For details about support for the Microsoft Windows 10, Microsoft Windows Server 2016 and Microsoft Windows Server 2019 operating systems, please refer to the Technical Support Knowledge Base.
For details about support for the Microsoft Windows 11 and Microsoft Windows Server 2022 operating systems, please refer to the Technical Support Knowledge Base.
After being installed to an infected computer, the application does not inform the user about the need to run a computer scan. You may experience problems activating the application. To resolve these problems, start a Critical Areas Scan.
If non-ASCII characters (for example, Russian letters) are used in the setup.ini and setup.reg files, you are advised to edit the file using notepad.exe and to save the file in UTF-16LE encoding. Other encodings are not supported.
The application does not support the use of non-ASCII characters when specifying the application installation path in the installation package settings.
When application settings are imported from a CFG file, the value of the setting that defines participation in Kaspersky Security Network is not applied. After importing the settings, please read the text of the Kaspersky Security Network Statement and confirm your consent to participate in Kaspersky Security Network. You can read the text of the Statement in the application interface or in the ksn_*.txt file located in the folder containing the application distribution kit.
If you want to remove and then re-install encryption (FLE or FDE) or the Device Control component, you must restart the system before reinstallation.
When using the Microsoft Windows 10 operating system, you must restart the system after removing the File Level Encryption (FLE) component.
When attempting to install any version of the AES Encryption Module on a computer that has Kaspersky Endpoint Security for Windows 11.7.0 but no encryption components installed, installation of the Encryption Module will end with an error message stating that a newer version of the application is installed. Starting with Kaspersky Endpoint Security 10 for Windows Service Pack 2 (version 10.3.0.6294), there is no separate installation file for the Encryption Module. Encryption libraries are included in the application distribution package. Kaspersky Endpoint Security 11.7.0 is incompatible with AES encryption modules. The libraries required for encryption are installed automatically when the Full Disk Encryption (FDE) or File Level Encryption (FLE) component is selected.
Installation of the application may end with an error stating An application whose name is missing or unreadable is installed on your computer. This means that incompatible applications or fragments of them remain on your computer. To remove artifacts of incompatible applications, send a request with a detailed description of the situation to Kaspersky Technical Support via Kaspersky CompanyAccount.
If you canceled removal of the application, start its recovery after the computer restarts.
On computers running Windows 10 version 1903 and 1909, upgrades from Kaspersky Endpoint Security 10 for Windows Service Pack 2 Maintenance Release 3 (build 10.3.3.275), Service Pack 2 Maintenance Release 4 (build 10.3.3.304), 11.0.0 and 11.0.1 with the File Level Encryption (FLE) component installed may end with an error. This is because file encryption is not supported for these versions of Kaspersky Endpoint Security for Windows in Windows 10 version 1903 and 1909. Prior to installing this upgrade, you are advised to remove the file encryption component.
The application requires Microsoft .NET Framework 4.0 or later. Microsoft .NET Framework 4.6.1 has vulnerabilities. If you are using Microsoft .NET Framework 4.6.1, you must install security updates. For details about Microsoft .NET Framework security updates, refer to the Microsoft Technical Support website.
If you are upgrading a previous version of the application to version 11.7.0, to install Kaspersky Endpoint Agent, restart the computer and sign in to the system using an account with local administrator rights. Otherwise, Kaspersky Endpoint Agent will not be installed during the upgrade procedure.
If the application is unsuccessfully installed with the Kaspersky Endpoint Agent component selected in a server operating system and the Windows Installer Coordinator Error window appears, refer to the instructions on the Microsoft support website.
If the application was installed locally in non-interactive mode, use the provided setup.ini file to replace the installed components.
After Kaspersky Endpoint Security for Windows is installed in some configurations of Windows 7, Windows Defender continues to operate. You are advised to manually disable Windows Defender to prevent degraded system performance.
When updating Kaspersky Endpoint Security 10 for Windows Service Pack 2 (build 10.3.0.6294), the files that were placed in Backup or Quarantine in the previous version of the application will be transferred to Backup in the new version of the application. These files are not transferred for versions earlier than Kaspersky Endpoint Security 10 for Windows Service Pack 2 (build 10.3.0.6294). To save them, you must restore the files from Quarantine and Backup before upgrading the application. After the upgrade is complete, re-scan the restored files.
Starting from 11.0.0 application version, you can install Kaspersky Endpoint Security for Windows MMC plugin on top of the previous plugin version. To return to a previous plugin version, delete the current plugin and install a previous version of the plugin.
When upgrading Kaspersky Endpoint Security 11.0.0 or 11.0.1 for Windows, the local task schedule settings for the Update, Critical Areas Scan, Custom Scan, and Integrity Check tasks are not saved.
On computers running Windows 10 version 1903 and 1909, upgrades from Kaspersky Endpoint Security 10 for Windows Service Pack 2 Maintenance Release 3 (build 10.3.3.275), Service Pack 2 Maintenance Release 4 (build 10.3.3.304), 11.0.0 and 11.0.1 with the File Level Encryption (FLE) component installed may end with an error. This is because file encryption is not supported for these versions of Kaspersky Endpoint Security for Windows in Windows 10 version 1903 and 1909. Prior to installing this upgrade, you are advised to remove the file encryption component.
The application requires Microsoft .NET Framework 4.0 or later. Microsoft .NET Framework 4.6.1 has vulnerabilities. If you are using Microsoft .NET Framework 4.6.1, you must install security updates. For details about Microsoft .NET Framework security updates, refer to the Microsoft Technical Support website.
If you are upgrading a previous version of the application to version 11.7.0, to install Kaspersky Endpoint Agent, restart the computer and sign in to the system using an account with local administrator rights. Otherwise, Kaspersky Endpoint Agent will not be installed during the upgrade procedure.
If you are upgrading Kaspersky Endpoint Security 10 for Windows Service Pack 2 Maintenance Release 4 with the File Level Encryption (FLE) component installed on computers running Windows 10 version 1809, 1903 and 1909, FDE drivers will not be installed to the WinRE image.
When upgrading Kaspersky Endpoint Security, the application disables the use of KSN until the Kaspersky Security Network Statement is accepted. In addition, the computer status can be changed to Critical in Kaspersky Security Center; the event KSN servers are unavailable is received. If you use Kaspersky Managed Detection and Response, you will receive events about violations in the operation of the solution. The use of KSN is required for the operation of Kaspersky Managed Detection and Response. Kaspersky Endpoint Security enables the use of KSN after applying the policy in which the administrator accepts the KSN terms of use. Once the Kaspersky Security Network Statement is accepted, Kaspersky Endpoint Security resumes its operation.
After the application is upgraded from versions earlier than Kaspersky Endpoint Security 11 for Windows, the computer must be restarted.
The ReFS file system is supported with limitations:
Kaspersky Endpoint Security may process threat disinfection events incorrectly. For example, if the application has deleted a malicious file, the report might have an Object not processed entry. At the same time, Kaspersky Endpoint Security disinfects threats in accordance with application settings. Kaspersky Endpoint Security can also create a duplicate of the Object will be disinfected on restart event for the same object.
File Threat Protection may skip some threats. At the same time, Virus Scan works correctly.
After server anti-virus check is started, scan exclusions added with iChecker are reset when the server is rebooted.
The iSwift technology is not supported. Kaspersky Endpoint Security does not consider scan exclusions added using the iSwift technology.
Kaspersky Endpoint Security does not detect eicar.com and susp-eicar.com files if meicar.exe file existed on the computer before Kaspersky Endpoint Security was installed.
Kaspersky Endpoint Security may incorrectly display threat disinfection notifications. For example, the application may display a threat notification for a previously disinfected threat.
The Server Core and Cluster Mode configurations are not supported.
File Level Encryption (FLE) and Kaspersky Disk Encryption (FDE) technologies are not supported on server platforms. At the same time, Kaspersky Endpoint Security may incorrectly process data encryption events.
Device Control is not supported on server platforms.
In server operating systems, no warning is displayed regarding the need for advanced disinfection.
Microsoft Windows Server 2008 was excluded from support. - Installing the application on a computer running the Microsoft Windows Server 2008 operating system is not supported.
Full disk encryption (FDE) on Hyper-V virtual machines is not supported.
Full disk encryption (FDE) on Citrix virtual platforms is not supported.
Windows 10 Enterprise multi-session is supported with limitations:
Kaspersky Endpoint Security considers Windows 10 Enterprise multi-session as a server operating system. Therefore, Windows 10 Enterprise multi-session is supported with server platform-specific limitations. For example, servers cannot use some Kaspersky Endpoint Security components. The application also uses a server license key instead of a workstation license key.
Full disk encryption (FDE) is not supported.
Managing BitLocker is not supported.
Using Kaspersky Endpoint Security with removable drives is not supported. The Microsoft Azure infrastructure defines removable drives as network drives.
Installation and use of file level encryption (FLE) on Citrix virtual platforms is not supported.
To support compatibility of Kaspersky Endpoint Security for Windows with Citrix PVS, perform installation with the Ensure compatibility with Citrix PVSoption enabled. This option can be enabled in the Setup Wizard or by using the command line parameter/pCITRIXCOMPATIBILITY=1. In case of remote installation, the KUD file must be edited by adding the following parameter to it: /pCITRIXCOMPATIBILITY=1.
Citrix XenDesktop. Before starting cloning, you must disable Self-Defense to clone virtual machines that use vDisk.
When preparing a template machine for the Citrix XenDesktop master image with pre-installed Kaspersky Endpoint Security for Windows and Kaspersky Security Center Network Agent, add the following types of exclusions to the configuration file:
In some cases, an attempt to safely disconnect a removable drive may be unsuccessful on a virtual machine that is deployed on a VMware ESXi hypervisor. Attempt to safely disconnect the device once again.
You can manage the Adaptive Anomaly Control component only in Kaspersky Security Center version 11 or later.
The Kaspersky Security Center 11 threat report might not display information about the action taken on threats that were detected by the AMSI Protection.
The operating status of the AMSI Protection and Adaptive Anomaly Control components is available only in Kaspersky Security Center version 11 or later. You can view the operating status in the Kaspersky Security Center Console within the computer properties in the Tasks section. Reports for these components are also available only in Kaspersky Security Center version 11 or later.
If the Error receiving data system message is displayed, verify that the computer on which you are performing activation has network access, or configure the activation settings via Kaspersky Security Center Activation Proxy.
The application cannot be activated by subscription via the Kaspersky Security Center if the license has expired or if a trial license is active on the computer. To replace a trial license or a soon-to-be expired license with a subscription license, use the license distribution task.
In the application interface, the license expiration date is displayed in the local time of the computer.
Installation of the application with an embedded key file on a computer that has unstable Internet access may result in the temporary display of events stating that the application is not activated or that the license does not permit component operation. This is because the application first installs and attempts to activate the embedded trial license, which requires Internet access for activation during the installation procedure.
During the trial period, installation of any application upgrade or patch on a computer that has unstable Internet access may result in the temporary display of events stating that the application is not activated. This is because the application once again installs and attempts to activate the embedded trial license, which requires Internet access for activation when installing an upgrade.
If the trial license was automatically activated during application installation and then the application was removed without saving the license information, the application will not be automatically activated with the trial license when re-installed. In this case, manually activate the application.
If you are using Kaspersky Security Center version 11 and Kaspersky Endpoint Security version 11.7.0, component performance reports may work incorrectly. If you installed Kaspersky Endpoint Security components that are not included in your license, Network Agent may send component status errors to the Windows Event Log. To avoid errors, remove the components that are not included in your license.
It is not possible to restore files residing on network drives or on rewritable CD/DVD discs.
It is not possible to restore files that were encrypted with the Encryption File System (EFS). For more details on EFS operation, please visit the Microsoft website.
The application does not monitor modifications to files performed by processes at the level of the operating system kernel.
The application does not monitor modifications made to files over a network interface (for example, if a file is stored in a shared folder and a process is started remotely from another computer).
Filtration of packets or connections by local address, physical interface, and packet time to live (TTL) is supported in the following cases:
By local address for outbound packets or connections in application rules for TCP and UDP and packet rules.
By local address for inbound packets or connections (except UDP) in block application rules and packet rules.
By packet time to live (TTL) in block packet rules for inbound or outbound packets.
By network interface for inbound and outbound packets or connections in packet rules.
In application versions 11.0.0 and 11.0.1, defined MAC addresses are incorrectly applied. The MAC address settings for versions 11.0.0, 11.0.1 and 11.1.0 or later are not compatible. After upgrading the application or plug-in from these versions to version 11.1.0 or later, you must verify and reconfigure the defined MAC addresses in Firewall rules.
When upgrading the application from versions 11.1.1 and 11.2.0 to version 11.7.0, the statuses of permissions for the following Firewall rules are not migrated:
Requests to DNS server over TCP.
Requests to DNS server over UDP.
Any network activity.
ICMP Destination Unreachable incoming responses.
Incoming ICMP stream.
If you configured a network adapter or packet time to live (TTL) for an allowing packet rule, the priority of this rule is lower than a blocking application rule. In other words, if network activity is blocked for an application (for example, the application is in the High Restricted trust group), you cannot allow network activity of the application by using a packet rule with these settings. In all other cases, the priority of a packet rule is higher than an application network rule.
When importing Firewall packet rules, Kaspersky Endpoint Security may modify rule names. The application determines rules with identical sets of general parameters: protocol, direction, remote and local ports, packet time-to-live (TTL). If this set of general parameters is identical for multiple rules, the application assigns the same name to those rules or appends a parameter tag to the name. In this way, Kaspersky Endpoint Security imports all packet rules, but the name of rules that have identical general settings can be modified.
If you have enabled application event reporting in a network rule, on moving the application to a different trust group, the restrictions of this trust group will not be applied. Thus, if the application is in the Trusted trust group, it will have no network restrictions. Then you enabled event reporting for this application and moved it to the Untrusted trust group. Firewall will not enforce network restrictions for this application. We recommend that you first move the application to the appropriate trust group and then enable event reporting. If this method is not suitable, you can manually configure restrictions for the application in the network rule settings. The restriction applies only to the local interface of the application. Moving the application between trust groups in the policy works correctly.
The Firewall and Intrusion Prevention components have common settings: application rights and protected resources. If you change these settings for Firewall, Kaspersky Endpoint Security automatically applies the new settings to Intrusion Prevention. If, for example, you have allowed changes to the general settings of the Firewall policy (the padlock is open), the Intrusion Prevention settings will also become editable.
When a network packet rule is triggered in Kaspersky Endpoint Security 11.6.0 or earlier, the Application Name column in the Firewall report will always display the Kaspersky Endpoint Security value. In addition, the Firewall will block the connection at packet level for all applications. This behavior has been modified for Kaspersky Endpoint Security 11.7.0 or later. The Rule Type column has been added to the Firewall report. When a network packet rule is triggered, the value in the Application Name column remains empty.
Kaspersky Endpoint Security resets the timeout of USB device lock when the computer is locked (for example, screen lock timeout elapsed). That is, if you enter a wrong USB device authorization code multiple times and the application locks the USB device, Kaspersky Endpoint Security allows you to repeat the authorization attempt after unlocking the computer. In this case, Kaspersky Endpoint Security does not lock the USB device for a time specified in BadUSB Attack Prevention component settings.
Kaspersky Endpoint Security resets the USB device lock timeout when computer protection is paused. That is, if you enter a wrong USB device authorization code multiple times and the application locks the USB device, Kaspersky Endpoint Security allows you to repeat the authorization attempt after resuming computer protection. In this case, Kaspersky Endpoint Security does not lock the USB device for a time specified in BadUSB Attack Prevention component settings.
When working in Microsoft Windows 10 in application denylist mode, block rules may be incorrectly applied, which could cause blocking of applications that are not specified in rules.
When progressive web apps (PWA) are blocked by the Application Control component, appManifest.xml is indicated as the blocked app in the report.
When adding the standard Notepad application to an Application Control rule for Windows 11, it is not recommended to specify the path to the application. On computers running Windows 11, the operating system uses Metro Notepad located in the folder C:\Program Files\WindowsApps\Microsoft.WindowsNotepad*\Notepad\Notepad.exe. In previous versions of the operating system, Notepad is located in the following folders:
C:\Windows\notepad.exe
C:\Windows\System32\notepad.exe
C:\Windows\SysWOW64\notepad.exe
When adding Notepad to an Application Control rule, you can specify the application name and the file hash from the properties of the running application, for example.
Access to Printer devices that were added to the trusted list is blocked by device and bus blocking rules.
For MTP devices, control of Read, Write, and Connect operations is supported if you are using the built-in Microsoft drivers of the operating system. If a user installs a custom driver for working with a device (for example, as part of iTunes or Android Debug Bridge), control of Read and Write operations may not work.
When working with MTP devices, access rules are changed after reconnecting the device.
If you are adding a device to the trusted list based on a model mask and use characters that are included in the ID but not in the model name, these devices are not added. On a workstation, these devices will be added to the trusted list based on an ID mask.
It is recommended to create exclusions automatically based on the event. When manually adding an exclusion, add the * character to the beginning of the path when specifying the target object.
After installing the application, you must restart the operating system for hard drive encryption to work properly.
The Authentication Agent does not support hieroglyphics or the special characters | and \.
For optimal computer performance after encryption, it is required that the processor supports AES-NI instruction set (Intel Advanced Encryption Standard New Instructions). If the processor does not support AES-NI, computer performance might decrease.
When there are processes that attempt to access encrypted devices before the application has granted access to such devices, the application shows a warning stating that such processes must be terminated. If the processes cannot be terminated, re-connect the encrypted devices.
The unique IDs of hard drives are displayed in the device encryption statistics in inverted format.
It is not recommended to format devices while they are being encrypted.
When multiple removable drives are simultaneously connected to a computer, the encryption policy can be applied to only one removable drive. When the removable devices are reconnected, the encryption policy is applied correctly.
Encryption may fail to start on a heavily fragmented hard drive. Defragment the hard drive.
When hard drives are encrypted, hibernation is blocked from the time when the encryption task starts until the first restart of a computer running Microsoft Windows 7/8/8.1/10, and after installation of hard drive encryption until the first restart of Microsoft Windows 8/8.1/10 operating systems. When hard drives are decrypted, hibernation is blocked from the time when the boot drive is fully decrypted until the first restart of the operating system. When the Quick Start option is enabled in Microsoft Windows 8/8.1/10, blocking of hibernation prevents you from shutting down the operating system.
Windows 7 computers don't allow to change password during recovery when the disk is encrypted with BitLocker technology. After the recovery key is entered and the operating system is loaded, Kaspersky Endpoint Security won't prompt the user to change the password or PIN code. Thus, it is impossible to set a new password or a PIN code. This issue stems from the peculiarities of the operating system. To continue, you need to re-encrypt the hard drive.
It is not recommended to use the xbootmgr.exe tool with additional providers enabled. For example, Dispatcher, Network, or Drivers.
Formatting an encrypted removable drive is not supported on a computer that has Kaspersky Endpoint Security for Windows installed.
Formatting an encrypted removable drive with the FAT32 file system is not supported (the drive is displayed as encrypted). To format a drive, reformat it to the NTFS file system.
For details on restoring an operating system from a backup copy to an encrypted GPT device, visit the Technical Support Knowledge Base.
Multiple download agents cannot co-exist on one encrypted computer.
It is impossible to access a removable drive that was previously encrypted on a different computer when all of the following conditions are simultaneously met:
There is no connection to the Kaspersky Security Center server.
The user is attempting authorization with a new token or password.
If a similar situation occurs, restart the computer. After the computer has been restarted, access to the encrypted removable drive will be granted.
Discovery of USB devices by the Authentication Agent may not be supported when xHCI mode for USB is enabled in BIOS settings.
Kaspersky Disk Encryption (FDE) for the SSD part of a device that is used for caching the most frequently used data is not supported for SSHD devices.
Encryption of hard drives in 32-bit Microsoft Windows 8/8.1/10 operating systems running in UEFI mode is not supported.
Restart the computer before encrypting a decrypted hard drive again.
Hard drive encryption is not compatible with Kaspersky Anti-Virus for UEFI. It is not recommended to use hard drive encryption on computers that have Kaspersky Anti-Virus for UEFI installed.
Automatic creation of Authentication Agent accounts is not supported if the option to create accounts for users who log in to the system in the last N days is selected.
If the name of an Authentication Agent account has the format <domain>/<Windows account name>, after changing the computer name you need to also change the names of accounts that were created for local users of this computer. For example, imagine that there is a local user Ivanov on the Ivanov computer, and an Authentication Agent account with the name Ivanov/Ivanov has been created for this user. If the computer name Ivanov has been changed to Ivanov-PC, you need to change the name of the Authentication Agent account for the user Ivanov from Ivanov/Ivanov to Ivanov-PC/Ivanov. You can change the account name using the local account management task of the Authentication Agent. Before the name of the account has been changed, authentication in the preboot environment is possible using the old name (for example, Ivanov/Ivanov).
If a user is allowed to access a computer that was encrypted using Kaspersky Disk Encryption technology only by using a token and this user needs to complete the access recovery procedure, make sure that this user is granted password-based access to this computer after access to the encrypted computer has been restored. The password that the user set when restoring access might not be saved. In this case, the user will have to complete the procedure for restoring access to the encrypted computer again the next time the computer is restarted.
When decrypting a hard drive using the FDE Recovery Tool, the decryption process may end with an error if data on the source device is overwritten with the decrypted data. Part of the data on the hard drive will remain encrypted. It is recommended to choose the option to save decrypted data to a file in the device decryption settings when using the FDE Recovery Tool.
If the Authentication Agent password has been changed, a message containing the text Your password has been changed successfully. Click OK appears and the user restarts the computer, the new password is not saved. The old password must be used for subsequent authentication in the preboot environment.
Disk encryption is incompatible with Intel Rapid Start technology.
Disk encryption is incompatible with ExpressCache technology.
In some cases, when attempting to decrypt an encrypted drive using the FDE Recovery Tool, the tool mistakenly detects the device status as "unencrypted" after the "Request-Response" procedure is completed. The tool's log shows an event stating that the device was successfully decrypted. In this case, you must restart the data recovery procedure to decrypt the device.
After the Kaspersky Endpoint Security for Windows plug-in is updated in the Web Console, the client computer properties do not show the BitLocker recovery key until the Web Console service is restarted.
To see the other limitations of full disk encryption support and a list of devices for which encryption of hard drives is supported with restrictions, please refer to the Technical Support Knowledge Base.
File and folder encryption is not supported in operating systems of the Microsoft Windows Embedded family.
Once you have installed the application, you must restart the operating system for file and folder encryption to work properly.
If an encrypted file is stored on a computer that has available encryption functionality and you access the file from a computer where encryption is not available, direct access to this file will be provided. An encrypted file that is stored in a network folder on a computer that has available encryption functionality is copied in decrypted form to a computer that does not have available encryption functionality.
You are advised to decrypt files that were encrypted with Encrypting File System before encrypting files with Kaspersky Endpoint Security for Windows.
After a file is encrypted, its size increases by 4 kB.
After a file is encrypted, the Archive attribute is set in the file properties.
If an unpacked file from an encrypted archive has the same name as an already existing file on your computer, the latter will be overwritten by the new file that is unpacked from an encrypted archive. The user is not notified about the overwrite operation.
Before you unpack an encrypted archive, make sure you have enough free disk space to accommodate the unpacked files. If you do not have enough disk space, the archive unpacking may be completed but the files may be corrupted. In this case, it is possible that Kaspersky Endpoint Security does not display any error messages.
The Portable File Manager interface does not display messages about errors that occur during its operation.
Kaspersky Endpoint Security for Windows does not start the Portable File Manager on a computer that has the File Level Encryption component installed.
You cannot use the Portable File Manager to access a removable drive if the following conditions are true simultaneously:
There is no connection to Kaspersky Security Center;
Kaspersky Endpoint Security for Windows is installed on the computer;
Data encryption (FDE or FLE) was not performed on the computer.
Access is impossible even if you know the password of the Portable File Manager.
When file encryption is used, the application is incompatible with the Sylpheed mail client.
Kaspersky Endpoint Security for Windows does not support the rules of restriction of access to encrypted files for some applications. This is due to the fact that some file operations are performed by a third-party application. For example, file copying is performed by the file manager, not by the application itself. In this way, if access to encrypted files is denied to the Outlook mail client, Kaspersky Endpoint Security will allow the mail client to access the encrypted file, if the user has copied files to the email message via the clipboard or using the drag-and-drop function. The copy operation was performed by a file manager, for which the rules of restriction of access to encrypted files are not specified, i.e. the access is allowed.
When removable drives are encrypted with portable mode support, password age control cannot be disabled.
Changing the page file settings is not supported. The operating system uses the default values instead of the specified parameter values.
Use safe removal when working with encrypted removable drives. We cannot guarantee data integrity if the removable drive is not safely removed.
After files are encrypted, their non-encrypted originals are securely deleted.
Synchronization of offline files using Client-Side Caching (CSC) is not supported. It is recommended to prohibit offline management of shared resources at the group policy level. Files that are in offline mode can be edited. After synchronization, changes made to an offline file may be lost. For details regarding support for Client-Side Caching (CSC) when using encryption, please refer to the Technical Support Knowledge Base.
You may experience problems when accessing encrypted files over the network. You are advised to move the files to a different source or make sure that the computer being used as a file server is managed by the same Kaspersky Security Center Administration Server.
Changing the keyboard layout may cause the password entry window for an encrypted self-extracting archive to hang. To solve this problem, close the password entry window, switch the keyboard layout in your operating system, and re-enter the password for the encrypted archive.
When file encryption is used on systems that have multiple partitions on one disk, you are advised to use the option that automatically determines the size of the pagefile.sys file. After the computer restarts, the pagefile.sys file may move between disk partitions.
After applying file encryption rules, including files in the My Documents folder, make sure that users for whom encryption has been applied can successfully access encrypted files. To do so, have each user sign in to the system when a connection to Kaspersky Security Center is available. If a user attempts to access encrypted files without a connection to Kaspersky Security Center, the system may hang.
If system files are somehow included in the scope of file level encryption, events regarding errors when encrypting these files may appear in reports. The files specified in these events are not actually encrypted.
Pico processes are not supported.
Case-sensitive paths are not supported. When encryption rules or decryption rules are applied, the paths in product events are displayed in lowercase.
It is not recommended to encrypt files that are used by the system on startup. If these files are encrypted, an attempt to access encrypted files without a connection to Kaspersky Security Center may cause the system to hang or result in prompts for access to unencrypted files.
If users jointly work with a file over the network under FLE rules via applications that use the file-to-memory mapping method (such as WordPad or FAR) and applications designed for working with large files (such as Notepad ++ ), the file in unencrypted form may be blocked indefinitely without the capability to access it from the computer on which it resides.
File encryption in OneDrive sync folders is not supported. Adding folders with already encrypted files to the OneDrive sync list may result in loss of data in the encrypted files.
When the file level encryption component is installed, management of users and groups does not work in WSL mode (Windows Subsystem for Linux).
When the file level encryption component is installed, POSIX (Portable Operating System Interface) for renaming and deleting files is not supported.
It is not recommended to encrypt temporary files, as this can cause data loss. For example, Microsoft Word creates temporary files when processing a document. If temporary files are encrypted, but the original file is not, the user may receive an Access Denied error when trying to save the document. Additionally, Microsoft Word might save the file, but it will not be possible to open the document the next time, i.e. the data will be lost. To prevent data loss, you need to exclude the temporary files folder from encryption rules.
After updating Kaspersky Endpoint Security for Windows version 11.0.1 or earlier, to access encrypted files after restarting the computer, make sure that the Network Agent is running. Network Agent has a delayed startup, so you cannot access the encrypted files immediately after the operating system loads. There is no need to wait for the Network Agent to start after the next computer startup.
System Watcher. Complete information about processes is not displayed.
When Kaspersky Endpoint Security for Windows is started for the first time, a digitally signed application may be temporarily placed into the wrong group. The digitally signed application will later be put into the correct group.
Virus Scantask does not support 64-bit Microsoft Outlook version. This means that Kaspersky Endpoint Security does not check Outlook x64 files (PST and OST files) even if mail is included in scan scope.
In Kaspersky Security Center 10, when switching from using the global Kaspersky Security Network to using a private Kaspersky Security Network, or vice versa, the option to participate in Kaspersky Security Network is disabled in the policy of the specific product. After switching, carefully read the text of the Kaspersky Security Network Statement and confirm your consent to participate in KSN. You can read the text of the Statement in the application interface or when editing the product policy.
During a rescan of a malicious object that was blocked by third-party software, the user is not notified when the threat is detected again. The threat re-detection event is displayed in the product report and in the Kaspersky Security Center 10 report.
The Endpoint Sensor component cannot be installed in Microsoft Windows Server 2008.
The Kaspersky Security Center 10 report on device encryption will not include information about devices that were encrypted using Microsoft BitLocker on server platforms or on workstations on which the Device Control component is not installed.
It is not possible to enable the display of all report entries in the Kaspersky Security Center Web Console. In the Web Console, you can only change the number of entries displayed in reports. By default, Kaspersky Security Center Web Console shows 1000 report entries. You can enable the display of all report entries in the Administration Console (MMC).
It is not possible to set the display of more than 1000 report entries in the Kaspersky Security Center Console. If you set a higher value than 1000, the Kaspersky Security Center Console will display only 1000 report entries.
When using a policy hierarchy, the settings of the Encryption of Removable Drives section in a child policy are accessible for editing if the parent policy prohibits modification of those settings.
If shared folder protection is enabled, Kaspersky Endpoint Security for Windows monitors attempts to encrypt shared folders for each remote access session that was started before the startup of Kaspersky Endpoint Security for Windows, including if the computer from which the remote access session was started has been added to exclusions. If you do not want Kaspersky Endpoint Security for Windows to monitor attempts to encrypt shared folders for remote access sessions that were started from a computer that was added to exclusions and that were started before the startup of Kaspersky Endpoint Security for Windows, terminate and re-establish the remote access session or restart the computer on which Kaspersky Endpoint Security for Windows is installed.
The application may fail to start due to insufficient system performance. To resolve this problem, use the Ready Boot option or increase the operating system timeout for starting services.
The application cannot work in Safe Mode.
To ensure that Kaspersky Endpoint Security for Windows versions 11.5.0 and 11.6.0 can work correctly with Cisco AnyConnect software, you must install Compliance Module version 4.3.183.2048 or later. Learn more about compatibility with Cisco Identity Services Engine in Cisco documentation.
We cannot guarantee that Audio Control will work until after the first restart after installing the application.
In the Administration Console (MMC), in the Intrusion Prevention settings in the window for configuring application permissions, the Remove button is unavailable. You can remove an application from a trust group via the context menu of the application.
In the local interface of the application, in the Intrusion Prevention settings, application permissions and protected resources are not available for viewing if the computer is managed by a policy. Scroll, search, filter and other window controls are unavailable. You can view application permissions in the policy properties in the Kaspersky Security Center Console.
When rotated trace files are enabled, no traces are created for the AMSI component and the Outlook plug-in.
Performance traces cannot be manually collected in Windows Server 2008.
Performance traces for the "Restart" trace type are not supported.
Dump logging is not supported for pico processes.
The KSN availability check task is no longer supported.
Turning off the "Disable external management of the system services" option will not allow you to stop the service of the application that was installed with the AMPPL=1 parameter (by default, the parameter value is set to 1 starting with the Windows 10RS2 operating system version). The AMPPL parameter with a value of 1 enables the use of Protection Processes technology for the product service.
To run a custom scan of a folder, the user that starts the custom scan must have the permissions to read the attributes of this folder. Otherwise the custom folder scan will be impossible and will end with an error.
When a scan rule defined in a policy includes a path without the \ character at the end, for example, С:\folder1\folder2, the scan will be run for the path С:\folder1\.
When upgrading the application from version 11.1.0 to 11.7.0, the AMSI Protection settings are reset to their default values.
If you are using software restriction policies (SRP), the computer may fail to load (black screen). You are advised to change the SRP settings as follows: set the All software files except libraries (such as DLL) value for the Apply software restriction policies to the following objects parameter, and add rules with the Unrestricted security level for paths to files of the application (C:\Program Files\Common Files\Kaspersky Lab and C:\Program Files\Kaspersky Lab). For details on using SRP, refer to the Microsoft documentation.
Management of Outlook plug-in settings via Rest API is not supported.
Task run settings for a specific user cannot be transferred between devices via a configuration file. After settings are applied from a configuration file, manually specify the user name and password.
After installing an update, the integrity check task does not work until the system is restarted to apply the update.
When the rotated tracing level is changed through the remote diagnostics utility, Kaspersky Endpoint Security for Windows incorrectly displays a blank value for the trace level. However, trace files are written according to the correct trace level. When the rotated tracing level is changed through the local interface of the application, the tracing level is correctly modified but the remote diagnostics utility incorrectly displays the trace level that was last defined by the utility. This may cause the administrator to not have up-to-date information about the current tracing level, and relevant information may be absent from traces if a user manually changes the tracing level in the local interface of the application.
In the local interface, Password protection settings don't allow changing the name of the administrator account (KLAdmin by default). To change the name of the administrator account, you need to disable Password protection, then enable Password protection and specify a new name of the administrator account.
Kaspersky Endpoint Security monitors HTTP traffic that complies with the RFC 2616, RFC 7540, RFC 7541, RFC 7301 standards. If Kaspersky Endpoint Security detects another data exchange format in HTTP traffic, the application blocks this connection to prevent downloading malicious files from the Internet.
When scanning an encrypted connection, Kaspersky Endpoint Security forces HTTP/1.
Kaspersky Endpoint Security does not run IOC Scan tasks on network drives if the folder path in the task properties begins with a drive letter. Kaspersky Endpoint Security supports only the UNC path format for IOC Scan tasks on network drives. For example, \\server\shared_folder.
An import of an application configuration file ends with an error if the integration with Kaspersky Sandbox setting is enabled in the configuration file. Prior to exporting application settings, disable Kaspersky Sandbox. Then perform the export/import procedure. After importing the configuration file, enable Kaspersky Sandbox.
When an indicator of compromise is detected while running the IOC Scan task, the application quarantines a file only for the FileItem term. Quarantining a file for other terms is not supported.
It is not possible to quarantine an Alternate Data Stream (ADS) that is larger than 4 MB. Kaspersky Endpoint Security skips such ADS without notifying the user.
To manage alert details, you will need the web plug-in for Kaspersky Endpoint Security for Windows 11.7.0 or later. Alert details are needed by Endpoint Detection and Response solution (EDR Optimum and EDR Expert). Alert details are available only in Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console.
The Kaspersky Endpoint Security application when installed on a Windows Server 2019 server is incompatible with Docker. Deploying Docker containers on a computer with Kaspersky Endpoint Security causes a crash (BSOD).