Kaspersky Industrial CyberSecurity for Linux Nodes

Select Kaspersky Industrial CyberSecurity for Linux Nodes 1.5.

July 26, 2024

ID 197649

Kaspersky Industrial CyberSecurity for Linux Nodes 1.5 (hereinafter also referred to as the application) provides malware protection for devices running Linux operating systems. Threats can enter the system via network data links or from removable drives.

The following functional components and tasks of the application provide the main functions of device protection and control:

  • File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when Kaspersky Industrial CyberSecurity for Linux Nodes is launched and scans all files that are opened, saved, and started in real time.

    You can also scan protected devices on demand using the following scan tasks:

    • Malware Scan. The application scans for the presence of malware in file system objects located on local disks of the device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols. You can use this task to perform a full or custom scan of the device.
    • Critical Areas Scan. The application scans boot sectors, startup objects, process memory, and kernel memory.
  • Removable Drives Scan. The Removable Drives Scan component allows you to monitor the connection of removable drives to the device in real time and scan a removable drive and its boot sectors for malware. Kaspersky Industrial CyberSecurity for Linux Nodes can scan the following removable drives: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
  • Container Scan. The Container Scan component allows you to scan namespaces and running containers for malware in real time. Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported. You can use the Container Scan task to scan containers and images on demand.
  • Web Threat Protection. The Web Threat Protection component allows you to scan inbound traffic, prevent downloads of malicious files from the Internet, and block phishing, adware, and other malicious websites. Kaspersky Industrial CyberSecurity for Linux Nodes can scan encrypted connections.
  • Network Threat Protection. The Network Threat Protection component allows you to scan inbound network traffic for activity that is typical for network attacks.
  • Firewall Management. The Firewall Management component allows you to monitor the firewall settings of the operating system and filter all network activity in accordance with the network packet rules that you have configured.
  • Anti-Cryptor. The Anti-Cryptor component allows you to scan remote devices' calls to files located in local directories with network access via SMB/NFS protocols and protect files from remote malicious encryption.
  • Device Control. The Device Control component allows you to manage user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. User access to devices is governed by access regimes and access rules that you have configured.
  • Application Control. The Application Control component allows you to manage the launch of applications on user devices. This reduces the risk of device infection by restricting access to applications. Application launching is regulated by the Application Control rules that you have configured.
  • Inventory. The Inventory task provides information about all applications executable files stored on the client devices. This information can be useful, for example, for creating Application Control rules.
  • Web Control. The Web Control component controls user access to web resources. This allows you to reduce traffic consumption and reduce inappropriate use of working time. If a user tries to open a website to which access is restricted by Web Control, Kaspersky Industrial CyberSecurity for Linux Nodes blocks access or displays a warning.
  • Behavior Detection. The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, Kaspersky Industrial CyberSecurity for Linux Nodes can terminate the application process that is performing malicious activity.
  • System Integrity Monitoring allows you to track changes to files and directories of the operating system. The System Integrity Monitoring component monitors the actions performed with objects from the monitoring scope specified in the component settings in real time. You can use the System Integrity Check task to check the integrity of the system on demand. The check is performed by comparing the current states of objects included in the monitoring scope with their initial states, which were previously established as a baseline.

Kaspersky Industrial CyberSecurity for Linux Nodes can detect infected objects and neutralize threats detected in them. For this, the application can use:

  • Application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
  • Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Industrial CyberSecurity for Linux Nodes to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.

Before disinfecting or deleting files, Kaspersky Industrial CyberSecurity for Linux Nodes saves backup copies of the files in the Backup located on the device. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can restore the file from the copy.

While performing scan tasks, Kaspersky Industrial CyberSecurity for Linux Nodes can disinfect and delete files that are protected from modification: files with the 'immutable' and 'append-only' attributes and files in directories with the 'immutable' and 'append-only' attributes. Backup stores copies of these files that were created before disinfection or deletion. You can restore files from backup copies, if necessary. When scan tasks are completed, the 'immutable' and 'append-only' attributes of disinfected files are reset.

Kaspersky Industrial CyberSecurity for Linux Nodes supports integration with other Kaspersky solutions to expand the capabilities of the application:

To keep the application up to date, additional application functions are provided:

You can manage Kaspersky Industrial CyberSecurity for Linux Nodes using the following methods:

The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality will no longer be available in the application in the territory of the USA starting 12:00 AM Eastern Daylight Time (EDT) September 10, 2024 in compliance with trade restrictions.

In this Help section

About the operating modes of the application

Distribution kit

Hardware and software requirements

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.