Kaspersky Endpoint Security now boasts the following features and improvements:
Added support for integration with Kaspersky Network Detection and Response (KATA), a component of the Kaspersky Anti Targeted Attack Platform solution, which protects the internal corporate network and allows sending information about events occurring on devices (telemetry) to a Kaspersky Anti Targeted Attack Platform server with the Central Node component (hereinafter also referred to as the NDR server).
Added support for integration with KATA Sandbox, a component of the Kaspersky Anti Targeted Attack Platform solution, which allows you to analyze and scan objects to detect malicious activity and indicators of targeted attacks on the corporate IT infrastructure using special servers with deployed virtual images of operating systems.
Added support for integration with Kaspersky Unified Monitoring and Analysis Platform, a comprehensive software solution that combines the following functionality: receiving, processing, and storing information security events; analyzing and correlating incoming data; searching received events, and creating notifications about detection of indicators of information security threats.
Now you can exclude a process from network isolation by process name.
Now you can use the Cloud Sandbox technology, which allows detecting complex threats on the device. The Kaspersky Endpoint Security application automatically sends detected files to Cloud Sandbox for analysis. Cloud Sandbox runs these files in an isolated environment to detect malicious activity and decides on the reputation of these files.
Now you can view statistics for the most frequently scanned files and applications, as well as a list of mount points detected on the protected device. To improve performance, you can now exclude the files that are most frequently scanned by the File Threat Protection component, the paths to applications that are most frequently scanned by the Behavior Detection component, and the mount points detected on the device.
Improved command line options for task scheduling. Now you can configure a task to be stopped when it reaches maximum execution time.
Changed the status of the "padlock" attribute when creating a Kaspersky Security Center policy profile. Now, when creating a profile, all "padlocks" are open by default, which means that by default, profile settings do not override the settings of the "base" policy.
Added an alternative mechanism for getting system telemetry on 64-bit operating systems (with kernel versions 5.3 or later with eBPF with BTF support), which allows freeing up the resources of the audit.d kernel audit subsystem. The application will work with eBPF automatically if the operating system meets the specified requirements.
Dates and times in all management plug-ins are displayed in a uniform format conforming to RFC 3339, for example, 2023-12-25 23:55:59.