In the Device Control task, you can use masks for the rules scope, allow access to the devices only for trusted users or group of users, and create the rules based on data from the Kaspersky Security Center network list of the added devices.
The set of triggering criteria for the Application Launch Control task is extended: you can launch the programs via the defined command line and you can select multiple criteria.
A new component for scanning executable scripts using AMSI technology for Windows is introduced.
The Malfunction diagnosis section is introduced for Kaspersky Security Center policies: you can manage trace files settings and dump files settings. Also, you can manage these options using command line utility kavshell.exe and using the installer command line setup.exe during installation. Trace management options and dump management options for the device under protection of Kaspersky Embedded Systems Security are available in Kaspersky Security Center remote diagnostic utility.
During installation, you can select the scope of saved data for migration to a new version of Kaspersky Embedded Systems Security using the installer command line.