Limitations and warnings

Kaspersky Endpoint Security for Android and Kaspersky Safe Browser has a number of limitations that are non-critical for the operation of apps.

Limitations when installing apps

• Kaspersky Endpoint Security for Android is installed only in the main memory of the device.
• On devices running Android 7.0, an error may occur when attempting to disable administrator rights for Kaspersky Endpoint Security for Android in device settings if Kaspersky Endpoint Security for Android is prohibited from overlaying on other windows. This issue is caused by a well-known defect in Android 7.
• Kaspersky Endpoint Security for Android on devices running Android 7.0 or later does not support multi-window mode.
• Kaspersky Endpoint Security for Android does not work on Chromebook devices running the Chrome operating system.
• When using the Kaspersky Endpoint Security for Android app with third-party EMM systems (for example, VMWare AirWatch), only the Anti-Virus and Web Protection components are available. The administrator can configure the settings of Anti-Virus and Web Protection in the EMM system console. In this case, notifications about app operation are available only in the interface of the Kaspersky Endpoint Security for Android app (Reports).

Limitations when upgrading the app version

• You can upgrade Kaspersky Endpoint Security for Android only to a more recent version of the app. Kaspersky Endpoint Security for Android cannot be downgraded to an older version.
• To upgrade Kaspersky Endpoint Security for Android using a standalone installation package, installation of apps from unknown sources must be allowed on the user’s mobile device (Android Settings → Security → Unknown sources).
• You can update through Google Play if Kaspersky Endpoint Security for Android was installed from Google Play. If the app was installed using another method, you cannot update through Google Play.
• You can update through Kaspersky Security Center if Kaspersky Endpoint Security for Android was installed through Kaspersky Security Center or was installed from the Self Service Portal. If the app was installed from Google Play, you cannot update the app through Kaspersky Security Center.

Limitations in Anti-Virus operation

• Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips such files without notifying you that such files were skipped.
• For additional analysis of a device for new threats whose information has not yet been added to anti-virus databases, you must enable the use of Kaspersky Security Network. Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to Kaspersky Lab's online knowledge base with information about the reputation of files, web resources, and software. To use KSN, the mobile device must be connected to the Internet.
• On some devices, Kaspersky Endpoint Security for Android does not detect devices connected over USB OTG. It is not possible to run a virus scan on such devices.
• On devices running Android 7.0 or later, the configuration window for the virus scan run schedule might be incorrectly displayed (management elements are not shown). This issue is caused by a well-known defect in Android 7.

Limitations in Web Protection operation

• Web Protection on Android devices works only in the Google Chrome browser and Samsung Internet Browser.
• For Web Protection to work, you must enable the use of Kaspersky Security Network. Web Protection blocks websites based on the KSN data on the reputation and category of websites.
• Forbidden websites may remain unblocked by Web Protection on devices running Android 6.0 with Google Chrome version 51 (or any earlier version) installed if the website is opened in the following ways (this issue is caused by a well-known defect in Google Chrome):
  • From search results
  • From the bookmarks list
  • From search history
  • Using the web address autocomplete function
  • Opening them in a new tab in Google Chrome
• Forbidden websites may remain unblocked in Google Chrome version 50 (or any earlier version) if the website is opened from Google search results while the Merge Tabs and Apps feature is enabled in the browser settings. This issue is caused by a well-known defect in Google Chrome.
• Websites from blocked categories may remain unblocked in Google Chrome if the user opens them from third-party apps (for example, from an IM client app). This issue is related to how the Accessibility service works with the Chrome Custom Tabs feature.
• Forbidden websites may remain unblocked in Samsung Internet Browser if the user opens them in background mode from the context menu or from third-party apps (for example, from an IM client app).
• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of Web Protection.
• When entering a website address in Web Protection settings, adhere to the following rules:
  • For Android devices, specify the address in regular expressions format (for example, http:\/\/www\.example\.com.*).
  • For iOS MDM devices, specify the HTTP or HTTPS data transport protocol (for example, http://www.example.com).
• In Kaspersky Safe Browser, Web Protection supports website filtering based on website categories defined in KSN. Kaspersky Safe Browser does not make it possible to block access to specific websites.
• Allowed websites may be blocked in Samsung Internet Browser in the Only listed websites are allowed Web Protection mode when the page is refreshed. Websites are blocked if a regular expression contains advanced settings (for example, ^https?:\/\/example\.com\/pictures\/). It is recommended to use regular expressions without additional settings (for example, ^https?:\/\/example\.com).

Limitations in Anti-Theft operation

• For timely delivery of commands to Android devices, the app uses the Google Cloud Messaging (GCM) service. If GCM is not configured, commands will be delivered to the device only during synchronization with Kaspersky Security Center according to the schedule defined in the policy (for example, every 24 hours).
• To lock a device, Kaspersky Endpoint Security for Android must be set as the device administrator.
• To lock devices running Android 7.0 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.
• On some devices, Anti-Theft commands may fail to execute if Battery Saver mode is enabled on the device (this defect has been confirmed on Alcatel 5080X).

Limitations in App Control operation

• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of App Control on mobile devices running Android 5.0 or later.
• For App Control (app categories) to work, you must enable the use of Kaspersky Security Network. App Control determines the category of an app based on data that is available in KSN. To use KSN, the mobile device must be connected to the Internet. For App Control, you can add individual apps to the lists of blocked and allowed apps. In this case, KSN is not required.
• When configuring App Control, it is recommended to clear the Block system apps check box. Blocking system apps may lead to problems in device operation.

Limitations when configuring email

Remote configuration of a mailbox is available only on the following devices:

• iOS MDM devices
• Samsung devices running Android 5.0 or later (Exchange ActiveSync)
• Android devices with the TouchDown mail client installed

Limitations for jailbreak detection

To detect jailbreak on iOS devices, the Kaspersky Safe Browser app must be installed.

Limitations when configuring device unlock password strength

• On devices running Android 7.1.1, if the unlock password does not meet the corporate security requirements (Compliance Control), the Settings system app may function improperly when the unlock password is attempted to change through Kaspersky Endpoint Security for Android. The issue is caused by a well-known defect in Android 7.1.1. In this case, to change the unlock password, use the Settings system app only.
• On some devices running Android 6.0 or later, an error may occur when enter screen unlock password, if device data encrypted. This issue is related to specific features of the Accessibility service.

Android for Work limitations

Use of Android for Work profiles is available on devices running Android version 5.0 or later.

Samsung KNOX limitations

• Use of KNOX containers is available only on Samsung devices running Android version 5.0 or later.
• To use KNOX containers, you must purchase a KNOX License Manager key (KLM key) at the KNOX Marketplace. KNOX container settings cannot be defined on a mobile device without a KLM key.
• On Samsung devices that support KNOX 2.6, 2.7 and 2.7.1, Web Protection and App Control do not work in a KNOX container. This issue is related to the lack of required permissions in the KNOX container (Accessibility service). On devices that support KNOX 2.8 or later, all components of the app operate without limitations.

APN configuration limitations

• Remote configuration of APN is available only on iOS MDM devices or Samsung devices running Android version 5.0 or later.
• Configure APN for iOS MDM devices in the Cellular communications section. The APN section is out of date. Before configuring the APN settings, make sure that the Apply on device check box in the APN section is cleared.

Firewall limitations

Use of Firewall is available only on Samsung devices running Android version 5.0 or later.

VPN configuration limitations

Remote configuration of VPN is available only on the following devices:

• iOS MDM devices
• Samsung devices running Android version 5.0 or later.

Limitations when working with containers

• To install containerized apps, installation of apps from unknown sources must be allowed on the user’s mobile device (Android Settings → Security → Unknown sources).
• App containerization is not supported on Android devices for apps that contain more than 65,536 methods (multidex configuration).

App removal protection limitations

Kaspersky Endpoint Security for Android must be set as the device administrator.

To protect the app from removal on devices running Android 7.0 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.

Limitations of the app on specific devices

• On certain devices (for example, Huawei, Meizu, and Xiaomi), you must manually add Kaspersky Endpoint Security for Android to the list of apps that are started when the operating system starts (Security → Permissions → Autorun). If the app is not added to the list, Kaspersky Endpoint Security for Android stops performing all of its functions after the mobile device is restarted. In addition, if the device has been locked, you cannot use a command to unlock the device. You can unlock the device only by using a one-time unlock code.
• On certain devices (for example, Meizu and Asus) running Android 6.0 or later, after encrypting data and restarting the Android device, you must enter a numeric password to unlock the device. If the user uses a graphic password to unlock the device, you must convert the graphic password to a numeric password. For more details about converting a graphic password into a numeric password, please refer to the Technical Support website of the mobile device manufacturer. This issue is related to the operation of the Accessibility Features service.
• On some Huawei devices running Android 5.Х, after Kaspersky Endpoint Security for Android is set as an Accessibility feature, you may see an incorrect message about the lack of appropriate rights. To hide this message, enable the app as a protected app (Android Settings → Advanced settings → Battery manager → Protected apps).
• On some Huawei devices running Android 5.X or 6.X, when Battery Saver mode is enabled for Kaspersky Endpoint Security for Android, the user can manually terminate the app. The user device becomes unprotected after that. This issue is due to some features of Huawei software. To restore the device protection, run Kaspersky Endpoint Security for Android manually. It is recommended to disable Battery Saver mode for Kaspersky Endpoint Security for Android (Android Settings → Apps → Kaspersky Endpoint Security → Battery → Run when screen is shut down).
• On Huawei devices with EMUI firmware running Android 7.0, the user can hide the notification regarding the protection status of Kaspersky Endpoint Security for Android. This issue is due to some features of Huawei software.
• On some Xiaomi devices, when setting the password length to more than 5 characters in a policy, the user will be prompted to change the screen unlock password instead of the PIN code. You cannot set a PIN code that has more than 5 characters. This issue is due to some features of Xiaomi software.
• On Xiaomi devices with MIUI firmware running Android 6.0, the Kaspersky Endpoint Security for Android icon may be hidden in the status bar. This issue is due to some features of Xiaomi software. It is recommended to allow the display of notification icons in device settings (Android Settings → Notifications → Show notifications icons).
• On some Nexus devices running Android 6.0.1, the privileges required for proper operation cannot be granted through the Quick Start Wizard of Kaspersky Endpoint Security for Android. This issue is caused by a well-known defect in Security Patch for Android by Google. To ensure proper operation, the required privileges must be manually granted in the device settings.
• On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.
• On certain Samsung devices, it is impossible to block the use of fingerprints for unlocking the screen.
• Web Protection cannot be enabled on some Samsung devices running Android 5.0, or later versions, if the device is connected to a 3G/4G network, has Battery Saver mode enabled and which restricts background data. It is recommended to disable the function that restricts background processes (Android Settings → Battery → Battery Saver → Restrict Background Data).
• On certain Samsung devices, if the unlock password does not comply with corporate security requirements, Kaspersky Endpoint Security for Android does not block the use of fingerprints for unlocking the screen.
• After executing Anti-Theft commands (such as Locate, Device Lock, Unlock, and Mugshot), the general certificate and the VPN certificate may be deleted on some Samsung devices. The certificates have to be reinstalled to continue. This issue occurs due to the MDFPP (Mobile Device Fundamentals Protection Profile) security standard.
• On some Samsung devices running Android 4.4, the data entry language cannot be changed on the standard Samsung keyboard layout if Kaspersky Endpoint Security for Android has not been set as an Accessibility feature.
• Anti-Theft functionality is not available on Samsung S3 Neo GT-I9310(х) mobile devices running the Android 4.4.2 operating system. The issue is caused by a well-known defect in Samsung system software.
• On some Xiaomi and Huawei devices, Kaspersky Endpoint Security for Android removal protection does not work. This issue is caused by the specific features of MUIU firmware on Xiaomi and EMUI firmware on Huawei.

Page top