Security Overview

Endpoint Security (KES) provides security protection for managed machines, using fully integrated anti-malware technology from AVG Technologies. The term malware encompasses viruses, spyware, adware and other types of unwanted programs. Endpoint Security automatically cleans or removes infected files and other threats such as trojans, worms and spyware. Endpoint Security continuously monitors the security status of all Windows servers, workstations and notebooks installed with security protection. Alarms can be triggered by security protection events and can include sending email notifications, running procedures, and creating job tickets.

Centrally managed security profiles are defined and deployed to machines using the VSA console interface. Changes to a security profile automatically update all machines using that profile. Endpoint Security comes with a pre-defined standard security profile and enables you to create customized security profiles.

All security protection events are logged within the system and available for executive summary and detailed management reporting. Once deployed, updates are handled automatically on a scheduled basis without the need for user interaction.

Anti-Virus Protection

Based on the security profile, Endpoint Security removes infected files or blocks access to them:

Scans the system registry for suspicious entries, temporary internet files, tracking cookies, and other types of unwanted objects.
Detects computer viruses by:
- Scanning - Performs both on-access and on-demand scanning.
- Heuristic Analysis - Dynamically emulates a scanned object’s instructions within a virtual computing environment.
- Generic Detection - Detects instructions characteristic of a virus or group of viruses.
- Known Virus Detection - Searches for character strings characteristic of a virus.
Scans Email - Checks incoming and outgoing email by using plug-ins designed for the most frequently used email programs. Once detected, viruses are cleaned or quarantined. Some email clients may support messages with text certifying that sent and received email has been scanned for viruses. In addition, for an increased level of security when working with email, an attachment filter can be set by defining undesirable or suspect files.
Memory-Resident Protection - Scans files as they are copied, opened or saved. If a virus is discovered, file access is stopped and the virus is not allowed to activate itself. Memory resident protection is loaded into the memory of the computer during system startup and provides vital protection for the system areas of the computer.
On Demand Scans - Scans can be run on-demand or scheduled to run periodically at convenient times.
Scans MS Exchange Servers - Scans inbound and outbound email messages and mailbox folders on MS Exchange Servers against virus/spyware/malware threats and deletes them immediately before email recipients of the MS Exchange Server are infected.
Scans Websites and Downloads - Scans websites and website links. Also scans files you download to your computer. Provides a safety rating for links returned by popular search engines.
ID Protection - Prevents targeted theft of passwords, bank account details, credit card numbers, and other digital valuables using "behavioral analysis" to spot suspicious activity on a machine.

Anti-Spyware

Spyware is software that gathers information from a computer without the user's knowledge or consent. Some spyware applications may also be secretly installed and often contain advertisements, window pop-ups or different types of unpleasant software. Currently, the most common source of infection is websites with potentially dangerous content. Other methods of transmission include email or transmission by worms and viruses. The most important protection against spyware is using a memory resident shield, such as the cutting edge Endpoint Security spyware component. A memory resident shield scans applications in the background as they run. Endpoint Security anti-spyware protection detects spyware, adware, DLL-trojans, keyloggers, malware hidden in data streams, archives, spyware entries in the Windows registry and other types of unwanted objects.

Note: See System Requirements.

Endpoint Security Licensing

Each MSE KES seat license allows the Customer to install and use an MSE KES agent perpetually and also to receive Updates for a Subscription Term of 365 consecutive days. The update Subscription Term runs independently for each seat and begins upon the date of installation of the MSE KES agent on a machine and allows the Seat to receive the KES Updates released during the Subscription Term. All Updates released during the Subscription Term are also licensed on a perpetual basis; provided that once the Subscription Term terminates or is not renewed the right to receive new KES Updates terminates.

Issuing a new Seat License to a machine with an existing Subscription Term causes the Terms to merge and thereby adds 365 days to the time otherwise remaining on the seat’s Subscription Term. Any transfer of such a merged Term to a new machine will cause all remaining days for both previous seats to be transferred.

The appropriate KES seat license must be obtained for each machine and/or Exchange Mailbox protected. The Customer may only deploy MSE KES on a machine that has a valid VSA license. MSE KES licenses can be centrally managed using Kaseya’s Web User Interface.

Note: KES licenses are allocated to group IDs using System > License Manager.

Functions	Description
Dashboard	Provides a dashboard view of the status of machines installed with Endpoint Security.
Security Status	Displays the current security status of machine IDs.
Manual Update	Schedules updates of the latest version of security protection definition files.
Schedule Scan	Schedules security protection scans of machine IDs.
View Threats	Lists files that have been placed in quarantine due to a suspicious or confirmed threat.
View Logs	Displays the security protection event log of machine IDs.
Extend/Return	Extends the annual license count for selected machines IDs or returns annual licenses from selected machine IDs.
Notify	Provides automatic notification of the expiration of Endpoint Security licenses.
Install/Remove	Installs or removes security protection for machine IDs.
Define Profile	Manages security profiles. Each security profile represents a different set of of enabled or disabled security options.
Assign Profile	Assigns security profiles to machine IDs.
Log Settings	Specifies the number of days to keep security protection log data.
Exchange Status	Displays the status of email protection on MS Exchange servers that have KES installed on them.
Define Alarm Sets	Defines sets of alarm conditions used to trigger alerts using the Apply Alarm Sets page.
Apply Alarm Sets	Creates alarms in response to security protections events.

Topic 2950: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.