The new version of Kaspersky Industrial CyberSecurity for Nodes introduces the following new features and improvements:
Changes to the list of supported operating systems:
The following operating systems are supported:
Microsoft Windows 10 20H1
Microsoft Windows 10 21H1
Microsoft Windows Server 2008 R2 Standard SP1
Microsoft Windows Server 2008 R2 Enterprise SP1
Support for the following operating systems is terminated:
Microsoft Windows Server 2008 R2 Standard
Microsoft Windows Server 2008 R2 Enterprise
Kaspersky Industrial CyberSecurity for Nodes can now connect to Kaspersky Industrial CyberSecurity for Networks. When active connection is used, Kaspersky Industrial CyberSecurity for Nodes sends the following data to Kaspersky Industrial CyberSecurity for Networks: device data, information about triggering of the protection components, and information about network communications. When these solutions are used together, they provide comprehensive protection for the industrial network. Kaspersky Endpoint Agent is used for connection.
Self-defense settings: in the application settings, you can now enable or disable protection of application processes from external threats (the option is enabled by default). When the option is enabled, the application protects its own processes, as well as the processes of Kaspersky Security Center Network Agent, against interference from third-party processes. Protection of application processes can be configured via Application console, via Administration plug-in, and via Web plug-in.
Troubleshooting settings: in the application settings you can now enable or disable Write debug information to the trace file in this folder option (by default, this option is disabled).
Improvements to the Kaspersky Security Center:
Trusted Zone policy profiles are added.
The capability is added to configure the triggering criteria for the applications launch control rule when creating rules based on events of blocked launches.
Improvements to the Event registration: the formatting for Baseline File Integrity Monitor, Applications Launch Control, and Log Inspector events is added for correct event transmission to SIEM.
Improvements to the Trusted Zone rules: now you can add exclusions for the Network Threat Protection task. Exclusions are set in the form of Trusted Zone rules with the Network Threat Protection option selected. Application decisions that fall under the exclusions do not lead to blocking of hosts. Trusted Zone rules can be created via Application console, via Administration plug-in, and via Web plug-in.
Improvements to the Real-Time Protection settings: now you can enable the launch of the Critical Areas Scan task if signs of active infection are detected. If this option is enabled, the application automatically creates and starts a temporary Critical Areas Scan task on the computer where an active infection was detected.
Improvements to the Log Analysis task's components: now you can set the rules for the value of the "Source" parameter in the Windows Event Log in Triggering criteria for custom rules.
Improvements to the On-Demand Scan task's components: anti-virus scan of the tasks created in the System Planner is implemented. Monitoring of tasks created by the System Planner is performed with the "Startup Objects" scan area enabled.
Changes to the Device Control task: now it supports blocking of devices connected via USB that support UAS technology. The task's component can now work in the 'Statistics only' mode.
Optimization of the Compact Diagnostic Interface: with password protection enabled, access to the Troubleshooting tab now requires a password. The rest of the tabs can still be accessed without entering a password.
Optimization of the Methods of protection against active threats: now the application notifies you if the signs of active infection are detected during the Real-Time Protection tasks execution. The application marks the detected objects for deletion and deletes such objects from the computer after restart.
Optimization of the On-Demand Scan task settings: now the application detects suspicious WMI subscriptions in the WMI namespace on the computer with Kaspersky Industrial CyberSecurity for Nodes installed and deletes them. Monitoring of persistent WMI subscriptions is performed with the Startup Objects scan area enabled.
Interface optimization: a new link was added to the main screen of the local Console to open the Trusted Zone settings window. There is also a separate node for the Exploit Prevention component in the Real-Time Server Protection section.
The capability to import templates of trusted zones and processes for industrial software during the application installation is implemented.