Kaspersky Endpoint Security 12.1 for Linux ("Kaspersky Endpoint Security," "Application") designed to protect devices running Linux® operating systems against various types of threats, including network and scam attacks.
The application allows you to protect both physical devices and virtual machines. You can use Kaspersky Endpoint Security as part of Kaspersky Security for Virtualization Light Agent to protect virtual machines running Linux guest operating systems.
The application is not intended for use in industrial processes involving automated control systems. To protect devices in such systems, we recommend using Kaspersky Industrial CyberSecurity for Linux Nodes.
The following functional components and tasks of the application provide the main functions of device protection and control:
You can also scan protected devices on demand using the following scan tasks:
Kaspersky Endpoint Security allows you to detect infected objects and neutralize the threats detected in them. For this, the application can use:
Prior to disinfection or removal, Kaspersky Endpoint Security saves backup copies of files in the Backup located on the device. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can restore the file from the copy.
While performing scan tasks, Kaspersky Endpoint Security can disinfect and delete files that are protected from modification: files with the 'immutable' and 'append-only' attributes and files in directories with the 'immutable' and 'append-only' attributes. Backup stores copies of these files that were created before disinfection or deletion. You can restore files from backup copies, if necessary. When scan tasks are completed, the 'immutable' and 'append-only' attributes of disinfected files are reset.
Kaspersky Endpoint Security can operate in Notify-only mode. Notify-only mode is an operation mode for the application in which, if a threat is detected, application components and tasks do not attempt to disinfect or delete malicious objects, deny access or block the activity of applications. Instead, the application only informs the user about the detected threat.
Kaspersky Endpoint Security supports integration with other Kaspersky solutions to expand the capabilities of the application:
You can use Kaspersky Endpoint Security as a container application (hereinafter also referred to as KESL container) for embedding into external systems in order to scan container images in repositories.
The KESL container functionality is not supported if Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments.
To keep the application up to date, additional application functions are provided:
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the application receives updates of databases and application modules from the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).
You can manage Kaspersky Endpoint Security using the following methods:
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, it is not possible to manage the application using Kaspersky Security Center Cloud Console and the graphical user interface.
The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality may not be available in the application in the territory of the USA.