Checking the integrity of modules by using the klscmodchk and integrity_checker utilities

Kaspersky Security Center contains multiple binary modules in the form of dynamically linked libraries, executable files, configuration files, and interface files. Intruders can replace one or more executable modules or application files with other files containing malicious code. To prevent module and file substitution, Kaspersky Security Center provides a component integrity check by using the klscmodchk and integrity_checker utilities. These utilities check modules and files for unauthorized changes or damage. If a module or application file has an incorrect checksum, it is considered damaged.

The klscmodchk utility performs integrity checks for the following Kaspersky Security Center components:

The integrity_checker utility performs integrity checks for the following Kaspersky Security Center components:

Both utilities check module integrity based on the kl_file_integrity_manifest.xml manifest file, which is part of the Kaspersky Security Center build and is located in the installation folder. The component manifest file contains files whose integrity is important for the correct operation of the Kaspersky Security Center component. The integrity of the manifest files themselves is also checked.

It is strongly not recommended to modify the kl_file_integrity_manifest.xml manifest file, as this will invalidate the digital signature and cause the integrity check to fail.

To check the integrity of the Kaspersky Security Center component, run one of the following commands:

The result of checking each manifest file is displayed next to the manifest file name in the following format:

You can also configure integrity checks to launch automatically when you launch the application. By default, automatic integrity checking is disabled.

To enable automatic integrity checking:

  1. On the device where Administration Server is installed, at the Windows command prompt, enter the following command:

    klscflag.exe -fset -pv klserver -n KLMODCHK_ENABLE_CHECKING -t d -v 1

  2. Restart the device.

The automatic integrity checking is enabled.

At the next run of Kaspersky Security Center, the klscmodchk utility will run together with Administration Server, and start the modules integrity checking. The result of integrity checks are written to the Kaspersky Event Log.

Page top