What's new

The following features and improvements have been added to Kaspersky Industrial CyberSecurity for Linux Nodes:

• A restart is not required when installing or updating Kaspersky Industrial CyberSecurity for Linux Nodes.
• Kaspersky Industrial CyberSecurity for Linux Nodes can now be integrated with Kaspersky Industrial CyberSecurity for Networks. As part of integration, Kaspersky Industrial CyberSecurity for Linux Nodes sends the following telemetry data to the Kaspersky Industrial CyberSecurity for Networks integration server: device data, network communications, events, information about installed applications and running applications with metadata.
• We added the ability to exclude processes from process memory scans in the general application settings.
• We added the ability to configure scan exclusions to exclude processes from File Threat Protection tasks and Behavior Detection tasks.
• Now you can optimize scans of application log files: you can use the SkipPlainTextFiles setting to exclude text files from scans if they are reused by the same process within 10 minutes after the most recent scan.
• The mechanism used for interaction with the operating system's firewall has been updated: Kaspersky Industrial CyberSecurity for Linux Nodes uses the iptables and iptables-restore system utilities when adding rules for the system firewall. On systems with nftables, we fixed a problem with displaying applications' network packet rules using system utilities.
• You can now exclude traffic from scans: a special chain of allowing rules named kics_bypass has been added to the mangle table list of the iptables and ip6tables utilities to let you configure traffic exclusion rules. Exclusions affect the operation of Firewall Management, Web Threat Protection and Network Threat Protection tasks.
• You can use the JSON format for requests and exporting data, as well as for exporting and importing application settings and task settings.
• The application distribution kit no longer includes a special package for installing the application on the Astra Linux Special Edition operating system. A general deb package for 64-bit operating systems is used.
• List of supported operating systems is updated.
• Device Control, Network Threat Protection and Behavior Detection tasks now support the ability to work in notify-only mode, notifying the user when threats are detected or when attempts to access a device are detected without taking any other actions.
• Kaspersky Industrial CyberSecurity for Linux Nodes works in notify-only mode by default. If threats are detected, application components and tasks do not try to disinfect or delete objects, block access, or block application activity. In notify-only mode, the following tasks run by default:
  • File Threat Protection.
  • Custom Scan.
  • Critical Areas Scan.
  • Anti-Cryptor.
  • Web Threat Protection.
  • Device Control.
  • Removable Drives Scan.
  • Network Threat Protection.
  • Container Scan.
  • Custom Container Scan.
  • Behavior Detection.
  • Application Control.

  You can configure the actions the application will perform for each task individually. There is no shared control element for changing the application operating mode.

• We added the ability to manage Kaspersky Industrial CyberSecurity for Linux Nodes by using the Kaspersky Security Center Web Console.
• We improved the performance of the Behavior Detection task (ID=20).
• Application stability and performance have been improved.
• The following errors have been fixed:
  • Incorrect recognition of the types of devices of certain manufacturers by the Device Control task.
  • Error while synchronizing certain Application Control categories with Kaspersky Security Center.
  • Error while activating the application using the activation code if Kaspersky Security Center Activation Proxy is used.
  • Error while the Web Threat Protection task processes network connections.
  • Problems sending events from the System Integrity Monitoring component to Kaspersky Security Center.