What's new

Kaspersky Endpoint Security now boasts the following features and improvements:

• Kaspersky Endpoint Security can now be used in one of two modes: in Light Agent mode to protect virtual environments or in standalone mode. In Light Agent mode for protecting virtual environments, the application is used as a Light Agent component as part of the Kaspersky Security for Virtualization Light Agent solution and lets you protect virtual machines running Linux guest operating systems. In standalone mode, Kaspersky Endpoint Security is used as a standalone application to protect devices running Linux operating systems.
• The Integration with Kaspersky Endpoint Detection and Response (KATA) task has gained new response actions aimed at ensuring security functions using commands received from Kaspersky Anti Targeted Attack Platform: Delete File task, Terminate Process task, IOC Scan task, and the ability to enable network isolation for the device.
• The application now restarts automatically when updating using the command line and when updating using an autopatch. When updating, the application now automatically restarts to save the administrator the additional step of restarting the application.
• The logic for saving information to dump files has been improved. The application configuration file has new settings that let you specify the directory for storing dump files and the minimum free disk space after creating dump files.
• We added the ability to set a limit on processor utilization in the general application settings. Additionally, the ScanPriority setting was removed for ODS, Inventory Scan, Container Scan, and Custom Container Scan tasks.
• We implemented cloud mode for Kaspersky Endpoint Security. If Kaspersky Endpoint Security is used in standalone mode (and not in Light Agent mode) and you are using KSN in the application, you can enable cloud mode. If cloud mode is enabled, Kaspersky Endpoint Security uses a lightweight version of the malware databases. This lets you reduce the load on device memory.
• We added the ability to configure the application running in standalone mode to interact directly with KSN servers when the KSN Proxy service is unavailable.
• The user is now better informed thanks to new events, improved event texts, an expanded list of event attributes, and an unification of events in plug-ins and the command line.
• The procedure for initial application configuration has new steps related to selecting Light Agent mode and checking for users in privileged groups. The check for the presence of SELinux in the system has also been improved.
• The configuration file for automatic initial application configuration has a new setting that lets you disable protection components and scan tasks when starting the application after installation. Installing the application with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file.
• We added the ability to use unique tag combinations to specify a container or image to expand the protection scope and exclusion scope for File Threat Protection.
• Device Control has been improved. We added the ability to export and import a list of trusted devices in Kaspersky Endpoint Security administration plug-ins. The MMC plug-in interface for this component has also been improved.
• We added the ability to export and import exclusions by process for the Behavior Detection task in Kaspersky Endpoint Security administration plug-ins.
• The graphical user interface implements the ability to inform the user about the operation of application components and tasks in "Notify only" mode, in which, if a threat is detected, application components and tasks do not attempt to disinfect or remove malicious objects, deny access, or block program activity, but instead only inform the user that a threat was detected. The administration plug-ins also now have a notification that "Notify only" mode has been enabled for the File Threat Protection and Device Control components.
• We added the ability to view the remote application installation log and manage the tracing process in the Web Console properties of the managed device or in the Administration Console using the remote diagnostics utility.
• In the Kaspersky Endpoint Security administration plug-in, in the Storages -> Backup section, we added the ability to send a file to Kaspersky for scanning.
• We reduced the execution time for requests when running the Web Threat Protection task by caching the processes that initiate these requests.
• The total wait time when copying files has been reduced by caching the function call for obtaining the username.
• In new Linux kernels (beginning with version 3.4), you can now read the memory of processes without stopping them, thereby improving stability. Processes are no longer suspended when scanning memory. This reduces delays in services that ensure uninterrupted data processing, including for software that organizes the operation of clusters.
• In the REST API for managing KESL containers, we added a request for obtaining information about the current state of a KESL container and the application status parameters that determine the state of the KESL container (the status of the application, license, and databases).
• The list of supported operating systems has been updated.