Kaspersky Security for Virtualization 6.1 Light Agent protects virtual machines running Linux guest operating systems against various types of threats, network attacks, and phishing attacks.
The main functions for protection and control of virtual machines are provided by the functional components and tasks of Light Agent for Linux:
File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when Light Agent is started and scans all files that are opened, saved, and started in real time.
You can also scan protected devices on demand using the following scan tasks:
Malware Scan. Light Agent performs a malware scan of system objects on the local drives of the device, as well as any mounted and shared resources accessible over SMB and NFS. You can use this task to run a full or custom scan of the device.
Critical Areas Scan. Light Agent scans boot sectors, startup objects, process memory, and kernel memory.
Removable Drives Scan. The Removable Drives Scan component allows you to monitor the connection of removable drives to the device in real time and scan the removable drive and its boot sectors for malware. Light Agent can scan the following removable drives: CD/DVD drives, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
Container Scan. The Container Monitoring component lets you scan namespaces and running containers for malware in real time. Integration with Docker container management system, CRI-O framework, and Podman and runc tools is supported. Using the Container Scan task, you can scan containers and images on demand.
Web Threat Protection. The Web Threat Protection component lets you scan inbound traffic, prevent malicious files from being downloaded from the internet, and block phishing, adware, and other dangerous websites. Light Agent can scan protected connections.
Network Threat Protection. The Network Threat Protection component lets you scan inbound network traffic for actions typical of network attacks.
Firewall Management. The Firewall Management component lets you monitor the operating system firewall settings and filter all network activity in accordance with the network packet rules that you configured.
Anti-Cryptor. The Anti-Cryptor component lets you check attempts of remote devices to gain access to files in local directories over the SMB/NFS protocols and protects files from malicious remote encryption.
Device Control. The Device Control component lets you manage user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. User access to devices is managed using access modes and access rules that you can configure.
Application Control. The Application Control component lets you manage the running of applications on user devices. This reduces the risk of device infection by restricting access to applications. Application launches are governed by the Application Control rules that you configured.
Inventory. The Inventory task provides information about all application executable files present on the client devices. This information can be useful, for example, for creating Application Control rules.
Behavior Detection. The Behavior Detection component allows you to monitor malicious activity of applications in the operating system. If malicious activity is detected, Light Agent can terminate the application process that performs the malicious activity.
System Integrity Monitoring tracks changes to files and directories of the operating system. The System Integrity Monitoring component monitors in real time the actions performed with objects in the monitoring scope specified in the component settings. Using the System Integrity Check task, you can perform an on-demand system integrity check. Scanning is performed by comparing the current state of objects included in the monitoring scope with the initial state of these objects, previously recorded as a system state snapshot.
Web Control. The Web Control component manages user access to web resources. This lets you economize traffic and reduce the waste of working time. When the user attempts to open a website, and access to that website is restricted by Web Control, Light Agent blocks access or displays a warning.
Before performing disinfection or deletion, Light Agent can save backup copies of files in storage on the protected virtual machine. You can restore files from backup copies, if necessary.
Light Agent for Linux supports integration with other Kaspersky solutions:
Integration with Kaspersky Managed Detection and Response lets you continuously search for, detect, and eliminate threats aimed at your organization. For more details, see the Kaspersky Endpoint Security for Linux Help.
Integration with Kaspersky Endpoint Detection and Response (KATA) facilitates protection of the IT infrastructure of organizations and prompt detection of threats, such as zero-day attacks, targeted attacks, and advanced persistent threats. For more details, see the Kaspersky Endpoint Security for Linux Help.
Integration with Kaspersky Endpoint Detection and Response Optimum protects the corporate IT infrastructure against threats such as exploits, ransomware, fileless attacks, and hackers using legitimate system tools to compromise devices or data. For more details, see the Kaspersky Endpoint Security for Linux Help.
The Kaspersky Security solution uses Kaspersky Endpoint Security for Linux as the Light Agent for Linux. For more information about the features of Light Agent for Linux, see the Kaspersky Endpoint Security for Linux Help.
Additional functions of the Kaspersky Security solution are provided to keep the solution components up to date and extend the solution's capabilities.
Activation. Using the solution under a commercial license ensures the full functionality of solution components and access to updates of the solution's databases and application modules.
Updating databases and application modules. Updating the solution's databases and application modules ensures up-to-date protection of virtual machines against viruses and other applications that pose a threat.
Using Kaspersky Security Network in the operation of solution components. Using Kaspersky's cloud knowledge base about the reputation of files, Internet resources, and software makes it possible to improve protection of virtual machines and user data, ensure faster response times to various threats, and reduce the number of false positives.
Reports and notifications. Various types of events occur during the operation of solution components. You can receive notifications about events and generate reports based on events.
The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality may not be available in the solution in the territory of the USA.