Kaspersky Endpoint Security 12.1 for Windows
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- Kaspersky Endpoint Security for Windows Help
- Kaspersky Endpoint Security for Windows
- Installing and removing the application
- Deployment through Kaspersky Security Center
- Installing the application locally using the Wizard
- Remotely installing the application using System Center Configuration Manager
- Description of setup.ini file installation settings
- Change application components
- Upgrading from a previous version of the application
- Remove the application
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About subscription
- About license key
- About activation code
- About the key file
- Comparison of application functionality depending on license type for workstations
- Comparison of application functionality depending on license type for servers
- Activating the application
- Viewing license information
- Purchasing a license
- Renewing subscription
- Data provision
- Getting started
- About the Kaspersky Endpoint Security for Windows Management Plug-in
- Special considerations when working with different versions of management plug-ins
- Special considerations when using encrypted protocols for interacting with external services
- Application interface
- Getting started
- Managing policies
- Task management
- Configuring local application settings
- Starting and stopping Kaspersky Endpoint Security
- Pausing and resuming computer protection and control
- Creating and using a configuration file
- Restoring the default application settings
- Malware Scan
- Updating databases and application software modules
- Database and application module update scenarios
- Starting and stopping an update task
- Starting an update task under the rights of a different user account
- Selecting the update task run mode
- Adding an update source
- Configuring updates from a shared folder
- Updating application modules
- Using a proxy server for updates
- Last update rollback
- Working with active threats
- Computer protection
- File Threat Protection
- Enabling and disabling File Threat Protection
- Automatic pausing of File Threat Protection
- Changing the action taken on infected files by the File Threat Protection component
- Forming the protection scope of the File Threat Protection component
- Using scan methods
- Using scan technologies in the operation of the File Threat Protection component
- Optimizing file scanning
- Scanning compound files
- Changing the scan mode
- Web Threat Protection
- Mail Threat Protection
- Enabling and disabling Mail Threat Protection
- Changing the action to take on infected email messages
- Forming the protection scope of the Mail Threat Protection component
- Scanning compound files attached to email messages
- Email messages attachment filtering
- Exporting and importing extensions for attachment filtering
- Scanning emails in Microsoft Office Outlook
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Enabling and disabling Behavior Detection
- Selecting the action to take on detecting malware activity
- Protection of shared folders against external encryption
- Enabling and disabling protection of shared folders against external encryption
- Selecting the action to take on detection of external encryption of shared folders
- Creating an exclusion for protection of shared folders against external encryption
- Configuring addresses of exclusions from protection of shared folders against external encryption
- Exporting and importing a list of exclusions from protection of shared folders against external encryption
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Encrypted connections scan
- Wipe Data
- File Threat Protection
- Computer control
- Web Control
- Device Control
- Enabling and disabling Device Control
- About access rules
- Editing a device access rule
- Editing a connection bus access rule
- Managing access to mobile devices
- Control of printing
- Control of Wi-Fi connections
- Monitoring usage of removable drives
- Changing the caching duration
- Actions with trusted devices
- Obtaining access to a blocked device
- Editing templates of Device Control messages
- Anti-Bridging
- Adaptive Anomaly Control
- Enabling and disabling Adaptive Anomaly Control
- Enabling and disabling an Adaptive Anomaly Control rule
- Modifying the action taken when an Adaptive Anomaly Control rule is triggered
- Creating an exclusion for an Adaptive Anomaly Control rule
- Exporting and importing exclusions for Adaptive Anomaly Control rules
- Applying updates for Adaptive Anomaly Control rules
- Editing Adaptive Anomaly Control message templates
- Viewing Adaptive Anomaly Control reports
- Application Control
- Application Control functionality limitations
- Receiving information about the applications that are installed on users' computers
- Enabling and disabling Application Control
- Selecting the Application Control mode
- Managing Application Control rules
- Adding a trigger condition for the Application Control rule
- Adding executable files from the Executable files folder to the application category
- Adding event-related executable files to the application category
- Adding an Application Control rule
- Changing the status of an Application Control rule via Kaspersky Security Center
- Exporting and importing Application Control rules
- Viewing events resulting from operation of the Application Control component
- Viewing a report on blocked applications
- Testing Application Control rules
- Application activity monitor
- Rules for creating name masks for files or folders
- Editing Application Control message templates
- Best practices for implementing a list of allowed applications
- Network ports monitoring
- Log Inspection
- File Integrity Monitor
- Password protection
- Trusted zone
- Managing Backup
- Notification service
- Managing reports
- Kaspersky Endpoint Security Self-Defense
- Kaspersky Endpoint Security performance and compatibility with other applications
- Data Encryption
- Encryption functionality limitations
- Changing the length of the encryption key (AES56 / AES256)
- Kaspersky Disk Encryption
- Special features of SSD drive encryption
- Starting Kaspersky Disk Encryption
- Creating a list of hard drives excluded from encryption
- Exporting and importing a list of hard drives excluded from encryption
- Enabling Single Sign-On (SSO) technology
- Managing Authentication Agent accounts
- Using a token and smart card with Authentication Agent
- Hard drive decryption
- Restoring access to a drive protected by Kaspersky Disk Encryption technology
- Signing in with the Authentication Agent service account
- Updating the operating system
- Eliminating errors of encryption functionality update
- Selecting the Authentication Agent tracing level
- Editing Authentication Agent help texts
- Removing leftover objects and data after testing the operation of Authentication Agent
- BitLocker Management
- File Level Encryption on local computer drives
- Encrypting files on local computer drives
- Forming encrypted file access rules for applications
- Encrypting files that are created or modified by specific applications
- Generating a decryption rule
- Decrypting files on local computer drives
- Creating encrypted packages
- Restoring access to encrypted files
- Restoring access to encrypted data after operating system failure
- Editing templates of encrypted file access messages
- Encryption of removable drives
- Viewing data encryption details
- Working with encrypted devices when there is no access to them
- Detection and Response solutions
- KSWS to KES Migration Guide
- Correspondence of KSWS and KES components
- Correspondence of KSWS and KES settings
- Migrating KSWS components
- Migrating KSWS tasks and policies
- Installing KES instead of KSWS
- Migrating the [KSWS+KEA] configuration to [KES+built-in agent] configuration
- Making sure Kaspersky Security for Windows Server was successfully removed
- Activating KES with a KSWS key
- Special considerations for migrating high-load servers
- Example of migration from [KSWS+KEA] to KES
- Managing the application on a Core Mode server
- Managing the application from the command line
- Installing the application
- Activating the application
- Remove the application
- AVP commands
- SCAN. Malware Scan
- UPDATE. Updating databases and application software modules
- ROLLBACK. Last update rollback
- TRACES. Tracing
- START. Start the profile
- STOP. Stopping a profile
- STATUS. Profile status
- STATISTICS. Profile operation statistics
- RESTORE. Restoring files from Backup
- EXPORT. Exporting application settings
- IMPORT. Importing application settings
- ADDKEY. Applying a key file
- LICENSE. Licensing
- RENEW. Purchasing a license
- PBATESTRESET. Reset the disk check results before encrypting the disk
- EXIT. Exit the application
- EXITPOLICY. Disabling policy
- STARTPOLICY. Enabling policy
- DISABLE. Disabling protection
- SPYWARE. Spyware detection
- KSN. Switching between KSN / KPSN
- KESCLI commands
- Scan. Malware Scan
- GetScanState. Scan completion status
- GetLastScanTime. Determining the scan completion time
- GetThreats. Obtaining data on detected threats
- UpdateDefinitions. Updating databases and application software modules
- GetDefinitionState. Determining the update completion time
- EnableRTP. Enabling protection
- GetRealTimeProtectionState. File Threat Protection status
- Version. Identifying the application version
- Detection and Response management commands
- Error codes
- Appendix. Application profiles
- Managing the application through the REST API
- Sources of information about the application
- Contacting Technical Support
- Limitations and warnings
- Glossary
- Active key
- Additional key
- Administration group
- Anti-virus databases
- Archive
- Authentication Agent
- Certificate issuer
- Database of malicious web addresses
- Database of phishing web addresses
- Disinfection
- False alarm
- Infectable file
- Infected file
- IOC
- IOC file
- License certificate
- Mask
- Network Agent
- Normalized form of the address of a web resource
- OLE object
- OpenIOC
- Portable File Manager
- Protection scope
- Scan scope
- Task
- Trusted Platform Module
- Appendices
- Appendix 1. Application settings
- File Threat Protection
- Web Threat Protection
- Mail Threat Protection
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- AMSI Protection
- Exploit Prevention
- Behavior Detection
- Host Intrusion Prevention
- Remediation Engine
- Kaspersky Security Network
- Log Inspection
- Web Control
- Device Control
- Application Control
- Adaptive Anomaly Control
- File Integrity Monitor
- Endpoint Sensor
- Kaspersky Sandbox
- Endpoint Detection and Response
- Endpoint Detection and Response (KATA)
- Full Disk Encryption
- File Level Encryption
- Encryption of removable drives
- Templates (data encryption)
- Exclusions
- Application settings
- Reports and storage
- Network settings
- Interface
- Manage Settings
- Updating databases and application software modules
- Appendix 2. Application trust groups
- Appendix 3. File extensions for quick removable drives scan
- Appendix 4. File Types for the Mail Threat Protection attachment filter
- Appendix 5. Network settings for interaction with external services
- Appendix 6. Application events
- Appendix 7. Supported file extensions for Execution prevention
- Appendix 8. Supported script interpreters for Execution prevention
- Appendix 9. IOC scan scope in the registry (RegistryItem)
- Appendix 10. IOC file requirements
- Appendix 1. Application settings
- Information about third-party code
- Trademark notices
What's new
Update 12.1
Kaspersky Endpoint Security 12.1 for Windows offers the following features and improvements:
- A built-in agent for the Kaspersky Anti Targeted Attack Platform solution has been added. You no longer need Kaspersky Endpoint Agent in order to use EDR (KATA). All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security. To migrate Kaspersky Endpoint Agent policies, use the Migration Wizard. After updating the application, Kaspersky Endpoint Security switches to using the built-in agent and removes Kaspersky Endpoint Agent. Kaspersky Endpoint Agent has been added to the list of incompatible software. Kaspersky Endpoint Security has built-in agents for all Detection and Response solutions, therefore installing Kaspersky Endpoint Agent to integrate with those solutions is no longer necessary.
- Azure WVD compatibility mode is now supported. This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines.
- Now you can configure user access to mobile devices in iTunes or similar applications. That is, you can, for example, allow the mobile device to be used only in iTunes and block using the mobile device as a removable drive. The application also supports these rules for the Android Debug Bridge (ADB) application.
- Kaspersky Security Center version 11 is no longer supported. Upgrade Kaspersky Security Center to the latest version.
Update 12.0
Kaspersky Endpoint Security 12.0 for Windows offers the following features and improvements:
- The operation of Kaspersky Endpoint Security on servers has been improved. Now you can migrate from Kaspersky Security for Windows Server to Kaspersky Endpoint Security for Windows and use a single solution to protect workstations and servers. To migrate the application settings, run the Policies and tasks batch conversion wizard. The KSWS license key can be used to activate KES. After migrating to KES, you do not even need to restart the server. For more information about migrating to KES, see Migration Guide.
- The licensing of the application as part of a paid virtual machine image in Amazon Machine Image (AMI) has been improved. There is no need to activate the application separately. In this case, Kaspersky Security Center uses the license key for the cloud environment that is already added to the application.
- Device Control is improved:
- For portable devices (MTP), you can configure access rules (read/write), select users or a user group that have access to devices, or configure a device access schedule. Now you can create access rules for portable devices in the same way as for removable drives.
- Now you can configure user access to mobile devices in Android Debug Bridge (ADB) or similar applications. That is, you can, for example, allow the mobile device to be used only in ADB and block using the mobile device as a removable drive.
- Now you can recharge a mobile device by connecting it to the computer's USB port even if access to the mobile device is blocked.
- For printers, you can now configure printing permissions for users. Kaspersky Endpoint Security supports control over access to local and network printers. Now you can allow or block printing on local or network printers for individual users.
- WPA3 protocol support has been added to control connections to Wi-Fi networks. Now you can select to use WPA3 protocol in the trusted Wi-Fi network settings and deny connection to the network using a less secure protocol.
Update 11.11.0
Kaspersky Endpoint Security 11.11.0 for Windows offers the following features and improvements:
- Log Inspection component for servers has been added. Log Inspection monitors the integrity of the protected environment based on the results of Windows event log analysis. When the application detects signs of atypical behavior in the system, it informs the administrator, as this behavior may indicate an attempted cyber attack.
- File Integrity Monitor component for servers has been added. File Integrity Monitor detects changes to objects (files and folders) in a given monitoring area. These changes may indicate a computer security breach. When object changes are detected, the application informs the administrator.
- The alert details interface for Kaspersky Endpoint Detection and Response Optimum (EDR Optimum) has been improved. The elements of the threat development chain have been aligned, the links between the processes in the chain no longer overlap. This makes it easier to analyze the evolution of the threat.
- Application performance has been improved. For this purpose, network traffic processing by the Network Threat Protection component has been optimized.
- The option to upgrade Kaspersky Endpoint Security without a restart has been added. This lets you ensure uninterrupted operation of servers when upgrading the application. You can upgrade the application without a restart starting with version 11.10.0. You can also install patches without a restart starting with version 11.11.0.
- The Virus Scan task has been renamed in the Kaspersky Security Center Console. This task is now called Malware Scan.
Kaspersky Endpoint Security 11.10.0 for Windows offers the following features and improvements:
- Support of third-party credential providers for Single Sign-On with Kaspersky Full Disk Encryption is added. Kaspersky Endpoint Security monitors the user’s password for ADSelfService Plus and updates the data for Authentication Agent if the user, for example, changes his password.
- The option to enable display of threats detected by Cloud Sandbox technology has been added. This technology is available to users of Endpoint Detection and Response solutions (EDR Optimum or EDR Expert). Cloud Sandbox is a technology that lets you detect advanced threats on a computer. Kaspersky Endpoint Security automatically forwards detected files to Cloud Sandbox for analysis. Cloud Sandbox runs these files in an isolated environment to identify malicious activity and decides on their reputation.
- Additional information about files has been added to alert details for EDR Optimum users. Alert details now include information about the trust group, digital signature and distribution of the file, and other information. You will also be able to jump to the detailed file description on the Kaspersky Threat Intelligence Portal (KL TIP) directly from alert details.
- Application performance has been improved. To do this, we optimized the operation of the background scan and added the ability to queue scan tasks if scan is already running.
Kaspersky Endpoint Security 11.9.0 for Windows offers the following features and improvements:
- Now you can create an Authentication Agent service account when using Kaspersky disk encryption. The service account is necessary to gain access to the computer, for example, when the user forgets the password. You can also use the service account as a reserve account.
- Kaspersky Endpoint Agent distribution package is no longer part of the application distribution kit. To support Detection and Response solutions, you can use the Kaspersky Endpoint Security built-in agent. If necessary, you can download the Kaspersky Endpoint Agent distribution package from the Kaspersky Anti Targeted Attack Platform distribution kit.
- The alert details interface for Kaspersky Endpoint Detection and Response Optimum (EDR Optimum) is improved. Threat Response features now have tooltips. A step-by-step instruction for ensuring the security of corporate infrastructure is also displayed when indicators of compromise are detected.
- Now you can activate Kaspersky Endpoint Security for Windows with a Kaspersky Hybrid Cloud Security license key.
- New events added about establishing a connection with domains that have untrusted certificates and encrypted connections scan errors.
Kaspersky Endpoint Security 11.8.0 for Windows offers the following features and improvements:
- Added the built-in agent to support the operation of the Kaspersky Endpoint Detection and Response Expert solution. Kaspersky Endpoint Detection and Response Expert is a solution for protecting the corporate IT infrastructure from advanced cyber threats. The functionality of the solution combines automatic detection of threats with the ability to react to these threats to counteract advanced attacks including new exploits, ransomware, fileless attacks, as well as methods using legitimate system tools. EDR Expert offers more threat monitoring and response functionality than EDR Optimum. For more information about the solution, refer to the Kaspersky Endpoint Detection and Response Expert Help.
- Network Monitor interface is now improved. The Network Monitor now shows the UDP protocol in addition to TCP.
- The Virus Scan task was improved. If you have rebooted the computer during the scan, Kaspersky Endpoint Security automatically runs the task, continuing from the point where the scan was interrupted.
- Now you can set a limit for task execution time. You can limit the execution time for Virus Scan and IOC Scan tasks. After the specified amount of time, Kaspersky Endpoint Security stops the task. To reduce the Virus Scan task execution time, you can, for example, configure the scan scope or optimize the scan.
- Limitations of server platforms are lifted for the application installed on Windows 10 Enterprise multi-session. Kaspersky Endpoint Security now considers Windows 10 Enterprise multi-session a workstation operating system, not a server operating system. Correspondingly, server platform limitations no longer apply to the application on Windows 10 Enterprise multi-session. The application also uses a workstation license key for activation instead of a server license key.
Kaspersky Endpoint Security for Windows 11.7.0 offers the following new features and improvements:
- The interface of Kaspersky Endpoint Security for Windows is updated.
- Support of Windows 11, Windows 10 21H2 and Windows Server 2022.
- Added new components:
- A built-in agent for integration with Kaspersky Sandbox was added. The Kaspersky Sandbox solution detects and automatically blocks advanced threats on computers. Kaspersky Sandbox analyzes object behavior to detect malicious activity and activity characteristic of targeted attacks on the IT infrastructure of the organization. Kaspersky Sandbox analyzes and scans objects on special servers with deployed virtual images of Microsoft Windows operating systems (Kaspersky Sandbox servers). For details about the solution, refer to the Kaspersky Sandbox Help.
You no longer need Kaspersky Endpoint Agent in order to use Kaspersky Sandbox. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security. To migrate Kaspersky Endpoint Agent policies, use the Migration Wizard. You need Kaspersky Security Center 13.2 for all of the functions of Kaspersky Sandbox to work. For details about the migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, please refer to the application help.
- Added the built-in agent to support the operation of the Kaspersky Endpoint Detection and Response Optimum solution. Kaspersky Endpoint Detection and Response Optimum is a solution for protecting the organization's IT infrastructure from advanced cyber threats. The functionality of the solution combines automatic detection of threats with the ability to react to these threats to counteract advanced attacks including new exploits, ransomware, fileless attacks, as well as methods using legitimate system tools. For more information about the solution, refer to the Kaspersky Endpoint Detection and Response Optimum Help.
You no longer need Kaspersky Endpoint Agent in order to use Kaspersky Endpoint Detection and Response. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security. To migrate Kaspersky Endpoint Agent policies and tasks, use the Migration Wizard. To use all the functions, Kaspersky Endpoint Detection and Response Optimum require Kaspersky Security Center 13.2. For details about the migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, please refer to the application help.
- A built-in agent for integration with Kaspersky Sandbox was added. The Kaspersky Sandbox solution detects and automatically blocks advanced threats on computers. Kaspersky Sandbox analyzes object behavior to detect malicious activity and activity characteristic of targeted attacks on the IT infrastructure of the organization. Kaspersky Sandbox analyzes and scans objects on special servers with deployed virtual images of Microsoft Windows operating systems (Kaspersky Sandbox servers). For details about the solution, refer to the Kaspersky Sandbox Help.
- The Migration Wizard for Kaspersky Endpoint Agent policies and tasks was added. The Migration Wizard creates new merged policies and tasks for Kaspersky Endpoint Security for Windows. The wizard allows switching Detection and Response solutions from Kaspersky Endpoint Agent to Kaspersky Endpoint Security. Detection and Response solutions include Kaspersky Sandbox, Kaspersky Endpoint Detection and Response Optimum (EDR Optimum), and Kaspersky Managed Detection and Response (MDR).
- Kaspersky Endpoint Agent, which is included in the distribution kit, is updated to version 3.11.
When upgrading Kaspersky Endpoint Security, the application detects the version and designated purpose of Kaspersky Endpoint Agent. If Kaspersky Endpoint Agent is designated for the operation of Kaspersky Sandbox, Kaspersky Managed Detection and Response (MDR) and Kaspersky Endpoint Detection and Response Optimum (EDR Optimum), Kaspersky Endpoint Security switches the operation of these solutions to the application’s built-in agent. For Kaspersky Sandbox and EDR Optimum, the application automatically uninstalls Kaspersky Endpoint Agent. For MDR, you can uninstall Kaspersky Endpoint Agent manually. If the application is designated for the operation of Kaspersky Endpoint Detection and Response Expert (EDR Expert), Kaspersky Endpoint Security upgrades the version of Kaspersky Endpoint Agent. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.
- BitLocker encryption functionality improved:
- Enhanced PIN can now be used with BitLocker Drive Encryption. Enhanced PIN allows using other characters in addition to numerical characters: uppercase and lowercase Latin letters, special characters, and spaces.
- A feature to disable BitLocker authentication for upgrading the operating system or installing update packages was added. Installing updates may require restarting the computer multiple times. To install updates correctly, you can temporarily turn off BitLocker authentication and re-enable the authentication after installing updates.
- Now you can set an expiration time for BitLocker encryption password or PIN. When the password or PIN expires, Kaspersky Endpoint Security prompts the user for a new password.
- Now you can configure the maximum number of keyboard authorization attempts for BadUSB Attack Prevention. When the configured number of failed attempts to enter the authorization code is reached, the USB device is temporarily locked.
- Firewall functionality is improved:
- Now you can configure a range of IP addresses for Firewall packet rules. You can enter a range of addresses in IPv4 or IPv6 format. For example,
192.168.1.1-192.168.1.100
or12:34::2-12:34::99
. - Now you can enter DNS names for Firewall packet rules instead of IP addresses. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component.
- Now you can configure a range of IP addresses for Firewall packet rules. You can enter a range of addresses in IPv4 or IPv6 format. For example,
- Web Control rule search improved. To search a web resource access rule, in addition to the name of the rule, you can use the URL of the website, a username, a content category, or a data type.
- The Virus Scan task was improved:
- The Virus Scan task in idle mode was improved. If you have rebooted the computer during the scan, Kaspersky Endpoint Security automatically runs the task, continuing from the point where the scan was interrupted.
- The Virus Scan task was optimized. By default, Kaspersky Endpoint Security runs the scan only when the computer is idle. You can configure when the computer scan is run in task properties.
- Now you can restrict user access to data provided by the Application Activity Monitor. Application Activity Monitor is a tool designed for viewing information about the activity of applications on a user's computer in real time. The administrator can hide the Application Activity Monitor from the user in application policy properties.
- Improved the security of managing the application through the REST API. Now Kaspersky Endpoint Security validates the signature of requests sent via the REST API. To manage the program, you need to install a request identification certificate.
Kaspersky Endpoint Security 11.4.0 for Windows offers the following features and improvements:
- New design of the application icon in the taskbar notification area. The new
is now displayed instead of the old
icon. If the user is required to perform an action (for example, restart the computer after updating the application), the icon will change to
. If the protection components of the application are disabled or have malfunctioned, the icon will change to
or
. If you hover over the icon, Kaspersky Endpoint Security will display a description of the problem in computer protection.
- Kaspersky Endpoint Agent, which is included in the distribution kit, has been updated to version 3.9. Kaspersky Endpoint Agent 3.9 supports integration with new Kaspersky solutions. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.
- Added the Not supported by license status for Kaspersky Endpoint Security components. You can view the status of components in the component list in the main application window.
- New events from Exploit Prevention have been added to reports.
- Drivers for Kaspersky Disk Encryption technology are now automatically added to the Windows Recovery Environment (WinRE) when drive encryption is started. The previous version of Kaspersky Endpoint Security added drivers when installing the application. Adding drivers to WinRE can improve the stability of the application when restoring the operating system on computers protected by Kaspersky Disk Encryption technology.
The Endpoint Sensor component has been removed from Kaspersky Endpoint Security. You can still configure Endpoint Sensor settings in a policy provided that Kaspersky Endpoint Security version 11.0.0 to 11.3.0 is installed on the computer.
Kaspersky Endpoint Security 11.5.0 for Windows offers the following features and improvements:
- Support for Windows 10 20H2. For details about support for the Microsoft Windows 10 operating system, please refer to the Technical Support Knowledge Base.
- Updated application interface. Also updated the application icon in the notification area, application notifications, and dialog boxes.
- Improved interface of the Kaspersky Endpoint Security web plug-in for the Application Control, Device Control, and Adaptive Anomaly Control components.
- Added functionality for importing and exporting lists of rules and exclusions in XML format. The XML format allows you to edit lists after they are exported. You can manage lists only in the Kaspersky Security Center Console. The following lists are available for export/import:
- Behavior Detection (list of exclusions).
- Web Threat Protection (list of trusted web addresses).
- Mail Threat Protection (list of attachment filter extensions).
- Network Threat Protection (list of exclusions).
- Firewall (list of network packet rules).
- Application Control (list of rules).
- Web Control (list of rules).
- Network port monitoring (lists of ports and applications monitored by Kaspersky Endpoint Security).
- Kaspersky Disk Encryption (list of exclusions).
- Encryption of removable drives (list of rules).
- Object MD5 information was added to the threat detection report. In previous versions of the application, Kaspersky Endpoint Security showed only the SHA256 of an object.
- Added capability to assign the priority for device access rules in Device Control settings. Priority assignment enables more flexible configuration of user access to devices. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 0 for the administrators group and assign a priority of 1 for the Everyone group. You can configure the priority only for devices that have a file system. This includes hard drives, removable drives, floppy disks, CD/DVD drives, and portable devices (MTP).
- Added new functionality:
- Manage audio notifications.
- Cost-Aware Networking Kaspersky Endpoint Security limits its own network traffic if the Internet connection is limited (for example, through a mobile connection).
- Manage Kaspersky Endpoint Security settings via trusted remote administration applications (such as TeamViewer, LogMeIn Pro and Remotely Anywhere). You can use remote administration applications to start Kaspersky Endpoint Security and manage settings in the application interface.
- Manage the settings for scanning secure traffic in Firefox and Thunderbird. You can select the certificate storage that will be used by Mozilla: the Windows certificate storage or the Mozilla certificate storage. This functionality is available only for computers that do not have an applied policy. If a policy is being applied to a computer, Kaspersky Endpoint Security automatically enables use of the Windows certificate storage in Firefox and Thunderbird.
- Added capability to configure the secure traffic scan mode: always scan traffic even if protection components are disabled, or scan traffic when requested by protection components.
- Revised procedure for deleting information from reports. A user can only delete all reports. In previous versions of the application, a user could select specific application components whose information would be deleted from reports.
- Revised procedure for importing a configuration file containing Kaspersky Endpoint Security settings, and revised procedure for restoring application settings. Prior to importing or restoring, Kaspersky Endpoint Security shows only a warning. In previous versions of the application, you could view the values of the new settings before they were applied.
- Simplified procedure for restoring access to a drive that was encrypted by BitLocker. After completing the access recovery procedure, Kaspersky Endpoint Security prompts the user to set a new password or PIN code. After setting a new password, BitLocker will encrypt the drive. In the previous version of the application, the user had to manually reset the password in the BitLocker settings.
- Users now have the capability to create their own local trusted zone for a specific computer. This way, users can create their own local lists of exclusions and trusted applications in addition to the general trusted zone in a policy. An administrator can allow or block the use of local exclusions or local trusted applications. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
- Added capability to enter comments in the properties of trusted applications. Comments help simplify searches and sorting of trusted applications.
- Managing the application through the REST API:
- There is now the capability to configure the settings of the Mail Threat Protection extension for Outlook.
- It is prohibited to disable detection of viruses, worms, and Trojans.
Kaspersky Endpoint Security 11.6.0 for Windows offers the following features and improvements:
- Support for Windows 10 21H1. For details about support for the Microsoft Windows 10 operating system, please refer to the Technical Support Knowledge Base.
- The Managed Detection and Response component was added. This component facilitates interaction with the solution known as Kaspersky Managed Detection and Response. Kaspersky Managed Detection and Response (MDR) provides round-the-clock protection from a growing number of threats capable of bypassing automated protection mechanisms for organizations that have a difficult time finding highly qualified experts or have limited internal resources. For detailed information about how the solution works, please refer to the Kaspersky Managed Detection and Response Help.
- Kaspersky Endpoint Agent, which is included in the distribution kit, has been updated to version 3.10. Kaspersky Endpoint Agent 3.10 provides new features, resolves some previous issues, and has improved stability. For more details about the application, please refer to the documentation of Kaspersky solutions that support Kaspersky Endpoint Agent.
- It now provides the capability to manage protection against attacks such as Network Flooding and Port Scanning in Network Threat Protection settings.
- Added new method of creating network rules for Firewall. You can add packet rules and application rules for connections that are displayed in the Network Monitor window. However, network rule connection settings will be configured automatically.
- Network Monitor interface is now improved. Added the information about network activity: process ID, that initiate network activity; network type (local network or the Internet); local ports. By default, the information about network type is hidden.
- There is now the capability to automatically create Authentication Agent accounts for new Windows users. The Agent allows a user to complete authentication for access to drives that were encrypted using Kaspersky Disk Encryption technology, and to load the operating system. The application checks information about Windows user accounts on the computer. If Kaspersky Endpoint Security detects a Windows user account that has no Authentication Agent account, the application will create a new account for accessing encrypted drives. This means that you do not need to manually add Authentication Agent accounts for computers with already encrypted drives.
- There is now the capability to monitor the disk encryption process in the application interface on users' computers (Kaspersky Disk Encryption and BitLocker). You can run the Encryption Monitor tool from the main application window.