Kaspersky Endpoint Security now boasts the following features and improvements:
Introducing a new functional component, Mail Threat Protection. This component scans the attachments of incoming and outgoing email messages for viruses and other threatening applications.
Introducing a new functional component, BadUSB Attack Prevention. This component prevents the connection of infected USB devices that imitate a keyboard to a client device.
The Device Control component has been improved. Now you can grant temporary access to blocked devices upon user request.
Improvements to the Exploit Prevention component. Now you can configure exclusions from scanning by the component for objects.
Now the updatable kernel module allows optimizing the interception of file operations. Application performance is improved by using a cache of files and processes that do not need to be scanned.
Now, by using the updatable kernel module, you can configure global exclusions in a more granular way. If you are using the interception mechanism based on the fanotify technology, the specified mount points are excluded from the interception of file operations in their entirety. Using the updatable kernel module allows you to exclude specific local or remote directories mounted on the device.
Now you can set up integration with Kaspersky Endpoint Detection and Response Expert (on-premise), which is an enterprise cyber security solution that allows defending against most cybersecurity risks and cover the main scenarios of threat spread. Components of Kaspersky Endpoint Detection and Response Expert (on-premise) are deployed on the Open Single Management Platform (OSMP). Integration with Kaspersky Endpoint Detection and Response Expert (on-premise) supports all the possibilities of Kaspersky Endpoint Detection and Response (KATA) Integration, and also supports new features:
Starting a YARA scan. During a YARA scan, Kaspersky Endpoint Security uses YARA files to search for signatures of malicious activity on a device.
Collection of forensics, that is, digital data that may be useful when investigating incidents involving cybercrime and data leaks.
Sending extended data about events on devices (telemetry) to the telemetry server on the OSMP platform.
Sending only telemetry with an Indicator of Attack (IOA) and support for custom filters configured in the Web Console policy.
Selecting an integration mode in the settings of the Kaspersky Endpoint Detection and Response Expert (on-premise) Integration task on the command line or in policy properties in the Web Console.
The application can be used in Endpoint Detection and Response Agent mode to support Kaspersky Detection and Response solutions working together with third-party anti-virus solutions on protected devices. In this mode, the device is not protected by the standard protection and control components of Kaspersky Endpoint Security. A third-party application is responsible for the standard protection of the device.
The policy management interface in the Web Console has been updated. The structure of sections in the policy has been reworked to help find the necessary functions quicker.
Now you can select the traffic interception mode: the eBPF technology or the iptables utility.
Now you can select the telemetry source (only eBPF or eBPF plus auditd). For auditd, you can also select an operating mode (exclusive mode or multicast mode).
Now you can select the mode of sending files and directories to Sandbox for scanning: manual, automatic only, automatic and manual.
More functionality is available when using the application in Light Agent mode:
Now you can create out-of-office policies in the Web Console and Administration Console. Out-of-office policies come into effect when a device leaves the organization's network.
When viewing and exporting the list of mount points in the Web Console or the Administration Console, or when viewing this list on the command line, information about the mount point being found in a namespace is now also displayed.
Improved alternative mechanism for getting system telemetry in the Behavior Detection component on 64-bit operating systems with kernel versions 4.18 or later with eBPF support, which allows freeing up the resources of the auditd kernel audit subsystem.