The Managed Detection and Response component was added. This component facilitates interaction with the solution known as Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response (MDR) provides round-the-clock protection from a growing number of threats capable of bypassing automated protection mechanisms for organizations that are having a difficult time finding highly qualified experts or who have limited internal resources. For detailed information about how the solution works, please refer to the Kaspersky Managed Detection and Response Help Guide.
Kaspersky Endpoint Agent, which is included in the distribution kit, has been updated to version 3.10. Kaspersky Endpoint Agent 3.10 provides new features, resolves some previous issues, and has improved stability. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.
It now provides the capability to manage protection against attacks such as Network Flooding and Port Scanning in Network Threat Protection settings.
Added new method of creating network rules for Firewall. You can add packet rules and application rules for connections that are displayed in the Network Monitor window. However, network rule connection settings will be configured automatically.
Network Monitor interface is now improved. Added the information about network activity: process ID, that initiate network activity; network type (local network or the Internet); local ports. By default, the information about network type is hidden.
There is now the capability to automatically create Authentication Agent accounts for new Windows users. The Agent allows a user to complete authentication for access to drives that were encrypted using Kaspersky Disk Encryption technology, and to load the operating system. The application checks information about Windows user accounts on the computer. If Kaspersky Endpoint Security detects a Windows user account that has no Authentication Agent account, the application will create a new account for accessing encrypted drives. This means that you do not need to manually add Authentication Agent accounts for computers with already encrypted drives.
There is now the capability to monitor the disk encryption process in the application interface on users' computers (Kaspersky Disk Encryption and BitLocker). You can run the Encryption Monitor tool from the main application window.
Update 11.5.0
Kaspersky Endpoint Security 11.6.0 for Windows offers the following features and improvements:
Improved interface of the Kaspersky Endpoint Security web plug-in for the Application Control, Device Control, and Adaptive Anomaly Control components.
Added functionality for importing and exporting lists of rules and exclusions in XML format. The XML format allows you to edit lists after they are exported. You can manage lists only in the Kaspersky Security Center Console. The following lists are available for export/import:
Object MD5 information was added to the threat detection report. In previous versions of the application, Kaspersky Endpoint Security showed only the SHA256 of an object.
Added capability to assign the priority for device access rules in Device Control settings. Priority assignment enables more flexible configuration of user access to devices. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 0 for the administrators group and assign a priority of 1 for the Everyone group. You can configure the priority only for devices that have a file system. This includes hard drives, removable drives, floppy disks, CD/DVD drives, and portable devices (MTP).
Cost-Aware Networking Kaspersky Endpoint Security limits its own network traffic if the Internet connection is limited (for example, through a mobile connection).
Manage the settings for scanning secure traffic in Firefox and Thunderbird. You can select the certificate storage that will be used by Mozilla: the Windows certificate storage or the Mozilla certificate storage. This functionality is available only for computers that do not have an applied policy. If a policy is being applied to a computer, Kaspersky Endpoint Security automatically enables use of the Windows certificate storage in Firefox and Thunderbird.
Added capability to configure the secure traffic scan mode: always scan traffic even if protection components are disabled, or scan traffic when requested by protection components.
Revised procedure for deleting information from reports. A user can only delete all reports. In previous versions of the application, a user could select specific application components whose information would be deleted from reports.
Simplified procedure for restoring access to a drive that was encrypted by BitLocker. After completing the access recovery procedure, Kaspersky Endpoint Security prompts the user to set a new password or PIN code. After setting a new password, BitLocker will encrypt the drive. In the previous version of the application, the user had to manually reset the password in the BitLocker settings.
Users now have the capability to create their own local trusted zone for a specific computer. This way, users can create their own local lists of exclusions and trusted applications in addition to the general trusted zone in a policy. An administrator can allow or block the use of local exclusions or local trusted applications. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
There is now the capability to configure the settings of the Mail Threat Protection extension for Outlook.
It is prohibited to disable detection of viruses, worms, and Trojans.
Update 11.4.0
Kaspersky Endpoint Security 11.4.0 for Windows offers the following features and improvements:
New design of the application icon in the taskbar notification area. The new is now displayed instead of the old icon. If the user is required to perform an action (for example, restart the computer after updating the application), the icon will change to . If the protection components of the application are disabled or have malfunctioned, the icon will change to or . If you hover over the icon, Kaspersky Endpoint Security will display a description of the problem in computer protection.
Kaspersky Endpoint Agent, which is included in the distribution kit, has been updated to version 3.9. Kaspersky Endpoint Agent 3.9 supports integration with new Kaspersky solutions. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.
Added the Not supported by license status for Kaspersky Endpoint Security components. You can view the status of components by clicking the Protection components button in the main application window.
Drivers for Kaspersky Disk Encryption technology are now automatically added to the Windows Recovery Environment (WinRE) when drive encryption is started. The previous version of Kaspersky Endpoint Security added drivers when installing the application. Adding drivers to WinRE can improve the stability of the application when restoring the operating system on computers protected by Kaspersky Disk Encryption technology.
The Endpoint Sensor component has been removed from Kaspersky Endpoint Security. You can still configure Endpoint Sensor settings in a policy provided that Kaspersky Endpoint Security version 11.0.0 to 11.3.0 is installed on the computer.