Kaspersky Security Center 10: Service Pack 1 (version 10.2.434)

Kaspersky Security Center 10: Service Pack 1 (version 10.2.434)

26 Feb 2015
Product news

Kaspersky Security Center 10: Service Pack 1 has been released on February 26, 2015. Full version number is 10.2.434.

This application version can be used both for initial installation of Kaspersky Security Center and for updating earlier versions of the application.

What's new in Kaspersky Security Center 10:  Service Pack 1

Main features of Administration Console:

  • Managing updates for Kaspersky Lab products in Administration Console:
    • Information about applicable product updates
    • Installing and removing selected product updates
  • Configuration profiles allow modifying settings of the main policy depending on the parameters of a managed computer:
    • Importing and exporting profiles in policies
    • More than one profile can be created for a policy
    • Supporting the profiles hierarchy (if a policies hierarchy is used)
  • New system of privileges for Kaspersky Security Center:
    • Extended set of privileges that the administrator can manage and sets of privileges by functional areas are now available.
    • The Role object. Options of creating and removing Roles and assigning sets of privileges to them.
  • Support of subscription license for managed computers.
  • In Kaspersky Security Center Web Console, the display of MDM policies, users, and mobile devices.
  • New installer of Kaspersky Security Center.
  • Option of automatic distribution and installation of patches for Administration Server. When a new patch is available, a notification is sent to the administrator prompting to install it.
  • Support of installation by means of standalone installation packages without interaction with the user (silent mode).
  • Option of removing the Administration Server key.
  • Option of running the Application Activation Task Creation Wizard from the Keys folder.
  • The limitation on the number of virtual Administration Servers in the free version of Kaspersky Security Center has been lifted.
  • Report on the usage of licenses on virtual Servers.
  • Option of redirecting traffic for a device managed by Kaspersky Security for Android via a connection gateway installed in a DMZ.
  • Option of explicitly enabling the "guest mode" in the connection profile settings of Network Agent. This guarantees a successful connection of Network Agent to Administration Server when returning to the "home" corporate network.
  • Option of manually assigning a connection gateway in an administration group.
  • Option of connecting Network Agent to Administration Server via IPv6.
  • Dynamic selection of an Update Agent by Network Agent in case of several assigned Update Agents available (based on proximity within the hierarchy of administration groups and the network topology).
  • Option of simultaneously assigning a tag or a set of tags to all computers selected from the list.
  • Option of assigning a tag or a set of tags to a computer when installing Network Agent (tags are assigned at the step of creating the installation package of Network Agent).
  • Option of specifying a selection of computers as the scope of a task (Limitation: if the Start after other task completes option is enabled, only a server task can act as the parent task.)
  • Option of tracking the results of a task run across the entire hierarchy of Administration Servers.
  • The interval set for random delay of a group task's start changes automatically, depending on the number of computers to which that task has been assigned.
  • Option of automatic deletion of subgroups that are not present in Active Directory when synchronizing the structure of Kaspersky Security Center administration groups with OU's in Active Directory.
  • Handling of large Active Directory sets (up to 1,000,000 objects) has been optimized.
  • Option of retrieving a full list of tasks and policies for Administration Server.
  • Option of using interactive lists of second-level computers directly when handling reports.
  • Option of dynamic sorting and filtering of reports by any field.
  • Two new information panes for vulnerabilities:
    • Distribution of computers by number of vulnerabilities detected. It summarizes the maximum number of vulnerabilities that have been detected and not fixed over an interval.
    • Distribution of vulnerabilities by severity level. It summarizes vulnerabilities that have been detected and left unfixed over an interval.
  • Option of setting up a network scan schedule for all scan types.
  • The list of supported Kaspersky Lab applications has been updated.
  • Option of specifying a folder or a folder name mask from which files should be selected for creation of a Silver image category.
  • Option of searching categorized and non-categorized executable files.
  • Option of exporting and importing user-defined categories in Application Startup Control.
  • Support of Local KSN.
  • Set of ready-for-use *.js scripts to perform the most frequent operations through the API for automation of Kaspersky Security Center (klakaut).

Mobile Devices Management:

  • Self Service Portal:
    • The user has now opportunities to add the new device to the managed devices, view the list and the statuses of all managed devices, send a command to the selected device, and locate a device (Android only).
    • Support of devices managed by Kaspersky Security for Android and devices managed via iOS MDM protocol.
    • Allow the users access Self Service Portal after they accept the End User License Agreement.
    • Removal of corporate data from the device (soft wipe).
    • Creating installation packages on a mobile device for a selected user from Administration Console.
    • List of iOS MDM device users and option of delivering certificates to users.
    • For each user: list of certificates handed to the user, list of mobile devices. Support of a list of aliases for domain users.
    • Encrypting the certificate with a user's password for Kaspersky Security for Android.
    • Changing the user's password.
    • Customization of Self Service Portal by the administrator (logo, header, background).
  • Common (group) policies for devices managed through iOS MDM and through Exchange ActiveSync:
    • Managing the settings of all protocols through a single user interface.
    • An MDM policy can be created in any administration group that includes a computer with Exchange ActiveSync Mobile Devices Server and iOS MDM Mobile Devices Server installed on it.
    • Option of assigning the settings of an MDM policy for a selected user or a security group of Active Directory (using a configuration profile).
  • Integration with the organization's PKI (Public Key Infrastructure):
    • Integration with Certificate Authority service in Windows.
    • Retrieving certificates: to identify a mobile device and associate the device with a user, to use VPN and email.
    • Configuring handing rules for all types of certificates: which source of certificates should be used, whether certificates should be updated automatically, which template should be used when requesting new certificates from PKI.
    • Assigning certificates for selected users.
    • Handling the list of certificates. Retrieving information about a certificate and the user to whom that certificate has been handed.
  • Support of Kerberos. Using Kerberos Key Distribution Center to simplify the authorization of users located outside of the scope of the organization's network.
  • A common list of devices has been added to the Mobile Devices Management node.
  • Integration with Google Cloud Messaging (GCM). Option of using GCM for synchronization in case of a change in the policy of Kaspersky Security for Android or when sending commands to devices.
  • Support of migration from Kaspersky Security Center 10 and Kaspersky Security Center 10 MR1.

Encryption:

  • Support of eToken and smartcard for PreBoot Authentication (PBA).

System Administration functionality:

  • Remote access feature:
    • Audit of the user's activities during a remote session.
    • Requesting a selected active user for permission of a remote connection.
  • Feature of operating system installation:
    • Option of running a script or installing additional software after an operating system is installed.
    • Option of creating a boot flash drive with Windows PE.
    • Option of importing an operating system image from distribution packages (wim).
    • Support of UEFI.
  • Hardware feature:
    • Option of identifying the owner of a computer on the list of managed computers.
    • Information about the BIOS of the motherboard.
    • CPU information: number of physical and logical cores.
    • Option of adding a custom text field to the list of devices.
  • Feature of vulnerability scan and application updates installation:
    • Optimizing and enhancing the fault-tolerance of processes aimed at scanning for vulnerabilities and installing updates.
    • Events that cover attempts of installing updates for third-party applications, whether successful or returning an error.
    • Option of delivering files of updates to a managed computer without installing those updates.
  • Integration with third-party SIEMs (Arcsight and Qradar).
  • Using Update Agents and a connection gateway to send WakeOnLan signals to computers when running the Turn on the computer task.

Issues fixed in Kaspersky Security Center 10: Service Pack 1

  • Administration Console stopping unexpectedly.
  • Database errors in the event log.
  • System error 0x421: failed to install Kaspersky Security Center 10 on the domain controller.
  • Administration Console stopping to respond.
  • Administration Server service being restarted cyclically.
  • N/A statuses in software update reports.
  • NAC not running according to the configured rules.
  • Administration Console stops responding during application of multiple software updates.
  • Failures of connection to Administration Server after it has been transferred to another server.
  • The klnagent and klserver processes being terminated on Administration Server.
  • KSN proxy server stopping unexpectedly.
  • Unable to deploy Kaspersky Endpoint Security 10 MR1 using Update Agents.
  • The connection to Administration Server being lost periodically when Kaspersky Security Center is used as a source of Microsoft updates in case of a large number of managed computers.
  • Deployment using an Update Agent ending with the error Update Agent could not be found.
  • The computer relocation rule does not work if it includes more than one tag.
  • An update task cannot be completed if it is performed using Update Agent.

Improvements:  

  • The efficiency and stability of the operation of Kaspersky Security Center as a WSUS server have been increased.
  • A rarely occurring error in the network traffic report has been fixed.

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK