Checking the integrity of modules by using the klscmodchk and integrity

Checking the integrity of modules by using the klscmodchk and integrity_checker utilities

Kaspersky Security Center contains multiple binary modules in the form of dynamically linked libraries, executable files, configuration files, and interface files. Intruders can replace one or more executable modules or application files with other files containing malicious code. To prevent module and file substitution, Kaspersky Security Center provides a component integrity check by using the klscmodchk and integrity_checker utilities. These utilities check modules and files for unauthorized changes or damage. If a module or application file has an incorrect checksum, it is considered damaged.

The klscmodchk utility performs integrity checks for the following Kaspersky Security Center components:

Administration Server
Network Agent
Management plug-ins for Administration Console with manifest files

The integrity_checker utility performs integrity checks for the following Kaspersky Security Center components:

Administration Server
Network Agent
Kaspersky Security Center Web Console

Both utilities check module integrity based on the kl_file_integrity_manifest.xml manifest file, which is part of the Kaspersky Security Center build and is located in the installation folder. The component manifest file contains files whose integrity is important for the correct operation of the Kaspersky Security Center component. The integrity of the manifest files themselves is also checked.

It is strongly not recommended to modify the kl_file_integrity_manifest.xml manifest file, as this will invalidate the digital signature and cause the integrity check to fail.

To check the integrity of the Kaspersky Security Center component, run one of the following commands:

$ klscmodchk [parameters]
The klscmodchk utility launches the integrity_checker utility with the --verbose parameter and checks the integrity of the modules.

Parameters for the klscmodchk utility:
- -logfile <log_file_path>—Specify the path to a file on the disk for logging. By default, information is output to the console.
- -chkplugins—Check the integrity of installed management plug-in modules for Administration Console that include manifest files. By default, management plug-ins are not checked.
- -verbose—Output extended information during integrity checking.
$ integrity_checker [parameters] <manifest_file_path>
Parameters for the integrity_checker utility:
- --help—Display the integrity_checker utility help.
- --version—Display the integrity_checker utility version.
- --verbose—Display information about the utility's operation. When performing an integrity check, it is sufficient to use this parameter in the command.

The result of checking each manifest file is displayed next to the manifest file name in the following format:

SUCCEEDED—File integrity confirmed (return code 0).
FAILED—File integrity not confirmed (non-zero return code).

You can also configure integrity checks to launch automatically when you launch the application. By default, automatic integrity checking is disabled.

To enable automatic integrity checking:

On the device where Administration Server is installed, at the Windows command prompt, enter the following command:
klscflag.exe -fset -pv klserver -n KLMODCHK_ENABLE_CHECKING -t d -v 1
Restart the device.

The automatic integrity checking is enabled.

At the next run of Kaspersky Security Center, the klscmodchk utility will run together with Administration Server, and start the modules integrity checking. The result of integrity checks are written to the Kaspersky Event Log.

Page top