What's new

Kaspersky Anti Targeted Attack Platform 4.0 now has the following new features:

  1. Improved interface for managing tables and alert details.
    • Turning column display on and off in tables is now supported.
    • Now you can filter TAA (IOA) rule based alerts by rule name.
  2. New task functionality for hosts with the Kaspersky Endpoint Agent for Windows component:
    • Start YARA scan

      This task lets you scan for malware using YARA rules.

    • Service management

      This task lets you remotely run, stop, pause, and resume a service, as well as remove the service or change its run type.

    • The Get forensics task can now fetch a list of autorun points from the host.
  3. New rule import functionality:
    • Now you can import multiple files with YARA rules. You can individually manage each rule imported from the file.
    • New functionality for importing a file with MD5 and SHA256 hashes for files that you want to prevent from running. You can import up to 50 000 hashes. For each hash, the program creates a separate prevention rule.
  4. Now you can make exclusions conditional for Kaspersky TAA (IOA) rules. The program now supports the Based on conditions exclusion mode. In this mode, the TAA (IOA) rule is supplemented by conditions in the form of a search query. The program does not mark events that match specified conditions as matching the TAA (IOA) rules. For events that match the TAA (IOA) rule, but do not satisfy the conditions of the applied exclusion, the program marks the events and creates alerts.
  5. Users can now be authenticated in the Kaspersky Anti Targeted Attack Platform web interface with domain accounts.
  6. Automatically sending files from Kaspersky Endpoint Agent hosts to be scanned by the Sandbox component in accordance with Kaspersky TAA (IOA) rules is now supported

    Adding this capability resulted in the following changes in the program:

    • The Settings includes a new Send files to Sandbox automatically subsection.
    • The Dashboard section now includes the Sent to Sandbox by TAA rules widget.

      The widget displays 10 TAA (IOA) rules that most frequently cause Kaspersky Anti Targeted Attack Platform to send files for scanning by the Sandbox component.

    • Alerts created as a result of a file being sent to Sandbox for scanning in accordance with TAA (IOA) rules can be filtered in the alert table.
  7. Added notifications for excessive CPU and RAM load for a given period of time.

    Adding this capability resulted in the following changes in the program:

  8. Now you can receive information about hard drive, CPU, and RAM load on Central Node and Sensor servers through external systems that support the SNMP protocol v2 and v3.
  9. New procedure of recording information about files received for scanning in the program log:
    • Each file entry includes the MD5 hash of the file.
    • Information about all stages of file processing is logged, irrespective of the scan result.

    By default, the log file is saved in /var/log/kaspersky/apt-history/.

  10. You can now find events registered on a Kaspersky Endpoint Agent for Windows host by IP address of the host.

    Adding this capability resulted in the following changes in the program:

  11. You can now perform Threat Response actions from external systems that are integrated with Kaspersky Anti Targeted Attack Platform. External systems interact with Kaspersky Anti Targeted Attack Platform through an API.

    You can use external systems to do the following:

    • Network isolation of a host.
    • Running a script or executable file.
    • Creating a prevention rule.

    Commands to carry out operations are received at the Central Node server and then Kaspersky Anti Targeted Attack Platform relays them to Kaspersky Endpoint Agent.

    All of the above operations are available for Kaspersky Endpoint Agent for Windows. With Kaspersky Endpoint Agent for Linux, you can only run a script or an executable file.

Kaspersky Endpoint Agent 3.12 for Windows has the following changes:

  1. Introduced compatibility with Kaspersky Anti Targeted Attack Platform version 4.0.
  2. Now you can scan files and memory using YARA rules.
  3. Now you can have autorun lists from the protected device collected for Kaspersky Anti Targeted Attack Platform.
  4. Kaspersky Anti Targeted Attack Platform users can now manage services on the protected device.
  5. The IP address of the protected device can now be sent to the Kaspersky Anti Targeted Attack Platform server, which makes it possible to filter events in the event table by IP address.
  6. New proxy server settings for connecting Kaspersky Endpoint Agent to the Kaspersky Anti Targeted Attack Platform server. Now you can configure access through group policies of the Windows domain, browser, or local WinHTTP settings.
  7. Kaspersky Endpoint Agent can now work with Kaspersky Security Network directly, without a proxy server.
  8. Information for generating an incident card for the Administration Server is now only sent if the Kaspersky Endpoint Detection and Response Optimum solution is being used.
  9. Added support for license subscription.
  10. Bug fixes for previous versions: the program includes fixes for previous versions.

Kaspersky Endpoint Agent 3.12 for Linux has the following changes:

Kaspersky Managed Detection and Response is no longer supported. It is not recommended to use Kaspersky Endpoint Agent for Linux to work with this solution. To work with Kaspersky Managed Detection and Response, use Kaspersky Endpoint Security for Linux.

See also

Kaspersky Anti Targeted Attack Platform

About Kaspersky Threat Intelligence Portal

Distribution kit

Hardware and software requirements

Limitations of the current version of the program
Page top