Application components integrity check

Kaspersky Endpoint Security contains a multitude of various binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker can replace one or more application executable modules or files with other files containing malicious code. To prevent the replacement of modules and files, Kaspersky Endpoint Security can check the integrity of application components.

The application checks modules and files for the presence of unauthorized changes or corruption. If an application module or file has an incorrect checksum, it is considered to be corrupted.

The application checks the integrity of the manifest file containing a list of application files whose integrity is critical for correct operation of the application component.

The integrity of application components is checked by using the integrity_check_tool located in the directory /opt/kaspersky/kesl/bin. The same directory contains the integrity_check.xml manifest file, protected by the cryptographic signature of Kaspersky.

You can also check the integrity of Kaspersky Endpoint Security administration plug-in by using the integrity_check_tool.exe located in the directory C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center installation directory>\Plugins\kesl10sp1mr4_arm64.plg\. The same directory contains the integrity_check.xml manifest file.

Root privileges are required to run the integrity check tool.

To check the integrity of application components, run the following command:

integrity_check_tool -m[|--manifest] <manifest file path> -v[|--verify]

where <manifest file path> is the path to the manifest file. By default, the tool uses the integrity_check.xml file located in the directory /opt/kaspersky/kesl/bin.

To check the integrity of Kaspersky Endpoint Security administration plug-in, run the following command:

integrity_check_tool.exe -m[|--manifest] <manifest file path> -v[|--verify]

where <manifest file path> is the path to the manifest file. By default, the tool uses the integrity_check.xml file located in the directory C:\Program Files (x86)\Kaspersky Lab\<Kaspersky Security Center installation directory>\Plugins\kesl10sp1mr4_arm64.plg\.

You can run the integrity check tool with the following optional settings:

• -h, --help—display Help for tool settings.
• -V, --verbose—expanded output of performed actions and results. If you do not specify this setting, only errors, objects that did not pass the check, and summary scan statistics will be provided.
• -L, --log-file <file>, where <file> is the name of the file used for writing events that occur during a scan. By default, events are sent to the standard stream stdout.
• -l, --log-level <0-1000>, where <0-1000> is the level of detail of event output. The default level of detail is 0.

The result of checking each manifest file is displayed next to the name of the manifest file in the following format:

• SUCCEEDED—integrity of the files is confirmed (return code 0)
• FAILED—integrity of the files is not confirmed (return code is not 0)