Be sure third-party anti-virus software is not installed on your device.
Be sure that Kaspersky Endpoint Agent for Linux is not installed on your device. If Kaspersky Endpoint Agent for Linux is installed, during the installation process you will see a message about the need to manually remote it.
Make sure the semanage utility is installed in the system. If the utility is not installed, install the policycoreutils-python or policycoreutils-python-utils package, depending on the package manager.
If you want to use the graphical user interface, you need to make sure that the dependencies of the GUI package are satisfied on your device. If the device is in an isolated network segment and does not have access to the repositories of the package manager, we recommend checking the list of dependencies on a reference device (libice6, libsm6, libx11-6, libx11-xcb1, libxcb-icccm4, libxcb-image0, libxcb-keysyms1, libxcb-randr0, libxcb-render-util0, libxcb-render0, libxcb-shape0, libxcb-shm0, libxcb-sync1, libxcb-xfixes0, libxcb-xinerama0, libxcb-xkb1, libxcb1, libxi6, libxml2, zlib1g), and then downloading and distributing the packages to all devices before installing the GUI.
On devices with operating systems that do not support fanotify technology, make sure that the following are installed:
Packages for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make);
Package with header files of the operating system kernel for compiling Kaspersky Endpoint Security modules.
On devices running the SUSE Linux Enterprise Server 15 operating system, the insserv-compat package must be installed.
By default, Astra Linux operating systems block ptrace (Disable ptrace capability), which may affect the operation of Kaspersky Endpoint Security. For Kaspersky Endpoint Security to work correctly, unblock ptrace when installing Astra Linux. If Astra Linux is already installed, see the Astra Linux Help Center website for instructions on how to enable/disable this mode (Configuring protection and blocking mechanisms in the Blocking ptrace section).
You can disable ptrace tracing by specifying the kernel parameter-value pair kernel.yama.ptrace_scope = 3. In this case, the following will happen in the application:
Creating dump files of the kesl process when the application crashes will not be possible.
The Behavior Detection component will not be able to receive the environment settings of processes.
On operating systems with a kernel version higher than 5.7, the Application Control component will not be able to read command line arguments and process environment variables, because reading /proc/pid/syscall and /proc/pid/mem is prohibited. On operating systems with kernel version 5.0, the Application Control component will not function properly.
The process memory and kernel memory scan will not work in scan tasks, since reading / proc / pid / mem is prohibited.
YARA scanning of process memory in mandatory access control mode is not guaranteed, because reading /proc/pid/mem is not allowed.
For the Kaspersky Endpoint Security MMC management plug-in to work, Microsoft® Visual C++® 2015 Redistributable Update 3 RC (see https://www.microsoft.com/en-us/download/details.aspx?id=52685) must be installed on device where Kaspersky Security Center Administration Server is installed.
For the application to run correctly, make sure that the root account is the owner of the following directories and that only the owner has the right to write to them: /var, /var/opt, /var/opt/kaspersky, /var/log/kaspersky, /opt, /opt/kaspersky, /usr/bin, /usr/lib, /usr/lib64.
Make sure that file descriptor limits recommended by the operating system vendor are configured in the operating system. To check the limit, run the command cat /proc/sys/fs/file-max. When the application is running, the operating system may use significantly more descriptors. In general, we recommend disabling the file limit by specifying fs.file-max=9223372036854775807 in the /etc/sysctl.conf file. After changing the value of this setting, you must restart the operating system.
Additional actions before installing Kaspersky Endpoint Security in Light Agent mode
If you plan to use Kaspersky Endpoint Security in Light Agent mode to protect virtual environments (as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent), you must perform the following additional actions before starting the installation of Kaspersky Endpoint Security:
Make sure that the settings of network equipment or software that monitor traffic between virtual machines allow network traffic to pass through the ports that are used for interaction between Kaspersky Endpoint Security in Light Agent mode and other components of Kaspersky Hybrid Cloud Security for Virtualization Light Agent. The ports used by the Light Agent are listed in the Kaspersky Security for Virtual Environment Light Agent Help.