System changes after Kaspersky Industrial CyberSecurity for Nodes installation
When Kaspersky Industrial CyberSecurity for Nodes and the set of "Administration Tools" (including the Application Console) are installed together, the Windows Installer service will make the following modifications on the protected device:
Kaspersky Industrial CyberSecurity for Nodes folders are created on the protected device and on the protected device where the Application Console is installed.
Kaspersky Industrial CyberSecurity for Nodes services are registered.
Kaspersky Industrial CyberSecurity for Nodes user group is created.
Kaspersky Industrial CyberSecurity for Nodes keys are registered in the system registry.
These changes are described below.
Kaspersky Industrial CyberSecurity for Nodes folders on a protected device
When Kaspersky Industrial CyberSecurity for Nodes is installed, the following folders are created on a protected device:
Kaspersky Industrial CyberSecurity for Nodes default installation folder containing the Kaspersky Industrial CyberSecurity for Nodes executable files depend on the operating system bit set. Therefore, the default installation folders are as follows:
On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes
On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes
Management Information Base (MIB) files containing a description of the counters and hooks published by Kaspersky Industrial CyberSecurity for Nodes via the SNMP protocol:
%Kaspersky Industrial CyberSecurity for Nodes%\mibs
64-bit versions of Kaspersky Industrial CyberSecurity for Nodes executable files (this folder will be created only during installation of Kaspersky Industrial CyberSecurity for Nodes on the 64-bit version of Microsoft Windows):
%Kaspersky Industrial CyberSecurity for Nodes%\x64
Kaspersky Industrial CyberSecurity for Nodes service files:
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Data
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Settings
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Dskm
For Windows XP the path to the Kaspersky Lab folder is %ALLUSERSPROFILE%\Application Data
Files with settings for update sources:
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Update
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Update
Updates of databases and software modules downloaded using the Copying Updates task (the folder will be created the first time updates are downloaded using the Copying Updates task).
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Update\Distribution
Task logs and system audit log.
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Reports
Set of databases currently in use.
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Bases\Current
Backup copies of databases; they are overwritten each time the databases are updated.
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Bases\Backup
Temporary files created during execution of update tasks.
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Bases\Temp
Quarantined objects (default folder).
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Quarantine
Objects in backup (default folder).
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Backup
Objects restored from backup and quarantine (default folder for restored objects).
%ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Restored
Folder created during installation of Application Console
The Application Console default installation folders containing the "Administration Tools" files depend on the operating system bit set. Therefore, the default installation folders are as follows:
On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools
On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools
Kaspersky Industrial CyberSecurity for Nodes services
The following Kaspersky Industrial CyberSecurity for Nodes services start using the local system (SYSTEM) account:
Kaspersky Security Service (KAVFS) – essential Kaspersky Industrial CyberSecurity for Nodes service that manages Kaspersky Industrial CyberSecurity for Nodes tasks and workflows.
Kaspersky Security Management Service (KAVFSGT) – this service is intended for Kaspersky Industrial CyberSecurity for Nodes application management through the Application Console.
Kaspersky Security Exploit Prevention Service (KAVFSSLP)– a service that acts as an intermediary to communicate security settings to external security agents, and to receive data about security events.
Kaspersky Industrial CyberSecurity for Nodes group
KICS Administrators is a group on the protected device, which users have full access to the Kaspersky Security Management Service and to all Kaspersky Industrial CyberSecurity for Nodes functions.
System registry keys
When Kaspersky Industrial CyberSecurity for Nodes is installed, the following system registry keys are created:
Properties of the Kaspersky Industrial CyberSecurity for Nodes: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS]