What's new

Kaspersky Anti Targeted Attack Platform now includes the following new functionality and fixes:

1. For the Run program task, the task table (the Details column) now displays additional options for running a file or a command, if such options were specified when the task was created.
2. Information about detections made using URL Reputation (URL) and Anti-Malware Engine (AM) technologies now includes Source sender email, Source recipient email, Sender server IP fields (Object information section).

   Data in these fields originates in the 'Received' header.

3. New task functionality for hosts with the Kaspersky Endpoint Agent for Windows component:
   • New task: Get registry key.

     This task lets you get a file with the value of the selected registry key.

   • New task: Get process memory dump.

     This task lets you get a file with information about the selected process and a memory dump file for that process.

   • New task: Get NTFS metafiles.

     This task lets you get the selected metafiles.

4. In the Start YARA scan task, you can now set Autorun points as the scan scope.
5. The Sandbox component now supports installing CentOS 7.8 and running objects in this operating system.

   Using an operating system is optional: you can select a set of operating systems that will be used to generate object scan tasks for the Sandbox component — Windows XP, Windows 7, Windows 10 or Windows XP, Windows 7, Windows 10, CentOS 7.8.

   The program can run the following objects in CentOS 7.8:

   • Files from Kaspersky Endpoint Agent hosts sent to be scanned by the Sandbox component in accordance with Kaspersky TAA (IOA) rules.
   • Files uploaded to Storage manually or by the Get file task (if that specific object was sent to be scanned).
   • Files received from mail or network traffic.

   If preset rules are turned on, the program creates a prevention rule based on alerts generated by the Sandbox component regardless of which operating system the object was scanned in.

Kaspersky Endpoint Agent 3.13 for Windows has the following changes:

1. The capability to scan autorun points using YARA rules is implemented.
2. The capability to run tasks for the Get process memory dump, Get NTFS metafiles and Get registry key nodes is implemented. These tasks allow you to collect process images, NTFS service files, and protected device registry keys for Kaspersky Anti Targeted Attack Platform.

Kaspersky Endpoint Agent 3.12 for Linux has the following changes:

Kaspersky Managed Detection and Response is no longer supported. It is not recommended to use Kaspersky Endpoint Agent for Linux to work with this solution. To work with Kaspersky Managed Detection and Response, use Kaspersky Endpoint Security for Linux.

See also Kaspersky Anti Targeted Attack Platform About Kaspersky Threat Intelligence Portal Distribution kit Hardware and software requirements Limitations of the current version of the program

Page top