Limitations of the current Kaspersky Endpoint Agent version
Kaspersky Endpoint Agent 3.9 has the following limitations:
Limitations for filling out an incident card and creating a graph of the threat development chain:
If detection is related to SMB session on the device, the incident card does not display full information about the incident, and the graph of the threat development chain is not available.
If detection is caused by Kaspersky Sandbox, the graph of the threat development chain is not available for asynchronous detections in the incident card (for synchronous detections, the graph is available).
If the detection is caused by downloading a malicious file from the Internet or by blocking a phishing website, only the object's web address is displayed in the graph of the threat development chain; the event that caused the link to be clicked is not displayed.
If more than one application is specified as the value of the Application criterion when configuring the settings of network isolation exclusions, Kaspersky Endpoint Agent allows connection only for the first application in the list. Network connections for other applications specified in the list will be ignored. This limitation is reproduced when isolating devices with Windows 7 or Windows Server 2008 R2 operating systems.
Kaspersky Endpoint Agent can double-display data about a triggered object when displaying the results of IOC Scan task.
The installer cannot stop Kaspersky Endpoint Agent service until the service is initialized. For example, the installer returns the "Invalid password" error when trying to remove or modify the configuration of the application immediately after installation is completed, since initialization of Kaspersky Endpoint Agent service is not completed and the service cannot be stopped.
If localization of Kaspersky Endpoint Agent differs from localization of Kaspersky Endpoint Agent management plug-in for Kaspersky Security Center, some settings may not be displayed correctly in the outputs of the "show" commands in the command console.
When trying to launch Kaspersky Endpoint Agent installer with the permissions of a user whose account contains Chinese characters, the installer fails. It is recommended to install the application with the Local System account permissions, for example, start installation using Kaspersky Security Center.
Kaspersky Endpoint Agent 3.9 cannot be restored or uninstalled from the device if the integrity of the agent.exe module (Kaspersky Endpoint Agent 3.9 command line utility) is violated.
Kaspersky Endpoint Agent installer cannot be launched on a device with the operating system to which the active CodeIntegrity policy is applied.
In Kaspersky Endpoint Agent properties in the Administration Console (in the General section), data about the application installation status is displayed incorrectly.
Objects quarantined by Kaspersky Endpoint Agent cannot be sent from Kaspersky Security Center quarantine to Kaspersky for analysis.
The check boxes corresponding to the "Read" and "Perform operations with device selections" permissions that are displayed in the group of settings for role-based access control (RBAC) in the Administration Console, in the section with permissions for managing Kaspersky Endpoint Agent plug-in, do not apply to the group of settings in Kaspersky Security Center. If you select these check boxes, the "Read" and "Perform operations with device selections" permissions will not be restricted for the specified users.
When generating event selections, the filters are not applied to some of Kaspersky Endpoint Agent events published in Kaspersky Security Center Administration Console.
The agent.exe --help command does not support output of help for one specified command. The full list of all commands supported by the utility is displayed in the console.
The name of the workgroup, but not the name of the user is displayed in the User field in the properties of the object quarantined to the Administration Server repository.