security for Linux Workstation
 Kaspersky Endpoint Security for Mac
 Kaspersky Endpoint Security 8 for Windows (Workstations component)
 Kaspersky Endpoint Security 8 for Windows (Servers component)
 Kaspersky Endpoint Security 10 for Windows (Servers component)
 Kaspersky Endpoint Security 10 for Windows (Workstations component)
 Kaspersky Endpoint Security for Smartphone
 Kaspersky Security for Mobile
 Kaspersky Anti-Virus 5 for Windows Workstations
 Kaspersky Anti-Virus for Windows Workstation for R-Style
 Kaspersky Anti-Virus for Windows Workstation for Aquarius
 Kaspersky Anti-Virus for Windows Workstation for DEPO
 Kaspersky Endpoint Security 10 for Mac
 Kaspersky SafeBrowser for iOS
 Kaspersky SafeBrowser for WinPhone
 Kaspersky Endpoint Security 10 for Linux
 Kaspersky Security 10 for Windows Server

So, I'm covered since Security 10 for Windows Server is listed. Now, all the installations that I have done are on Windows 10 computers, How do I get the specific installer for Server?

I still have a doubt. Here I'm protecting the server in general but still I will not have detailed information for each remote user session, correct? The agent will detect a threat but the concept, the notion, that I have in mind where the agent is aware of each individual "user desktop session", is incorrect, right?

I have no control of what computers are the users going to use for the remote session.

 

Share this post


Link to post

For better protection you should use KES11 at user hosts and KSWS10 at server.

The thing is that KSWS10 is a special solution for servers and it is optimized for server OS versions.

Thank you!

Share this post


Link to post

Nikolay I appreciate very much your response and I will follow your suggestion and install KES11. Still I have the same question.

How is the anti-virus system aware of each individual remote desktop session?

Let me explain myself through examples:

1) User John, Peter and Paul are using dumb graphical terminal clients to connect and establish a remote desktop session against a single Windows server acting as a remote desktop server (terminal server).

2) Each user connects at the same time to the server each on their own  separate desktop session.

3) Form within his remote desktop session, John open his web browser and enter to a scam/phishing/malicious web site. How does the anti-virus system reports that the threat came from John session but not from Peter or Paul session?

4) In his own session Paul download an executable file with a virus and runs it. How does the system handle the threat and reports that it was Paul the culprit for that particular event but not John or Peter?

5) Peter at the same time is running Outlook within his "desktop session" and opens a phishing email. How does the system determine that the event came from Peter by opening his own email and not from John or Paul? 

Share this post


Link to post

Quick note just to let you know that KSWS10 was installed not KES11 that was a typo that I made by mistake.

KSWS10 was installed, the database updated and the server is properly listed in the Kaspersky console.

Now I need to figure out how to get event reports for each user.

Share this post


Link to post
В ‎20‎.‎12‎.‎2018 в 20:50, OSIPR сказал:

3) Form within his remote desktop session, John open his web browser and enter to a scam/phishing/malicious web site. How does the anti-virus system reports that the threat came from John session but not from Peter or Paul session?

Each log record about this will have the user name in it. Just make sure to have the latest patch for KSWS 10.1 installed: https://support.kaspersky.com/14306 . Because prior to this patch we had a bug where each log record would have SYSTEM as the user name.

В ‎20‎.‎12‎.‎2018 в 20:50, OSIPR сказал:

4) In his own session Paul download an executable file with a virus and runs it. How does the system handle the threat and reports that it was Paul the culprit for that particular event but not John or Peter?

Each log record for the detection event will have the name of the user who tried to launch the file with a virus.

В ‎20‎.‎12‎.‎2018 в 20:50, OSIPR сказал:

5) Peter at the same time is running Outlook within his "desktop session" and opens a phishing email. How does the system determine that the event came from Peter by opening his own email and not from John or Paul

Each log record about malicious mail detection will have the name of the user who tried to open this email.

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.