- Kaspersky Industrial CyberSecurity for Nodes
- What's new
- Typical deployments
- Installing and removing the application
- Installation planning
- Installing and uninstalling the application using a wizard
- Installing using the Setup Wizard
- Modifying the set of components and repairing Kaspersky Industrial CyberSecurity for Nodes
- Uninstalling using the Setup Wizard
- Installing and uninstalling the application from the command line
- About installing and uninstalling Kaspersky Industrial CyberSecurity for Nodes from command line
- Kaspersky Industrial CyberSecurity for Nodes software component codes for the Windows Installer service
- Installation and uninstallation settings and command line options for the Windows Installer service
- Example commands for installing Kaspersky Industrial CyberSecurity for Nodes
- Actions to perform after Kaspersky Industrial CyberSecurity for Nodes installation
- Adding / removing components. Sample commands
- Kaspersky Industrial CyberSecurity for Nodes uninstallation. Sample commands
- Return codes
- Installing and uninstalling the application using Kaspersky Security Center
- General information about installing via Kaspersky Security Center
- Rights to install or uninstall Kaspersky Industrial CyberSecurity for Nodes
- Installing Kaspersky Industrial CyberSecurity for Nodes via Kaspersky Security Center
- Actions to perform after Kaspersky Industrial CyberSecurity for Nodes installation
- Installing the Application Console via Kaspersky Security Center
- Uninstalling Kaspersky Industrial CyberSecurity for Nodes via Kaspersky Security Center
- Installing and uninstalling via Active Directory group policies
- Kaspersky Industrial CyberSecurity for Nodes install and uninstall logs
- System changes after Kaspersky Industrial CyberSecurity for Nodes installation
- Kaspersky Industrial CyberSecurity for Nodes processes
- Checking Kaspersky Industrial CyberSecurity for Nodes functions. Using the EICAR test virus
- Installing and removing Kaspersky Security Gateway
- Installing Kaspersky Security Gateway using the Setup Wizard
- Step 1. Verifying installation requirements
- Step 2. Welcome page of the installation procedure
- Step 3. Viewing the End User License Agreement and Privacy Policy
- Step 4. Selecting the destination folder
- Step 5. Selecting components
- Step 6. Configuring the connection to the SCADA system
- Step 7. Installing Kaspersky Security Gateway
- Installing Kaspersky Security Gateway from the command line
- Removing Kaspersky Security Gateway
- Installing Kaspersky Security Gateway using the Setup Wizard
- Application interface
- Kaspersky Security Center management tools comparison and limitations
- Working with the Administration Plug-in
- Managing Kaspersky Industrial CyberSecurity for Nodes from Kaspersky Security Center
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- About task creation in Kaspersky Security Center
- Creating a task using Kaspersky Security Center
- Configuring local tasks in the Application settings window of the Kaspersky Security Center
- Configuring group tasks in Kaspersky Security Center
- Configuring crash diagnostics settings in Kaspersky Security Center
- Managing task schedules
- Reports in Kaspersky Security Center
- Working with the Kaspersky Industrial CyberSecurity for Nodes Console
- About the Kaspersky Industrial CyberSecurity for Nodes Console
- Kaspersky Industrial CyberSecurity for Nodes Console interface
- Managing Kaspersky Industrial CyberSecurity for Nodes via the Application Console on another device
- Configuring general application settings via the Application Console
- Managing Kaspersky Industrial CyberSecurity for Nodes tasks
- Viewing protection status and Kaspersky Industrial CyberSecurity for Nodes information
- Working with the Web Plug-in from Web Console and Cloud Console
- Managing Kaspersky Industrial CyberSecurity for Nodes from Web Console and Cloud Console
- Web Plug-in limitations
- Managing application settings
- Creating and configuring policies
- Creating and configuring tasks using Kaspersky Security Center
- Reports in Kaspersky Security Center
- Application licensing
- About the End User License Agreement
- About the license
- About license certificate
- About the key
- About the key file
- About activation code
- About subscription
- About data provision
- Activating the application with a key file
- Activating the application with an activation code
- Viewing information about current license
- Functional limitations when the license expires
- Renewing license
- Deleting the key
- Starting and stopping Kaspersky Industrial CyberSecurity for Nodes
- Starting the Kaspersky Industrial CyberSecurity for Nodes Administration Plug-in
- Starting the Kaspersky Industrial CyberSecurity for Nodes Console from the Start menu
- Starting and stopping the Kaspersky Security Service
- Starting Kaspersky Industrial CyberSecurity for Nodes components in the operating system safe mode
- Compact Diagnostic Interface
- Real-Time File Protection
- About the Real-Time File Protection task
- About the task protection scope and security settings
- About virtual protection scopes
- Predefined protection scopes
- About predefined security levels
- File extensions scanned by default in the Real-Time File Protection task
- Default Real-Time File Protection task settings
- Managing the Real-Time File Protection task via the Administration Plug-in
- Managing the Real-Time File Protection task via the Application Console
- Managing Real-Time File Protection task via the Web Plug-in
- On-Demand Scan
- About On-Demand Scan tasks
- About the task scan scope and security settings
- Predefined scan scopes
- Online storage file scanning
- About predefined security levels
- About the Removable Drives Scan
- About the Baseline File Integrity Monitor task
- Default On-Demand Scan tasks settings
- Managing On-Demand Scan tasks via the Administration Plug-in
- Managing On-Demand Scan tasks via the Application Console
- Trusted Zone
- Network Threat Protection
- About the Network Threat Protection task
- Default Network Threat Protection task settings
- Configuring the Network Threat Protection task via the Application Console
- Configuring the Network Threat Protection task via the Administration Plug-in
- Configuring the Network Threat Protection task via the Web Plug-in
- Wi-Fi Control
- Anti-Cryptor
- Applications Launch Control
- About the Applications Launch Control task
- About Applications Launch Control rules
- About Software Distribution Control
- About KSN usage for the Applications Launch Control task
- About Applications Launch Control rules generation
- Default Applications Launch Control task settings
- Managing Applications Launch Control via the Administration Plug-in
- Navigation
- Configuring Applications Launch Control task settings
- Configuring Software Distribution Control
- Configuring the Rule Generator for Applications Launch Control task
- Configuring Applications Launch Control rules via the Kaspersky Security Center
- Adding an Applications Launch Control rule
- Enabling the Default Allow mode
- Creating allowing rules from Kaspersky Security Center events
- Importing rules from a Kaspersky Security Center report on blocked applications
- Importing Applications Launch Control rules from an XML file
- Checking application launches
- Creating a Rule Generator for Applications Launch Control task
- Managing Applications Launch Control via the Application Console
- Managing Applications Launch Control via the Web Plug-in
- Device Control
- About Device Control task
- About Device Control rules
- About Device Control rules generation
- About Rule Generator for Device Control task
- Device Control default task settings
- Managing Device Control via the Administration Plug-in
- Navigation
- Configuring Device Control task
- Configuring the Rule Generator for Device Control task
- Configuring Device Control rules via the Kaspersky Security Center
- Creating allowing rules based on system data in a Kaspersky Security Center policy
- Generating rules for connected devices
- Generating rules based on Kaspersky Security Center registry
- Viewing properties of Device Control rules
- Importing rules from the Kaspersky Security Center report on blocked devices
- Creating rules using the Rule Generator for Device Control task
- Adding generated rules to the Device Control rules list
- Managing Device Control via the Application Console
- Navigation
- Configuring Device Control task settings
- Configuring Device Control rules
- Importing Device Control rules from XML file
- Filling rules list basing on Device Control task events
- Adding an allowing rule for one or several external devices
- Removing Device Control rules
- Exporting Device Control rules
- Activating and deactivating of Device Control rules
- Expanding Device Control rules usage scope
- Configuring Rule Generator for Device Control task
- Managing Device Control via the Application Console Web Plug-in
- Firewall Management
- KSN Usage
- File Integrity Monitor
- Portable scanner
- AMSI Scanner
- Registry Access Monitor
- About the Registry Access Monitor task
- About System registry monitoring rules
- Default Registry Access Monitor task settings
- Managing the Registry Access Monitor via the Administration Plug-in
- Managing the Registry Access Monitor via the Administration Console
- Managing the Registry Access Monitor via the Web Plug-in
- Log Inspection
- Exploit Prevention
- Industrial Network Protection
- Using Kaspersky Security Gateway
- About Kaspersky Security Gateway
- Limitations for Kaspersky Security Gateway
- Starting and stopping Kaspersky Security Gateway using standard Microsoft Windows tools
- Kaspersky Security Gateway Console interface
- Configuring the connection to the SCADA system
- Configuring the DCOM protocol
- Configuring data transfer settings using communication protocols
- Configuring Kaspersky Security Gateway additional settings
- Viewing Kaspersky Security Gateway events
- Integrating with third-party systems
- Performance counters for System Monitor
- About Kaspersky Industrial CyberSecurity for Nodes performance counters
- Total number of requests denied
- Total number of requests skipped
- Number of requests not processed because of lack of system resources
- Number of requests sent to be processed
- Average number of file interception dispatcher streams
- Maximum number of file interception dispatcher streams
- Number of elements in the infected objects queue
- Number of objects processed per second
- Kaspersky Industrial CyberSecurity for Nodes SNMP counters and traps
- About Kaspersky Industrial CyberSecurity for Nodes SNMP counters and traps
- Kaspersky Industrial CyberSecurity for Nodes SNMP counters
- Kaspersky Industrial CyberSecurity for Nodes SNMP traps and their options
- Kaspersky Industrial CyberSecurity for Nodes SNMP traps options descriptions and possible values
- Integrating with WMI
- Performance counters for System Monitor
- Isolating objects and copying backups
- Isolating probably infected objects. Quarantine
- Making backup copies of objects. Backup
- Blocking access to network resources. Blocked network sessions
- Updating Kaspersky Industrial CyberSecurity for Nodes databases and software modules
- About Update tasks
- About Software Modules Update
- About Database Update
- Schemes for updating anti-virus application databases and modules used within an organization
- Configuring Update tasks
- Rolling back Kaspersky Industrial CyberSecurity for Nodes database updates
- Rolling back application module updates
- Update task statistics
- Event registration. Kaspersky Industrial CyberSecurity for Nodes logs
- Ways to register Kaspersky Industrial CyberSecurity for Nodes events
- Configuring log settings via the Application Console
- Viewing the event log of Kaspersky Industrial CyberSecurity for Nodes in Event Viewer
- Notification settings
- Configuring logs and notifications settings via the Administration Plug-in
- Kaspersky Industrial CyberSecurity for Nodes self-defense
- About Kaspersky Industrial CyberSecurity for Nodes self-defense
- Protection from changes to folders with installed Kaspersky Industrial CyberSecurity for Nodes components
- Protection from changes to Kaspersky Industrial CyberSecurity for Nodes registry keys
- Registering the Kaspersky Security Service as a protected service
- Managing access permissions for Kaspersky Industrial CyberSecurity for Nodes functions
- About permissions to manage Kaspersky Industrial CyberSecurity for Nodes
- About permissions to manage registered services
- About access permissions for the Kaspersky Security Management Service
- About permissions to manage the Kaspersky Security Service
- Managing access permissions via the Administration Plug-in
- Managing access permissions via the Application Console
- Managing access permissions via the Web Plug-in
- Working with Kaspersky Industrial CyberSecurity for Nodes from the command line
- Commands
- Displaying Kaspersky Industrial CyberSecurity for Nodes command help: KAVSHELL HELP
- Starting and stopping the Kaspersky Security Service KAVSHELL START: KAVSHELL STOP
- Scanning a selected area: KAVSHELL SCAN
- Starting the Critical Areas Scan task: KAVSHELL SCANCRITICAL
- Managing tasks asynchronously: KAVSHELL TASK
- Removing the PPL attribute: KAVSHELL CONFIG
- Starting and stopping Real-Time Computer Protection tasks: KAVSHELL RTP
- Managing the Applications Launch Control task: KAVSHELL APPCONTROL /CONFIG
- Rule Generator for Applications Launch Control: KAVSHELL APPCONTROL /GENERATE
- Filling the list of Applications Launch Control rules: KAVSHELL APPCONTROL
- Filling the list of Device Control rules: KAVSHELL DEVCONTROL
- Starting the Database Update task: KAVSHELL UPDATE
- Rolling back Kaspersky Industrial CyberSecurity for Nodes database updates: KAVSHELL ROLLBACK
- Managing log inspection: KAVSHELL TASK LOG-INSPECTOR
- Activating the application: KAVSHELL LICENSE
- Enabling, configuring and disabling trace logs: KAVSHELL TRACE
- Defragmenting Kaspersky Industrial CyberSecurity for Nodes log files: KAVSHELL VACUUM
- Cleaning iSwift base: KAVSHELL FBRESET
- Enabling and disabling dump file creation: KAVSHELL DUMP
- Importing settings: KAVSHELL IMPORT
- Exporting settings: KAVSHELL EXPORT
- Integration with Microsoft Operations Management Suite: KAVSHELL OMSINFO
- Managing the Baseline File Integrity Monitor task: KAVSHELL FIM /BASELINE
- Command return codes
- Return codes for the KAVSHELL START and KAVSHELL STOP commands
- Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands
- Return codes for the KAVSHELL TASK LOG-INSPECTOR command
- Return codes for the KAVSHELL TASK command
- Return codes for the KAVSHELL RTP command
- Return codes for the KAVSHELL UPDATE command
- Return codes for the KAVSHELL ROLLBACK command
- Return codes for the KAVSHELL LICENSE command
- Return codes for the KAVSHELL TRACE command
- Return codes for the KAVSHELL FBRESET command
- Return codes for the KAVSHELL DUMP command
- Return codes for the KAVSHELL IMPORT command
- Return codes for the KAVSHELL EXPORT command
- Return codes for the KAVSHELL FIM /BASELINE command
- Commands
- Contacting Technical Support
- Sources of information about Kaspersky Industrial CyberSecurity for Nodes
- Glossary
- Active key
- Administration Server
- Anti-virus databases
- Archive
- Backup
- Disinfection
- Event severity
- False positive
- File mask
- Heuristic analyzer
- Infectable file
- Infected object
- Kaspersky Security Network (KSN)
- License term
- Local task
- OLE object
- Policy
- Protection status
- Quarantine
- Real-time protection
- Security level
- SIEM
- Startup objects
- Task
- Task settings
- Update
- Vulnerability
- Information about third-party code
- Trademark notices
What's new
What's new
The new version of Kaspersky Industrial CyberSecurity for Nodes introduces the following new features and improvements:
- Changes to the list of supported operating systems:
- The following operating systems are supported:
- Windows 10 version 21H2
- Windows 10 LTSC 2021
- Windows 11 version 21H2
- Windows Server 2003 SP1
- Windows Server 2022
- Support for the following operating systems is terminated:
- Windows 7 SP0
- Windows 10 version 1507
- Windows 10 version 1607 RS1
- Windows 10 version 1703 RS2
- Windows 10 version 1709 RS3
- The following operating systems are supported:
- Kaspersky Industrial CyberSecurity Endpoint Detection and Response is supported. To learn more, see Help for Kaspersky Industrial CyberSecurity Endpoint Detection and Response.
- Portable scanner is introduced in this release to examine the isolated devices and perform the security inspection. You can scan several devices in a row—Portable scanner generates an individual report for each scanned device. Scanner applies the default security level: Disinfect. Remove, if disinfection fails. You can create a Portable scanner on a removable USB drive using Compact Diagnostic Interface and start Portable scanner using the command line to apply the required mode: help, scan, and update.
- Improvements to the System Inspection settings: in the Registry Access Monitor task, you can compile statistics or block changes for the registry keys and values in the selected monitoring area after you create a respective rule. Also, you can Apply Trusted Zone to exclude trusted processes and trusted users from the monitoring area.
- A component for scanning executable scripts using AMSI technology for Windows is added. With AMSI Scanner task, you can allow or block execution of a script that has been found to be dangerous or probably dangerous. If Kaspersky Industrial CyberSecurity for Nodes identifies a script as potentially dangerous, it blocks or allows execution of the script according to your selected action.
- With new Application Launch Control task rules you can block processes started with the defined command line arguments.
- Security audit can be performed in Kaspersky Endpoint Agent if you have both Kaspersky Industrial CyberSecurity for Nodes and Kaspersky Endpoint Agent installed on the same device and you have current Kaspersky Industrial CyberSecurity for Nodes license.
- The following changes are implemented for integration with Kaspersky Industrial CyberSecurity for Networks using Kaspersky Endpoint Agent:
- Added transfer of information about running applications and active system users to Kaspersky Industrial CyberSecurity for Networks server to extend the list of network integrity violation events.
- Expanded list of types of Kaspersky Industrial CyberSecurity for Nodes events sent to Kaspersky Industrial CyberSecurity for Networks server.
- Expanded the installed third-party anti-virus tools list transferred to Kaspersky Industrial CyberSecurity for Networks server.
- It is now possible to install product components without mandatory installation of the anti-virus module and anti-virus databases. This mode allows using the product on devices with limited resources.
- Out-of-office Kaspersky Security Center policies are supported.
- The volume of obtained file operation statistics for trusted processes is optimized.
- Quality of virus scan using Kaspersky Security Network has improved.
- Product lifecycle information is added to the documentation.
- The following prerequisite for the product installation is introduced: the operating system must support certificates with SHA-256 signatures. To learn more, see https://support.kaspersky.com/15728.
- In this release, by default, the Scan at Operating System Startup task is set only to notify about probably infected objects detected at startup; it does not perform recommended actions.
- Issues from the previous versions are resolved: the application release is cumulative and includes the resolved issues from earlier releases.
Article ID: 236483, Last review: Sep 15, 2022