Scanning of connected MTP-devices is not available.
Archive scanning is unavailable without SFX-archive scanning: if archive scanning is enabled in the protection settings of Kaspersky Industrial CyberSecurity for Nodes, the application automatically scans objects in both archives and SFX-archives. SFX-archive scanning is available without archive scanning.
If Deep analysis of launching processes (process launch is blocked for the duration of analysis) checkbox and KSN Usage are enabled simultaneously, any launched process that receives URL web-address as an argument will be blocked, even if the "Inform" mode was chosen. To avoid blocking the process, please choose one of the options:
Disable KSN Usage.
Disable Deep analysis of launching processes (process launch is blocked for the duration of analysis) checkbox
Recommended option: clear the Deep analysis of launching processes (process launch is blocked for the duration of analysis) check box.
Licensing
You cannot activate the application with a key via the Setup wizard if the key was created using the SUBST command, or if the path to the key file is a network path.
If you plan to use a Kaspersky Security Center proxy server to activate the product on a client device, disable VDI optimization on that device when installing Kaspersky Security Center Network Agent.
Updates
By default, the application icon is hidden after Kaspersky Industrial CyberSecurity for Nodes critical modules updates are installed.
KLRAMDISK is not supported on protected devices running the Windows XP or Windows Server® 2003 operating system.
If Kaspersky Industrial CyberSecurity for Nodes patch installation fails, the patch is rolled back and you are prompted to restart the operating system.
Interface
In the Application Console, filtering in the Quarantine, Backup, System audit log or Task log is case sensitive.
When configuring a protection or scan scope in the Application Console, you can use only one mask and only at the end of the path. Following are the examples of correct masks: C:\Temp\Temp*, C:\Temp\Temp???.doc, C:\Temp\Temp*.doc. This limitation does not affect configuration of the Trusted Zone.
In the Application Console, in the Telemetry collection servers section, the time when the tasks are scheduled to run is not displayed. The Start time column is empty.
Security
If the operating system’s User Account Control feature is enabled, a user account must be part of the KICS Administrators group to be able to open the Application Console by double-clicking the application icon in the tray notification area. Otherwise, it will be necessary to login as a user who is allowed to open the Compact Diagnostic Interface or Microsoft Management Console snap-in.
If User Account Control is enabled, you cannot uninstall the application via the Microsoft Windows Programs and Features window.
Exploit Prevention
Exploit Prevention is unavailable if the apphelp.dll libraries are not loaded in the current environment configuration.
The Exploit Prevention component is incompatible with the EMET utility from Microsoft on protected devices running the Microsoft Windows 10 operating system. Kaspersky Industrial CyberSecurity for Nodes blocks EMET if the Exploit Prevention component is installed on a protected device with the EMET utility installed.
The Exploit Prevention component is incompatible with the SQL Server® 2012 Database Engine. If you install Kaspersky Industrial CyberSecurity for Nodes on the computer with installed MS SQL Server 2012, you must add the sqlos.dll library of the database server to the list of exclusions in the Exploit Prevention task.
Detection and Response
If in the course of the threat response process, a shared folder access error occurs, such an error is not reflected in the threat response history (Kaspersky Security Center Web Console → properties of the host with the installed application → Detection and Response – Response history section).
Migrating the [KICS+KEA] configuration to [KICS+built-in agent] configuration may complete with a Kaspersky Endpoint Agent application removal error. The application removal error is fixed in the latest version of Kaspersky Endpoint Agent. To remove Kaspersky Endpoint Agent, restart the computer and create an application removal task.
The [KICS+KEA+built-in agent] configuration is not supported. Such configuration disrupts the interaction between applications and the Detection and Response solution that is deployed in your organization. In addition, using Kaspersky Endpoint Agent and the built-in agent on the same computer can lead to duplication of telemetry and increased load on the computer and network. After migrating to [KICS + built-in agent] configuration, make sure that Kaspersky Endpoint Agent has been removed from the computer. If Kaspersky Endpoint Agent continues to work after migration, uninstall the application manually (for example, using the Uninstall application remotely task).
The installer allows you to deploy Kaspersky Endpoint Agent on a computer with Kaspersky Industrial CyberSecurity for Nodes and the built-in agent installed. Kaspersky Endpoint Agent and the built-in agent can also be installed on one computer as a result of the Change application components task. The behavior depends on the versions of Kaspersky Industrial CyberSecurity for Nodes and Kaspersky Endpoint Agent.
Event configuration
Settings of the Uncontrolled file operation in controlled area event that can be configured in the Event configuration section of the Kaspersky Security Center policy are also applied to the following events:
Allowed file operation in a controlled area performed by a trusted user.
Prohibited file operation in controlled area.
Statistics only: prohibited file operation in controlled area.
Uncontrolled file operation in controlled area.
Compact Diagnostic Interface
On Windows XP computers, Compact Diagnostic Interface requires the Terminal Service to be working.
Device Control
When uninstalling and reinstalling the application without a restart, Device Control may stay enabled. To restore the correct operation of Device Control, restart the computer.