Kaspersky Endpoint Security 11.2.2 for Linux Release Notes
Kaspersky Endpoint Security 11.2.2 for Linux (hereinafter also referred to as Kaspersky Endpoint Security) protects computers running the Linux® operating systems against malware.
WHAT'S NEW
Kaspersky Endpoint Security now boasts the following features and improvements:
Kaspersky Endpoint Security 11.2.2 for Linux (autopatch)
- Improvements have been implemented to extend telemetry sending when the processes required for integrating the application with Kaspersky Managed Detection and Response (MDR) solution are started.
- The performance of the Behavior Detection (Behavior_Detection, ID:20) task has been improved.
- Improvements of the application stability and performance have been implemented.
- The following errors have been fixed:
- INC000013259202. KESL: Device Control does not block mobile devices.
- INC000013316985. KESL 11.2 killed by sigabrt after start.
- INC000013293202. KESL App Control does not start due to categories conditions by Hash.
- INC000013131182. KESL 11.2 cannot be activated via KSC activation proxy.
- INC000013111466. WTP causes errors in java connections.
- INC000013071777. KESL: inconsistent file integrity report in the Web Console.
Kaspersky Endpoint Security 11.2.1 for Linux
Kaspersky Endpoint Security 11.2.0 for Linux
- Application Control
The ability to control the launch of programs on users' computers has been implemented.
- Inventory.
A task has been implemented that allows you to get information about all executable program files stored on computers.
- Container Scan.
Support for integration with the CRI-O environment, the Podman and runc utilities is implemented.
- KESL container.
The application distribution kit includes files for building a container application (hereinafter referred to as KESL container) with the REST API for embedding into external systems.
- Integration with Kaspersky Managed Detection and Response solution.
The ability to interact with the Kaspersky Managed Detection and Response (MDR) solution has been implemented, which provides continuous search, detection and elimination of threats aimed at your organization.
- Critical areas scan.
The Boot Sector Scan (Boot_Scan) and Kernel and Process Memory Scan (Memory_Scan) tasks have been moved to the new Critical Areas scan task (Critical_Areas_Scan), which allows you to scan startup objects, boot sectors, process memory, and kernel memory. The separate Boot Sector Scan (Boot_Scan) and Kernel and Process Memory Scan (Memory_Scan) tasks have been removed.
- Task priority.
The ability to specify one of three priorities for the following tasks has been implemented: Virus scan, Custom scan, Inventory, and Container scan.
- Trace file creation settings.
Added the ability to enable creation of trace files at the application startup.
- Policy profiles.
Added support for working with policy profiles in Kaspersky Security Center.
- Update task settings.
The settings for using a proxy server to connect to Kaspersky Lab update servers and custom update sources have been removed.
- Updated list of supported operating systems.
SYSTEM REQUIREMENTS
Kaspersky Endpoint Security has the following hardware and software requirements:
Minimum hardware requirements:
- Core ™ 2 Duo 1.86 GHz or faster processor;
- swap partition at least 1 GB;
- 1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bit operating systems;
- 4 GB of free hard disk space for program installation and storage of temporary and log files.
Software requirements:
- Supported 32-bit operating systems:
- CentOS 6.7 and later.
- Debian GNU / Linux 9.4 and later.
- Debian GNU / Linux 10.1 and later.
- Debian GNU / Linux 11.1 and later.
- Linux Mint 19 and up.
- Mageia 4
- Red Hat® Enterprise Linux® 6.7 or later.
- ALT Education 9
- Alt Workstation 9.
- Alt Server 9.
- Supported 64-bit operating systems:
- AlmaLinux OS 8.4.
- AlmaLinux OS 8.5.
- AlterOS 7.5 and higher.
- Amazon™ Linux 2.
- Astra Linux Common Edition (update 2.12).
- Astra Linux Special Edition RUSB.10015-01 (update 1.5).
- Astra Linux Special Edition RUSB.10015-01 (update 1.6).
- Astra Linux Special Edition RUSB.10015-16 (release 1) (update 1.6)
- CentOS 6.7 and later.
- CentOS 7.2 and later.
- CentOS 8.0 and later.
- Debian GNU / Linux 9.4 and later.
- Debian GNU / Linux 10.1 and later.
- Debian GNU / Linux 11.1 and later.
- EulerOS V2.0SP2 2.2.17
- EulerOS V2.0SP5 2.5.6
- Linux Mint 19 and up.
- Linux Mint 20.1 and later.
- openSUSE Leap 15.0 and later.
- Oracle® Linux 7.3 and later.
- Oracle Linux 8.0 and later.
- Pardus OS 19.1
- Red Hat Enterprise Linux 6.7 or later.
- Red Hat Enterprise Linux 7.2 and later.
- Red Hat Enterprise Linux 8.0 or later.
- SUSE Linux Enterprise Server 12 SP5 and later.
- SUSE Linux Enterprise Server 15 or later.
- Ubuntu 18.04 LTS and later.
- Ubuntu 20.04 LTS.
- ALT Education 9
- Alt Workstation 9.
- Alt Server 9.
- Goslinux 7.2.
- RED OS 7.3.
- Perl language interpreter version 5.10 or higher.
- Packages installed for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make, ld) in the operating systems that do not support the fanotify technology.
- Header files of the operating system kernel for compiling Kaspersky Endpoint Security modules in the operating systems that do not support the fanotify technology.
Prior to installing Kaspersky Endpoint Security and Network Agent on SUSE Linux Enterprise Server 15 operating system, the insserv-compat package must be installed.
For Red Hat Enterprise Linux 8 and CentOS 8, the perl-Getopt-Long package must be installed.
For Kaspersky Endpoint Security administration plug-in operation, Microsoft® Visual C ++ 2015 Redistributable Update 3 RC must be installed (https://www.microsoft.com/en-us/download/details.aspx?id=52685).
Kaspersky Endpoint Security is compatible with the following Kaspersky Security Center versions:
- Kaspersky Security Center 10 Service Pack 3.
- Kaspersky Security Center 11.
- Kaspersky Security Center 12.
- Kaspersky Security Center 13.
- Kaspersky Security Center 13.1.
INSTALLING AND UPDATING THE APPLICATION
Installing and updating the application is described in Kaspersky Endpoint Security online help.
After updating, Kaspersky Endpoint Security is started, even if it was stopped before the update process.
MAIN KNOWN ISSUES
Kaspersky Endpoint Security has a number of restrictions that are not critical for the application's operation:
- Anti-Cryptor works with SMB1, SMB2, SMB3, and NFS3 protocols.
- The application may not be terminated correctly in the operating systems of the Red Hat Enterprise Linux 7.3 family when working with NFS4 protocol.
Possible solution: Configure the network partitions to use NFS3 protocol.
- When the application is running in the operating systems of the Red Hat Enterprise Linux 7.2 family, files larger than 2 GB may be blocked.
Possible solution: Upgrade the operating system to Red Hat® Enterprise Linux 7.3 and later.
- When the application is running in the operating systems of the Red Hat Enterprise Linux 7 family and the CIFS (SMB1) protocol is used, files in remote network partitions can take a long time to be created.
Possible solution: Switch to SMB2 protocol and disable CIFS oplock.
- If network connection is broken when the remote network partitions are actively used, delays in the operating system operation may occur.
- It may be impossible to scan a file whose name is specified in the encoding that differs from the operating system encoding using the scan-file command.
Possible solution: Change the file name or configure a scan of the entire folder, or use the standard ODS task.
- The application may not process files in virtual pseudo-file systems.
Possible solution: Use the mount command to connect network or local partitions.
- In the Mageia 4 operating system, remote installation of Kaspersky Security Center package klnagent\kesl via the SSH protocol does not work.
Possible solution: in the /etc/sudoers configuration file, remove the Defaults requiretty parameter.
- In the Red Hat Enterprise Linux 8 operating system, if the firewall blocks the SMB protocol, errors may occur when the application is unloaded or the File Threat Protection task is stopped.
Possible solution: Remove the block of the SMB protocol for the mounted SMB partition.
- In the Red Hat Enterprise Linux 8 operating system, firewall is managed through the iptables-legacy package.
Possible solution: do not use nftables to manage the firewall rules.
- When using Docker container system, the threats inside the containers may not be intercepted immediately.
- When using Docker container system, the application Storage will contain only one instance of the malicious object for the containers started from one image.
- When the value of the SizeLimit setting is changed from the command line, the current value is not changed until application restart.
Possible solution: restart the application after changing this setting.
- The klnagent-astra package cannot be removed by Kaspersky Security Center tools.
Possible solution: remove the package manually from the command line.
- The Device Control (Device_Control) task does not block floppy discs connected using the ISA bus.
- When changing the user role from "admin" to "user" and backwards, the new role will not be assigned until GUI is restarted. Restart the GUI to assign a new role.
- When the application is running on a special-purpose operating system Astra Linux Special Edition RUSB.10015-01 (update 1.5), numerous errors and performance slowdown may occur during the execution of the File Threat Protection (File_Threat_Protection) task.
- If an SMB server is not responding when the program is running on Red Hat Enterprise Linux 8.1 operating systems, it may cause the File Threat Protection (File_Threat_Protection) task to hang in the Starting or Stopping state.
A possible solution is described in the Red Hat Knowledge Base article "SMB: Processes do not exit when accessing an unresponsive SMB server".
- When the "Stop" action is selected for the container (OnAccessContainerScanAction=StopContainer), the container may not be stopped if the File Threat Protection task has detected and removed a threat on the host before scanning the container. In this case, the File Threat Protection task does not detect this threat in the container during scan, and the container is not stopped.
Possible solution: when using "union filesystems aufs" and "overlay" the application scans the files twice (the first time at the host filesystem level, and the second time at the union filesystem level). Thus it is recommended to add the container storage directory of the host filesystem (usually the /var/lib/docker or /var/lib/containers/storage directory) to the exclusions of the File Threat Protection task to improve performance.
- When the application is running in the Red Hat Enterprise Linux 6.7 operating systems, the Network Threat Protection task (Network_Threat_Protection) does not start.
Possible solution: disable IPv6 addressing support using the ipv6.disable=1 kernel parameter and restart the operating system.
- When the application is running in systems that require the kernel interceptor module (redirfs) usage, the GPFS file system is excluded from scan.
- Application Control does not work if the application is running in the operating systems that do not support the fanotify technology.
- If Private KSN usage is disabled in the Administration Server settings, the KSN participation settings specified in the policy are not passed to the user computers during their synchronization with the Administration Server.
Possible solution: in order to pass the KSN participation settings, manually apply or activate Kaspersky Endpoint Security 11.2.2 for Linux policy.
© 2022 AO Kaspersky Lab.
Page top