Kaspersky Security Center 10 Service Pack 2 release
20 May 2016
Product news
Kaspersky Security Center 10 Service Pack 2 has been released on May 20, 2016. Full version numbers are:
- Kaspersky Security Center: 10.3.407
- Kaspersky Security Center Web Console: 10.0.196
This product version can be used both for the initial installation of Kaspersky Security Center and for updating earlier versions of the product.
What's new in Kaspersky Security Center 10 Service Pack 2
- The option of assigning update agents in accordance with the network topology has been implemented, in addition to the assignment in accordance with administration groups, as provided by earlier Kaspersky Security Center versions.
- The option of assigning computers to act as reserve agents has been implemented. Reserve update agents request only the active update agent for updates, not the Administration Server.
- A special mode has been implemented for Network Agent, which allows the correct cloning of managed computers.
- The option of selecting update agents automatically or assigning them manually in the Administration Server properties has been added.
- The offline model of update download has been implemented.
- The option of assigning update agents automatically in a broadcasting domain has been implemented.
- The preset connection profile named "Home Server" (NLA) has been implemented.
- Display of available Kaspersky Security Center updates delivered with patches in the "Software Updates" folder has been implemented.
- The algorithm for automatic distribution of reserve keys has been modified. Automatic distribution of a key as an additional key takes into account the licensing limit of the number of devices imposed in the key properties. If the licensing limit is reached, distribution of the additional key on devices ceases automatically.
- Subscription activation codes have been implemented for Kaspersky Security Center activation.
- The Administration Console design has been enhanced
- The option of hiding Console tree folders has been implemented.
- Graphic display of configuration profile distribution has been implemented.
- File transfer over HTTP has been implemented to optimize performance.
- The Administration Server database has been optimized for system scalability: the number of supported virtual Administration Servers has been increased.
- Traffic decompression during tunneling has been disabled in order to reduce the CPU load and connect using RDP over the Internet.
- Creation and updating of software, hardware, and report inventorying have been optimized.
- User right reporting has been implemented.
- A single set of rights and permissions for all applications managed by Kaspersky Security Center has been implemented.
- The option of setting a condition of policy profile activation by computer owner has been added.
- The option of assigning a policy profile to a user group or internal users has been added.
- The administrators of virtual Administration Servers have no more read/write/remove rights in the ACL of master Administration Server users.
- Those administrators whose rights have been restricted now can access only features that are required by their working duties.
- Password restrictions for internal users have been implemented.
- Logging of external connections and authentication attempts has been implemented.
- Administration Server connection check has been implemented.
- Connection blocking for TCP ports 13000 and 14000 using Administration Console has been implemented.
- The option of creating automatic tagging rules has been implemented.
- Graphic presentation of tags in Administration Console has been improved.
- The set of criteria applied when creating policy profile activation rules has been extended.
- Display of information about active policy profiles in the properties of a managed computer has been implemented.
- The "Policy Profiles" section has been implemented in the properties of application categories.
- Selection of application categories in the Kaspersky Endpoint Security policy has been implemented in the "Application Control" section.
- Display of the list of Update Agents in the properties of managed computers has been implemented.
- Computer owner reporting has been implemented.
- Display of the version number and patch number of the installed Network Agent and klnagchk utility has been implemented.
- The option of connecting Network Agent installed on a computer running Linux to the Administration Server via a proxy server has been implemented.
- Two-way SSL authentication has been implemented for email notifications.
- The "Tag" field has been added to all collections of settings in order to unify collections of selection settings, moving rules, and lists.
- The collection of settings that Kaspersky Security Center retrieves during hardware inventorying has been extended.
- Support of signing of stand-alone packages by a certificate has been implemented.
- The mechanism for removal of incompatible software has been improved.
- The report on the number of whitelisted computers has been added.
- Display of a list of category-related policies in the properties of an application category has been implemented.
- Display of the progress of distribution of user application categories on managed computers has been implemented.
- Deletion of outdated events in case the number of events in the database reaches the maximum value set by the administrator has been implemented.
Mobile Devices Management functionality:
- Signing of iOS MDM profiles and installation packages with third-party certificates has been implemented.
- The "Install Kaspersky Safe Browser at first connection" setting has been added in the properties of the "Mobile Devices" folder for iOS devices; support of the "Install Kaspersky Safe Browser" command has also been implemented for iOS devices.
- The status of the iOS MDM policy being applied is now displayed.
- Profiles have been added to iOS MDM policies.
- Support of Multitenancy has been added for iOS MDM Mobile Device Server.
Systems Management feature:
- Support of management with System Center Operations Manager has been implemented.
- For new installations of Kaspersky Security Center and when upgrading from earlier versions, if the NAC functionality has never been used, it will be hidden out of the Installer, thereby becoming unavailable through Administration Console.
- The option of forcing application removal before upgrading applications through the patch management functionality has been implemented.
- The Kaspersky Security Center Administration Server operation in WSUS mode has been optimized.
Support of enhancements and improvements in managed Kaspersky Lab applications:
Kaspersky Security 10 for Mobile Devices:
- Support of Kaspersky Security 10 for Mobile used under subscription.
- Support of connection of mobile devices using a QR code.
- Support of push notifications through Google Cloud Messaging in the policy for managing devices with Kaspersky Endpoint Security for Android installed.
- Sending of push notifications through Google Cloud Messaging in case the certificate needs to be updated.
- Policy profiles have been added.
- Support of the "Disable management" command for KES devices has been added.
Kaspersky Anti-Virus 8.0 for Linux File Server
- Support of the KSN Proxy server and a proxy server used during the application activation.
Kaspersky Security for Virtualization Agentless / Kaspersky Security for Virtualization 3.0 Light Agent:
- The protection report has been improved.
- Support of RSA2048 certificate generation by Administration Server has been added.
Kaspersky Security for Virtualization 3.0. Light Agent:
- Network Agent performance has been improved.
Kaspersky Security for Virtualization Agentless:
- Information about the subscription in Administration Console has been extended.
- Information in the list of virtual machines in the cluster properties has been extended.
Kaspersky Security Center Web Console:
- Display of the unlocking code on Self Service Portal has been implemented.
- The corporate Application Shop has been implemented.
Fixed issues:
Kaspersky Security Center:
- The problem that had been causing the impossibility of connecting the device to MDM without additional reconfiguration of the firewall, has been fixed.
- The problem that had been causing traffic limitations when the "Install critical updates and fixing vulnerabilities" task was running, has been fixed.
- The problem in the mobile device support feature during Kaspersky Security Center installation on a cluster has been fixed.
- The problem in the Kaspersky Security Center operation on Windows Failover Cluster has been fixed.
- The problem with duplicated mobile devices in the hardware registry has been fixed.
- The problem with the viewing of task histories in the Administration Server hierarchy has been fixed.
- The problem in the operation of the desktop sharing feature when using a connection gateway has been fixed.
- The problem with the disabled policy for out-of-office users has been fixed.
- The option of setting the password length has been added.
- The problem with reports saved in network folders has been fixed.
- The problem with false alerts of Watchdog when the system was switching into sleep mode has been fixed.
- The problem with various network polling types randomly disabled has been fixed.
- The problem with connection of a new slave Administration Server has been fixed.
- The problem with a high CPU load on SQL Servers when using Kaspersky Security Center as WSUS has been fixed.
Kaspersky Security Center Web Console:
- Protection of Kaspersky Security Center Web Console against CSRF attacks has been improved
- The Kaspersky Security Center Web Console process dump after the GET request implementation has been fixed.
- Implementation of Cross-site scripting (XSS) code in policy names has been allowed.
- Logging in to Kaspersky Security Center Web Console has been allowed to any user with the administrator permissions if he or she specifies a zero-length user name in the request.
- The CSWebInterface service stops running after a request with invalid settings is received.
- Fixes from patch B
- Fixes from patch C
- Fixes from patch D