Возможно и так, но полагаю, для таких случаев удобней пользоваться перенастроенной политикой, которую включать при необходимости для того или иного АРМ, где отключать самозащиту, а не просто тупо доверять той или иной программе.
Именно это Мною и имелось ввиду, т.к. согласно вопроса ТС было не понятно, каким образом управляется программный продукт, и что значит "удалённо решить вопрос", где можно понять, как удалённо на компьютере пользователя как и с помощью политик "KSC".
We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution.
Next year we want one platform to monitor every endpoint security status.
1. Kaspersky XDR
I have read the datasheet of XDR. It seems like an unified platform to monitor everything.
In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR.
My questions are:
1. Is XDR a basic KATA or just KUMA system?
2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"?
Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR.
But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response.
My question is:
1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly.
Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version.
They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us.
Yeah, yeah thanks ... that makes more sense ...
let me tell you how I see it, now ...
You have a KSC server (let's call it KSC-1) installed in an external loop (with internet access), it is in charge of receiving updates and servicing clients on your network. You copy the Update folder from KLShare and move it to the closed loop (without internet access) behind an air gap where it is not possible to connect to KSC-1.
KSC-2 and KSC-3 servers serving internal clients are located in the closed loop.
That's what I'm thinking.
So let's get started.
1. As a recommendation, I would not recommend copying the Update folder of their KLShare directly. At the moment of copying, some files may be busy, for example when the update download task is running, and may be copied incompletely or with an error.
On KSC-1 in the task of downloading updates to the repository, create an additional setting - Copy updates to external folder.
also try using the blue marked bases loading option ...sometimes this helps to solve the problem.
after the task is completed ... you will have a copy of the databases that you can safely take back.
2. There is an assumption that your KSC-1 does not know what it needs to download for KSC-2 and KSC-3.
KSC-1 - supports the following solutions - KES 11.8, 11.9 and KSWS 11.0.0.
KSC-2 - supports the following solutions - KES 11.9 and KSWS 11.0.1
KSC-3 - supports the following solutions - KES 11.9, 12.x and Linux
In this case KSC-1 - will not download any databases for KSWS 11.0.1, KES 12.x, and Linux products, as it has no idea that they are in the system KSC-2 and 3, respectively these products will not receive the necessary updates.
In order for KSC 2 and 3 to get everything you need you need to have on KSC-1 all the necessary plugins for ALL PRODUCTS of all ververs in your network and installation packages for these products.
i.e. check, update (if necessary) or install all necessary plugins and create packages for all products on KSC-1.
in our application you should have at least the plugins for
new versions will override the needs of old ones (12.x will override 11.9 and KSWS 11.0.1 will override 11.0.0).
In general, double-check all product versions on all your servers, and update KSC-1 to your current versions or add missing versions.
I hope this helps.