What's new

Kaspersky Anti Targeted Attack Platform now includes the following new functionality and fixes:

  1. For the Run program task, the task table (the Details column) now displays additional options for running a file or a command, if such options were specified when the task was created.
  2. Information about detections made using URL Reputation (URL) and Anti-Malware Engine (AM) technologies now includes Source sender email, Source recipient email, Sender server IP fields (Object information section).

    Data in these fields originates in the 'Received' header.

  3. New task functionality for hosts with the Kaspersky Endpoint Agent for Windows component:
    • New task: Get registry key.

      This task lets you get a file with the value of the selected registry key.

    • New task: Get process memory dump.

      This task lets you get a file with information about the selected process and a memory dump file for that process.

    • New task: Get NTFS metafiles.

      This task lets you get the selected metafiles.

  4. In the Start YARA scan task, you can now set Autorun points as the scan scope.
  5. The Sandbox component now supports installing CentOS 7.8 and running objects in this operating system.

    Using an operating system is optional: you can select a set of operating systems that will be used to generate object scan tasks for the Sandbox component — Windows XP, Windows 7, Windows 10 or Windows XP, Windows 7, Windows 10, CentOS 7.8.

    The program can run the following objects in CentOS 7.8:

    If preset rules are turned on, the program creates a prevention rule based on alerts generated by the Sandbox component regardless of which operating system the object was scanned in.

Kaspersky Endpoint Agent 3.13 for Windows has the following changes:

  1. The capability to scan autorun points using YARA rules is implemented.
  2. The capability to run tasks for the Get process memory dump, Get NTFS metafiles and Get registry key nodes is implemented. These tasks allow you to collect process images, NTFS service files, and protected device registry keys for Kaspersky Anti Targeted Attack Platform.

Kaspersky Endpoint Agent 3.12 for Linux has the following changes:

Kaspersky Managed Detection and Response is no longer supported. It is not recommended to use Kaspersky Endpoint Agent for Linux to work with this solution. To work with Kaspersky Managed Detection and Response, use Kaspersky Endpoint Security for Linux.

See also

Kaspersky Anti Targeted Attack Platform

About Kaspersky Threat Intelligence Portal

Distribution kit

Hardware and software requirements

Limitations of the current version of the program

Page top