Kaspersky Endpoint Security now boasts the following features and improvements:
A mechanism for intercepting system events based on the updatable kernel module has been implemented (not available in Light Agent mode). If the operating system of the device supports fanotify and satisfies other requirements for installing the updatable kernel module, you can configure the application to use the updatable kernel module. Using an updatable kernel module allows optimizing the interception of started processes by Kaspersky Endpoint Security. The updatable kernel module is included in the distribution kit of the application.
We added a new functional component: Exploit protection (not available in Light Agent mode ). Exploit Prevention monitors code that exploits vulnerabilities on your device to gain administrative privileges or perform malicious actions.
Code that exploits a vulnerability in the system or an application. Exploits are often used to install malware on a computer without the user's knowledge.
We added the ability to configure a list of users or user groups for which the added devices are considered trusted.
We added the ability to allow read-only access to storage devices.
User notification through events has also been improved: newly added events, clearer and more consistent event texts in plug-ins and on the command line.
The Behavior Detection component has been improved. Now you can enable or disable the exclusion of a process from scanning by MDR and EDR (KATA).
Now you can configure proxy server exclusions. You can specify which Kaspersky Endpoint Security components must bypass the proxy server, and also create a list of addresses that the proxy server will not be used for. If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the use of a proxy server for connecting to Kaspersky Security Network, the SVM, and the Integration Server is not supported.
Now you can configure traffic interception exclusions. Now you can use the management plug-ins of the application or the command line to specify connections that the application must exclude from traffic interception.
Now you can temporarily exclude database log files from scanning to optimize the File Threat Protection scan. If a database log file is reused by the same process within 10 minutes of the last scan, the application skips the scan of that log file.
Now you can enable the merging of exclusion list items in a parent policy and its child policy when inheriting the settings of the parent policy.
Now you can use the management web plug-in to export and import lists of exclusions in policies and tasks.
We added the ability to configure the initial configuration settings of the Kaspersky Endpoint Security application in the Administration Console of Kaspersky Security Center when creating an installation package or in the properties of an installation package.
We added the ability to enable or disable the use of the KSN proxy server when Kaspersky Endpoint Security interacts with KSN servers (not available in Light Agent mode). If the use of the KSN proxy server is enabled, Kaspersky Endpoint Security communicates with KSN servers using the KSN Proxy service on the Administration Server. If the use of the KSN proxy server is disabled, Kaspersky Endpoint Security interacts with the KSN servers directly.
On the command line, you can use a command that displays a list of application functions, information about their status (used or not used), and the Linux technologies that these application features are implemented with.
We added the ability to display information about the policy and policy profiles in effect on the device on the command line and in the graphical interface.
Optimized the storage of a large number of events in the application event log. Interaction with the event database has been sped up when opening or closing it, as well as when getting events.
Reworked the style of the graphical interface (new colors, rounded corners of all windows).
Changed the names of actions that can be applied to infected objects in the File Threat Protection settings and scan tasks.
Added an alternative mechanism for getting system telemetry in the Behavior Detection component on 64-bit operating systems (with kernel versions 5.3 or later with eBPF support), which allows freeing up the resources of the auditd kernel audit subsystem. The application uses eBPF automatically if the operating system satisfies the requirements, also in the Light Agent mode.
Dates and times in all application management interfaces (except the command line interface) are displayed in a uniform format conforming to RFC 3339, for example, 2023-12-25 23:55:59.