Kaspersky Security Center 10 Service Pack 2 Maintenance Release 1
05 Apr 2017
Product news
Kaspersky Security 10 for Mobile Service Pack 2 Maintenance Release 1 was released on April 4, 2017. Full version numbers are:
- Kaspersky Security Center: 10.3.343
- Kaspersky Security Center Web Console: 10.4.56
This application version can be used both for the initial installation of Kaspersky Security Center 10 and for updating earlier versions of the application.
General improvements
Improvements in Kaspersky Security for Microsoft Exchange Servers:
- Servers managed through Kaspersky Security for Microsoft Exchange Servers are displayed in the Managed devices folder of Kaspersky Security Center.
- Kaspersky Security Center displays the database update statistics and anti-virus statistics generated by Kaspersky Security for Microsoft Exchange Servers and Kaspersky Security for Linux Mail Server.
- Kaspersky Security Center displays the statuses of servers managed through Kaspersky Security for Microsoft Exchange Servers.
- Kaspersky Security Center displays the statistics of threats generated by Kaspersky Security for Microsoft Exchange Servers and Kaspersky Security for Linux Mail Server.
- Kaspersky Security Center displays the Anti-Spam statistics generated by Kaspersky Security for Microsoft Exchange Servers and Kaspersky Security for Linux Mail Server.
- Support of the KSN proxy server for Kaspersky Security for Microsoft Exchange Servers has been implemented.
- Centralized management of keys of Kaspersky Security for Microsoft Exchange Servers has been implemented.
- Display of the status and running/stopping Kaspersky Security for Microsoft Exchange Servers services have been implemented.
- Monitoring of Kaspersky Security for Microsoft Exchange Servers events has been implemented.
Improvements in Kaspersky Security for SharePoint Servers:
- Servers managed through Kaspersky Security for SharePoint Server are displayed in the Managed Devices folder of Kaspersky Security Center.
- Silent installation and task updates have been implemented for servers managed through Kaspersky Security for SharePoint Server.
- Display of the Kaspersky Security for SharePoint Server signature status has been implemented.
- Kaspersky Security Center displays the statuses of servers managed through Kaspersky Security for Microsoft Exchange Servers.
- Support of the KSN proxy server for Kaspersky Security for SharePoint Server has been implemented.
- Centralized management of keys of Kaspersky Security for SharePoint Server has been implemented.
- Display of the status and running/stopping Kaspersky Security for SharePoint Server services have been implemented.
- Monitoring of Kaspersky Security for SharePoint Server events has been implemented.
Audit and comparison of policies have been enhanced:
- Saving of changes made to the settings of Kaspersky Security Center policies, tasks, and Administration Server has been implemented.
- The possibility of rolling back the settings of an object to a specific object version has been implemented for policies and tasks.
- The possibility of filtering the revision history by user and time of modification has been implemented.
- The changeable revision storage period (set on 3 months by default) has been implemented.
- The mechanism of comparison of policy revisions and task revisions has been implemented.
- Export of revisions to a text file has been implemented for all types of objects.
The KSN proxy server operation on an Administration Server hierarchy has been implemented:
- The mechanism for connection of the KSN proxy server of a slave Administration Server to the KSN proxy server of the master Administration Server has been implemented. You do not have to involve an Internet connection anymore.
- The possibility of using KSN in complex and highly protected corporate networks has been implemented.
- KSN traffic has been reduced; service availability in distributed networks has been improved.
Secondary improvements:
- Security of Kaspersky Security for Linux Mail Server has been enhanced:
- Display of the status of anti-virus databases and updates of anti-virus databases in Kaspersky Security for Linux Mail Server has been implemented.
- Monitoring of Kaspersky Security for Linux Mail Server events has been implemented.
- Enhanced diagnostics of automatic patch installation.
- Extra warnings have been added to be displayed in the Kaspersky Security Center Setup Wizard when a backup copy of Administration Server data is created:
- The importance of an available new backup copy of files and distribution packages of the previous Kaspersky Security Center version and all patches installed has been emphasized.
- Instructions for bypassing update failures have been provided.
- An additional warning displayed to the user in case he or she creates no data backup copy has been implemented.
- Support of Kaspersky Security Center Network Agent (Windows 8/8.1, MS Surface) by tablet computers running Windows.
- Network Agent has been optimized to reduce the Windows loading time on devices with Kaspersky Endpoint Security for Windows and Network Agent installed.
- The Network Agent operation in Windows waiting modes (sleep mode and hibernation) has been optimized.
- The possibility of checking for the latest versions of Kaspersky Lab plug-ins and installation packages has been added to the Kaspersky Security Center Setup Wizard, as well as the possibility of applying any available updates. The Kaspersky Security Center main window now also displays the availability of updates for Kaspersky Security Center plug-ins/programs/applications/components.
- Some of the terms used in Kaspersky Security Center have been replaced with more generic ones to make the application less dependent on other software products. For example, “computer” has been replaced with “device”.
- A new wizard for installation of software updates has been implemented.
- The task progress details have been added. The following columns have been added to the list of columns in the Task results window:
- Counters for devices on which the task has been running, was completed, or returned an error.
- Status (with the respective task status description).
- The possibility of assigning a name to an installation package manually has been added.
- A request of user confirmation has been implemented; it is prompted for if the user creates a policy for Kaspersky Lab applications in an administration group, which already has another policy for the same application.
- The Configure rules button has been added to the workspace of the Unassigned devices folder to allow automatic moving of unassigned devices.
- The Run Protection Deployment Wizard check box has been added to the Quick Start Wizard.
- The workspace pages on the Statistics tab of the Administration Server node have been visually delimited.
- Navigation has been improved in automatic tagging rules.
- Role-based access control in the Administration Server properties has been improved.
- A filter has been added for the text description in the Events field.
- The possibility of creating tags in policy profile activation rules has been added.
- Quick switching to policy profiles from the workspace of the Policies folder and from the Policies tab of the Administration Server node has been implemented.
- The possibility of selecting the order of columns in lists has been added.
- The installation package update indicator has been added.
- The Administration Server installation icon in the main installation window of Kaspersky Security Center has been changed.
- Definitions have been improved in the Policies and Tasks Conversion Wizard.
- The mechanism, which allows a managed product on an endpoint device to define the product status, which will be displayed in the Kaspersky Security Center console, and create extended descriptions of that status, has been implemented.
Documentation has been improved:
- The description of update management scenarios has been improved.
- The description of keys Server flags LP_ConsoleMustUsePort13291 and LP_InterUserUniqVsScope has been added.
Mobile Devices Management functionality:
- iOS MDM Server installation has been simplified. The iOS MDM Server Installation Wizard has been implemented.
- Self Service Portal installation has been simplified.
- The New Mobile Device Connection Wizard has been improved.
- Google Firebase Cloud Messaging setup has been simplified. Hints and tips have been added to the application interface.
- The command line backup utility has been implemented for iOS MDM Server.
- The possibility of manually specifying the expiration dates of Kaspersky Security for Mobile certificates while issuing (or re-issuing) those certificates has been implemented for the Kaspersky Security Center administrator.
- The display of the Self Service Portal version number has been implemented in the Self Service Portal interface.
- If the Mobile device support check box was selected during Kaspersky Security Center installation, all required Mobile Device Management settings and Kaspersky Security for Mobile settings have to be defined in the Kaspersky Security Center Quick Start Wizard.
Systems Management feature:
- The Manage patches and updates feature has been improved.
- The Manage vulnerabilities and patches component has been improved.
- Monitoring and searching for vulnerabilities have been improved.
- Control of actual tasks has been expanded.
- Documentation has been improved.
- Transmission of events to SIEM systems in Syslog (RFC 5424) format has been implemented.
- The hardware types have been unified in the Kaspersky Security Center interface.
- Information about the results of the Install required updates and fix vulnerabilities and Find vulnerabilities and required updates tasks has been expanded.
- An additional check before running the Create installation package upon reference device OS image task has been implemented. This operation checks the administrator-defined account for the presence of write permissions in the specified shared folder for temporary storage of the image.
- Automatic creation of an incident in case the device acting as update agent runs out of disk space, has been implemented.
- The SHA-256 algorithm has been implemented for newly issued certificates.
Support of enhancements and improvements in managed Kaspersky Lab applications:
Kaspersky Endpoint Security for Windows:
- Protection against accidental deletion of user application categories from Kaspersky Security Center has been implemented.
- An additional warning is now displayed to the administrator during installation of a patch for Kaspersky Endpoint Security for Windows. This warning is displayed if the plug-in for Kaspersky Endpoint Security for Windows needs to be updated in Kaspersky Security Center.
- BitLocker encryption has been implemented.
- Navigation in the New Policy Wizard has been improved.
- Display of the importance level of software updates for Kaspersky Endpoint Security for Windows has been added.
- Reporting on test blocked runs of executable files on networked devices for all groups has been implemented.
- Up-to-date information about the availability of Local KSN or Private KSN for managed devices has been added.
- The possibility of restoring access to data encoded through full encryption of the device disk after it is removed from the Kaspersky Security Center Administration Server database, has been added.
- The possibility of creating application categories based on certificates of executable files has been implemented.
- Support of SHA-256 hashsum calculation in application categories has been implemented.
Kaspersky Industrial Cyber Security:
- Display of statistics on threats generated by Kaspersky Industrial Cyber Security in Kaspersky Security Center has been implemented.
- Certain terms have been changed in the Kaspersky Security Center interface in accordance with the Kaspersky Industrial Cyber Security glossary.
- The Kaspersky Industrial Cyber Security policy is viewed as applied in Kaspersky Security Center only if it is applied on all client devices in the specified administration group.
- Reporting on test blocked runs of executable files on networked devices for all groups has been implemented.
Kaspersky Security for Virtualization:
- The Waiting status has been added for On Demand Scan (ODS) of a task in case a secure virtual machine (SVM) is not accessible.
- Reporting has been expanded in Kaspersky Security for Virtualization.
- Newly created virtual machines now become visible in Kaspersky Security Center Administration Console in no more than one minute after they are created.
- The list of virtual machines has been added to the report on key usage.
- Information about the IP addresses has been added to the report on most heavily infected devices.
Kaspersky Endpoint Security for Linux / Kaspersky Anti-Virus for Linux File Server:
- The remote deployment task has been implemented for Kaspersky Security Center Network Agent.
Kaspersky Endpoint Security 8 for Mac:
- The remote installation task has been implemented for Kaspersky Security Center and Kaspersky Endpoint Security for Mac.
- The language selection option has been added to the End User License Agreement.
Kaspersky Endpoint Security for Android:
- The mobile device does not lock when executing the Locate command.
- Android devices on which Kaspersky Endpoint Security for Android cannot receive accessibility services are assigned the Critical status because Web Protection stops working.
- The capability of enabling the Warning status on an Android device manually (in case Locate is not available for Kaspersky Endpoint Security for Android) has been implemented for the administrator.
- The capability of enabling the Warning status manually in case the Device Admin permission option is disabled for Kaspersky Endpoint Security for Android on the Android device, has been implemented for the administrator.
- Display of trial licenses of Kaspersky Endpoint Security for Android and the corresponding mobile device in the report on key usage has been implemented.
Fixed issues:
As compared with Kaspersky Security Center 10 Service Pack 2:
- The error caused Network Agent to crash when polling a large Active Directory database.
- The error caused the Find vulnerabilities and required updates task to fail to run sometimes. You no longer have to restart the Network Agent service in order to run the Find vulnerabilities and required updates task.
- The error caused changes in the order of tasks in the Tasks folder when a task was removed or the list was updated.
- The error returned "Failed to upgrade remote installation tasks #%1 Query with id=%2 not found" during updates of Administration Server.
- A potential vulnerability.
- The error returned MMC cannot initialize the snap-in when the View protection status link was clicked on the Monitoring tab of the Administration Server node.
- The error caused the Adobe Reader update task to fail on a slave Administration Server.
- The error caused the security group selection window to display user accounts in addition to security groups.
- The error caused Administration Console to crash sometimes when the Kaspersky Security for Windows Server settings were edited.
- The error caused incidents to have the Processed status immediately after they were created.
- The error caused Administration Console to crash sometimes when processing the list of events.
- The error caused deletion of an inherited task to fail when the Delete task link was clicked in the workspace of the Policies folder.
- The error caused the applications registry history to be displayed only partially.
- The error caused downloading of updates to fail if all the application categories (all the check boxes) were selected in the Application categories section of the Perform Windows Update synchronization task—that is, all categories except the drivers category (Drivers check box cleared).
- A vulnerability. Insecure protocols such as SSLv3 and TLSV1.0 have been disabled for port 17000.
- The error caused random failures in Administration Console operation during connection to the master Administration Server with a few dozen slave Administration Servers running.
- The error caused random unsuccessful attempts to connect to a slave Administration Server from the master Administration Server.
- The error caused an Administration Server that managed mobile devices to crash sometimes.
- Localization errors.
- The error blocked automatic tagging of the applications registry.
- The error caused the KSN proxy server to crash sometimes.
- The error caused the size of backup data copies to be extremely large in some cases.
- The error caused Administration Console to crash sometimes when devices for an assigned task were selected.
- The error caused some Active Directory objects not to be displayed in Administration Console after an upgrade of Active Directory.
- The error caused lengthy delays (one hour or longer) when activating policy profiles according to an automatic tagging rule.
- The error caused some new database errors in Kaspersky Event Log to occur, recorded as "The INSERT statement conflicted with the FOREIGN KEY constraint "FK_vs_session_nVServer"".
- The error occurred when updates were downloaded to the repository.
- The error caused the KSN proxy server to crash after any manual change of the date.
- The error caused the context-sensitive Help not to be displayed in certain folders.
- The error required key export rights when the active key was specified for the Administration Server.
- The error which occurred during Network Agent installation from a stand-alone package in VDI mode. For details, see this article.
-
Fixes that were previously included in patch "a" for Kaspersky Security Center 10 Service Pack 2:
Fixes that were previously included in patches "e" and "d" for Kaspersky Security Center 10 Service Pack 1: