Kaspersky Endpoint Security 11.3.0 for Linux Release Notes

Kaspersky Endpoint Security 11.3.0 for Linux (hereinafter also referred to as Kaspersky Endpoint Security) protects computers running the Linux® operating systems against malware.

WHAT'S NEW

The following features and improvements have been implemented in Kaspersky Endpoint Security:

• We added the ability to exclude processes from process memory scans in the general application settings.
• We added the ability to configure scan exclusions to exclude processes from File Threat Protection tasks and Behavior Detection tasks.
• Now you can optimize scans of application log files: you can use the SkipPlainTextFiles setting to exclude text files from scans if they are reused by the same process for 10 minutes after the most recent scan.
• The interaction with the operating system's firewall has been updated: Kaspersky Endpoint Security uses the iptables and iptables-restore system utilities when adding rules for the system firewall. On systems with nftables, the problem with displaying the application network packet rules by the system utilities is fixed.
• Now you can exclude traffic from scans: in the list in the mangle table of the iptables and ip6tables utilities, we added a special allowing rule chain kesl_bypass, which lets you configure traffic exclusion rules. Exclusions affect the operation of Firewall Management, Web Threat Protection and Network Threat Protection tasks.
• You can use the JSON format for requests and exporting data, as well as for exporting and importing application settings and task settings.
• We implemented user notifications in the event that unsupported file system resources are added to the scan scope.
• The application distribution kit no longer includes a special package for installing the application on the Astra Linux Special Edition operating system. A general deb package for 64-bit operating systems is used.
• List of supported operating systems is updated.
• You can now install and run the application on devices with operating systems for the Arm architecture. The application distribution package now includes a special package to install the application on operating systems for the Arm architecture.
• Device Control, Network Threat Protection and Behavior Detection tasks now support the ability to notify the user when threats are detected or when attempts to access a device are detected.
• KESL containers now let you configure a timeout for application commands and application database update tasks.

SYSTEM REQUIREMENTS

Kaspersky Endpoint Security has the following hardware and software requirements:

Minimum hardware requirements:

• CPU: Core™ 2 Duo 1.86 GHz or higher
• Swap partition of at least 1 GB
• 1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bit operating systems
• 4 GB of free hard disk space for installation of the application and storage of temporary and log files

Software requirements:

• Supported 32-bit operating systems:
  • CentOS 6.7 and later.
  • Debian GNU/Linux 10.1 and later.
  • Debian GNU/Linux 11.
  • Mageia™ 4.
  • Red Hat® Enterprise Linux® 6.7 and later.
  • ALT 8 SP Workstation.
  • ALT 8 SP Server.
  • ALT Education 10.
  • ALT Workstation 10.
• Supported 64-bit operating systems:
  • AlmaLinux OS 8 and later.
  • AlmaLinux OS 9 and later.
  • AlterOS® 7.5 and later.
  • Amazon™ Linux 2.
  • Astra Linux Common Edition 2.12.
  • Astra Linux Special Edition RUSB.10015-01 (update 1.5).
  • Astra Linux Special Edition RUSB.10015-01 (update 1.6).
  • Astra Linux Special Edition RUSB.10015-01 (operational update 1.7).
  • Astra Linux Special Edition RUSB.10015-16 (release 1) (update 1.6)
  • CentOS 6.7 and later.
  • CentOS 7.2 and later.
  • CentOS Stream 9.
  • Debian GNU/Linux 10.1 and later.
  • Debian GNU/Linux 11.
  • EMIAS 1.0.
  • EulerOS 2.0 SP5.
  • LinuxMint 19.2 and later.
  • LinuxMint 20.3 and later.
  • openSUSE Leap 15.0 and later.
  • Oracle Linux 7.3 and later.
  • Oracle Linux 8.0 and later.
  • Red Hat Enterprise Linux 6.7 and later.
  • Red Hat Enterprise Linux 7.2 and later.
  • Red Hat Enterprise Linux 8.0 and later.
  • Red Hat Enterprise Linux 9.
  • Rocky Linux 8.5 and later.
  • SUSE Linux Enterprise Server 12.5 and later.
  • SUSE Linux Enterprise Server 15 and later.
  • Ubuntu® 20.04 LTS.
  • Ubuntu 22.04 LTS.
  • ALT 8 SP Workstation.
  • ALT 8 SP Server.
  • ALT Education 10.
  • ALT Workstation 10.
  • ALT Server 10.
  • Atlant, Alcyone build, version 2022.02.
  • GosLinux 7.17.
  • GosLinux 7.2.
  • RED OS® 7.3.
  • ROSA COBALT 7.9.
  • ROSA Chrome 12.
• Supported 64-bit operating systems for the Arm architecture:
  • Astra Linux Special Edition RUSB.10152-02 (operational update 4.7).
  • EulerOS 2.0 SP8.
  • SUSE Linux Enterprise Server 15 SP3.
  • Ubuntu 20.04 LTS.
  • ALT 8 SP Server.
  • RED OS 7.3.
• Perl interpreter: version 5.10 or higher.
• Packages installed for compiling applications and running tasks (gcc, binutils, glibc, glibc-devel, make, ld) in the operating systems that do not support the fanotify technology.
• Header files of the operating system kernel for compiling Kaspersky Endpoint Security modules in the operating systems that do not support the fanotify technology.

Prior to installing Kaspersky Endpoint Security and Kaspersky Security Center Network Agent on the SUSE Linux Enterprise Server 15 operating system, the insserv-compat package must be installed.

Prior to installing Kaspersky Security Center Network Agent on the Red Hat Enterprise Linux 9 and Ubuntu 22.04 LTS operating systems, the initscripts system package must be installed.

The perl-Getopt-Long package needs to be installed for the program to work on the Red Hat Enterprise Linux 8 operating system.

Due to limitations of the fanotify technology, the application does not support the following file systems: autofs, binfmt_misc, cgroup, configfs, debugfs, devpts, devtmpfs, fuse, fuse.gvfsd-fuse, gvfs, hugetlbfs, mqueue, nfsd, proc, parsecfs, pipefs, pstore, usbfs, rpc_pipefs, securityfs, selinuxfs, sysfs, tracefs.

For the Kaspersky Endpoint Security administration plug-in to work, Microsoft® Visual C++® 2015 Redistributable Update 3 RC must be installed (https://www.microsoft.com/en-us/download/details.aspx?id=52685).

Supported versions of Kaspersky Security Center

Kaspersky Endpoint Security is compatible with the following Kaspersky Security Center versions:

• Kaspersky Security Center 12. Kaspersky Endpoint Security can be managed through the Administration Console using the MMC administration plug-in.
• Kaspersky Security Center 13.2. Kaspersky Endpoint Security can be managed through the Administration Console using the MMC administration plug-in.
• Kaspersky Security Center 14. Kaspersky Endpoint Security can be administered through Administration Console using the MMC administration plug-in and through Kaspersky Security Center Web Console using the web administration plug-in.
• Kaspersky Security Center 14 Linux. Kaspersky Endpoint Security can be managed through Kaspersky Security Center Web Console using the web administration plug-in.

  Kaspersky Security Center Linux includes a version of Administration Server intended for installation on a device running the Linux operating system. Kaspersky Security Center Linux interacts with Administration Server through Kaspersky Security Center Web Console.

  Some functionality of Kaspersky Security Center, e.g. features tied to Kaspersky Security Network, are unavailable in Kaspersky Security Center Linux. You can manage use of Kaspersky Security Network through Kaspersky Security Center running on Windows.

  For more information about Kaspersky Security Center Linux, see its documentation.

Kaspersky Security Center Administration Agent, which is included with Kaspersky Endpoint Security, is used to manage Kaspersky Endpoint Security through Kaspersky Security Center.

INSTALLING AND UPDATING THE APPLICATION

Installing and updating the application is described in Kaspersky Endpoint Security online help.

After updating, Kaspersky Endpoint Security is started, even if it was stopped before the update process.

KNOWN ISSUES AND SOLUTIONS

Kaspersky Endpoint Security has a number of restrictions that are not critical for the application's operation:

• 2181748. Anti-Cryptor works with the following protocols: SMB1, SMB2, SMB3, and NFS3.
• 1933381. The application may not be terminated correctly in the operating systems of the Red Hat Enterprise Linux 7.3 family when working with NFS4 protocol.

  Possible solution: Configure the network partitions to use NFS3.

• 1936085, 2038451. When the application is running in the operating systems of the Red Hat Enterprise Linux 7.2 family, files larger than 2 GB may be blocked.

  Possible solution: Upgrade the operating system to Red Hat® Enterprise Linux 7.3 and later.

• 2066268. When the application is running in the operating systems of the Red Hat Enterprise Linux 7 family and the CIFS (SMB1) protocol is used, files in remote network partitions can take a long time to be created.

  Possible solution: Switch to SMB2 protocol and disable CIFS oplock.

• 2009503. If network connection is broken when the remote network partitions are actively used, delays in the operating system operation may occur.
• 1709422. It may be impossible to scan a file whose name is specified in the encoding that differs from the operating system encoding using the scan-file command.

  Possible solution: Change the file name or configure a scan of the entire folder, or use the standard ODS task.

• 1762651. The application may not process files in virtual pseudo-file systems.

  Possible solution: Use the mount command to connect network or local partitions.

• In the Mageia 4 operating system, remote installation of Kaspersky Security Center package klnagent\kav4fs via the SSH protocol does not work.

  Possible solution: in the /etc/sudoers configuration file, remove the Defaults requiretty parameter.

• 3908879. In some operating systems, if the firewall blocks the SMB protocol, errors may occur when the application is unloaded or the File Threat Protection task is stopped.

  Possible solution: Remove the block of the SMB protocol for the mounted SMB partition.

• 3883615. When using Docker container system, the threats inside the containers may not be intercepted immediately.
• 3163038. When the value of the SizeLimit setting is changed from the command line, the current value is not changed until application restart.

  Possible solution: restart the application after changing this setting.

• 3307326. The klnagent-astra package cannot be removed by Kaspersky Security Center tools.

  Possible solution: remove the package manually from the command line.

• 3734131. In the Red Hat Enterprise Linux 8 operating system, firewall is managed through the iptables-legacy package.

  Possible solution: do not use nftables to manage the firewall rules.

• 3710494. When using Docker container system, the application Storage contains only one instance of the malicious object for the containers started from one image.
• 3275738. The Device Control (Device_Control) task does not block floppy discs connected using the ISA bus.
• 3337145. When changing the user role from "admin" to "user" and backwards, the new role will not be assigned until GUI is restarted. Restart the GUI to assign a new role.
• 4084284. When the application is running on the Astra Linux Special Edition RUSB.10015-01 (update 1.5) operating system, numerous errors and performance slowdown may occur during the execution of the File Threat Protection (File_Threat_Protection) task.
• If an SMB server is not responding in the Red Hat Enterprise Linux 8.1 operation system, it may cause the File Threat Protection (File_Threat_Protection) task to hang in the Starting or Stopping state.

  A possible solution is described in the Red Hat Knowledge Base article "SMB: Processes do not exit when accessing an unresponsive SMB server".

• 4326124. When the "Stop" action is selected for the container (OnAccessContainerScanAction=StopContainer), the container may not be stopped if the File Threat Protection task has detected and removed a threat on the host before scanning the container. In this case, the File Threat Protection task does not detect this threat in the container during scan, and the container is not stopped.

  Possible solution: when using "union filesystems aufs" and "overlay", the application scans the files twice (the first time at the host filesystem level, and the second time at the union filesystem level). It is recommended to add the container storage directory of the host filesystem (usually the /var/lib/docker or /var/lib/containers/storage directory) to the exclusions of the File Threat Protection task to improve performance.

• 4686247. When the application is running in the Red Hat Enterprise Linux 6.7 operating systems, the Network Threat Protection task (Network_Threat_Protection) does not start.

  Possible solution: disable IPv6 addressing support using the ipv6.disable=1 kernel parameter and restart the operating system.

• 4730506. When the application is running in systems that require the kernel interceptor module (redirfs) usage, the GPFS file system is excluded from scan.
• Application Control does not work if the application is installed in the operating systems that do not support the fanotify technology.
• 5028782. If Private KSN usage is disabled in the Administration Server settings, the KSN participation settings specified in the policy are not passed to the user computers during their synchronization with the Administration Server. To pass the KSN participation settings, manually apply or activate the Kaspersky Endpoint Security 11.3.0 policy.
• 5559498. If Kaspersky Endpoint Security is integrated with Kaspersky Managed Detection and Response, a large number of events can be written to the systemd log.

  If you want to disable the logging of audit events to the systemd log, disable the systemd-journald-audit socket and restart the operating system.

• 5496016. In rare cases, when working with the NFS3 protocol on operating systems of the CentOS 6 family, the Anti-Cryptor task cannot block access of a remote computer performing malicious encryption to the network file resources.
• 5975779. Correct operation of the Anti-Cryptor task is not guaranteed for mounted network directories if encryption protection is enabled on the computer where the directory is located and on the computers where the directory is mounted.
• 5900432. In rare cases, when using the Device Control task and the dd utility simultaneously, the operation of the operating system may become unstable and a reboot will be required.
• 5903222. When the application is restarted during update performed by means of Kaspersky Security Center, an application startup error message may appear. Despite this, the application starts successfully.

SOURCES OF INFORMATION ABOUT THE APPLICATION

• Application page on Kaspersky website.
• Application page on the Technical Support website (Knowledge Base).
• Online help.
• Kaspersky forum.

© 2022 AO Kaspersky Lab.

Page top