Business products
Workstations & Servers protection

Workstation protection

File server protection

Mail system protection

Perimeter protection

Administration Kit

Kaspersky Administration Kit 8.0

Kaspersky Administration Kit 6.0 MP1/MP2

Operating principles

Implementing in network

Complex-components uninstalling

Troubleshooting

All articles

Kaspersky Administration Kit 5.0 MP3 (builds 5.0.1104 - 5.0.1152)

Support lifecycle of applications for remote management

Kaspersky Hosted Security Services

Fighting malicious programs
How to disinfect...

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.

Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.

Read the same in:

Home / Business products / Administration Kit / Kaspersky Administration Kit 6.0 MP1/MP2 / All articles

Kaspersky Administration Kit 6.0 MP1/MP2

All articles [197]

More Sections

Events in work of the Administration Server and logical network
ID Article: 1105	Other languages:	17	2007 Nov 15 16:10	Printable version

Concerning to Kaspersky Administration Kit 6.0 MP1

All events that occur during the work of the Administration Server and the logical network in may have the following severity levels:

Critical

License restriction for this key exceeded – message that the number of computers with the key installed exceeds the number of keys over 10%: the license agreement with Kaspersky Lab is broken.

Virus outbreak – notification that threshold of virus activity allowed in the logical network has been exceeded. The threshold of the allowed virus activity can de defined in the Server properties on the Virus outbreak tab.

The Virus outbreak event of the Administration Server is formed based on the events Virus found and Detection of viruses, worms, Trojans, hack tools event in the Anti-Virus work. I.e. if you want to save this event in the Administration Server database, enable this function (in the Anti-Virus policy check in Windows Event Log on Administration server).

The generating frequency of the Virus outbreak event depends on the conditions to form this event on the Virus outbreak tab in the Administration Server properties – if the event should be generated in case 5 viruses are detected within 1 hour then correspondingly it will be generated once an hour.

Connection lost with host – fail to connect to the Administration Agent on a client computer, but the computer responds to ping. The notification may mean that Administration Agent was deleted on the remote computer.

Computer status “Critical” – when scanning the network a computer with the settings that correspond to the “Critical” status is found. The conditions to grant different statuses to computers can be configured for each administration group separately (in its properties).

Error

No free space on hard disc – no space on the disc which is used for work and to store information of the Administration Server.

Public access folder is unavailable – the folder in which updates of anti-virus database and application modules are stored is unavailable.

The Administration Server database is unavailable – the message means that either the SQL-server or the Administration Server database is unavailable. Make sure the SQL-server is running and that there were no problems when opening the Administration Server database. The SQL-server states all errors in the Program Files\Microsoft SQL Server\MSSQL[$<sample_name>]\LOG\ERRORLOG* files.

There is no space in the Administration Server database – the message is displayed if MSDE is used. It means that the database is nearly full. If the database is full you need to delete the events (the Events node in the console tree). Actually beginning from the Kaspersky Administration Kit 5.0.369 version unnecessary events are deleted automatically (by default, 400 000 events are stored – see the Administration Server settings on the Settings tab).

Warning

License restriction for this key exceeded – the notification that key is installed on the number of computers equal to the number of licenses, defined by the key, i.e. the key cannot be installed any more – otherwise the license agreement with Kaspersky Lab is broken.

Computer inactivity period has been too long – the parameter is defined for each group of the logical network (in the group properties, on the Computers tab) and spreads on the computers of the group. By default the parameter is enabled and is equal to 7 days.

Host names conflict – within one level of the hierarchy computer names are not unique.

Little free space is left on the hard drives

The Administration Server database is full - the message is displayed if MSDE is used. It means that the database is nearly full. It means the database is 90% full. You need to delete unnecessary events (the Events node in the console tree)

Computer status is “Warning” - when polling the network a computer with the settings that correspond to the “Warning” status is found. Conditions when statuses are granted to computers are set for each administration group separately (see details). They can also be defined in the Administration Server policy.

Connection to slave server lost

Disconnected from master server

Info

License restriction for this license key used more than 90%– message that the licenses in use are coming to an end. The administrator should think about purchasing additional licenses, if the number of client computers in the logical network will be growing.

New host found – when scanning the network a new client computer has been found.

Host automatically added to group – new client computer was added to the group according to the parameters of the Network group (in the group properties, on the Computers tab)

The computer has been inactive for too long and is removed from the group – the parameter is defined for each group of the logical network and of the Network group (in the group properties, on the Computers tab) and spreads on all computers of the group. By default the parameter is enabled and equals to: for groups of the logical network – 60 days, and for the Network group – 14 days.

Connection to slave Server established

Connection to main server established

Audit: connection to the Administration Server

Audit: Object modified

Audit: Object status modified

Audit: Group settings modified

Parameters of each event can be configured in the properties window of the Administration Server or on the Event processing tab in the Server policy.

Events are stored in the Administration Server database and are imaged in the Events node of the console tree. By default, the parameter to store all events is enabled: events of the Critical and Error statuses are stored on the Server for 180 days, and of the Warning status – for 60 days, and of the Info status - for 30 days.

If necessary you can store information about the mentioned events in the Windows Events Log (click the Advanced button and check Store events in server's Windows Events Log checkbox).

You can notify the administrator about an event by sending email, using NET SEND or by running the executable file. You can define the necessary parameters in the Advanced window. To open the window, click the Advanced button. In the window you can define notification parameters sent by email, default net send notification computers and the path to the executable file.

But if all these parameters are already defined in the Administration Server properties on the Notification tab then you should not define them once again.

Parameters to store and to send information about the occurred events are defined for each event SEPARATELY. Highlight EACH event and define its parameters. To configure the settings for several events at a time highlight them by pressing the buttons Shift and Ctrl (or click the Select all button to highlight all events).