FAQ SonicWall Enforced Client (Kaspersky Anti-Virus and Anti-Spyware) - Questions & Answers
03/26/2020 18 13711
FAQ ' SonicWall Enforced Client (Kaspersky Anti-Virus and Anti-Spyware) - Questions & Answers
1. What are the Next-Generation SonicWall UTM platforms that support SEC (SonicWall Enforced Client)?
Ans: SEC is supported on both Gen. 4 and Gen. 5 SonicWall UTM appliances. On SonicWall UTM appliances running SonicOS v5.8.1 and higher both McAfee and Kaspersky client AV service can be run simultaneously. If the firmware version is lower than SonicOS v5.8.1 then only either McAfee or Kaspersky is supported at any time.
TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless, NSA 240, NSA 2400, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510
Firmware versions supported: All versions
Firmware version 5.8.0.x and lower:
A. Only one Client AV service either Kaspersky or McAfee is supported at any time.
B. If the appliance is already licensed for McAfee service and there is a need to switch to Kaspersky service then the existing McAfee service will get disabled / deactivated upon activation of Kaspersky license and vice-versa
Firmware version 22.214.171.124 and higher:
Both the Kaspersky and McAfee services are supported simultaneously
TZ 150, TZ 150W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SPW, TZ 180, TZ 180W, TZ 190, TZ 190W, PRO 1260, PRO 2040, PRO 3060, PRO 4060, PRO 4100, PRO 5060
Firmware versions supported: All
C. Only one Client AV service either Kaspersky or McAfee is supported at any time on all Gen4 SonicWall UTM appliances.
D. If the appliance is already licensed for McAfee service and there is a need to switch to Kaspersky service then the existing McAfee service will get disabled / deactivated upon activation of Kaspersky license
2. Is SEC Kaspersky Anti-Virus service supported on SonicWall Gen4 UTM Appliances? If so, are there any restrictions?
Ans: Yes, SEC Kaspersky Anti-Virus service is supported on SonicWall Gen4 UTM appliances. However if the SonicWall UTM appliance is already running McAfee AV service then this service will get disabled/deactivated upon activation of the Kaspersky License. On the SonicWall Gen4 UTM appliance only one Client AV service, either Kaspersky or McAfee, is supported at any time. Both cannot co-exist at the same time. The customer needs to select one of these client AV services: Kaspersky or McAfee.
3. Can we have Kaspersky Anti-Virus and McAfee Anti-Virus simultaneously licensed on Gen5 units? If so are there any restrictions?
Ans: Yes, both Kaspersky Anti-Virus and McAfee Anti-Virus services can be licensed simultaneously on SonicWall Gen5 UTM appliances running Firmware SonicOS v5.8.1.x and above, if the firmware version is lower than v5.8.1 then only one service can be licensed and run on the SonicWall UTM appliance.
4. If Kaspersky Anti-Virus is activated on a SonicWall UTM appliance running SonicOS firmware 5.6.x.x and then upgraded to SonicOS 5.8.1.x.x or higher, what additional steps do you have to follow?
Step 1) After the SonicWall UTM appliance is upgraded with the SonicOS v5.8.1 or higher navigate to the license page on the SonicWall UTM management interface UI and manually synchronize the licenses with the SonicWall back-end license manager
Step 2) Go to the Network->Zones page and enable 'Enforce Client AV' on the required zones. (This is required because after the upgrade client AV enforcement on the zone gets disabled)
5. What are the Windows client platforms supported by the SEC ?
Windows XP Home or Professional (with Service Pack2 or later), Windows Vista, Windows 7.1, Windows 8.1, Windows 10
Recommended Memory: 2 GB RAM
Installation and Licensing
6. What are the installation methods for installing SEC Kaspersky?
- Block page from the SonicWall UTM appliance - When client AV is enforced on a zone and user does not have SonicWall enforced client AV installed.
- URL Based installation
- Command line install
- Install through AD Domain Policy push
7. What browsers are supported for the SEC Kaspersky client URL/block page based installation?
Ans: Currently the installation requires ActiveX and hence IE 6 or above is needed to successfully install the product. All other browsers will display an error message.
8. Is there a separate Server Kaspersky Anti-Virus version?
Ans: There is no separate server version available like for SEC McAfee Anti-Virus; the SEC Kaspersky AV client product is designed for Windows clients only.
9. Does the SEC Kaspersky AV license support license sharing?
Ans: No. In the initial release of SEC Kaspersky AV, license sharing on SonicWall appliances is NOT supported.
10. How can we activate the licensing for SEC Kaspersky AV service?
- Through MySonicWall.com ( Buy Now or Activation Key)
- Through SonicWall UTM appliance management GUI
11. What is the default client installation location path for SEC Kaspersky AV client?
Ans: Installation will not prompt for a destination folder but instead will install it at [drive letter:]Program FilesSonicWallSonicWall Enforced Client folder. SEC install will be performed on the same drive that has the Operating System installed.
12. Does SEC Kaspersky AV client detect and uninstall other client AV products?
Ans: During the installation process the SEC Kaspersky AV client will detect other conflicting AV client applications. If it detects SonicWall McAfee AV client then it will automatically start the uninstallation of McAfee AV. In case of other AV client applications the SEC will detect this but the user has to manually uninstall them from the Add/Remove control panel.
13. Is there a SEC Kaspersky Anti-Virus trial version available for the customers?
Ans: Yes, Customers can activate 30 days free trial of 5 users Kaspersky AV service on SonicWall UTM appliances that are not licensed for McAfee
14. What are the license options available for SEC Kaspersky Anti-Virus service?
Ans: The product is Available in 1/2/3 year Subscription Packs of
15. My McAfee Client AV service is expiring in another 3 months but I would like to migrate over to Kaspersky Client AV service. Can SonicWall transfer my remaining 3 months of McAfee service license to the new Kaspersky service?
Ans: No, SonicWall doesn't allow transfer of licenses from one Client AV service (McAfee/Kaspersky) to another. If your SonicWall UTM appliance is a Gen4 appliance currently licensed for McAfee Client AV service and if you activate Kaspersky Client AV service, then the existing McAfee service will be deactivated or vice-versa for Kaspersky service. SonicWall Gen5 UTM appliances running firmware version 5.8.1.x or higher will support both McAfee and Kaspersky Client AV services. Even in this scenario, it is not possible to transfer the remaining Client AV licenses from one service to another.
16. Does SonicWall enforced Anti-Virus clients support Mac or other non-Windows OS platforms?
Ans: No, SonicWalll enforced clients are supported on Windows OS platforms only - Desktops and Laptops.
Policy & Reporting:
17. Does Kaspersky Anti-Virus Clients have centralized policy management and reporting tool?
Ans: Yes, Kaspersky Anti-Virus Clients can be managed using the ?????Enforced Policy & Reporting Service' (EPRS). EPRS can be accessed from the SonicWall UTM appliance management GUI or from mySonicWall.com.
18. What is the DAT update frequency set by default?
Ans: By default the DAT update frequency on the client is set to once every 4 hours
19. Can we change the DAT update frequency?
Ans: Yes, the DAT update frequency can be changed using the EPRS
20. Does DAT updates contain an entire DAT file or incremental files?
Ans: DAT update contains incremental DAT updates
21. What browsers does EPRS support?
Ans: IE and Firefox
22. How can the SonicWall admin access EPRS?
Ans: Login into the SonicWall UTM appliance management GUI; navigate to the Security Services > Client AV Enforcement page.
Under Kaspersky Client AV Status, click the here link to display the login page for the SonicWall License Manager:
To open a connection to the EPRS server, either enter your MySonicWall credentials in the User Name and Password fields, or enter the appliance's auth code from the System > Status page into the Authentication Code fields, then click Submit.
The EPRS server page is displayed. It opens on the ECAV > Status page, and shows the Enforced Client AV status for your appliance:
23. Can the SonicWall admin schedule a scan using the EPRS?
Ans: Yes, Admin. can schedule a scan based on the configured schedule, which can be time based or event based. Scheduled scans can be configured as a File scans. For File scans, administrators can configure settings, exclusions, inclusions, and schedule settings.
24. Can the SonicWall admin block AV updates to clients using the EPRS?
Ans: Yes, the Admin can block AV Updates and block clients from accessing the Internet. Select the checkbox for each client you wish to block, and then click Block Client(s). Click OK in the confirmation dialog box.This allows EPRS to recover a license back into the pool. After a blocked client gets a policy update from EPRS, SonicWall Enforced Client will wipe all Anti-Virus policies from the client machine. From this point on, there is NO AV protection on the client machine. If this client is behind a SonicWall UTM appliance that is enforcing client anti-virus, then this client is not allowed to access the Internet.
25. Is it possible to restore deleted files from quarantine, either from Cleaning Mode drop-down list or otherwise?
Ans: In SEC 1.0 there is no quarantine option and therefore no option to restore deleted files.
26. Why are some files in EPRS listed as PreDetected?
Ans: PreDetect is the first stage in a detection process if the file is found suspicious. The AV engine will try to disinfect the file and if that fails, the file will be deleted because the mode is Clean and Delete.
27. Is it possible for users to pause or stop the protection of a workstation?
Ans: It is possible but as it is not straightforward AV will always be running on the user's workstation.
28. HEUR:Trojan.Win32.KillFiles is detected in the Wise Package Studio 6.01 installation file. Can I prevent or exclude HEUR:Trojan.Win32.KillFiles?
Ans: Exclude this file or the folder containing this file in OnAccess Scan under Policies.
29. What are the servers used by the Kaspersky client for DAT, Software, Policy and Licensing updates.
A notice has been issued for SonicWall Enforced Client's (McAfee and Kaspersky). Please see Notice: End of Support for SonicWall Enforced Client for more information.