Install/Remove: Security

Security > Install/Remove

The Install/Remove page installs or removes security protection for selected machine IDs. The list of machine IDs displayed depends on the Machine ID / Group ID filter and machine groups the user is authorized to see using System > User Security > Scopes. Installation requires a reboot of the managed machine.

Endpoint Security licenses are allocated to group IDs using System > License Manager.

Customizing Warnings about Application Conflicts

Kaseya maintains a list of standard applications that conflict with the Endpoint Security client. You can ensure you are warned about additional applications that conflict with the Endpoint Security client by listing them in a file on the KServer. The typical KServer install location is:

C:\Kaseya\WebPage\AntivirusTab\SeedData\UserConflictExes.txt 

UserConflictExes.txt is a comma separated list of user specified Endpoint Security conflicting programs, one entry per line. Line entries should be formatted as follows:

example.exe, description of example.exe, reason for exclusion, excluded by which tech 

example2.exe, another description, reason, who excluded example2.exe

Use // at the beginning of any line to add comments.

The warning is displayed in the Install Status column of the Install/Remove page. The warning also displays if the conflicting application is installed after the Endpoint Security client is installed and a latest audit is performed. A Endpoint Security application conflict log entry is generated if the Endpoint Security client is installed despite the existence of a conflicting application.

Installing KES on Servers

Installing the following options on servers is not recommended.

• Options In Define Profile
  • Email Scanner
• Options In Installation Options in Install/Remove
  • Web Shield
  • Link Scanner
  • Identity Protection
  • AVG Firewall

Action Buttons

This page provides the following actions:

• Install - Install Endpoint Security on selected machine IDs.

  Warning: Uninstall all anti-virus/spyware/malware software on the managed machine before installing Endpoint Security client software.

• Verify Install - Displays only in Kaseya 2. Updates 5.x KES clients to K2 KES clients. Can also be used to install a K2 KES client when a standalone version of AVG is already installed on a managed machine.
• Remove - Remove Endpoint Security on selected machine IDs.
• Cancel Pending Operation - Cancel either of the first two actions, if they have not yet been completed.
• Edit User Prompts - Edit the warning prompt displayed to users, if a warning prompt is displayed. You can also specify the number of minutes the user is allowed to postpone installation. This option only displays for master role users.
• Reboot Now - Reboots the selected computer. Periodically AVG releases an update that requires a reboot. Reboot Required displays in the Version column.
• Installation Options - Configure the following installation options. These options apply to any installation you subsequently perform. Installation options are defined by VSA user.

  Note: After the Endpoint Security client is installed on a machine ID, the installation options applied to that machine ID can be viewed by clicking the green check mark in the Install Status column.

Install Options

• User Name - If checked, enter a name associated with this install of Endpoint Security.
• Company Name - If checked, enter the name of the company associated with this install of Endpoint Security.
• Target Directory - if checked, enter a target directory. If blank, the default install directory is used.
• Kill all running applications that prevent installation - If checked, stops all running applications that might prevent successful installation.
• Disable Windows Defender - Running Windows Defender significantly degrades the performance of Endpoint Security and should be disabled by default using this option.
• Reboot the computer after installation if needed
  • If checked, AVG reboots the computer after installation. Kaseya does not control this event. While the endpoint reboots, the Install Status column may display a Verifying Installation message. Once the endpoint checks-in again, the installation completes and the Install Status column displays a green checkmark.
  • If blank, Kaseya controls the reboot. The Install Status column displays a Reboot Required button. The user can click the button to reboot the endpoint. Once the endpoint checks-in again, the installation completes and the Install Status column displays a green checkmark.
• Enable end user directory scans - Adds a right-click option to Windows Explorer, enabling the user to scan an individual file or directory immediately.
• Hide AVG system tray icon - If checked, hides the AVG icon in the system tray. If unchecked, the AVG icon displays only after AVG is installed and the machine rebooted.

  Note: AVG changes made by the user locally using the AVG UI are reset each time the machine is restarted and when the profile is re-applied.

Script Options

• Script to run before install - Select an agent procedure.
• Script to run after install - Select an agent procedure.

Components

• Link Scanner - Blocks dangerous websites and checks links returned by the most popular search engines. Does not install to browsers running on Windows Server O/S.
  • Active Safe Search - Scans a link displayed in a web page, before you click it.
  • Search-Shield - Identifies the safety rating for a search link listed in Google, Yahoo and MSN search lists.
• Web-Shield - Scans downloaded files and files exchanged using instant messaging.
• MS Office 2000 - 2007 Add-in - Installs the AVG scanning plugin for Microsoft Office, versions 2000 though 2007.
• Email Scanner - If checked, installation detects the default email client on a machine and automatically installs the respective email scanning plug-in.
• ID Protection - If checked, AVG's Identity Protection option is enabled. Prevents targeted theft of passwords, bank account details, credit card numbers, and other digital valuables using "behavioral analysis" to spot suspicious activity on a machine.
• Firewall (Not managed by Kaseya) - If checked, AVG's firewall option is enabled. Blocks unauthorized access while permitting authorized communications. The Endpoint Security client cannot be used to maintain the blacklists and whitelists required by this option.
• Exchange Server Plug-in (Setting ignored on non-Exchange machines) - If checked, installs Endpoint Security email protection to MS Exchange Servers. This setting is ignored when the Endpoint Security client is installed to a non-MS Exchange Server machine.

Immediate

Check the Immediate box to begin the install as soon as Install is clicked.

Date/Time

Enter the year, month, day, hour, and minute to schedule this task.

Stagger by

You can distribute the load on your network by staggering this task. If you set this parameter to 5 minutes, then the task on each machine ID is staggered by 5 minutes. For example, machine 1 runs at 10:00, machine 2 runs at 10:05, machine 3 runs at 10:10, ...

Skip if Machine Offline

Check to perform this task only at the scheduled time, within a 15 minute window. If the machine is offline, skip and run the next scheduled period and time. Uncheck to perform this task as soon as the machine connects after the scheduled time.

Applied Licenses

Displays the number of annual Endpoint Security licenses applied to machines.

License Pool

Displays the number of additional licenses available: partially-used Endpoint Security licenses and never-used Endpoint Security licenses. Partially-used license are always consumed first.

Install from KServer (override file source)

If checked, installs are downloaded from the KServer. If blank, installs are downloaded using the method specified in Patch Management > File Source.

Select Profile

Selects the security profile to assign a machine ID when security protection is installed.

Prompt user before install / Force install without warning user

Installation requires a reboot of the managed machine. If Prompt user before install is selected, the user is given the option of postponing the installation for a specified number of minutes. Otherwise Force install without warning user causes the software to be installed at the scheduled time without warning the user.

Note: Click Edit User Prompts to specify the number of minutes the user is allowed to postpone the installation.

Auto Refresh

Selecting this checkbox automatically updates the paging area every five seconds. This checkbox is automatically selected and activated whenever Install is clicked.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

Note: Different icon images display when this add-on module is installed in a 5.x VSA. The Remote Control > Control Machine page displays a legend of the specific icons your VSA system is using.

(Select All Checkbox)

Click this checkbox to select all rows in the paging area. If checked, click this checkbox to unselect all rows in the paging area.

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

Install Status

If checked, Endpoint Security client software is installed on the machine ID. If the agent software is earlier than 4.7.1, the message Requires Agent Update displays. If blank, Endpoint Security client sofware is not installed on the machine ID.

Note: After the Endpoint Security client is installed on a machine ID, the installation options applied to that machine ID can be viewed by clicking the green check mark in the Install Status column.

Install Source

If a file source is defined using Patch Management > File Source, then installs are sourced from this location. Otherwise, installs are sourced from the internet.

If the option Download from Internet if machine is unable to connect to the file server is selected in Patch Management>File Source:

• During a Endpoint Security v2.x endpoint install, if the files source is down or credentials invalid, the installer is downloaded from the Kserver and completes the endpoint install.
• During a Endpoint Security v2.x manual update, if the files source is down or credentials invalid, the update is downloaded from the internet.

In both cases above, the View Logs page displays an error message stating why the file source failed and that it is trying to download from the internet.

Installed On

The date Endpoint Security client software was installed on the machine ID.

Version

The version of security protection currently used by this machine ID.

For example: 8.5.322 270.12.6/2084

• 8.5.322 - The version of AVG program installed.
• 270.12.6/2084 - The full virus database version. 270.12.6 represents the definition version and 2084 is the signature version. Displays in red text if the signature version is older than the last 5 signature versions available or if the definition version is older than the last 2 definition versions available and the agent is active.
• [KES 2.1.0.87] - The version of Endpoint Security client software.

Topic 2944: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.