Restrictions
April 2, 2024
ID 247274
Limitations that apply when deploying the Central Node component as a cluster:
- A Central Node cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can scale the cluster to increase the amount of traffic handled or the number of connected hosts in accordance with the Sizing Guide.
- It is recommended to add servers with the same hardware configuration to the cluster. Otherwise, a proportional increase in performance is not guaranteed.
- Adding an extra server to the cluster does not speed up the processing of objects that are already in the scan queue.
- The web interface of the application can be temporarily unavailable if the server on which it is hosted fails.
- If the processing server fails, you may lose ICAP, POP3, and SMTP traffic data as well as the copies of emails that are waiting to be processed and the detections associated with them.
- If the processing server is configured to receive mirrored traffic from SPAN ports, then SPAN traffic is not processed if this server fails.
- If one of the cluster servers fails or the connection between the server and the Endpoint Agent component is temporarily lost, data in the event database can temporarily become desynchronized.
- If the configuration of the cluster servers is changed, processing of traffic and events from computers with the Endpoint Agent component may be temporarily slowed down.
Limitations that apply to the Sensor component:
- Only Sensor components installed on standalone servers can be used to capture network traffic at the maximum speed of 10 Gbps.
- Capturing FTP traffic at the maximum speed of 10 Gbps can result in a high level of loss.
- Real-time ICAP traffic scanning on standalone servers with the Sensor component can only be configured in Technical Support Mode.
Limitations that apply to the Sandbox component:
- The following versions of operating systems are supported for custom images:
- Windows XP SP3 or later
- Windows 7
- Windows 8.1 64-bit
- Windows 10 64-bit (up to version 1909)
- Only English and Russian localizations are fully supported for custom operating system images.
- License keys for activating the operating systems and software are not provided.
- If some of the operating systems selected in the set of operating systems on the Central Node server are not installed on the Sandbox server, Kaspersky Anti Targeted Attack Platform does not send objects to the Sandbox component for scanning. If multiple servers with the Sandbox component are connected to the server with the Central Node component, the application sends objects to those servers whose installed operating systems match the set selected on the Central Node.
Limitations that apply when integrating with Kaspersky Endpoint Agent for Windows and Kaspersky Endpoint Security for Windows:
- Tasks for getting RAM dumps and disk images can only be assigned to computers with Kaspersky Endpoint Agent 3.14 or later for Windows and Kaspersky Endpoint Security 12.1 or later for Windows.
- Tasks for getting process memory dumps, NTFS metafiles, and registry keys can only be assigned to computers with Kaspersky Endpoint Agent 3.14 or later for Windows or Kaspersky Endpoint Security 12.1 or later for Windows.
- The task of scanning hosts using YARA rules can only be assigned to computers with Kaspersky Endpoint Agent 3.14 or later for Windows and Kaspersky Endpoint Security 12.1 or later for Windows. If you simultaneously assign a task to computers with Kaspersky Endpoint Agent version 3.14 or later, and to computers with earlier versions of that application, the task runs only on computers with Kaspersky Endpoint Agent 3.14 or later.
- If autorun points are selected as the scan scope, the task runs only on computers with Kaspersky Endpoint Agent 3.14 or later and Kaspersky Endpoint Security 12.1 or later for Windows.
Limitations that apply when integrating with Kaspersky Endpoint Security for Linux:
- The following functionality is not available for computers running Kaspersky Endpoint Security for Linux 11.4:
- Network isolation of a host.
- Creating a prevention rule.
No notifications are created about the unsuccessful application of a prevention rule on computers with Kaspersky Endpoint Security 11.4 for Linux applications.
- Finding indicators of compromise on computers using IOC files.
No notifications are created about the unsuccessful search of indicators of compromise on computers with Kaspersky Endpoint Security 11.4 for Linux applications.
- The following functionality is not available for computers running Kaspersky Endpoint Security for Linux 12:
- Creating a prevention rule.
No notifications are created about the unsuccessful application of a prevention rule on computers with Kaspersky Endpoint Security 12 for Linux applications.
- Creating a prevention rule.
- The list of events that Kaspersky Endpoint Security 11.4 or 12 for Linux logs in the event database is limited to the following types:
- The list of tasks that you can create on computers running Kaspersky Endpoint Security 11.4 for Linux is limited to the following types:
- Get file
When you create the task, the application does not attempt to verify the path to the executable file or the file that you want to retrieve.
- Run application
- Get file
- The list of tasks that you can create on computers running Kaspersky Endpoint Security 12 for Linux is limited to the following types:
- Get file
When you create the task, the application does not attempt to verify the path to the executable file or the file that you want to retrieve.
- Run application
- Delete file
- Kill process
- Get file
- In information about events registered in the event database by Kaspersky Endpoint Security 11.4 or 12 for Linux, the Time created field displays file modification time.
Limitations that apply when integrating with Kaspersky Endpoint Security 12 for Mac:
- The following functionality is not available for computers running Kaspersky Endpoint Security 12 for Mac:
- Network isolation of a host.
- Creating a prevention rule.
No notifications are created about the unsuccessful application of a prevention rule on computers with Kaspersky Endpoint Security 12 for Mac applications.
- Finding indicators of compromise on computers using IOC files.
No notifications are created about the unsuccessful search of indicators of compromise on computers with Kaspersky Endpoint Security 12 for Mac applications.
- The list of events that Kaspersky Endpoint Security 12 for Mac logs in the event database is limited to the following types:
- The list of tasks that you can create on computers running Kaspersky Endpoint Security 12 for Mac is limited to the following types:
- Get file
When you create the task, the application does not attempt to verify the path to the executable file or the file that you want to retrieve.
- Run application
- Get file
- In information about events registered in the event database by Kaspersky Endpoint Security 12 for Mac, the Time created field displays file modification time.
Limitations of Kaspersky Endpoint Agent 3.16 for Windows:
You can view the list of limitations of Kaspersky Endpoint Agent 3.16 for Windows in the Kaspersky Endpoint Agent for Windows Online Help.
Limitations of Kaspersky Endpoint Security 12.3 for Windows:
You can view the list of limitations of Kaspersky Endpoint Security 12.3 for Windows in the Kaspersky Endpoint Security for Windows Online Help.
Limitations of Kaspersky Endpoint Security 12 for Linux:
You can view the list of limitations of Kaspersky Endpoint Security 12 for Linux in the Kaspersky Endpoint Security for Linux Release Notes.
Limitations of Kaspersky Endpoint Security 12 for Mac:
You can view the list of limitations of Kaspersky Endpoint Security 12 for Mac in the Kaspersky Endpoint Security for Mac Online Help.
