In the Device Control task, you can use masks for the rules scope, allow access to the devices only for trusted users or group of users, and create the rules based on data from the Kaspersky Security Center network list of the added devices.
The set of triggering criteria for the Application Launch Control task is extended: you can launch the programs via the defined command line and you can select multiple criteria.
A new component for scanning executable scripts using AMSI technology for Windows is introduced.
Firewall Management task: outbound connections rules are added, along with ICMPv4 and ICMPv6 connections management.
The Malfunction diagnosis section is introduced for Kaspersky Security Center policies: you can manage trace files settings and dump files settings. Also, you can manage these options using command line utility kavshell.exe and using the installer command line setup.exe during installation. Trace management options and dump management options for the device under protection of Kaspersky Embedded Systems Security are available in Kaspersky Security Center remote diagnostic utility.
During installation, you can select the scope of saved data for migration to a new version of Kaspersky Embedded Systems Security using the installer command line.
Publishing events into Windows Event Log is added for the Log Inspection task.
Database update tasks are created automatically during installation for all types of installation packages (with anti-virus databases and without anti-virus databases).
The application release is cumulative and includes the resolved issues from earlier releases.