Kaspersky Embedded Systems Security 2.3: commercial release
Latest update: May 27, 2019
ID: 15139
Kaspersky Embedded Systems Security 2.3 was released on May 27, 2019. Full version number is 2.3.0.754.
Kaspersky Embedded Systems Security protects a variety of embedded systems under Microsoft Windows OS, including ATM (automated teller machines) and POS (points of sale), against viruses and other computer threats.
Kaspersky Embedded Systems Security protects devices with limited RAM (256 MB or more) and limited hard disk space (100 MB or more).
What’s new
- Drivers of the application are optimized to support Windows 10 RS6 operating system updates.
- The entered activation code is now partially hidden in the interface of the local MMC console and the application management plug-in to provide protection of your private data.
- The application performance during interception of a file operation executed by a trusted process has been optimized. Now, such file operations are processed faster.
- Fixes made within the critical updates for earlier versions of the application have been integrated:
- An option of configuring the application settings for optimization of the large data arrays exchange with Kaspersky Security Center on narrow channels has been added. For details, see this article.
- Errors that occurred when integrating with Kaspersky Security Center have been fixed.
- Errors that occurred during remote installation via Kaspersky Security Center have been fixed.
Known limitations
On-demand scan, real-time file protection and memory protection
- Upon connection, anti-virus scanning of MTP devices is unavailable.
- Scanning of archive objects is not available without scanning SFX archives. When archive scanning mode in the Kaspersky Security for Windows Server security settings, the application automatically scans both objects in archives as well as objects in SFX archives. SFX archives scan without all archives scan is available.
- Exploit prevention functionality is not available if the apphelp.dll library is absent in the current environment configuration.
- The Exploit Protection component is incompatible with the EMET application (Microsoft solution) if used on computers running Windows 10.
- Simultaneous usage of DEP mitigation technique with switched-off system DEP may lead to operation errors of the protected processes and the operating system as a whole.
Computer control and diagnostics
- The Device Control task scope includes MTP-connected storage devices if a protected computer works under OS Microsoft Windows 7 or higher. Kaspersky Embedded Systems Security controls MTP-connected storage devices on a protected computer running Microsoft Windows XP, if the driver sets the GUID class for external devices to the same value as the standard Windows driver GUID value.
- IP-address exclusions for the Log Inspection heuristic analyzer are not available on computers running a Windows XP operating system. The restriction is not valid for computers running Windows Vista or higher, or one of the Windows Server operating system family.
- The Log Inspection task does not detect Windows Event Log event ID602 on computers running Windows XP.
- The Log Inspection task detects entire Windows Event Log clearing only on computers running Windows Vista or higher.
- The Log Inspection task detects potential Kerberos (MS14-068) attack patterns only on computers running Windows Server 2008 and higher in the role of a domain controller with installed updates.
Firewall management
- When the Firewall rule scope consists of one IP-address only, the IPv6 format support is unavailable.
- On the Firewall Management task launch the following rules types are automatically erased from the Windows Firewall rules list:
- deny rules
- outbound rules
- The application is unable to receive Windows Firewall events for the Firewall Management task log if installed on a computer running Microsoft Windows XP. To record task statistics it is necessary to turn on the processes tracking function in the security settings of the Microsoft Windows local policy.
- Predefined rules for the Firewall Management policy ensure basic interaction between local computers and the Administration Server. To use the full functionality of Kaspersky Security Center, you must manually set rules to allow ports. For more information about port numbers, protocols, and their functions, see this article.
- When requests are made by the Firewall Management task at minute intervals, the application does not control changes to Windows Firewall rules and groups of rules that were added when installing the Firewall Management component. To update the status and presence of such rules, you must restart the Firewall Management task.
- For the proper functioning of the Firewall Management component on computers running a Microsoft Vista operating system or higher, you need to start the Windows Firewall Service (launched by default).
Installation and migration to the new version
- During installation of the application, a warning occurs about the path being too long if the full path to the installation folder for Kaspersky Security for Windows Server contains more than 150 characters. The warning does not affect the installation process.
- Installing the SNMP Protocol Support component requires restarting the SNMP service if this service is running.
- Windows Installer 3.1 is required for Kaspersky Embedded Systems Security to install and work properly on a computer running OS Microsoft Windows XP SP2. By default, the component is not included in the OS Microsoft Windows XP SP2 distribution kit. You can download and install Windows Installer 3.1 component manually.
- The Filter Manager component is required for Kaspersky Embedded Systems Security to install and work properly on a computer running embedded operating systems.
- Installation of Kaspersky Embedded Systems Security Administration Tools using Microsoft Active Directory group policies is not supported.
- When installing the application on computers running operating systems that are no longer supported and are unable to receive regular updates, you must check for the following root certificates:
- DigiCert Assured ID Root CA
- DigiCert_High_Assurance_EV_Root_CA
- DigiCertAssuredIDRootCA
Licensing
The application cannot be activated using a key from the installation wizard in the following cases:
- The key file is located on a disk created using the SUBST command.
- The specified path to the key file is a network path.Specify the path to the key file.
Updates
The Kaspersky Embedded Systems Security icon is hidden by default after the installation of critical updates.
User Interface
- In Kaspersky Embedded Systems Security Console, the filter is case-sensitive for the following nodes: Quarantine, , , .
- The remote connection to the Kaspersky Embedded Systems Security Console is unavailable if the application is installed on a computer that is running Microsoft Windows XP SP2 with default network access configurations and is not connected to a domain. By default, the Guest only mode is applied for an XP SP2 local accounts security model. To activate the option of remote use of Console, manually change the value to Classic in the local policy security settings on a computer with Kaspersky Embedded Systems Security installed.
- When protection and scan scopes are configured using Kaspersky Embedded Systems Security Console, it is possible to use only one mask in each path and only at the end of the path Correct mask examples:
- "C:\Temp\Temp*"
- "C:\Temp\Temp???.doc"
- "C:\Temp\Temp*.doc"
This limitation does not apply to the Trusted Zone component.
Security
To open the Kaspersky Embedded Systems Security Console by double-clicking the application icon in the tray notification area the user account must be included to KESS Administrators group. Otherwise, "About the application" window is opened. This occurs if the User Account Control is activated in the operating system parameters.
Kaspersky Security Center integration.
- Kaspersky Security Center Administration Server checks the application database updates before its distribution on the computer network. The application module updates are not verified by the Administration Server.
- When working with components that transfer dynamic, changing data to Kaspersky Security Center using network lists (such as Quarantine or Backup), make sure that the appropriate check boxes are ticked in the settings for Administration Server interaction.
Other functions
- When using a command line utility, special characters may be displayed if the operating system’s regional settings match the localization of Kaspersky Security for Windows Server.
- When basic authentication is used on a proxy server, authentication errors may occur when the user name or password are set using multi-byte encoding.
- When a file is restored from Quarantine or Backup, the Encrypted value in the file attributes is not restored.
- The mirror server cannot be used if the application connects to syslog-server via the UDP protocol.
- The device type may not be recognized when a USB connection event is generated. In this case only the device’s GUID will be displayed.
- The Device Instance Path values are specified in different formats for the Device Control component and the USB connections monitor functionality.
