P a g e 1 | 27

1

Deploying Kaspersky Endpoint Security for Mac v 10

Document purpose

Due to the unique nature of the Mac OS X (OS ten) operating system, we cannot install Endpoint

Security for Mac using the same remote installation tasks we would with Windows endpoints. The

following means to describe how to install and partially automate that installation.

Contents Document purpose ................................................................................................................................. 1

I – Getting Started with prerequisites..................................................................................................... 2

Prerequisite – Download the needed packages ..................................................................................... 2

Prerequisite – installation of the Network Agent ................................................................................... 3

II - Adding KES for Mac to the Security Center............................................................................................ 3

III – Creating the Mac Installation package ................................................................................................. 4

IV – Creating the Mac group, tasks and policy .......................................................................................... 10

Configure the Automated installation of KES for Mac .......................................................................... 11

Create the Update task for Mac ........................................................................................................... 11

Create the Weekly Scan Task for Mac .................................................................................................. 14

Creating the Mac Policy ........................................................................................................................ 17

V - Creating a Mac Relocation Rule........................................................................................................... 25

P a g e 2 | 27

2

I – Getting Started with prerequisites.

Prerequisite – Download the needed packages

1. Connect to http://support.kaspersky.com/kes10mac#downloads and click on the green Files

box (Outlined in red, below)

2. In this menu, we need to download this item to get the KES for Mac installer:

https://products.s.kaspersky-labs.com/multilanguage/workstations/kesmac/kesmac10.1.0.622b.zip

Next, to provide connectivity to the KSC, the Network Agent component will also need to be

downloaded and installed

https://products.s.kaspersky-

labs.com/multilanguage/workstations/kesmac/klnagentmac10.4.0.43.zip

P a g e 3 | 27

3

and, finally, download this link to add the ability to create tasks and policies for the Mac

https://products.s.kaspersky-labs.com/multilanguage/workstations/kesmac/klcfginst.exe

The following document outlines the manual installation of the Network Agent, and the automatic

installation of the KES client for Mac on the Security Center.

Prerequisite – installation of the Network Agent As noted above, the Network Agent is not installed using the KSC remote installation tasks. In order to

get the Network Agent installed, there are two means to do this.

a. Extract the .DMG file from the klnagentmac 10.1.0.16.mlng_en_ru.zip and run it manually. As it

is installed, you are prompted by the installer for the KSC address – please use the IP Address.

b. Use your Mac package management solution or Apple Remote Desktop to install the Network

Agent – an install.sh script is included in order to automate the installation and addition of the IP

address of the Kaspersky Security Center.

II - Adding KES for Mac to the Security Center.

1. When the Endpoint Security package is unzipped, there are the following items in the new

folder:

P a g e 4 | 27

4

2. Double click the Security Center Console Plugin folder, then the English folder. In here, right click

on the klcfginst.exe file and select Run as Administrator as shown:

NOTE: Once the installer begins, you will see some displays flash and the process completes without

any notification.

III – Creating the Mac Installation package

1. Open the Kaspersky Security Center console, and in the left hand pane, expand Remote

Installation, and click on Installation packages.

Click Create Installation Package, outlined in red below

P a g e 5 | 27

5

2. In the next display, click the top button to ‘ Create an Installation package for a Kaspersky Lab

application’

3. In the next screen, type in a package name, such as ‘KES for Mac 10’ as below, click Next:

P a g e 6 | 27

6

4. In the following screen, click Select to find the package descriptor, found where the KESMAC zip

file was expanded, highlight and click Open:

5. At the next screen, uncheck the item to Copy updates from repository to installation package,

and click Next to create the installer.

P a g e 7 | 27

7

Accept the license agreement by checkbox and click Next:

The installation package is created:

P a g e 8 | 27

8

6. In the next screen, select the items to be installed – Take all by default and if needed, check off

“I agree to participate in Kaspersky Security Network” at the bottom as well, click Next:

7. Click Finish and the package is complete:

P a g e 9 | 27

9

8. Next, we want to embed the license in the installation package, so the services start the minute

the installation is completed. To do this:

a. In the Installation packages window, double click the Mac installation package just created

and in the left hand pane, click Key

P a g e 10 | 27

10

Click Select to choose the key and click OK (Not Add – that will move you an incorrect screen.)

and then click OK again to exit the package.

IV – Creating the Mac group, tasks and policy

1. In the left hand pane of the Security Center, right click on Managed Computers and select New, then

Group and name the group Mac Workstations (Note – groups can easily be renamed)

P a g e 11 | 27

11

Configure the Automated installation of KES for Mac

1. Right click the Mac Workstations group, and select Properties.

In the left hand pane, select Automated Installation and check off the KES for Mac 10 installation

package created earlier.

Now, when the relocation rule is run, the machine will be relocated to the Mac Workstations

subgroup and the software, including the license will be automatically installed.

Next, click that same Mac Workstations group in the left hand pane of the Security Center and click on

Tasks at the top of the display

In this area we have two tasks to create – Update and Weekly Scan

Create the Update task for Mac

1. Click on Create a task in the top center, and name the task Update and click Next:

P a g e 12 | 27

12

2. In the next screen, look through the list, finding the Kaspersky Endpoint Security for Mac, and

select Update as shown,

3. Click Next through the update type screen

P a g e 13 | 27

13

4. In this screen, select the schedule as “When updates are downloaded to the repository” as

shown, click Next and then Finish in the last screen to complete the task.

P a g e 14 | 27

14

Create the Weekly Scan Task for Mac 1. Click on Create a task in the top center, and name the task Weekly Scan and click Next:

2. Then, in the list, find Endpoint Security 10 for Mac, select Virus Scan, click Next

P a g e 15 | 27

15

3.

4. In the next screen, click the top Settings button:

In here, check off next to “Scan only new and changed files” as outlined below, and click OK

Click the bottom Settings button next and in this screen, uncheck the outlined item “Scan

Network Drives, click OK, then Next,

P a g e 16 | 27

16

5. In this screen, select Weekly from the dropdown menu and pick a day and time for the scan.

Click Next and Finish in the next screen to complete the wizard

P a g e 17 | 27

17

Creating the Mac Policy To define the protection settings for Endpoint Security for Mac, we apply a policy. To create this policy:

1. In that same Mac Workstations group, click on the Policies tab in the top center, and then click the

Create a Policy as outlined in red, below:

2. In the next screen. Type in a name such as Mac Policy and click Next

P a g e 18 | 27

18

3. In the next screen, click on the Endpoint Security 10 for Mac policy type, as shown, click Next:

4. In this Protection screen, take the defaults (UNLESS the customer has an application they need an

exclusion for – if that is the case, click Edit to put the application in the Trusted Zone, otherwise click

Next:

P a g e 19 | 27

19

5. In the File Anti Virus window, again, go with the main defaults at first, but click Settings:

In this screen, click the Protection scope tab and unselect the Network Drives item – leave the others

at defaults, click OK, then Next.

P a g e 20 | 27

20

6. Web Anti-Virus

In the next screen, click Next to accept the default Settings for Web Anti- Virus – note that you

can click settings if you would like to set certain web sites as excluded from Web AV:

7. Network Attack Blocker.

P a g e 21 | 27

21

(Click Exclusions if you have a machine that is performing network scans or such to avoid a false positive)

In the Update window, take the defauits here as well.

Note – if there is a need to change/add update locations, click Settings to edit them. (The KL

Corporate servers are the default)

8. Next up is the KSN Screen – click the checkbox to participate at the top, click Next:

P a g e 22 | 27

22

9. In the next screen, User Interaction, be sure to uncheck the Show Quit item outlined below or the

users will be able to shut down KES for Mac! Click Next to continue.

P a g e 23 | 27

23

10. The next screen is the proxy settings – click the top radio button to disable the proxy setting, click Next:

11. Click Next to continue through the Reports screen,

12. Click Finish to complete the wizard and make the policy active.

P a g e 24 | 27

24

P a g e 25 | 27

25

V - Creating a Mac Relocation Rule

1. In the left hand pane of the Kaspersky Security Center, select the Unassigned Devices node and right click,

selecting Properties.

In this first screen, click Add:

P a g e 26 | 27

26

2. Then, in the next screen, add the following items:

a. Name this the Mac Relocation Rule

b. Click Select to pick the Mac Workstations group from under Managed Computers

c. Put a checkmark next to Enable rule

C

P a g e 27 | 27

27

3. In the left hand pane of the rule, select Applications – in here:

a. Under ‘Network Agent is running’, select the pulldown and select Yes, as shown below

b. Put a checkmark next to Operating system version, as shown below

c. Select Mac OS X under Operating system, as shown below

Click OK twice to close and return to the KSC.