Kaspersky Endpoint Security for Windows

Kaspersky Endpoint Security for Windows (hereinafter also referred to as “the application” or as “Kaspersky Endpoint Security”) gives corporate users all-in-one protection against known digital threats.

WHAT'S NEW IN KASPERSKY ENDPOINT SECURITY

Kaspersky Endpoint Security for Windows 11.7.0 offers the following new features and improvements:

1. The interface of Kaspersky Endpoint Security for Windows is updated.
2. Support of Windows 11, Windows 10 21H2 and Windows Server 2022.
3. Added new components:
   • Added a built-in agent for integration with the Kaspersky Sandbox solution. The Kaspersky Sandbox solution detects and automatically blocks advanced threats on computers. Kaspersky Sandbox analyzes object behavior to detect malicious activity and activity characteristic of targeted attacks on the IT infrastructure of the organization. Kaspersky Sandbox analyzes and scans objects on special servers with deployed virtual images of Microsoft Windows operating systems (Kaspersky Sandbox servers). For details about the solution, refer to the Kaspersky Sandbox Help.

     You no longer need Kaspersky Endpoint Agent in order to use Kaspersky Sandbox. Kaspersky Endpoint Security can perform all Kaspersky Endpoint Agent functions. Use the Migration Wizard to transfer Kaspersky Endpoint Agent policies. You need Kaspersky Security Center 13.2 for all of the functions of Kaspersky Sandbox to work. For details about the migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, please refer to the application help.

   • Added the built-in agent to support the operation of the Kaspersky Endpoint Detection and Response Optimum solution. Kaspersky Endpoint Detection and Response Optimum is a solution for protecting the organization's IT infrastructure from advanced cyber threats. The functionality of the solution combines automatic detection of threats with the ability to react to these threats to counteract advanced attacks including new exploits, ransomware, fileless attacks, as well as methods using legitimate system tools. For more information about the solution, refer to the Kaspersky Endpoint Detection and Response Optimum Help.

     You no longer need Kaspersky Endpoint Agent in order to use Kaspersky Endpoint Detection and Response. Kaspersky Endpoint Security can perform all Kaspersky Endpoint Agent functions. Use the Migration Wizard to transfer Kaspersky Endpoint Agent policies and tasks. To use all the functions, Kaspersky Endpoint Detection and Response Optimum require Kaspersky Security Center 13.2. For details about the migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, please refer to the application help.

4. A Policy and Task Migration Wizard for Kaspersky Endpoint Agent was added. The Migration Wizard creates new merged policies and tasks for Kaspersky Endpoint Security for Windows. The wizard allows switching Detection and Response solutions from Kaspersky Endpoint Agent to Kaspersky Endpoint Security. Detection and Response solutions include Kaspersky Sandbox, Kaspersky Endpoint Detection and Response Optimum (EDR Optimum), and Kaspersky Managed Detection and Response (MDR).
5. Kaspersky Endpoint Agent, which is included in the distribution kit, has been updated to version 3.11.

   When updating Kaspersky Endpoint Security, the application will identify the version and purpose of Kaspersky Endpoint Agent. If you intend to use the Kaspersky Endpoint Agent application to operate Kaspersky Sandbox, Kaspersky Managed Detection and Response (MDR), and Kaspersky Endpoint Detection and Response Optimum (EDR Optimum) solutions, Kaspersky Endpoint Security will switch the operation of these solutions to the agent built into the application. For Kaspersky Sandbox and EDR Optimum, the application will automatically delete Kaspersky Endpoint Agent. For MDR, you can manually delete Kaspersky Endpoint Agent. If the application is intended to be used for the operation of Kaspersky Endpoint Detection and Response Expert (EDR Expert), Kaspersky Endpoint Security will update the version of Kaspersky Endpoint Agent. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.

6. BitLocker encryption functionality improved:
   • Enhanced PIN can now be used with BitLocker Drive Encryption. Enhanced PIN allows using other characters in addition to numerical characters: uppercase and lowercase Latin letters, special characters, and spaces.
   • Now you can disable BitLocker authentication to update the operating system or install update packages. Installing updates may require restarting the computer multiple times. To install updates correctly, you can temporarily turn off BitLocker authentication and re-enable the authentication after installing updates.
   • Now you can set an expiration time for BitLocker encryption password or PIN. When the password or PIN expires, Kaspersky Endpoint Security prompts the user for a new password.
7. Now you can configure the maximum number of keyboard authorization attempts for BadUSB Attack Prevention. When the configured number of failed attempts to enter the authorization code is reached, the USB device is temporarily locked.
8. Firewall functionality is improved:
   • Now you can configure a range of IP addresses for Firewall packet rules. You can enter a range of addresses in IPv4 or IPv6 format. For example, 192.168.1.1-192.168.1.100 or 12:34::2-12:34::99.
   • Now you can enter DNS names for Firewall packet rules instead of IP addresses. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component.
9. Web Control rule search improved. To search a web resource access rule, in addition to the name of the rule, you can use the URL of the website, a username, a content category, or a data type.
10. The Virus Scan task was improved:
    • Virus Scan when computer is idle task was improved. If you have rebooted the computer during the scan, Kaspersky Endpoint Security automatically runs the task, continuing from the point where the scan was interrupted.
    • The Virus Scan task was optimized. By default, Kaspersky Endpoint Security runs the scan only when the computer is idle. You can configure when the computer scan is run in task properties.
11. Now you can restrict user access to data provided by the Application Activity Monitor. Application Activity Monitor is a tool designed for viewing information about the activity of applications on a user's computer in real time. The administrator can hide the Application Activity Monitor from the user in application policy properties.
12. Improved the security of managing the application through the REST API. Now Kaspersky Endpoint Security checks the signature of requests sent via the REST API. To manage the application, you need to install a certificate to identify requests.
13. An issue in the operation of the Kaspersky Disk Encryption (FDE) technology has been fixed. For details about an issue, please refer to the Technical Support Knowledge Base.

MINIMUM HARDWARE AND SOFTWARE REQUIREMENTS

To ensure proper operation of Kaspersky Endpoint Security, your computer must meet the following requirements:

Minimum general requirements:

• 2 GB of free disk space on the hard drive;
• CPU:
  • Workstation: 1 GHz;
  • Server: 1.4 GHz;
  • Support for the SSE2 instruction set.
• RAM:
  • Workstation (x86): 1 GB;
  • Workstation (x64): 2 GB;
  • Server: 2 GB.
• Microsoft .NET Framework 4.0 or later.

Supported operating systems for workstations:

• Windows 7 Home / Professional / Ultimate / Enterprise Service Pack 1 or later;
• Windows 8 Professional / Enterprise;
• Windows 8.1 Professional / Enterprise;
• Windows 10 Home / Pro / Pro for Workstations / Education / Enterprise;
• Windows 11.

The SHA-1 module signature algorithm is deprecated by Microsoft. Update KB4474419 is required for successful installation of Kaspersky Endpoint Security on a computer running the Microsoft Windows 7 operating system. For more details about this update, visit the Microsoft technical support website.

For details about support for the Microsoft Windows 10 operating system, please refer to the Technical Support Knowledge Base.

For details about support for the Microsoft Windows 11 operating system, please refer to the Technical Support Knowledge Base.

Supported operating systems for servers:

• Windows Small Business Server 2011 Essentials / Standard (64-bit);

  Microsoft Small Business Server 2011 Standard (64-bit) is supported only if Service Pack 1 for Microsoft Windows Server 2008 R2 is installed.

• Windows MultiPoint Server 2011 (64-bit);
• Windows Server 2008 R2 Foundation / Standard / Enterprise / Datacenter Service Pack 1 or later;
• Windows Server 2012 Foundation / Essentials / Standard / Datacenter;
• Windows Server 2012 R2 Foundation / Essentials / Standard / Datacenter;
• Windows Server 2016 Essentials / Standard / Datacenter;
• Windows Server 2019 Essentials / Standard / Datacenter;
• Windows Server 2022.

The SHA-1 module signature algorithm is deprecated by Microsoft. Update KB4474419 is required for successful installation of Kaspersky Endpoint Security on a computer running the Microsoft Windows Server 2008 R2 operating system. For more details about this update, visit the Microsoft technical support website.

For details about support for the Microsoft Windows Server 2016 and Microsoft Windows Server 2019 operating systems, please refer to the Technical Support Knowledge Base.

For details about support for the Microsoft Windows Server 2022 operating system, please refer to the Technical Support Knowledge Base.

Supported terminal server types:

• Microsoft Remote Desktop Services based on Windows Server 2008 R2 SP1;
• Microsoft Remote Desktop Services based on Windows Server 2012;
• Microsoft Remote Desktop Services based on Windows Server 2012 R2;
• Microsoft Remote Desktop Services based on Windows Server 2016;
• Microsoft Remote Desktop Services based on Windows Server 2019.

Supported virtual platforms:

• VMware Workstation 16.1.1 Pro;
• VMware ESXi 7.0 Update 2a;
• Microsoft Hyper-V Server 2019;
• Citrix Virtual Apps and Desktops 7 2103;
• Citrix Provisioning 2012;
• Citrix Hypervisor 8.2 LTSR.

The limitations on support for server and virtual platforms are presented in the user documentation.

APPLICATION COMPATIBILITY WITH THE KASPERSKY SECURITY CENTER REMOTE ADMINISTRATION SYSTEM

Kaspersky Endpoint Security supports operation with the following versions of Kaspersky Security Center:

• Kaspersky Security Center 11;
• Kaspersky Security Center 12;
• Kaspersky Security Center 12 Patch A;
• Kaspersky Security Center 12 Patch B;
• Kaspersky Security Center 13;
• Kaspersky Security Center 13.1;
• Kaspersky Security Center 13.2.

The administration web plug-in for Kaspersky Endpoint Security for Windows version 11.7.0 is compatible with Kaspersky Security Center Web Console version 13.

To manage the application remotely via Kaspersky Security Center:

1. Install Network Agent on the computer.

   For more details about installing the Network Agent, please refer to the Kaspersky Security Center Help.

2. Install the Management Plug-in for Kaspersky Endpoint Security for Windows in the Kaspersky Security Center Administration Console.

   The installation package for the Kaspersky Endpoint Security Management Plug-in is included in the distribution package.

   The web plug-in installation package is available for download on the website and in the plug-in management window of Kaspersky Security Center Web Console. To install the web plug-in version 11.7.0, you should first remove the previous version of the web plug-in.

The Kaspersky Endpoint Security for Windows Management Plug-in for version 11.7.0 is installed over the Kaspersky Endpoint Security for Windows Management Plug-in for versions 11.X.X. To continue using the previous version of Management Plug-in, you should first remove the Management Plug-in version 11.7.0.

Limitations on compatibility with Kaspersky Security Center:

• You can manage the Adaptive Anomaly Control component only in Kaspersky Security Center version 11 or later.
• The Kaspersky Security Center 11 threat report might not display information about the action taken on threats that were detected by the AMSI Protection.
• The operating status of the AMSI Protection and Adaptive Anomaly Control components is available only in Kaspersky Security Center version 11 or later. You can view the operating status in the Kaspersky Security Center Console within the computer properties in the Tasks section. Reports for these components are also available only in Kaspersky Security Center version 11 or later.

INSTALLATION

To install the application locally, run the setup_kes.exe file from the full distribution package and follow the Setup Wizard instructions. You can read more about how to install the application in the user documentation.

During installation, Kaspersky Endpoint Security for Windows detects applications on the computer that, when used together, could potentially reduce computer performance or lead to other compatibility problems (even resulting in complete inoperability). The full list of incompatible software is available in the user documentation.

You can upgrade the following applications to Kaspersky Endpoint Security for Windows version 11.7.0 when installing from the full distribution package:

• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 3 for Windows (build 10.3.3.275).
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 4 for Windows (build 10.3.3.304).
• Kaspersky Endpoint Security 11.0.0 for Windows (build 11.0.0.6499).
• Kaspersky Endpoint Security 11.0.1 for Windows (build 11.0.1.90).
• Kaspersky Endpoint Security 11.0.1 for Windows SF1 (build 11.0.1.90).
• Kaspersky Endpoint Security 11.1.0 for Windows (build 11.1.0.15919).
• Kaspersky Endpoint Security 11.1.1 for Windows (build 11.1.1.126).
• Kaspersky Endpoint Security 11.2.0 for Windows (build 11.2.0.2254).
• Kaspersky Endpoint Security 11.2.0 for Windows CF1 (build 11.2.0.2254).
• Kaspersky Endpoint Security 11.3.0 for Windows (build 11.3.0.773).
• Kaspersky Endpoint Security 11.4.0 for Windows (build 11.4.0.233).
• Kaspersky Endpoint Security 11.5.0 for Windows (build 11.5.0.590).
• Kaspersky Endpoint Security 11.6.0 for Windows (build 11.6.0.394).

The following considerations should be taken into account when upgrading Kaspersky Endpoint Security for Windows version 10 Service Pack 2 or later:

• If the Full Disk Encryption (FDE) or File Level Encryption (FLE) components are installed on the computer, you must use the distribution package with the same key length to upgrade the application to version 11.7.0:
  • keswin_11.7.0.<XXXX>_<localization>_aes256 if you are upgrading an application that was installed from the AES256 distribution package;
  • keswin_11.7.0.<XXXX>_<localization>_aes56 if you are upgrading an application that was installed from the AES56 distribution package.

  Upgrading the application using a distribution package with a different key length is not supported.

• If data encryption components (FDE or FLE) are not installed on the computer, you can use a distribution package with any key length to upgrade the application to version 11.7.0.
• Upgrading Kaspersky Endpoint Security for Windows from beta versions to version 11.7.0 is not supported.

UPDATING VIA THE KASPERSKY UPDATE SERVICE

Kaspersky Endpoint Security 11.7.0 for Windows can be installed via the Kaspersky update service.

Through the Kaspersky update service, you can update the following applications:

• Kaspersky Endpoint Security 11.2.0 for Windows (build 11.2.0.2254).
• Kaspersky Endpoint Security 11.2.0 for Windows CF1 (build 11.2.0.2254).
• Kaspersky Endpoint Security 11.3.0 for Windows (build 11.3.0.773).
• Kaspersky Endpoint Security 11.4.0 for Windows (build 11.4.0.233).
• Kaspersky Endpoint Security 11.5.0 for Windows (build 11.5.0.590).
• Kaspersky Endpoint Security 11.6.0 for Windows (build 11.6.0.394).

If Kaspersky Endpoint Security version 11.3.0 or later is deployed in the infrastructure along with older versions of the application, Kaspersky Security Center will be able to install two updates of Kaspersky Endpoint Security to version 11.7.0: one for updating Kaspersky Endpoint Security versions 11.0.1–11.2.0 CF1, and the second for updating version 11.3.0 or later.

Upgrading Kaspersky Endpoint Security for Windows from beta versions to version 11.7.0 is not supported.

The following special considerations should be taken into account when updating through the Kaspersky update service:

• After installing the update, you cannot roll back to the previous version of the program.
• This update is available only for applications with valid license.
• Management of Kaspersky Disk Encryption technology (FDE) is unavailable until installation of the application update is complete.
• To complete the update installation, you must restart your computer.
• To complete the update on a computer with hard drives that were encrypted using Kaspersky Disk Encryption (FDE), you will need to restart the computer twice.
• During installation, Kaspersky Endpoint Security for Windows detects applications on the computer that, when used together, could potentially reduce computer performance or lead to other compatibility problems (even resulting in complete inoperability). There is no option to skip scan for incompatible software. If you wish to disable scan for incompatible software, you need to use another application installation method, such as Install application remotely task. The full list of incompatible software is available in the user documentation.
• Installing and updating Kaspersky Endpoint Agent (also Endpoint Agent) through the Kaspersky update service is not supported.
• If you are using Kaspersky Update Utility to update application modules and databases, enable support for Kaspersky Endpoint Security 11.7.0 in the utility settings.

APPLICATION COMPATIBILITY WITH AES ENCRYPTION MODULES AND DETAILS ON UPDATING DATA ENCRYPTION COMPONENTS

Starting with Kaspersky Endpoint Security 10 Service Pack 2, the AES Encryption Module is included in the application distribution package. Therefore, installation of a separate encryption module is not required.

All libraries required for data encryption will be automatically installed in the following cases:

1. During installation of the application, provided that the Full Disk Encryption (FDE) or File Level Encryption (FLE) components are selected.
2. When upgrading Kaspersky Endpoint Security for Windows version 10 Service Pack 2 or later, provided that the upgrade is performed using an application distribution package with the appropriate key length and that the Full Disk Encryption (FDE) or File Level Encryption (FLE) components are selected.
3. When upgrading Kaspersky Endpoint Security for Windows version 10 Service Pack 1 Maintenance Release 3 with AES Encryption Module version 1.1.0.73 installed, provided that the upgrade is performed using the application distribution package with the appropriate key length.
4. When upgrading Kaspersky Endpoint Security for Windows version 10 Service Pack 1 Maintenance Release 4 with AES Encryption Module version 1.1.0.73 installed, provided that the upgrade is performed using the application distribution package with the appropriate key length.

Other configurations of Kaspersky Endpoint Security and AES encryption modules are not supported.

Before updating Kaspersky Endpoint Security, you must remove the AES Encryption Module or update the module to version 1.1.0.73. Before removing or updating the AES Encryption Module, you must decrypt all hard drives that have been encrypted using Kaspersky Disk Encryption technology. After removing the AES Encryption Module, access to encrypted files will be blocked.

If you want to switch from your encryption method to encryption with a different key length, prior to updating the application to version 11.7.0 you must decrypt all encrypted objects and remove the AES Encryption Module that was used. After switching to encryption with a different key length, access to encrypted files will be blocked.

COMPATIBILITY WITH KASPERSKY ENDPOINT AGENT

Kaspersky Endpoint Security is compatible with Kaspersky Endpoint Agent 3.7 or higher.

The Kaspersky Endpoint Agent 3.11 distribution package is included in the Kaspersky Endpoint Security for Windows version 11.7.0 distribution kit. Kaspersky Endpoint Agent will be automatically installed if the Endpoint Agent component is selected during Kaspersky Endpoint Security installation.

Kaspersky Endpoint Agent enables interoperability with other Kaspersky solutions. Kaspersky Endpoint Security 11.7.0 now has a built-in agent for the Kaspersky Sandbox, Kaspersky Managed Detection and Response (MDR), and Kaspersky Endpoint Detection and Response Optimum (EDR Optimum). If you have Kaspersky Endpoint Security 11.7.0 installed, you do not need Kaspersky Endpoint Agent for these solutions to work. Kaspersky Endpoint Agent is required only for the operation of the Kaspersky Endpoint Detection and Response Expert (EDR Expert) solution.

If you selected the Endpoint Agent component when installing Kaspersky Endpoint Security, and Kaspersky Endpoint Agent 3.7–3.10 is already installed on the computer, the following actions will be performed:

• If Kaspersky Endpoint Agent is intended to be used to operate the Kaspersky Sandbox, MDR, and EDR Optimum solutions, the application will offer to remove Kaspersky Endpoint Agent.
• If Kaspersky Endpoint Agent is intended to be used to operate EDR Expert solution, the application will be automatically updated to version 3.11.

LIST OF BUGS FIXED AND PRIVATE PATCHES INCLUDED IN THE RELEASE

The list of fixed issues and private patches included in the release is available on the Technical Support website.

MAIN KNOWN ISSUES

The list of limitations and known issues is available in the user documentation.

© 2021 AO Kaspersky Lab

Page top