Restrictions

Restrictions that apply when deploying the Central Node component as a cluster:

  1. A Central Node cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can scale the cluster to increase the amount of traffic handled or the number of connected hosts in accordance with the Sizing Guide.
  2. It is recommended to add servers with the same hardware configuration to the cluster. Otherwise, a proportional increase in performance is not guaranteed.
  3. Adding an extra server to the cluster does not speed up the processing of objects that are already in the scan queue.
  4. The web interface of the application can be temporarily unavailable if the server on which it is hosted fails.
  5. If the processing server fails, you may lose ICAP, POP3, and SMTP traffic data as well as the copies of emails that are waiting to be processed and the detections associated with them.
  6. If the processing server is configured to receive mirrored traffic from SPAN ports, then SPAN traffic is not processed if this server fails.
  7. If one of the cluster servers fails or the connection between the server and the Endpoint Agent component is temporarily lost, data in the event database can temporarily become desynchronized.
  8. If the configuration of the cluster servers is changed, processing of traffic and events from computers with the Endpoint Agent component may be temporarily slowed down.

Restrictions that apply to the Sandbox component:

  1. The following versions of operating systems are supported for custom images:
    • Windows XP SP3 or later
    • Windows 7
    • Windows 8.1 64-bit
    • Windows 10 64-bit (up to version 1909)
  2. Only English and Russian localizations are fully supported for custom operating system images.
  3. License keys for activating the operating systems and software in custom images are not provided.
  4. If the set of operating systems installed on the Sandbox server does not match the set selected on the Central Node server, Kaspersky Anti Targeted Attack Platform does not send objects to be scanned by the Sandbox server. If multiple Sandbox servers are connected to the Central Node server, the application sends objects to those Sandbox servers whose installed operating systems match the set selected on Central Node.

Limitations that apply when integrating with Kaspersky Endpoint Agent for Windows and Kaspersky Endpoint Security 12.1 for Windows:

  1. Tasks for getting RAM dumps and disk images can only be assigned to computers with Kaspersky Endpoint Agent 3.14 for Windows and Kaspersky Endpoint Security 12.1 for Windows.
  2. Tasks for getting process memory dumps, NTFS metafiles, and registry keys can only be assigned to computers with Kaspersky Endpoint Agent 3.13 or later for Windows or Kaspersky Endpoint Security 12.1 for Windows.
  3. The task of scanning hosts using YARA rules can only be assigned to computers with Kaspersky Endpoint Agent 3.12 or later for Windows and Kaspersky Endpoint Security 12.1 for Windows. If you simultaneously assign a task to computers with Kaspersky Endpoint Agent version 3.12 or later, and to computers with earlier versions of that application, the task runs only on computers with Kaspersky Endpoint Agent 3.12 or later.
  4. If autorun points are selected as the scan scope, the task runs only on computers with Kaspersky Endpoint Agent 3.13 or later and Kaspersky Endpoint Security 12.1 for Windows.

Limitations that apply when integrating with Kaspersky Endpoint Agent 3.12 for Linux and Kaspersky Endpoint Security 11.4 for Linux:

  1. Computers with Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux, the following functionality is not available:
    • Network isolation of a host.
    • Creating a prevention rule.

      The application does not create notifications about failing to apply a prevention rule on computers with Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux.

    • Finding indicators of compromise on hosts using IOC files.

      The application does not create notifications about failing find indicators of compromise on computers with Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux.

  2. The OS name field in event information is only filled in for events that are logged in the events database by Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux. Event information for events logged in the event database by Kaspersky Endpoint Agent for Windows and Kaspersky Endpoint Security 12.1 for Windows does not have this field filled in.
  3. The list of events that Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux log in the event database is limited to the following types:
    • File modified
    • Process started
    • System event log
    • Scan: detect
    • Scan: detect processing result
  4. The tasks that you can create on computers with Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security for Linux version 11.4 are limited to the following types:
    • Get file.
    • Run application

      When you create the task, the application does not attempt to verify the path to the executable file or the file that you want to retrieve.

  5. In information about events registered in the events database by Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security 11.4 for Linux, the Time created field displays file modification time.

Limitations of Kaspersky Endpoint Agent 3.14 for Windows:

You can view the list of limitations of Kaspersky Endpoint Agent 3.14 for Windows in the Kaspersky Endpoint Agent for Windows Online Help.

Limitations of Kaspersky Endpoint Agent 3.12 for Linux:

  1. Kaspersky Endpoint Agent for Linux does not support AppArmor and SELinux mandatory access control systems in their enforcing modes. For the application to work correctly, these systems must be switched to permissive mode.
  2. Kaspersky Endpoint Agent for Linux requires installing Linux Audit Daemon 2.8 or later on the device.
  3. For connection of Kaspersky Endpoint Agent for Linux with Kaspersky Endpoint Security for Linux, rsyslog service with loaded imuxsock module is used. To check if the module is loaded in the rsyslog service configuration, run the following command: grep -r imuxsock /etc/rsyslog*. If the module loading string is commented, remove the # comment sign before the string and restart rsyslog service to save the changes.

Limitations of Kaspersky Endpoint Security 12.1 for Windows:

You can view the list of limitations of Kaspersky Endpoint Security 12.1 for Windows in the Kaspersky Endpoint Security for Windows Online Help.

Limitations of Kaspersky Endpoint Security 11.4.0 for Linux:

You can view the list of limitations of Kaspersky Endpoint Security 11.4.0 for Linux in the Kaspersky Endpoint Security for Linux Release Notes.

See also

Kaspersky Anti Targeted Attack Platform

What's new

About Kaspersky Threat Intelligence Portal

Distribution kit

Hardware and software requirements

Page top