Kaspersky Anti Targeted Attack Platform now includes the following new functionality and fixes:
The Central Node component can be deployed as a fault-tolerant cluster that consists of 2 server roles: storage servers and processing servers. Fault tolerance is achieved through duplication of data between the storage servers and the redundancy of computing resources: if one server fails, its functions are performed by another server with the same role. Meanwhile, the program continues to work.
The ability to configure the sizing settings of the program was added. You can specify the planned volume of SPAN traffic, mail traffic, the number of hosts with Kaspersky Endpoint Agent, as well as the planned size of the Storage and event database. The program configures the servers with the Central Node component in accordance with the specified settings.
For the Sandbox component, installation of the Astra Linux 1.7 operating system and running objects in this operating system is supported.
Using an operating system is optional: you can select a set of operating systems that will be used to generate object scan tasks for the Sandbox component: Windows XP, Windows 7, Windows 10; Windows XP, Windows 7, Windows 10, CentOS 7.8 or Windows XP, Windows 7, Windows 10, Astra Linux 1.7.
The program can run the following objects in Astra Linux 1.7:
This task lets you get a RAM dump of the selected host.
The files resulting from the tasks are saved to a shared network resource.
Adding new task types resulted in the following changes in the program:
Data collection tasks are now grouped in the Get data submenu.
Renamed task types:
Get file → File.
Collect data → Forensics.
Get registry key → Registry key.
NTFS metafiles → NTFS metafiles.
Get process memory dump → Process memory dump.
New event type added: Process terminated.
The program web interface is changed in the following ways:
In the network interface settings window, the option to choose how to configure this interface has been added: manually or import settings from a DHCP server.
The option to disable synchronization with an NTP-server was removed from the Settings section, subsection Date and time.
The option to enter the maximum allowed hard disk space usage for Central Node and Sensor servers was removed.
Kaspersky Endpoint Agent for Windows 3.14 now includes the following new functionality and fixes:
Now you can interact with the fault-tolerant clusters of Kaspersky Anti Targeted Attack Platform servers.
Now you can create a full memory and a full disk dump of a protected device through the command line interface for further use of Kaspersky Anti Targeted Attack Platform.
Introduced Kaspersky Endpoint Agent operation mode in which the program is compatible with Azure WVD.
An error related to the possible blocking of files processed by Kaspersky Endpoint Agent is fixed.
Kaspersky Endpoint Agent 3.12 for Linux has the following changes:
Managing the Kaspersky Managed Detection and Response solution is no longer supported. It is not recommended to use Kaspersky Endpoint Agent for Linux to work with this solution. To work with Kaspersky Managed Detection and Response, use Kaspersky Endpoint Security for Linux.