Known limitations of Kaspersky Anti Targeted Attack Platform
Kaspersky Anti Targeted Attack Platform 8.0 has the following known limitations:
In a file alert created based on the results of scanning a copy of web traffic, the User name field is empty if the user is authenticated on the proxy server with basic authentication.
If the date on the Central Node server is over 30 days behind the current date, Kaspersky Anti Targeted Attack Platform cannot work. We recommend making sure that the current date is set on the server on which you want to install the application component.
The value of payload size per packet (maximum transmission unit, MTU) for the link between the Central Node and Sensor servers, as well as the PCN and SCN, is 1500 by default. If you know that your ISP limits the MTU on the links between the solution components, you need to configure the MTU so that its size does not exceed the value allowed by your ISP.
When checking the reputation of a file in Kaspersky Security Network, information about the vendor of the trusted signature is not recorded in the log.
An infrastructure of cloud services that provides access to the online Knowledge Base of Kaspersky which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
Kaspersky Anti Targeted Attack Platform correctly processes ERSPAN traffic received through the virtual interface at a rate of up to 2 Gbps. A higher rate of ERSPAN traffic results in data loss.
Using a name identical to the name of a previously deleted user account when creating a user account on a PCN or SCN can lead to Kaspersky Anti Targeted Attack Platform errors. We strongly recommend assigning unique names to new user accounts that do not match the names any deleted accounts.
Kaspersky Anti Targeted Attack Platform processes network events and creates corresponding IDS alerts without a delay at up to 1,000,000 alerts per day. If this threshold is exceeded, the application generates alerts with a delay: it takes 1 hour to catch up with a lag of 100,000 alerts.
Limitations of Kaspersky Endpoint Security 12.11 for Windows