Protection from changes to Kaspersky Embedded Systems Security registry keys

Kaspersky Embedded Systems Security restricts access to the following registry branches and keys, which facilitates loading of application drivers and services:

• [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfs]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsgt]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsslp]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klam]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klelaml]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klfltdev]
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klramdisk]
• [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.1\CrashDump]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.1] (on the 64-bit version of Microsoft Windows)
• [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.1\Trace]

The rights to change these registry branches and keys are granted to Local System (SYSTEM) account only. User and Administrator accounts are granted read-only rights.

Protection from changes to the memory of program service parts

To protect program service parts from third-party processes, Kaspersky Embedded Systems Security drivers restrict access to the following executable files:

• kavfs.exe
• kavfswp.exe
• kavfswh.exe
• kavfsgt.exe

By default, access to the memory of Kaspersky Embedded Systems Security service parts is restricted for third-party processes.

You can enable the self-defense functions in the Kaspersky Embedded Systems Security Console and Kaspersky Embedded Systems Security Administration Plug-in policy properties.

Page top