ADMINISTRATOR'S GUIDE

(1)

Kaspersky Security 8.0 for

Microsoft Exchange Servers

ADMINISTRATOR'S

GUIDE

(2)

2 Dear User!

Thank you for choosing our product. We hope that this document will help you in your work and provide answers to the majority of your questions.

Attention! This document is the property of Kaspersky Lab: all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts thereof will result in civil, administrative or criminal liability in accordance with the laws of the Russian Federation. Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written permission of Kaspersky Lab.

This document and the graphic images it contains may be used exclusively for information, non-commercial or personal purposes.

This document may be amended without additional notification. For the latest version, please refer to Kaspersky Lab’s web site at http://www.kaspersky.com/docs.

Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document for which the rights are held by third parties, or for the potential damages associated with using such documents. The document contains registered trademarks and service marks belonging to their respective owners.

(3)

3

Software code ... 86 BOOST 1.30.0, 1.36 ... 87 bzip2/libbzip2 1.0.5 ... 88 EXPAT 1.2, 2.0.1 ... 88 FREEBSD LIBC 2.3-2.6 ... 88 GECKO SDK 1.8 ... 89 ICU 4.0.1 ... 95 INFO-ZIP 5.51 ... 95 LIBJPEG 6B ... 96 LIBNKFM 2.0.5 ... 98 LIBPNG 1.2.29 ... 98 LIBSPF2 1.2.9 ... 98 LIBUNGIF 3.0 ... 98 LIBXDR ... 99 LOKI 0.1.3 ... 99 LZMA SDK 4.43 ... 100

MICROSOFT ENTERPRISE LIBRARY 4.1 ... 100

MICROSOFT VISUAL STUDIO 2008 (MSVCP80.DLL, MSVCR80.DLL) ... 100

OPENSSL 0.9.8D ... 100

PCRE 7.4, 7.7 ... 103

RFC1321-BASED (RSA-FREE) MD5 LIBRARY ... 104

SPRING.NET 1.2.0 ... 105

SQLITE 3.6.18 ... 107

WPF TOOLKIT 3.5.40128.1 ... 107

ZLIB 1.2, 1.2.3 ... 107

Other information ... 107

KASPERSKY LAB END USER LICENSE AGREEMENT ... 108

(6)

6

ABOUT THIS GUIDE

Greetings from the team of Kaspersky Lab CJSC (hereinafter referred to as Kaspersky Lab)! We hope that this

Administrator's Guide will help you understand basic working principles of Kaspersky Security 8.0 for Microsoft Exchange Servers (hereinafter referred to as KS 8.0 for Exchange Servers or Kaspersky Security). The document is intended for administrators of mail servers using Microsoft Exchange Server 2007 or 2010 (further - Microsoft Exchange Server), who have chosen Kaspersky Security as the protection solution for the mail servers.

The aim of the document:

 assist Microsoft Exchange Server administrators in installing the application components on server, activating the server protection and ensuring its optimal configuration considering the current tasks;

 provide quickly searchable information about installation-related issues;

 provide alternate sources of information about the application and the ways of getting technical support.

IN THIS SECTION

In this document ... 6 Document conventions ... 7

I

N THIS DOCUMENT

Administrator's Guide for Kaspersky Security 8.0 for Microsoft Exchange Servers consists of the following chapters:

 About this Guide. The chapter outlines the structure of this Administrator's Guide.

 Additional sources of information (on page 9). The section describes various sources of information pertaining to the purchase, installation and operation of Kaspersky Security.

 Kaspersky Security 8.0 for Microsoft Exchange Servers (on page 11). The chapter describes the main features of the application.

 Application architecture (on page 14). The chapter describes the application components and methods of their interaction.

 Typical deployment schemes (on page 16). The chapter describes the roles of a Microsoft Exchange server and the schemes for deployment of server protection.

 Application setup (on page 18). The chapter details the procedure of Kaspersky Security installation.

 License management (see section "Managing Kaspersky Security licenses" on page 29). The chapter describes the types of licenses and the procedure of license installation and removal.

 Application interface (on page 33). The chapter describes the user interface of Kaspersky Security.

 Application start and stop (on page 36). The chapter explains how to start and stop the application.

 Default protection of Microsoft Exchange Server (on page 38). The chapter describes the peculiarities of Kaspersky Security operation using the default settings.

(7)

AB O U T T H I S GU I D E

7

 Updating the Anti-Virus and Anti-Spam databases (on page 42). The chapter describes configuring of the update settings for the databases of Kaspersky Security.

 Anti-virus protection (on page 46). The chapter is devoted to the configuration of anti-virus protection of mail servers.

 Anti-Spam protection (on page 52). The chapter describes the opportunities for anti-spam protection of mail servers.

 Backup (on page 60). The chapter explains the Backup functionality, the methods used to restore objects from Backup as well as Backup configuration.

 Notifications (on page 68). The chapter describes the methods used to receive notifications about the events occurring in Kaspersky Security.

 Reports (on page 70). The chapter contains information on creation of reports, their reviewing and delivery via e-mail.

 Event logs (see section "Application event logs" on page 77). The chapter describes configuration of the settings for reporting of the Anti-Virus and Anti-Spam activity, and other Kaspersky Security events.

 Frequently asked questions (on page 79). The chapter is devoted to the questions that users ask most often.

 Contacting the technical support service (on page 81). The chapter describes available technical support options for the application users.

 Kaspersky Lab (on page 85). The chapter contains a brief description of the company

 Information about third-party code (on page 86). The chapter contains information about software code and tools of other vendors used in the application development.

D

OCUMENT CONVENTIONS

Document conventions described in the table below are used in this Guide.

Table 1. Document conventions

SAMPLE TEXT DOCUMENT CONVENTIONS DESCRIPTION

Please note that...

Warnings are highlighted in red and framed. Warnings contain important information, for example, related to the actions which are critical for the computer security.

It is recommended to use...

Notes are framed. Notes contain additional and reference information.

Example: ...

(8)

8

SAMPLE TEXT DOCUMENT CONVENTIONS DESCRIPTION

Update is... New terms are printed in italics.

ALT+F4 Names of the keyboard keys are capitalized and printed in bold type. Names of the keys linked with the "plus" sign mean key combinations. Enable UI elements, for example, names of entry fields, menu options, buttons are in

bold.

To configure a task schedule, perform the following steps:

Instructions are marked with an arrow sign.

Introductory phrase on an instruction is printed in italics.

help Commands entered in the command line, or messages displayed on the screen

are highlighted with special font.

(9)

9

ADDITIONAL SOURCES OF INFORMATION

If you have any questions regarding selection, purchasing, installing or using Kaspersky Security, you can quickly find relevant answers.

Kaspersky Lab provides various sources of information about the application. You can select the most convenient source, depending on the urgency or importance of your question.

IN THIS SECTION

Data sources for independent search ... 9 Discussing Kaspersky Lab applications on the web forum ... 10 Contacting the Technical documentation development group ... 10

D

ATA SOURCES FOR INDEPENDENT SEARCH

You may refer to the following sources of information about the application:

 application page at Kaspersky Lab's web site;

 application page at the Technical Support web site (in the Knowledge Base);

 online help system;

 documentation.

Application page at Kaspersky Lab's web site

http://www.kaspersky.com/business

On this page you can find general information about Kaspersky Security, its features and peculiarities.

Application page at the Technical Support web site (in the Knowledge Base)

http://support.kaspersky.com/exchange

This page contains articles published by the Technical Support experts.

These articles contain useful information, guidelines, and answers to frequently asked questions pertaining to the operation of Kaspersky Security.

Online help system

The online help system contains information on setting up the program components, as well as directions and recommendations on program management.

To open the help system, select Help.

If you have a question about a certain window or tab in Kaspersky Security, you can use the context help.

(10)

10

Documentation

Installation Guide for Kaspersky Security contains complete information necessary to install the application and is included in the application package.

D

ISCUSSING

K

ASPERSKY

L

AB APPLICATIONS ON THE

WEB FORUM

If your question does not require an urgent answer, you can discuss it with Kaspersky Lab's specialists and other users in our forum located at http://forum.kaspersky.com.

In this forum you can view existing topics, leave your comments, create new topics, and use the search engine.

C

ONTACTING THE

T

ECHNICAL DOCUMENTATION

DEVELOPMENT GROUP

If you have any questions regarding documentation, have found an error or if you would like to provide feedback, you can contact the Technical documentation development group.

Click the Leave feedback link in the top right part of the Help window to open the default email client on your computer. The displayed window will contain automatically substituted address of the documentation development

(11)

11

KASPERSKY SECURITY 8.0 FOR

MICROSOFT EXCHANGE SERVER 2007

Kaspersky Security 8.0 for Microsoft Exchange Servers is an application designed for protection of mail servers based on Microsoft Exchange Server against viruses, Trojan software and other types of threats that may be transmitted via email. Malware can cause serious damage; these programs are designed specifically to steal, block, modify or destroy data disrupting the operation of computers and computer networks. Massive virus mailing can quickly spread infection in corporate networks paralyzing both running servers and workstations and resulting in unwanted downtime and damages. Moreover, virus attacks may also cause data losses which can negatively affect your business and the business of your partners.

Kaspersky Security provides for anti-spam protection on the level of your corporate mail server saving your employees the trouble of deleting unwanted mail manually.

IN THIS SECTION

Basic functionality ... 11 Distribution Kit ... 12 Hardware and software requirements ... 13

B

ASIC FUNCTIONALITY

Kaspersky Security protects mailboxes, shared folders and relayed mail traffic passing a Microsoft Exchange Server against malware and spam. The application scans all email traffic passing through the protected Microsoft Exchange Server.

Kaspersky Security can perform the following operations:

 Scan incoming, outgoing mail and the messages stored on a Microsoft Exchange Server (including shared folders) checking them for malware presence. While scanning, the application processes the whole message and all its attached objects. Depending upon the selected settings, the application disinfects, removes detected harmful objects and provides to users complete information about such accidents.

 Filter mail traffic screening out unsolicited mail (spam). The Anti-Spam component scans mail traffic checking it for spam content. In addition, Anti-Spam allows creation of white list of sender addresses and supports flexible configuration of anti-spam analysis intensity.

 Save backup copies of objects (attachments or message bodies) and spam messages prior to their disinfection or deletion to enable subsequent restoration, if required, thus preventing the risk of data losses. Configurable filters allow easy location of individual stored objects.

 Notifying the sender, the recipient and the system administrator about messages that contain malicious objects.

 Maintain event logs, collect statistics and create regular reports on the application activity. The application can create reports automatically according to the schedule or by request.

(12)

12

 Update the databases of Kaspersky Security automatically or in manual mode. Updates can be downloaded from the FTP or HTTP servers of Kaspersky Lab, from a local / network folder that contains the latest set of updates, or from user-defined FTP or HTTP servers.

 Re-scanning messages for the presence of new viruses, using a schedule. This task is performed as a background scan, and has only a small effect on the mail server’s performance.

 Manage anti-virus protection on the storage level and create the list of protected storages.

 Managing licenses. A license is provided for a certain number of mailboxes, not user accounts.

D

ISTRIBUTION

K

IT

You can purchase Kaspersky Security from our partners, or purchase it online from Internet shops, such as the eStore section of http://www.kaspersky.com. Kaspersky Security is supplied as a part of Kaspersky Security for Mail

Server(http://www.kaspersky.com/kaspersky_security_mail_server), or, or, or of the Kaspersky Open Space Security products (http://www.kaspersky.com/kaspersky_open_space_security) included into the Kaspersky Enterprise Space Security and Kaspersky Total Space Security solutions. After purchasing a license for Kaspersky Security, you will receive an e-mail containing a link to download the application from the web site of Kaspersky Lab and a key file for license activation, or an installation CD containing the distribution package of the product. Before breaking the seal on the installation disk envelope, carefully read through the EULA.

L

ICENSE AGREEMENT

The End-User License Agreement is a legal agreement between you and Kaspersky Lab that specifies the terms on which you may use the software you have purchased.

Read the EULA through carefully!

If you do not accept the terms and conditions of the license agreement, you can decline the product offer and receive a refund. Please note that the envelope with the installation CD should remain sealed.

By opening the sealed installation disk, you accept all the terms of the EULA.

S

ERVICES FOR REGISTERED USERS

Kaspersky Lab Ltd. offers an extensive service package to all legally registered users of Kaspersky Security, enabling them to boost the application's performance.

After purchasing a license, you become a registered user and, during the period of your license, you will be provided with these services:

 regular updates to the application databases and updates to the software package;

 support on issues related to the installation, configuration and use of the purchased software product. Services will be provided by phone or via email;

 information about new Kaspersky Lab products and about new viruses appearing worldwide. This service is available to users who subscribe to Kaspersky Lab's newsletter on the Technical Support Service web

site(http://support.kaspersky.com/subscribe/).

(13)

KA S P E R S K Y SE C U R I T Y 8 . 0 F O R MI C R O S O F T EX C H A N G E SE R V E R 2 0 0 7

13

H

ARDWARE AND SOFTWARE REQUIREMENTS

Hardware requirements

The hardware requirements of Kaspersky Security are identical to the requirements of Microsoft Exchange Server. Depending upon the application settings and its mode of operation, considerable disk space may be required for Backup storage and other service folders (the default size of the Backup storage folder can be up to 5120 MB).

Hardware requirements of the Administration Console installed with application include:

 Intel Pentium 400 MHz or faster processor (1000 MHz recommended);

 256 MB free RAM;

 500 MB disk space for the application files.

Software requirements

Installation of Kaspersky Security requires one of the following operating systems:

Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 x64 R2 Enterprise Edition / Microsoft Windows Server 2008 x64 R2 Standard Edition / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Standard Edition Service Pack 2.

The following components are required for installation:

 Microsoft Exchange Server (2007 and 2010) x64 Service Pack 1 or Microsoft Exchange Server (2007 and 2010) Service Pack 1 deployed in at least one of the roles: Hub Transport or Mailbox;

 MS SQL Server 2005 Express Edition, MS SQL Server 2005 Standard Edition, MS SQL Server 2005 Enterprise Edition, MS SQL Server 2008 Express Edition, MS SQL Server 2008 Standard Edition, MS SQL Server 2008 Enterprise Edition;

 Microsoft .NET Framework 3.5 Service Pack 1.

Installation of the Administration Console requires one of the following operating systems:

Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 / Microsoft Windows Server 2003 x64 (with Service Pack 2 installed) / Microsoft Windows Server 2003 x64 R2 Standard Edition / Microsoft Windows Server 2003 x64 R2 Enterprise Edition / Microsoft Windows XP x64 (with Service Pack 2 installed) / Microsoft Windows Vista х64 / Microsoft Windows Server 2003 R2 Standard Edition / Microsoft Windows Server 2003 R2 Enterprise Edition / Microsoft Windows Vista / Microsoft Windows Server 2003 (with Service Pack 2 installed) / Microsoft Windows XP (with Service Pack 3 installed).

The following components are required for installation:

 Microsoft Management Console 3.0;

 Microsoft .NET Framework 3.5 Service Pack 1;

(14)

14

APPLICATION ARCHITECTURE

Kaspersky Security performs anti-virus scanning of all incoming, outgoing mail and messages stored on server, and filters spam. The application analyzes the message body and attached files in any format. The detection of malicious programs is based on records contained in Kaspersky Security's databases. Databases are regularly updated by Kaspersky Lab, and uploaded to Kaspersky Lab's update servers.

Additionally, the application uses a special analysis facility called a heuristic analyzer which can detect previously unknown viruses. Spam checks are performed by the Anti-Spam component, which employs a combination of several methods to fight spam. The application scans objects received by the server in real time. The user cannot open and view a new message before it is scanned.

The application processes each object using the rules specified by the administrator for each type of object. For instance, an infected object can be disinfected, deleted, or replaced by a notification text. An object recognized as spam may be allowed to pass, deleted or rejected. Administrators can configure the application to allow delivery of spam or messages containing infected objects to users, changing, however, the names of such objects and appending to it information about infection or spam content. In addition, the application changes the extension of such objects.

Prior to modifying an object, the application can save a copy of it in a special Backup storage to allow subsequent restoration, or for forwarding to Kaspersky Lab for analysis. The application sends notifications about events as they occur to the anti-virus security administrator, the recipient, and the sender of the infected message, and also places a record of the event in the application log file and in the Microsoft Windows event log.

IN THIS SECTION

Application components and their purpose ... 14 Security Server architecture ... 14

A

PPLICATION COMPONENTS AND THEIR PURPOSE

The application consists of two basic components:

 Security Server The component is installed on the protected Microsoft Exchange server, it carries out actual anti-spam filtering of mail traffic and its anti-virus protection. Security Server intercepts the messages arriving on the Microsoft Exchange Server and uses its internal Anti-Virus and Anti-Spam modules to perform anti-virus scanning and anti-spam filtration of that traffic respectively. If infection or spam is detected in a message, it can be saved in Backup or deleted depending upon the Anti-Virus and Anti-Spam settings.

 Administration Console is a dedicated isolated snap-in integrated into MMC 3.0. Administration Console can be installed locally on the protected Microsoft Exchange server or on a different computer for remote

management of the server protection. You can use the Administration Console to create and edit the list of protected Microsoft Exchange servers, manage the Security Server and configure the application.

S

ECURITY

S

ERVER ARCHITECTURE

The server component of the application, the Security Server, consists of the following main subsystems:

(15)

AP P L I C A T I O N A R C H I T E C T U R E

15

 The Anti-Virus performs anti-virus scans of objects. The component is essentially the anti-virus engine running within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. The anti-virus scan subsystem also includes storage for temporary objects while scanning objects in RAM. The storage is located in the working folder Store.

Store is a subfolder within the application folder, which must be excluded from the scan scope of any anti-virus programs installed in the corporate network. Otherwise the application may function incorrectly.

 The Anti-Spam component filters unwanted mail. The component is essentially the anti-spam engine running within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. Once a message is intercepted, it is transferred to the Anti-Spam engine for analysis. Depending upon the analysis result and the produced verdict, the message will be allowed to pass or deleted. Copies of deleted messages are stored in Backup.

 The Internal Application Management and Integrity Control Module is launched in a separate process and is a Microsoft Windows service. The service is called Kaspersky Security 8.0 for Microsoft Exchange Servers, and is launched automatically when either the first message is being transferred, when the

(16)

16

TYPICAL DEPLOYMENT SCHEMES

Kaspersky Security should be installed on a Microsoft Exchange server. The application components, which you can install depends upon the role that the Microsoft Exchange Server performs. Kaspersky Security also supports deployment on a server cluster. You are advised to read through this chapter to select the most suitable deployment scheme.

IN THIS SECTION

Microsoft Exchange Server roles and corresponding configurations ... 16 Server protection deployment ... 16 Application deployment on a server cluster ... 17

M

ICROSOFT

E

XCHANGE

S

ERVER ROLES AND

CORRESPONDING CONFIGURATIONS

Successful operation of Kaspersky Security requires that the protected Microsoft Exchange Server should be deployed at least in one of the following roles:

 Mailbox.

 Hub Transport.

 Edge Transport.

If Microsoft Exchange Server is deployed as a Mailbox, Kaspersky Security interacts with it using the VSAPI 2.6

standard. In other cases the Transport Agents technology is used. Please note that in the Hub Transport role, objects are first scanned by Kaspersky Security and then processed by Microsoft Exchange Transport Agents. In the Edge Transport role, the procedure is reversed - the objects are first processed by Microsoft Exchange Transport Agents and then by Kaspersky Security.

S

ERVER PROTECTION DEPLOYMENT

The following procedure should be used to deploy the protection system for mail servers:

1. The Security Server component has to be installed on all protected Microsoft Exchange servers within the network. The installation must be performed from the distribution kit individually for each server.

2. Management console is installed together with Security server. It provides centralized access to all Security servers of Kaspersky Security from the single administrator's workplace. If necessary, Administration Console can be installed separately on a computer within the corporate network. If several administrators are working jointly, the Administration Console can be installed on each administrator's computer.

3. Create the list of managed servers (see section "Creating the list of protected Microsoft Exchange servers" on page 39).

4. Administration Console connects to the Security Server (see section "Connecting the Administration Console to the Security Server" on page 41).

(17)

TY P I C A L D E P L O Y M E N T S C H E M E S

17

A

PPLICATION DEPLOYMENT ON A SERVER CLUSTER

Kaspersky Security supports the following cluster types:

 single copy cluster (SCC);

 cluster continuous replication (CCR).

During setup the application recognizes a server cluster automatically. This means that the order in which the application is installed to different cluster nodes does not matter. The procedure for installing Kaspersky Security on a cluster of servers differs from the usual procedure in that:

 Before installation of Kaspersky Security is completed on all cluster nodes, the clustered mailbox servers (CMS) must not be moved between different cluster nodes.

 In the course of installation of Kaspersky Security to all cluster nodes, all installation folders must have the same location.

 The account used to perform the installation procedure must be authorized to write to the Active Directory configuration section.

After installation to a cluster of servers, all application settings are stored in the Active Directory, and all cluster nodes use those parameters. However, parameters which refer to the physical server are set for each cluster node manually. Kaspersky Security automatically defines active cluster nodes, and applies the Active Directory settings to them. When a cluster node moves from active to passive mode, a notification about disconnection from the server will appear (the notification will appear only if the Management Console is open and connected to the server). The scan results for each cluster node will be displayed only for those messages which were forwarded by the Microsoft Exchange virtual server to this cluster node. The scan results include:

 the Backup storage content;

 information presented in reports;

 the set of events registered in the application logs;

The procedure for uninstalling Kaspersky Security from a cluster of servers differs from the usual procedure in that:

 Clustered mailbox servers (CMS) must not be moved between nodes before application removal is completed.

(18)

18

APPLICATION SETUP

Kaspersky Security consists of two main components: the Security Server and Administration Console. Security Server is always installed together with the Administration Console. Administration Console can be installed separately on another computer for remote management of a Security Server. Depending upon your corporate server architecture, you can select one of three available installation variants:

 Security Server will be installed on the computer running Microsoft Exchange Server. Administration Console will be installed to the same host.

 Security Server and Administration Console will be installed on the computer running Microsoft Exchange Server. Administration Console can be installed on any computer within your corporate network for remote management of the Security Server.

 Security Server will be installed on a cluster of servers running Microsoft Exchange Server. In that case the Security Server and Administration Console should be installed together on each node of the cluster.

Some services of Microsoft Exchange Server have to be restarted after Kaspersky Security installation.

IN THIS SECTION

Preparing installation ... 19

Upgrading an earlier version ... 20

Application setup procedure ... 20

Getting started. Application configuration wizard ... 23

Restoring the application ... 27

(19)

AP P L I C A T I O N S E T U P

19

P

REPARING INSTALLATION

To install Kaspersky Security, you will need domain administrator privileges. Besides, an Internet connection is necessary for installation of the following required components:

 .Net Framework 3.5 SP1;

 Microsoft Management Console 3.0;

 Microsoft SQL Server 2005 / 2008 (Standard, Express, Enterprise);

 Microsoft Windows Installer 4.5.

(20)

20

U

PGRADING AN EARLIER VERSION

Kaspersky Security does not support upgrading of earlier versions. An earlier application version installed on the computer must be removed before Kaspersky Security setup. The data and settings of the earlier version will not be preserved.

A

PPLICATION SETUP PROCEDURE

Kaspersky Security installer is designed as a wizard providing information about the operations, which you have to perform during each step of the procedure. The Back and Next buttons can be used to navigate between the installation screens (steps) at any time. The Exit and Cancel buttons allow you to exit the installer. The Finish button completes the installation procedure. The installation procedure begins with starting the setup_en.exe file. Further we shall discuss in detail the steps performed by the Setup Wizard.

IN THIS SECTION

Step 1. Installing the required components ... 20

Step 2. Greeting and License Agreement ... 21

Step 3. Selecting the type of the installation... 21

Step 4. Selecting the application components ... 21

Step 5. Configuring connection to Microsoft SQL Server ... 22

Step 6. Copying files ... 22

S

TEP

1. I

NSTALLING THE REQUIRED COMPONENTS

During this step you have to make sure that the following required components are installed on your computer:

 .Net Framework 3.5 SP1. You can install the component by clicking the button Download and install .NET Framework 3.5 SP 1. The computer must be restarted after .Net Framework 3.5 SP1 installation! If you continue setup without restart, it may cause problems in the operation of Kaspersky Security.

 Microsoft Windows Installer (MSI) 4.5. This component is required to install Microsoft SQL Server 2008 Express Edition. You can install the component by clicking the button Download and install Microsoft Windows Installer 4.5.

 Microsoft SQL Server 2008 Express Edition or another SQL server. To install the component, click the button Install Microsoft SQL Server 2008 Express Edition. For working with Kaspersky Security, a fresh installation of SQL Server is recommended.

 Microsoft Management Console 3.0 (MMC 3.0). Microsoft Management Console 3.0 (MMC 3.0) is a part of the operating system in Microsoft Windows Server 2003 R2 and later versions. To install the program in earlier versions of Microsoft Windows Server, you need to upgrade MMC to version 3.0. To do that, click the button Download and install MMC 3.0.

(21)

21

S

TEP

2. G

REETING AND

L

ICENSE

A

GREEMENT

The welcome screen informs you that Kaspersky Security installation to your computer has been started. Clicking the Next button opens the License Agreement window.

License Agreement is an agreement between the application user and Kaspersky Lab. Checking the box I accept the terms and conditions of this Agreement means that you have read the License Agreement and accepted its terms and conditions.

S

TEP

3. S

ELECTING THE TYPE OF THE INSTALLATION

The installation type selection screen contains two buttons:

 Standard. Clicking the button will continue the procedure installing the standard set of components, which suits most users. Please see Step 5 for further instructions.

 Custom. Clicking this button allows you to select manually the application components, which you would like to install. Custom installation mode is recommended for experienced users.

Once the installation type is selected, the Setup Wizard proceeds to the next step.

S

TEP

4. S

ELECTING THE APPLICATION COMPONENTS

If you have selected the Custom setup type, the installer will offer you to select the components which you would like to install. The set of components available for installation will differ depending on whether Microsoft Exchange Server is installed, and how it is configured. If Microsoft Exchange Server is deployed to act both as a Mailbox and Hub Transport, the following components will be available for selection and installation:

 Management Console;

 Anti-Spam protection component;

 Anti-Virus for the Mailbox configuration;

 Anti-Virus for the Hub Transport configuration.

If Microsoft Exchange Server is deployed to act just as an Edge Transport or Hub Transport only, the following components will be available for selection and installation:

 Anti-Spam protection component;

 Anti-Virus for the Hub Transport configuration.

If Microsoft Exchange Server is deployed to act as a Mailbox only, the following components will be available for selection and installation:

 Anti-Virus for the Mailbox configuration;

In all other cases, only the Management Console is available for installation.

(22)

22

 Anti-Virus database;

 Anti-Spam database;

 quarantined objects.

If you suppose that the folder will occupy more space than the selected drive has available, you can click the Browse button to change the data folder location.

Clicking the Reset button cancels the user-defined selection of components and restores the default selection. Clicking the Drives button opens the dialog containing information about free space available on local drives and required for installation of the selected components.

S

TEP

5. C

ONFIGURING CONNECTION TO

M

ICROSOFT

SQL

S

ERVER

The purpose of this step is to configure a connection to an SQL server. To create a database on the SQL server, you will need the local access rights for the computer where Kaspersky Security will be installed and administrator privileges on the SQL server. If SQL server is running on a domain controller, you must be a member of the Enterprise Admins and / or Domain Admins group. If you are using a remote connection to the SQL server, make sure that TCP/IP support is enabled in SQL Server Configuration Manager.

Configuring connection to Microsoft SQL Server

In the Name of SQL server field specify the name (or IP address) of the computer and the SQL server instance. Clicking the Browse button next to that field allows you to select an SQL server within the current network segment.

To create a database on the SQL server, you will have to choose an account that will be used to create the SQL database. The following options are available:

 Active account. Current user account will be used then.

 Other account. In that case you should enter the name and password for the specified user account. You can click the Browse button to select an account.

SQL server browser must be started on the computer running the SQL server. Otherwise you will be unable to see the instance of the SQL server that you need.

Select an account for the operation of application service

In the next window you will see an offer to choose the account that will be used to connect to the SQL server. The window contains two options:

 Local System Account. In that case the local system account will be used to establish a connection to the SQL server. If the SQL server is running on a remote server, connection will be impossible.

 Account. In that case you will have to specify the name and password for an account with the privileges sufficient to connect to the SQL server and start the application service.

S

TEP

6. C

OPYING FILES

To proceed with the installation, press the Install button in the Setup Wizard window. It will initiate copying of the

(23)

23

G

ETTING STARTED

.

A

PPLICATION CONFIGURATION

WIZARD

Once the files are copied and the components are registered in the system, the Setup Wizard will display a notification informing about completion of the application setup. Clicking the Next button in the Setup Wizard will start the Application Configuration Wizard. Application Configuration Wizard will assist you in configuring the update settings, installing the license, and testing the application functionality. To start product configuration in the Application Configuration Wizard, click Next.

IN THIS SECTION

Configuring updates ... 23 Installing a license key ... 23 License-related notifications ... 24 Testing the application functionality ... 24

C

ONFIGURING UPDATES

You can use the Update settings window of the Application Configuration Wizard to configure the updating settings of Kaspersky Security.

To define the update settings, perform the following steps:

1. Leave the box Enable automatic update checked, if you wish the application to update automatically according to the specified schedule.

2. To connect to an update server of Kaspersky Lab through a proxy server, enable the option to Use proxy server and specify the corporate proxy address in the Proxy server address line.

3. Define the proxy server port in the entry field. By default, port 8080 is used.

4. To enable authentication with the proxy server, check the box Use authentication and enter in the Account and Password fields relevant information about the user account selected for that purpose.

5. If you wish to download updates from a local corporate server directly, check the box Bypass proxy server for local addresses.

I

NSTALLING A LICENSE KEY

In the Licenses window you can install a license for Kaspersky Security.

To install a license, perform the following steps:

1. Press the Add button.

2. In the displayed File name dialog specify the file containing the license key (file with the *.key extension) and click Open.

(24)

24

Removing a license key

To remove a license, click the Delete button.

L

ICENSE

-

RELATED NOTIFICATIONS

The Notification Settings window allows you to configure the notifications sent by email. Using notifications, you will always know in time of all the Kaspersky Security events.

To define the notification settings, perform the following steps:

1. In the Web-service address field specify the address of the web service that will be used to mail messages via Microsoft Exchange Server.

2. Specify in the Account field any account registered on the Microsoft Exchange Server. To do that, click Browse or enter the account name manually.

3. Type in the Password field the password for the selected account. 4. In the E-mail address field specify the mail recipient's address. 5. Click the Test button to send a test message.

If the test message arrives in the specified mailbox, it means that delivery of notifications is configured properly. 6. Click Next to finish setting up the application options.

7. Click the Finish button in the final window of Application Setup Wizard to quit the wizard..

If the Start Administration Console when the Wizard quits flag is left checked, the Administration Console will start automatically.

T

ESTING THE APPLICATION FUNCTIONALITY

After Kaspersky Security is installed and configured, you are advised to verify its settings and operation using a test "virus" and its modification.

The test "virus" was specifically designed by EICAR (The European Institute for Computer Antivirus Research) to test anti-virus products. The test "virus" is not a malicious program and it contains no code that can harm your computer. However, most anti-virus products identify it as a virus.

You can download the test "virus" from the official web site of EICAR at: http://www.eicar.org/anti_virus_test_file.htm.

Testing the Anti-Virus functionality

To send a message with the test "virus", perform the following steps:

1. Create an email message with an attached EICAR test "virus".

2. Send the message via Microsoft Exchange Server with installed Kaspersky Security and connected Security Server.

(25)

25

To view the application report about the detected virus, perform the following steps:

1. Launch Kaspersky Security using the menu Start Programs  Kaspersky Security 8.0 for Microsoft Exchange Servers  Administration Console.

2. In the console tree to the left, select and open the node corresponding to the server which was supposed to process the message containing the "virus".

3. Select the Reports node.

4. In the details pane to the right, click the Generate report button in the Quick reports and / or Anti-Virus report section.

5. View the created report in the Ready reports section. To do that, double-click the necessary report to open it. If the report contains information about EICAR infection, the application is properly configured.

To receive the reports to an email address, perform the following steps:

1. In the details pane , use the Quick reports and / or Anti-Virus report sections to check the box Administrator to enable sending notifications to the address, which you have specified in the Notification Settings (see section "Configuring notifications" on page 24) window of the Application Configuration Wizard.

If you have not specified the e-mail address in the Initial Configuration Wizard, click the link E-mail sending settings to set up notifications (see section "Configuring notifications" on page 24).

2. To make sure that reports arrive in the specified mailbox, click the Test button to send a test message. By default, the application saves a copy of an infected object in Backup.

To check, whether a copy of an infected object has been saved in Backup, perform the following steps:

1. In the console tree, select the node Backup.

2. Check to make sure that the infected object (message with attached "virus") appears in the details pane. Testing the Anti-Spam functionality

To test normal functioning of the Anti-Spamcomponent, perform the following steps:

1. Launch Kaspersky Security using the menu Start  Programs  Kaspersky Security 8.0 for Microsoft Exchange Servers  Administration Console.

2. In the console tree to the left, select and open the node corresponding to the server which will be used to transfer the test message.

3. Select the Server protection node.

4. Select the Anti-Spam protection tab in the details pane. 5. Open the White and black list settings section. 6. Check the box Add sender's address to black list. 7. Type the sender's e-mail address in the entry line. 8. Click the addition button to the right of the field. 9. Open the Scan settings section.

(26)

26 11. In the same field check the box Add label.

12. Send a message to the administrator's address through the protected mail server.

(27)

27

R

ESTORING THE APPLICATION

If the application encounters a failure while running (for example, if its binary modules get damaged), you can use the restoration functionality provided in the installer. During restoration the installer will preserve the selected settings and user configuration including notifications, paths to the application databases, Quarantine, etc.

To restore Kaspersky Security, perform the following steps:

1. Start the setup_en.exe file.

2. Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers. 3. Click the Next button in the welcome screen of the Initial Configuration Wizard. 4. In the Change, Repair or Remove the application window click the Restore button. 5. In the Restoring window, click the Repair button.

(28)

28

R

EMOVING THE APPLICATION

To remove Kaspersky Security from a computer, perform the following steps:

1. Start the setup_en.exe file.

2. Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers to start the Setup Wizard and click Next.

3. In the Change, Repair or Remove the application window click the Remove button. 4. In the Remove window click the Remove button.

You can also uninstall the application using the standard software management tools in Microsoft Windows.

(29)

29

MANAGING KASPERSKY SECURITY

LICENSES

When you purchase Kaspersky Security, you enter into a license agreement with Kaspersky Lab. This agreement grants you the right to use the software you purchased to protect the specified number of mailboxes, and to have access to the attendant services, for a defined period. The anti-virus protection covers both mailboxes and public folders. Therefore, no additional license is needed to protect public folders when working in the Microsoft Exchange environment. When using the application on a cluster of servers, the license is valid for the whole cluster.

The following features will be available to you during the license period:

 use the anti-virus functionality of the application;

 anti-spam functionality of the application;

 regular updates for the anti-virus and anti-spam databases;

 application updates;

 support on issues related to the installation, configuration and the use of the purchased software product, provided 24 hours a day, by phone or email.

The application verifies the validity of the license agreement through the Kaspersky Security license key file, which is an integral part of any Kaspersky Lab product.

Kaspersky Security will not work without a license key!

Active license

The application can use only one active license key. This license key contains restrictions imposed on the use of

Kaspersky Security, which the application verifies using its internal algorithms. If a violation of the terms and conditions of the license agreement is detected:

 the application functionality will be restricted;

 a record of the detected violation will be entered into the event logs;

 if the notification settings are configured, a notification about the violation will be issued and sent by email. You can manage the number of protected mailboxes excluding from the scan scope certain storages (see section "Creating a list of protected mailboxes and storages" on page 32) containing e-mail accounts that the application will not scan. You are advised to purchase a license able to protect all your mailboxes, as any unprotected storage areas increase the possibility of penetration and propagation of viruses via the email system. Once a commercial license expires, the application functionality will remain available, i. e. the application will continue anti-virus and anti-spam traffic scanning; however, database updates and application upgrades will no longer be provided as well as the opportunity to contact the Technical Support service for assistance. The application will continue anti-virus scanning of email traffic, and background scanning of storage areas, but will use outdated database versions. In this case, it is difficult to guarantee comprehensive protection against new viruses and spam, which may appear after the license expires.

(30)

30

Additional license

Once you have installed a commercial license, you can purchase an additional license for the product (see section "Distribution Kit" on page 12) including Kaspersky Security and install it. After the current license expires, the additional license becomes active and the application continues to function without changes. Thus you can ensure uninterrupted protection of your corporate mail servers. Kaspersky Security supports only one additional license.

Trial license

You may use a trial license to evaluate the benefits of Kaspersky Security. If a trial license key has been used, upon its expiration the anti-virus functionality of the application will also be disabled in addition to the above limitations. Note that the validity period of a trial key starts from the moment when the first trial key is added. The validity period of all the subsequent trial keys will be adjusted in accordance with the validity period of the first key.

License restrictions

In some cases (for example, if the sales contract was terminated or if the license agreement restrictions were changed), Kaspersky Lab terminates the license agreement with the user. In this case, the serial number of the license key will be added to the list of cancelled licenses, the so-called black list. If your active license is found in the black list, the reserve license will not be activated and the application will be disabled except for the management and anti-virus database updating services. If your license has been accidentally blacklisted, you are advised to update your databases and, if the error persists, contact the Technical Support Service.

IN THIS SECTION

Viewing information about installed licenses ... 30 Installing a license key ... 31 Removing a license key ... 31 Notification about license expiry ... 31 Creating the list of protected mailboxes and storages ... 32

V

IEWING INFORMATION ABOUT INSTALLED LICENSES

To view information on installed licenses, perform the following steps:

1. Start the Administration Console of the application.

2. In the Administration Console tree select the necessary server node and then the Licensing node. The details pane will display information about installed licenses. The following information is displayed:

 Type - Describes the license key type.

 Owner. Identifies the license owner.

 Restrictions. Defines the number of user accounts (mailboxes) supported in the license.

 Expiration date. Indicates the date of license expiry.

 License key serial number. Displays the license serial number.

(31)

MA N A G I N G KA S P E R S K Y SE C U R I T Y L I C E N S E S

31

I

NSTALLING A LICENSE KEY

To install a license for Kaspersky Security, perform the following steps:

1. In the Management Console, select the node Licensing. 2. Click the Add button in the details pane.

3. In the displayed File name dialog specify file name containing the license key (file with the *.key extension) and click Open.

Once you have installed a commercial license, you can install an additional license.

To install a reserve license, perform the following steps:

1. In the Administration Console, select the node Licensing.

2. In the details pane, click the Add button in the Additional license section.

3. In the displayed File name dialog specify file name containing the license key (file with the *.key extension) and click Open.

R

EMOVING A LICENSE KEY

To remove a license for Kaspersky Security, perform the following steps:

1. Select the Licensing node in the Administration Console.

2. In the details pane, click the Delete button in the Active license or Additional license section.

N

OTIFICATION ABOUT LICENSE EXPIRY

The application verifies compliance with the license agreement after every database update. The check may return one the following results:

 the active key expires within the next few days;

 the license has expired;

 the active license was found in the black list;

In these cases the application logs an appropriate record and, provided that notifications are configured (see section "Configuring notification settings" on page 68), e-mails the information to the address specified in the settings. By default, a notification will be issued 15 days prior to the expiration of your license period. You can set up an earlier or a later notification date.

To configure notifications about expiry of the license to use Kaspersky Security, perform the following steps:

1. Select the Licensing node in the Administration Console.

2. In the details pane, specify in the field Notify about license expiry in the number of days remaining until a license expires when you should be notified about the forthcoming expiry.

(32)

32

C

REATING THE LIST OF PROTECTED MAILBOXES AND

STORAGES

The application will protect the number of mail boxes specified in the active license. If this number is not sufficient, you must decide which mailboxes should be left unprotected and moved into storage areas not covered by anti-virus protection. By default, the application protects all public folders created on the protected mail server. You can remove protection from public folders if you think that their scan would be redundant.

To remove protection from the mailbox storage or public folders storage:

1. In the Management Console, select the node Server protection.

2. On the Anti-Virus protection tab, open the Protection for mailboxes configuration section.

3. In the Protected mailbox storages section check the boxes corresponding to the mailbox storages, which you wish to protect.

4. In the Protected public folder storages section check the boxes corresponding to the public folder storages, which you wish to protect.

5. To apply the changes, click the Save button.

(33)

33

APPLICATION INTERFACE

The user interface of the application is provided by the Microsoft Management Console (MMC) component. The Management Console is a dedicated isolated facility integrated into MMC.

IN THIS SECTION

Main window ... 33 Context menu ... 35

M

AIN WINDOW

Main window of the Administration Console contains (see figure below):

 Toolbar. It is displayed in the upper part of the main window. The buttons on the toolbar allow direct access to some frequently accessed features of the application.

 Menu. It is displayed right above the toolbar. The menu provides management functions for files and windows, as well as access to the help system.

 Console tree. It is located in the left part of the main window. The console tree displays connected Security Servers and the settings of Kaspersky Security. Connected servers and the settings of Kaspersky Security are listed as nodes. You can open parent nodes by clicking the corresponding plus sign. An open node is displayed with the minus sign next to it.

(34)

34

Figure 1: Main application window

The topmost node of the console tree is Kaspersky Security 8.0 for Microsoft Exchange Servers. Double-clicking it in the console tree with the mouse opens the list of connected servers running installed Kaspersky Security. The details window also displays connected servers and the Add server button. Left-clicking the connected server node with the mouse displays in the results window general information about protection components installed on the selected server, license type and the application installation folder. Clicking the plus sign next to a connected server opens in the console tree the list of configurable Kaspersky Security settings for that server. You can view and configure the following settings of Kaspersky Security:

 Server protection – used for viewing and editing the settings for anti-virus and anti-spam protection.

 Updates – used for viewing and editing the settings for anti-virus and anti-spam database update.

 Notifications – used for viewing and editing the settings for Email notifications.

 Backup – used for Backup storage viewing.

 Reports – used for viewing and editing the settings for anti-virus and anti-spam reports.

 Settings – used for viewing and editing the settings for notifications, reporting and statistics.

 Licensing – used to install or remove licenses and review information about the current license.

(35)

AP P L I C A T I O N I N T E R F A C E

35

C

ONTEXT MENU

Each category of objects in the console tree has its own context menu, which opens by right-clicking on the object. In addition to the standard Microsoft Management Console (MMC) commands, this context menu contains commands used for handling particular objects. You can use the context menu to perform the following operations:

 Add server. In the Administration Console tree, right-click the Kaspersky Security 8.0 for Microsoft Exchange Servers node. Select the Add server command from the context menu.

 Enable snap-in diagnostics. In the Administration Console tree, right-click the Kaspersky Security 8.0 for Microsoft Exchange Servers node. Select in the context menu the command to Enable snap-in diagnostics.

 Remove a connected server. In the Administration Console tree, right-click the connected server node . Select the Delete command in the context menu..

 Update the Anti-Virus and the Anti-Spam databases. In the Administration Console tree, right-click the Update node. Select in the context menu the command to Update the anti-virus database or Update Anti-Spam database.

(36)

36

APPLICATION START AND STOP

The Security Server is started automatically when Microsoft Exchange Server loads and at Microsoft Windows startup. If anti-virus protection of the server is enabled (see figure below), it will start immediately after the Microsoft Exchange Server is launched.

Figure 2: Enabling server protection

To enable protection on a connected Microsoft Exchange server, perform the following steps:

1. Launch KasperskySecurity using the menu Start  Programs  Kaspersky Security 8.0 for Microsoft Exchange Servers  Administration Console.

(37)

AP P L I C A T I O N S T A R T A N D S T O P

37 3. Select the Server protection node.

4. On the Anti-Virus protection tab of the details window, open the Scan settings section. 5. Check the boxes enabling anti-virus protection for all roles of that Microsoft Exchange Server. 6. Click the Save button.

7. To disable protection, uncheck all the anti-virus protection boxes and click Save.

(38)

38

DEFAULT MICROSOFT EXCHANGE SERVER

PROTECTION STATUS

The anti-virus and anti-spam protection of the Exchange server starts immediately after the Security Server component is installed. The default operation mode of the application in this case is as follows:

 The application will scan objects for the presence of currently known malicious software:

 the body of the message, and attached objects in any format, will be scanned, except for container objects with a nesting level above 32.

 the maximum time for scanning an object is 180 seconds;

 Selection of the operation performed upon detection of an infected object depends upon the role of the Microsoft Exchange server where the object was found. When an infected object is detected on a server functioning as a Hub Transport or Edge Transport, the object will be deleted automatically and the prefix [Malicious object deleted] will be added to the corresponding message subject. When an infected object is detected on a server functioning as a Mailbox, the application saves a copy of the object (attachment or message body) in Backup storage, and attempts to disinfect the object. If disinfection is impossible, the application deletes the object and replaces it with a text file containing a notification in the following format: Malicious object <VIRUS_NAME> has been detected. The file (<OBJECT_NAME>) was deleted by Kaspersky Security 8.0 for Microsoft Exchange Servers. Server name: <server_name>

 When a suspicious object is detected, the application saves its copy (message body or attachment) in Backup or deletes the object using the same rules, which it applies to infected objects.

 When a protected or corrupted object is found, the application by default skips such object. Users can select the Delete operation for this category of objects. In that case the application saves a copy of the object (message body or attachment) in Backup.

 The application protects the content of public folders and email messages stored on the server.

 Anti-spam mail filtering is performed. By default, low intensity level of anti-spam scanning is used. The level provides an optimal combination of scanning performance and quality:

 "Allow" operation is used to handle all messages; however, mail with the "Spam" verdict will bear a special [!!Spam] label.

 The "Probable Spam" verdict is enabled. Messages with that verdict will receive the [!!Probable Spam] label.

 Maximum duration of single message scan is 30 seconds.

 Maximum size of an object to scan – 300 KB.

 External services are used to check the IP addresses and URLs: DNSBL and SURBL. These services allow spam filtering using public black lists of IP addresses and URLs.

ADMINISTRATOR'S GUIDE

Kaspersky Security 8.0 for

Microsoft Exchange Servers

ADMINISTRATOR'S

GUIDE

TABLE OF CONTENTS

ABOUT THIS GUIDE

I

N THIS DOCUMENT

D

OCUMENT CONVENTIONS

ADDITIONAL SOURCES OF INFORMATION

D

ATA SOURCES FOR INDEPENDENT SEARCH

D

ISCUSSING

K

ASPERSKY

L

AB APPLICATIONS ON THE

WEB FORUM

C

ONTACTING THE

T

ECHNICAL DOCUMENTATION

DEVELOPMENT GROUP

KASPERSKY SECURITY 8.0 FOR

MICROSOFT EXCHANGE SERVER 2007

B

ASIC FUNCTIONALITY

D

ISTRIBUTION

K

IT

L

ICENSE AGREEMENT

S

ERVICES FOR REGISTERED USERS

H

ARDWARE AND SOFTWARE REQUIREMENTS

APPLICATION ARCHITECTURE

A

PPLICATION COMPONENTS AND THEIR PURPOSE

S

ECURITY

S

ERVER ARCHITECTURE

TYPICAL DEPLOYMENT SCHEMES

M

ICROSOFT

E

XCHANGE

S

ERVER ROLES AND

CORRESPONDING CONFIGURATIONS

S

ERVER PROTECTION DEPLOYMENT

A

PPLICATION DEPLOYMENT ON A SERVER CLUSTER

APPLICATION SETUP

P

REPARING INSTALLATION

U

PGRADING AN EARLIER VERSION

A

PPLICATION SETUP PROCEDURE

S

TEP

1.

I

NSTALLING THE REQUIRED COMPONENTS

S

TEP

2.

G

REETING AND

L

ICENSE

A

GREEMENT