Kaspersky Embedded Systems Security 2.1 release notes
Kaspersky Embedded Systems Security 2.1 was released on April 30, 2018. Full version number is 184.108.40.2061.
Kaspersky Embedded Systems Security protects a variety of embedded systems under Microsoft Windows OS, including ATM (automated teller machines) and POS (points of sale), against viruses and other computer threats.
Kaspersky Embedded Systems Security protects devices with limited RAM (256 MB or more) and limited hard disk space (100 MB or more).
Kaspersky Embedded Systems Security 2.1 uses the following protection technologies:
- Real-time file protection (implemented in the Real-Time File Protection task). The application scans files and alternative steams of file systems (NTFS-streams) when a protected computer accesses them. If a file is recognized as infected, the protected computer’s access to that file is restricted.
- On-demand anti-virus scan (implemented in the On-Demand Scan tasks). One-time scan of specified areas for viruses and other computer security threats. The application scans the protected computer’s files, autorun objects and RAM.
- Kaspersky Security Network services integration (implemented in the KSN Usage task). Use of data from Kaspersky Security Network ensures a faster response time by Kaspersky Embedded Systems Security when encountering new types of threats.
- With the user’s consent, the application can use checksums (MD5) of the analyzed files when executing the KSN Usage task. Kaspersky Security Network services integration functionality gets requests for file scanning when the following tasks are being performed: Real-time file protection, On-demand anti-virus scan, Applications Launch Control.
- Application launch control functionality (implemented in the Applications Launch Control task). The application allows or denies the executable files launch, scripts launch, MSI packages launch, driver loading, and DLL modules loading via specified applications launch control rules, KSN conclusions, or according to the Default Deny principle.
- You can create the applications launch control rules both manually and automatically for a computer (by settings the events of a local Applications Launch Control task) and for a group of computers (via Kaspersky Security Center denied launches report).
- Control of external devices connected via USB (implemented in the Device Control task). Kaspersky Embedded Systems Security allows or restricts usage of storage devices connected to a protected computer via USB. External devices control is based on the allowing of rules and the Default Deny principle.
- Rules for the Device Control task are generated automatically based on system data about registered storage devices, or by the Rule Generator for Device Control task.
- Windows Firewall Management (implemented in the Firewall Management task). The application provides a reliable and ergonomic solution for network connection protection via priority interception of the OS firewall settings management.
- Protected system integrity inspection (implemented in the File Integrity Monitor task and the Log Inspection task). Kaspersky Embedded Systems Security checks the integrity of the protected environment based on information about file operations that have been detected in the critical areas, as well as the results of the Windows Event Log analysis.
- Kaspersky Embedded Systems Security alerts the administrator if it detects any patterns of abnormal activity within a protected system that might be evidence of a possible abuse attempt.
- Memory protection against vulnerability exploitations (implemented in the Exploit Prevention component). Kaspersky Embedded Systems Security controls the integrity of protected processes and takes the actions specified to reduce the potential risks and side-effects of vulnerability exploitations.
The Real-Time File Protection and the On-Demand Scan tasks require extra RAM and hard drive resources for the anti-virus databases maintenance. In order for the application to work properly on systems with limited memory resources, you can choose not to install the Real-time file protection, On-demand anti-virus scan components, and antivirus databases.
In this case a computer protection may be performed via the Applications Launch Control and the KSN Usage tasks: the Applications Launch Control component performs anti-malware protection by using default deny principle; the cloud infrastructure of KSN services provides the signature analysis analogue.
A new Kaspersky Embedded Systems Security version keeps all the functional capabilities of the Kaspersky Embedded Systems Security 2.0, as well as includes critical fixes and mitigates vulnerabilities found in the previous application versions.
Kaspersky Embedded Systems Security 2.1 version includes the following public and private critical fixes:
- Improved algorithm for calculating data of the launched DLL:
- The procedure of the digital signature verification for running files has been changed.
- From now on, the application does not calculate all metadata and checksums for the launched modules, if those data are not required as a rule triggering criteria or not required for registering task event to the application log (for example, if this event type registering is disabled or the file launch is processed by cache, so only the full file path is required). The improvement dramatically decreases boot time of the operating system and allows DLL monitoring to work faster on weak computers.
- Error processing the launch of files with a digital .cat signature by the Application Launch Control component on PCs running under Windows 10 and later has been fixed. Kaspersky Embedded Systems Security applies the allowing and denying certificate rules correctly for files with a .cat signature once the fix has been applied.
- USB Monitoring:
- The stability of the Removable Drives Scan component for the Microsoft Windows XP SP2 OS has been enhanced.
- The format of events registered by Kaspersky Security Center when an external device is connected to a protected computer via USB has been fixed. Once the fix has been applied, the application includes complete data about the connected device in the event it dispatches to the Administration Server.
- Causes of the excess consumption of CPU resources by Network Agent when installing the application in the no-av-bases configuration have been fixed.
- Procedure of processing the corrupted log files on the Kaspersky Security Service (KAVFS) startup has been improved: from now on, the corrupted log files do not cause KAVFS startup errors.
- The algorithm that estimates available RAM space before the anti-virus base updates deploying has been improved: from now on, the application correctly decides if there is enough RAM for the verificational anti-virus bases launch.
- The procedure of detecting and validating Filter Manager component in the deploy environment (for the Microsoft Windows XP SP2 OS) has been improved.
Kaspersky Embedded Systems Security 2.1 version mitigates some vulnerabilities, as well as driver vulnerability. The driver vulnerability, when exploited, allowed execute permissions to be raised to the maximum level for files launched under user accounts that did not have these permissions. Detailed information about the mitigation: https://support.kaspersky.com/13893.
Kaspersky Embedded Systems Security 2.1 version is compliant with General Data Protection Regulation (GDPR). Terms, responsibilities, and the order of delivering and processing of data are defined and in the End User License Agreement and the KSN Statement as well as all documents to which the End User License Agreement and the KSN Statement refer.
Limitations and known issues
The list of known issues and limitations hasn’t changed compared with version Kaspersky Embedded Systems Security 2.0, except of the above listed fixes.