System changes after Kaspersky Industrial CyberSecurity for Nodes installation

When Kaspersky Industrial CyberSecurity for Nodes and the set of "Administration Tools" (including the Application Console) are installed together, the Windows Installer service will make the following modifications on the protected device:

• Kaspersky Industrial CyberSecurity for Nodes folders are created on the protected device and on the device where the Application Console is installed.
• Kaspersky Industrial CyberSecurity for Nodes services are registered.
• Kaspersky Industrial CyberSecurity for Nodes user group is created.
• Kaspersky Industrial CyberSecurity for Nodes keys are registered in the system registry.
• Kaspersky Industrial CyberSecurity for Nodes OS Upgrade Detect system task that is displayed in the Windows Task Scheduler is created.

These changes are described below.

Kaspersky Industrial CyberSecurity for Nodes folders on a protected device

When Kaspersky Industrial CyberSecurity for Nodes is installed, the following folders are created on a protected device:

• Kaspersky Industrial CyberSecurity for Nodes default installation folder containing the Kaspersky Industrial CyberSecurity for Nodes executable files depend on the operating system bit set. Therefore, the default installation folders are as follows:
  • For the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes
  • For the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes
• Management Information Base (MIB) files containing a description of the counters and hooks published by Kaspersky Industrial CyberSecurity for Nodes via the SNMP protocol:
  • %Kaspersky Industrial CyberSecurity for Nodes%\mibs
• 64-bit versions of Kaspersky Industrial CyberSecurity for Nodes executable files (this folder will be created only during installation of Kaspersky Industrial CyberSecurity for Nodes on the 64-bit version of Microsoft Windows):
  • %Kaspersky Industrial CyberSecurity for Nodes%\x64
• Kaspersky Industrial CyberSecurity for Nodes service files:
  • %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Data
  • %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Settings
  • %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Dskm

  For Windows XP the path to the Kaspersky Lab folder is %ALLUSERSPROFILE%\Application Data

• Files with settings for update sources:

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Update

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Update

• Updates of databases and software modules downloaded using the Copying Updates task (the folder will be created the first time updates are downloaded using the Copying Updates task).

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Update\Distribution

• Task logs and system audit log.

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Reports

• Set of databases currently in use.

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Bases\Current

• Backup copies of databases; they are overwritten each time the databases are updated.

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Bases\Backup

• Temporary files created during execution of update tasks.

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Bases\Temp

• Quarantined objects (default folder).

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Quarantine

• Objects in backup (default folder).

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Backup

• Objects restored from backup and quarantine (default folder for restored objects).

  %ProgramData%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.2\Restored

Folder created during installation of Application Console

The Application Console default installation folders containing the "Administration Tools" files depend on the operating system bit set. Therefore, the default installation folders are as follows:

• For the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools
• For the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools

Kaspersky Industrial CyberSecurity for Nodes services

The following Kaspersky Industrial CyberSecurity for Nodes services start using the local system (SYSTEM) account:

• Kaspersky Security Service (KAVFS) – essential Kaspersky Industrial CyberSecurity for Nodes service that manages Kaspersky Industrial CyberSecurity for Nodes tasks and workflows.
• Kaspersky Security Management Service (KAVFSGT) – this service is intended for Kaspersky Industrial CyberSecurity for Nodes application management through the Application Console.
• Kaspersky Security Exploit Prevention Service (KAVFSSLP) – this service acts as an intermediary to communicate security settings to external security agents, and to receive data about security events.

Kaspersky Industrial CyberSecurity for Nodes group

KICS Administrators is a group on the protected device, which users have full access to the Kaspersky Security Management Service and to all Kaspersky Industrial CyberSecurity for Nodes functions.

System registry keys

When Kaspersky Industrial CyberSecurity for Nodes is installed, the following system registry keys are created:

• Properties of the Kaspersky Industrial CyberSecurity for Nodes: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS]
• Kaspersky Industrial CyberSecurity for Nodes event log settings (Kaspersky Event Log): [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Security]
• Properties of the Kaspersky Industrial CyberSecurity for Nodes management service: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFSGT]
• Performance counter settings:
  • For the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security\Performance]
  • For the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security x64\Performance]
• SNMP Protocol Support component settings:
  • For the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\KICS\3.2\SnmpAgent]
  • For the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\KICS\3.2\SnmpAgent]
• Dump file settings:
  • For the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\KICS\3.2\CrashDump]
  • For the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\KICS\3.2\CrashDump]
• Trace file settings:
  • For the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\KICS\3.2\Trace]
  • For the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\KICS\3.2\Trace]
• Settings for application tasks and functions: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\KICS\3.2\Environment]

Kaspersky Industrial CyberSecurity for Nodes OS Upgrade Detect system task

The Windows Installer service creates a Kaspersky Industrial CyberSecurity for Nodes OS Upgrade Detect task during application installation. The task is started immediately after it is created and later at every OS startup. The task checks the version of the drivers used by the application: if an operating system version is updated, the application updates the drivers for the corresponding version of the operating system.

The task does not affect the application and can be deleted. We recommend to keep operating system upgrade scenario in mind.

Page top