Click on the Accept button at the bottom to save changes.
Enable Client AV enforcement on Zones
- Navigate to the Network | Zones page.
- Click on configure on the zone where Client AV enforcement is to be enabled.
- Check the box under Enable Client AV Enforcement Service and click on OK to save changes.
Installing the Kaspersky Client Anti-Virus Software in a Windows host.
SonicWall Enforced Client Kaspersky is supported on 32-bit and 64-bit versions of Microsoft Windows:
- Windows 8.1
- Windows 10
- Windows 7
- Windows XP (Service Pack 2 and above)
Client Hardware Minimum Requirements:
For Windows XP:
- Processor: 800 MHz or higher
- 1 GB RAM
For Windows 7 and Vista:
- Processor: 2 GHz or higher (32-bit/64-bit)
- RAM: 2 GB or higher
SonicWall Enforced Client installation is supported on the following versions of Internet Explorer:
- Internet Explorer 9
- Internet Explorer 8
- Internet Explorer 7+
Kaspersky Client Anti-Virus can be installed using the following methods:
Install using a browser (Internet Explorer).
If Client AV Enforcement is enabled on the SonicWall UTM Appliance, when a host behind the SonicWall tries to open a webpage the browser will be redirected to a page displaying the following message:
- Users may be prompted to allow ActiveX control. Acceptance is not required if you have previously agreed to accept all ActiveX controls from SonicWall, or if the security settings in Internet Explorer are set to Low that allows ActiveX controls to be downloaded without a prompt.
Note: After the installation of SEC, SEC will detect for other conflicting AV applications. If any AV software is detected then has to be manually uninstalled from Add/Remove control panel.
- Installation will not prompt for a destination folder but instead will install it in the same drive as the Windows OS at
[drive letter:]Program FilesSonicWallSonicWall Enforced Client folder.
- If the client system is running Windows Server 2003 or 2008, you will need to disable enhanced security on IE ESC (Enhanced Security Configuration).
- You must be logged into the client system as an administrator.
Click the Install VirusScan button to begin the installation.
When the installation is complete, right-click on the SonicWall Enforced Client (SEC) icon in the system tray and select Open Dashboard option to open the SonicWall Enforced Client Dashboard page.
The client application opens to the Summary page. Right after installation, the red banner indicates that no policy information has been retrieved from the policy server. This condition will only last a few seconds while the system contacts the SonicWall License Manager and retrieves the license, then contacts the policy server and downloads the policy:
- SEC will contact the Client manager to obtain licensed services associated with its UTM serial number and the URL to connect to EPRS for policy download.
- Next, it will contact EPRS and obtain the download URL for the service and the policy for the service.
- SEC will then download the software for the service, install it and then apply the policy for it.
- The last step in the sequence is to get the latest definitions files (DAT).
After the DAT update is complete, the user may be prompted to reboot the system to complete the installation. The default policy schedules a complete system scan the first time the client is installed on the machine. This checks for and cleans/deletes existing threats in the system. The network administrator can add new policy to add/modify scheduled complete system scan based on their requirements if they do not wish to use the SonicWall configured default policy. Real time scan is always enabled and all files are scanned when they are accessed, downloaded or saved.
Download KasperskySDK.msi, SWECMsetup.msi and basesXX.zip files from the following URL.
Copy the files to [drive letter:]WindowsTemp folder and run the following command from the command prompt:
msiexec /l*v SWSECsetup.log /qb /I SWECMSetup.msi ECMID=<your UTM serial number> LM_URL=https://clientmanager.global.SonicWall.com/ecm/getClientLicenseInfo
/l*v - Verbose Logging Options
/qb - Silent Install with error feedback
/i - Install
Alternatively, the above can be pushed to each host in the network through Active Directory Domain Policy.
Domain Group Policy Installation
To install SonicWall Enforced Client Anti-Virus on all clients in a domain, create your own MST transform files for a Microsoft Windows Installer MSI package and deploy SonicWall Enforced Client through domain group policy. An MST file is essentially an answer file for MSI packages. Use the Microsoft's Orca editor to create the MST transform file to use with SWECMSetup.msi for deployment of SonicWall Enforced Client through domain policy. The SWECMSetup.msi installer and your MST transform file can be deployed on multiple client machines by using group policy. When the client computers start, the assigned MSI package is installed automatically. The following sections provides detailed instructions for deployment of SonicWall Enforced Client through domain policy.
For more details please refer to How to install SonicWall Enforced Client Anti-Virus on all clients in a Domain
Some Common errors and error messages
- ActiveX install failure- IE settings preventing the download of ActiveX Control.
- SEC download failure- MSI file does not exist. Incorrect URL used.
- No License information has been retrieved after SEC installation- This is due to invalid serial number hash used in the install URL.
- SEC installation failure- MSI installation logs are generated. Identify the file name and location of the log files. Verify location of all the different windows OS. Installation Logs. Location and file name.
- Software Firewall port enabling failure- Firewall enforcement protocol will fail.
- Ping response/update failure- Firewall enforcement protocol will fail.
- SEC auto update failure- Version identified in the policy does not match the MSI version downloaded.
- SEC auto update installation failure- If this happens, the user has to uninstall SEC from Add/Remove and reinstall SEC again. Service license expired. License node count exceeded.
- DAT Update failure-This can happen due to incorrect DNS resolution. No internet connectivity. AV Service is blocked from EPRS.
- DAT update is stuck at 100% for more than a couple of minutes even though the DAT update is completed - The way to recover out of this is to go to the Dashboard->Help page and click Restart Services. After the services are restarted, the DAT update will show up as completed
A troubleshooting report can also be sent to SonicWall by clicking on the Send Report button under Help & Support > Help page of the SEC Dashboard. This report can also be saved on the PC. The compressed file will be named as SECTSR_serialnumber_hostname_date.
When reporting an issue to SonicWall Tech Support, provide a detailed description of the issue symptoms/condition and the TSR from the SEC Dashboard | Help & Support | Send Report.
- SEC Installation logs can be found in the log file SWECMSetup.log
- DAT updates log can be found
in SECLog_hostname.txt in [
drive letter:]Program FilesSonicWallSonicWall Enforced ClientLogs folder.
- The logs can also be seen in the Dashboard | Help & Support | Logs.