Application components integrity check

Kaspersky Endpoint Security contains many various binary modules in the form of dynamic linked libraries, executable files, configuration files, and interface files. Intruders can replace one or more application executable modules or files with other files containing malicious code. To prevent the replacement of modules and files, Kaspersky Endpoint Security can check integrity of the application components. The application checks modules and files for unauthorized changes or corruption. If an application module or file has an incorrect checksum, it is considered to be corrupted.

An integrity check is run for the following application components if installed on the device:

The application checks integrity of the files in the special lists called manifest files. Each application component has its own manifest file that contains a list of application files whose integrity is important for correct operation of this application component. The name of the manifest file is the same for each component, but the content of the manifest files differs. The manifest files are digitally signed and their integrity is checked as well.

The integrity of the application components is checked using the integrity_checker utility.

The integrity check utility must be run under the account with root privileges.

To check integrity, you can use either the utility installed with the application or the utility distributed on a certified CD.

It is recommended to run the integrity check utility from a certified CD to ensure integrity of the utility. When running the utility from the CD, specify the full path to the manifest file.

The integrity check utility installed with the application is located at the following paths:

The manifest files are located at the following paths:

To check integrity of the application components, run the following command:

The default path is for a manifest file located in the same directory as the integrity checker utility.

You can run the utility with the following optional settings:

You can view description of all available integrity check utility settings in the help on the utility options by running the integrity_checker --help command.

The result of checking the manifest files is displayed as follows:

If a violation of the integrity of the application or Network Agent is detected when the application starts, Kaspersky Endpoint Security generates an IntegrityCheckFailed event in the event log and in Kaspersky Security Center.

Page top