Release Notes

Kaspersky Industrial CyberSecurity for Networks 3.0

Application version: 3.0.0.473 released on 2021-04-19

Application version designed for running in the Astra Linux SE 1.6 operating system: 3.0.1.24 released on 06/03/2021

Document revision date: 2025-07-22

OPEN THE LIST OF CHANGES WHEN UPDATING DATABASES AND APPLICATION MODULES

Kaspersky Industrial CyberSecurity for Networks is an application designed to protect the infrastructure of industrial enterprises from information security threats, and to ensure uninterrupted process flows. Kaspersky Industrial CyberSecurity for Networks analyzes industrial network traffic to identify deviations in the values of process parameters, detect signs of network attacks, and monitor the operation and current device states on the network. The application is part of the solution known as Kaspersky Industrial CyberSecurity.

BASIC FEATURES

Kaspersky Industrial CyberSecurity for Networks performs the following functions:

• Protects company assets by monitoring its industrial network devices. Detects the activity of devices and device information based on data received in network packets.
• Scans communications between industrial network devices to check their compliance with defined Interaction Control rules. Interaction Control rules can be generated automatically by running the application in learning mode.
• Displays the network interactions between industrial network devices depicted as a network map. Displayed objects are visually distinguished based on various attributes (for example, objects with issues).
• Detects vulnerabilities of devices based on saved device information.
• Extracts the parameter values of the technological process controlled by the Industrial Control System (hereinafter referred to as the "ICS") from network packets and checks the acceptability of those values based on the defined Process Control rules. Process Control rules can be generated automatically by running the application in learning mode.
• Monitors traffic to detect system commands that are transmitted or received by devices involved in process automation. Provides notifications regarding detected unauthorized system commands or situations that could be signs of industrial network security violations.
• Monitors project read and write operations for programmable logic controllers, saves the obtained information about projects, and compares this information to previously obtained information.
• Analyzes industrial network traffic for signs of attacks without affecting the industrial network or drawing the attention of a potential attacker. Uses defined Intrusion Detection rules and embedded algorithms to scan for anomalies in network packets and detect signs of attacks.
• Registers events and relays information about them to recipient systems and to Kaspersky Security Center.
• Analyzes registered events and, upon detecting certain sequences of events, registers incidents based on embedded correlation rules. Incidents group events that have certain common traits or that are associated with the same process.
• Saves traffic associated with registered events in the database. Traffic can be saved automatically (if autosave is enabled for the traffic of events) or by requesting to download traffic.
• Can be used to work with both the GUI and API.

WHAT'S NEW

Kaspersky Industrial CyberSecurity for Networks 3.0 has the following new capabilities and refinements:

• Optimized installation and removal of application components – initial configuration of the application is performed in a special section on the web interface page, there are new scripts for local installation and local removal of application components, and sensors can be added or removed when connected through the web interface without having to reinstall application components.
• Expanded functionality of the Server web interface – when connected to the Server through the web interface, the user can configure all application functions. New widgets with display configuration capabilities were added for system monitoring in online mode.
• Monitoring vulnerabilities of devices – the application can now detect vulnerabilities of devices based on the available device information.
• Expanded functionality for industrial process control – the application has new functions for automatically detecting Process Control settings and learning rules, and has an expanded list of tag values that can be monitored.
• Device Control functionality is now part of Asset Management functionality – and the limit on the maximum number of devices was increased, the list of supported device categories was augmented, and the capabilities for automatic detection of device information were expanded. Asset Management functionality now includes subnet processing, automatic grouping of devices by criteria, and new import and export functions using various formats.
• Expanded and improved network map functionality – the maximum number of nodes that can be displayed has been increased, there are newly added capabilities for displaying nodes and links on the network map based on information in selected events or incidents (you can navigate directly from the Events section to the Network Map section and objects will be filtered accordingly), and devices displayed on the network map can be automatically grouped based on specific criteria (subnet, device category and vendor) for all nodes or for nodes of a selected group.
• Common list of allow rules – allow rules for events were added to Interaction Control rules (formerly known as "Network Control rules"). There are new rule templates that define the initial values of parameters. Interaction Control takes into account the subnets known to the application.
• Improved implementation of the application programming interface (API) – the REST (Representational State Transfer) architectural style of interaction is used when handling requests through the Kaspersky Industrial CyberSecurity for Networks API. Interaction with the application is secured by encrypting connections over the HTTPS protocol.
• Implemented connector functionality – recipient systems can connect to Kaspersky Industrial CyberSecurity for Networks through connectors that ensure secure and controlled data exchange with the application using the Kaspersky Industrial CyberSecurity for Networks API. When forwarding events to recipient systems, connectors take the place of the recipients that were used in previous versions. The application can also use connectors to forward application messages and audit logs to recipient systems.
• Expanded set of data in a security policy – an application security policy contains data arranged into sections that can be selected when exporting or importing a policy.
• Extended support for application layer protocols and devices for process control – there are now additional capabilities for analyzing traffic of supported protocols and devices, and new supported protocols and devices have been added. The set of supported protocols and devices may be further expanded when updates are installed.
• Newly implemented detection of security issues in encryption protocols – the application registers events when it detects obsolete versions of encryption protocols, weak algorithms, or issues with certificates in use.

Kaspersky Industrial CyberSecurity for Networks version 3.0.1 has the following new capabilities and improvements:

• Implemented support for operations in the Astra Linux SE 1.6 operating system.
• Expanded functionality for processing Intrusion Detection rules – added support for internal IDs of rules, and the capability to apply individual rules from sets that contain errors in some of the rules.
• Added utility for exporting events to XML files – these files store data that can be used in GosSOPKA, which is the Russian government system for the detection, prevention, and mitigation of computer attacks.
• Added script for verifying the integrity of files installed from application distribution kit packages.
• Added script for changing the validity period for connection sessions with the Server through the web interface and for authentication tokens in the Kaspersky Industrial CyberSecurity for Networks API.

DISTRIBUTION KIT

The distribution kit of Kaspersky Industrial CyberSecurity for Networks 3.0 includes the following files:

• Application components centralized installation script: kics4net-deploy-<application version number>.bundle.sh
• Script for local installation of application components: kics4net-install.sh.
• Script for local removal of application components: kics4net-remove.sh
• Packages for installing application components in the CentOS operating system:
  • Package for installing the Server and sensors: kics4net-<application version number>.x86_64.rpm.
  • Package for installing system connectors: kics4net-connectors-<application version number>.x86_64.rpm.
  • Package for installing the full-text search system: kics4net-fts-<application version number>.x86_64.rpm.
  • Package for installing the DBMS: kics4net-postgresql-<DBMS version number>.x86_64.rpm.
  • Package for installing the Intrusion Detection system: kics4net-suricata-<system version number>.x86_64.rpm.
  • Package for installing a web server for an application sensor: kics4net-websensor-<application version number>.x86_64.rpm
  • Package for installing a web server for the Application Server: kics4net-webserver-<application version number>.x86_64.rpm.
  • Package for installing Network Agent from the Kaspersky Security Center distribution kit: klnagent64-<Network Agent version number>.x86_64.rpm
• Packages for installing the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center: kics4net-sc-plugin_<plug-in version number>_<localization code>.msi
• Package containing documentation describing requests for the Kaspersky Industrial CyberSecurity for Networks API: publicapi_doc.tar.gz
• Package containing descriptions of the specifications for the Kaspersky Industrial CyberSecurity for Networks API: publicapi_swagger.tar.gz
• Files containing the text of the End User License Agreement in English and in Russian
• Files containing the text of the Privacy Policy in English and in Russian
• Files containing information about the version (Release Notes) in English and in Russian

The distribution kit for Kaspersky Industrial CyberSecurity for Networks 3.0.1 is specified in the application data sheet.

HARDWARE AND SOFTWARE REQUIREMENTS

Hardware requirements

Kaspersky Industrial CyberSecurity for Networks has the following minimum hardware requirements for computers where application components will be installed:

• Computer that will perform Server functions:
  • CPU: Intel Core i7.
  • RAM: 32 GB.
  • Free space on the hard drive: 750 GB and an additional 250 GB for each monitoring point on this computer.
• Computer that will perform sensor functions:
  • CPU: Intel Core™ i5 / i7.
  • RAM: 4 GB, and an additional 2 GB for each monitoring point on this computer.
  • Free space on the hard drive: 50 GB and 250 GB for each monitoring point on this computer.

When using sensors, the bandwidth of the dedicated Kaspersky Industrial CyberSecurity network between the Server and each sensor must be at least 50% of the cumulative incoming traffic at the sensor (for all monitoring points of the sensor).

Software requirements for Kaspersky Industrial CyberSecurity for Networks 3.0

Kaspersky Industrial CyberSecurity for Networks 3.0 has the following software requirements for computers on which application components will be installed:

• CentOS operating system version 8.3.2011 or later.
• The same version of operating system must be installed on all computers where application components are installed.
• To install application components in the CentOS operating system, the following conditions must be fulfilled:
  • Chrony time synchronization package version 3.1 or later is installed.
  • The SELinux access control enforcement system is disabled.
  • The dnf-utils package is installed.
  • Python interpreter version 2.7 is installed.
  • A symbolic link to the installed version of the python2 package is configured.
  • The python2-pyyaml package is installed.
• To ensure proper functioning of application components on the computer that will perform Server functions, the following conditions must also be fulfilled in the CentOS operating system:
  • Python interpreter version 3.6 or later is installed, as well as the following packages supporting the operation of connectors and data conversion scripts: python3-tqdm, python3-certifi, python3-dateutil, python3-pyyaml, python3-pytz, python3-urllib3, python3-psycopg2, python3-cffi (if connectors will also operate on other computers, the listed packages must also be installed on those computers).
  • A Postfix mail server (Mail Transfer Agent – MTA) for sending emails through the email connector is installed.
  • Perl interpreter version 5.10 or later is installed (if Kaspersky Security Center Network Agent is being installed).

To install the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center, the Windows update KB2999226 must be installed on the computer hosting the Kaspersky Security Center Administration Server. Installation of this update is required if the problems fixed by this update are relevant for the installed version of the operating system and configuration of the installed software on the computer hosting the Administration Server (please refer to the description of the specific update).

You can use the following browsers to connect through the web interface:

• Google Chrome™ version 89 or later.
• Mozilla™ Firefox™ version 86 or later.
• Microsoft® Edge version 89 or later.

Kaspersky Industrial CyberSecurity for Networks 3.0 is compatible with Kaspersky Security Center version 11 and 12.

Software requirements for Kaspersky Industrial CyberSecurity for Networks 3.0.1

Kaspersky Industrial CyberSecurity for Networks 3.0.1 has the following software requirements for computers on which application components will be installed:

• Astra Linux SE 1.6 operating system with the 20200722SE16 update installed.
• The same version of operating system must be installed on all computers where application components are installed.
• To install application components in the Astra Linux SE 1.6 operating system, the following conditions must be fulfilled:
  • The standard operating system components "Internet tools" and "Network services" are installed (in addition to the standard components that are installed by default in the operating system).
  • The operating system has an active firewall implemented by the UFW network security configuration application (for automatic configuration of network filtering).
  • Repositories containing up-to-date stable versions of installation packages are connected in the operating system (for example, connected repositories on discs containing an update of the installation disc for the operating system and an update of the disc containing development tools).
  • Python interpreter version 2.7 is installed.
  • The libcap2-bin package is installed.
  • A symbolic link to the installed version of the python2 package is configured.
  • The python2-pyyaml package is installed.
  • The python-apt package is installed.
  • The SSH server package is installed (for centralized installation of application components).
  • The en_US.utf8 locale is enabled (on the computer from which the centralized installation of application components will be performed).
• To ensure proper functioning of application components on all computers that will perform Server and sensor functions, the following conditions must be fulfilled in the Astra Linux SE 1.6 operating system:
  • Information streams are allowed without limitations from the capability-based access restriction mechanism (a null capability marker is set for all access objects).
  • The closed software environment mechanism is disabled in the operating system.
• To ensure proper functioning of application components on the computer that will perform Server functions, the following conditions must also be fulfilled in the Astra Linux SE 1.6 operating system:
  • Python interpreter version 3.5 is installed, as well as the following packages supporting the operation of connectors and data conversion scripts: python3-urllib3 python3-yaml python3-tz python3-dateutil python3-psycopg2 python3-cffi (if connectors will also operate on other computers, the listed packages must also be installed on those computers).
  • A mail server (Mail Transfer Agent – MTA) for sending emails through the email connector is installed and configured.
  • Perl interpreter version 5.10 or later is installed (if Kaspersky Security Center Network Agent is being installed).

To install the Kaspersky Industrial CyberSecurity for Networks Administration Plug-in for Kaspersky Security Center, the Windows update KB2999226 must be installed on the computer hosting the Kaspersky Security Center Administration Server. Installation of this update is required if the problems fixed by this update are relevant for the installed version of the operating system and configuration of the installed software on the computer hosting the Administration Server (please refer to the description of the specific update).

You can use the following browsers to connect through the web interface:

• Google Chrome version 89.
• Mozilla Firefox version 86.
• Microsoft® Edge version 89.
• Chromium for Astra Linux version 83.

Kaspersky Industrial CyberSecurity for Networks 3.0.1 is compatible with Kaspersky Security Center version 11 and 12.

FIXED ISSUES

Installation

• [1807458] Fixed: cannot change the names and addresses of the Server and sensors without reinstalling application components on nodes.

User interface

• [3217584] Fixed: if the details area was forcibly closed in the events table (using the button in the upper-right corner), this area will not appear when you select or clear check boxes next to events or incidents.
• [3294936] Fixed: the protocol stack tree cannot be automatically expanded during a search in the protocol filtering window (for example, to filter by the Protocol column in the events table). Search results may be hidden in collapsed tree elements.
• [3728329] Fixed: the Application Console window used for entering user account credentials may be collapsed into the button on the taskbar. In this case, the main window of the Console remains unavailable.
• [3754605] Fixed: in the Application Console, when editing fields containing numeric values in the "Manage logs" window, the cursor moves to the rightmost position in the entry field after each action taken when editing a value.

Events and incidents

• [2444775] Fixed: the Application Console provides the capability to configure the alert regenerate timeout for certain system event types that are not suppressed (for example, test events based on technologies). The defined alert regenerate timeouts for such events are not applied.
• [3370474] Fixed: when you enable filtering of the events table based on a specific period (for example, by disabling automatic update of the table), the start and end boundaries of the period are taken from the time of the computer from which the connection is established through a web browser. If this time is not synchronized and lags behind the time of the Server (without accounting for the difference in time zones), events that are registered within the time difference between the computer and Server are not loaded in the table.
• [3388315] Fixed: the same monitoring point is always indicated for incidents regardless of which monitoring points are specified for embedded events.
• [1946917] Fixed: for Network Control events, there is no capability to enable or disable registration of individual event types.

Asset management

• [3092206] Fixed: in the Microsoft Edge web browser, objects may be moved unevenly when dragging the network map image.

Deep Packet Inspection

• [3079632] Fixed: when registering events associated with the detection of communications between devices over the Yokogawa Vnet/IP protocol, in some cases the address information of the destination of network packets in an event is registered as the multicast IP address instead of the IP address of the process control device in the security policy. This is caused by the specific features of relaying process management commands over this protocol.
• [1809642] Fixed: for all PLCs, you can select any tag data type regardless of whether or not the selected data type is supported by the PLC.
• [3780909] Fixed: after an unknown tag is saved in the detected tag storage, the application does not update information about the parameters of this tag (for example, when the tag data type is changed).
• [3924316] Fixed: there is limited support for Honeywell C300 devices for Experion PKS / PlantCruise control systems: process parameter values are not monitored.
• [1956116] Fixed: the application does not support certain data types of tags.

External

• [1268342] Fixed: when forwarding events to a SIEM system, only the TCP protocol is supported.

Application maintenance

• [2588631] Fixed: if the hard drive runs out of free disk space, the application Console may show the message "Error removing traffic dump metadata file".
• [3365890] Fixed: the time displayed in the "Effective uptime" field on the "Tags" section page of the application web interface includes not only the time of normal operation of the application (without problems) but also includes the time when the application was running with the "Error occurred" status.
• [3779902] Fixed: if the installation of updates on a sensor computer failed due to the unavailability of one of the application processes (for example, the filter process), the next startup of the postponed update will occur only after successfully restarting the kics4net service.

LIMITATIONS AND KNOWN ISSUES

Installation

• The kics4net-deploy-<application version number>.bundle.sh script for centralized installation of application components cannot work without the application installation packages.
  • Solution: it is recommended to save the distribution package of the installed version of the application in the same folder as the kics4net-deploy-<application version number>.bundle.sh script for the purpose of making changes to the installation settings.
• Only self-signed SSL connection certificates are used for connections between nodes of Kaspersky Industrial CyberSecurity for Networks and for connecting through the API.
• [3369804] For a new centralized installation of application components without any changes to the settings (nodes for installing components are not added and other settings are not configured), the kics4net-deploy-<application version number>.bundle.sh script does not show any warnings about undefined settings. In this case, application components are not installed, but the script displays a message about successful installation after it finishes.
  • Solution: centrally install the application components with configured settings, add nodes for the Server and sensors, and configure other installation settings if necessary.
• [3385870] After complete centralized removal of application components, the list of removal settings does not contain anything about the removal of Network Agent if advanced settings were not configured in the Removal Settings menu.
  • Solution: when configuring the settings for full removal of the application, select the Removal Settings menu item and specify the necessary action at the Remove Network Agent prompt (this prompt is displayed if an installed Network Agent is detected).
• [4808342] After centralized installation of a sensor, you can connect to the sensor through the web interface only by using the IP address that was specified for this node when the installation settings were configured.
  • Solution: if you want to connect to a sensor through the web interface at any IP address accessible on the sensor node, you can install the sensor by using the kics4net-install.sh script for local installation of application components.

User interface

• Descriptions of device vulnerabilities are provided in English regardless of the specific localization language of the application.
• Descriptions of MITRE ATT&CK techniques in events and incidents are provided in English regardless of the specific localization language of the application.
• [2494064] You must use a colon (:) to separate the bytes of a MAC address. Use of a dash (-) is not supported.
• [4799248] In some cases, when device groups are deleted and the remaining groups are automatically merged, devices from these groups may be moved to the top level of the hierarchy within the device group tree.
• [4519524] When the tags table is filtered based on the "Devices" column, filtering is applied only based on the names of devices (the indicated addresses of devices are not taken into account when filtering).
• [3200916] If the header of a column in the events table does not show the full name (due to insufficient column width), a tooltip may not be displayed for this name when you move the mouse cursor over it.
  • Solution: increase the width of the column.
• [4803787] When configuring connector settings, if the address input field contains a value that does not match the address template, the tooltip for this field will present the value template as a regular expression.
• [4343928] When operations with device groups are performed, the settings in audit entries might not contain any values if there is no data available for these values (for example, an audit entry will have an empty value for the name of the new parent group when a group is moved to the top level of the hierarchy in the device group tree).

Events and incidents

• When a security policy is applied on the Server, the application closes all previously registered events and saves the date and time when the policy was applied in the End column (unless this column was not empty for the event). All these events can be registered again, just like when the Server is restarted.
• [4800699] If saving of traffic is enabled and configured only for the "Incident" event type (event type code 8000000001) and it is not enabled for types of events that may be included in incidents, in some cases traffic might not be saved for some events of an incident. Saving of traffic is influenced by various factors, including delayed registration of an incident relative to the occurring events it contains, the settings for saving traffic dump files, and the rate of incoming traffic.
  • Solution: to better ensure that traffic is loaded, it is recommended to enable saving of traffic for the relevant event types and configure the settings for saving traffic in the database in accordance with the rate of traffic and registration of events.
• [3344303] When loading traffic for multiple events, the time value in the names of files of the received archive may differ from the time of registration of events on the Server (the time from a different time zone is indicated).
• [3951845] The names of files inside downloaded archives containing traffic for events may be presented in a localization language that is different from the specific localization of archive file names.
• [3091037] If an incident has embedded incidents, the parent incident may stop being displayed when you scroll through the structure of embedded elements in the events table.
• [3391289] When ARP spoofing detection events are registered, the start time in the descriptions of events is specified according to the UTC standard.

Asset Management

• [3338215] When you merge devices whose address information includes only IP addresses, the date and time when last visible is not saved.
• [4768430] Devices that have an assigned IP address from a "Public" subnet and whose MAC address is known may be displayed as unknown devices on the network map. When the application detects interactions between such devices with IP addresses from private subnets, it does not include these devices into a WAN node.
• [3371248] When attempting to save a device containing multiple network interfaces that have the same IP address and only the first interface does not contain a MAC address, a missing MAC address error is displayed for all interfaces except the first one.
• [3296453] If a node on the network map is moved to a position overlaying the line of a connection with other nodes, this overlay is not always automatically rectified (by optimizing the position of unpinned nodes).
• [4727899] While searching for the optimal location for an unpinned node on the network map, the node may move around in the vicinity of its current location for several seconds.
• If a device is added when importing a configuration from an external project that does not contain address information, the application assigns the IP address 0.0.0.0 to the device. When importing a configuration from a subsequent external project that also contains no address information for devices, information about the first device may be replaced. In this case, not all data from the external project will be imported into the application.
  • Solution: after importing a configuration of devices and tags from an external project, check the address information of devices that were added during the import and correct this information if necessary.

Network Integrity Control

• [3021344] For communications over the SNMP protocol, the application can only detect communications and identify this protocol without detecting system commands and tags.

Deep Packet Inspection

• [1842016] In dense traffic, after operation is disrupted and the application restarts, Kaspersky Industrial CyberSecurity for Networks may create duplicates of recent events.
  • Solution: you can ignore duplicated events.
• [1789024] The application incorrectly processes the most significant bit of the uint64 tag.
  • Solution: for tags with the uint64 data type, create rules only for values within the range of -2^62 to 2^62-1.
• [4756136] For tags with the bool or string data type, you can configure scaling (however, the defined scaling settings are not applied for these tags).
• [4717099] In descriptions of events for the detection of system commands over the MMS and GOOSE protocols of the IEC 61850 standard, the delimiters used in the names of logical node instances are $ characters instead of dots.
• [2487647] Support of the BDUBus protocol is limited: when using an encrypted connection over this protocol, system commands are not monitored after the connection is established.
• [1838543] Two different situations in IEC 60870-5-104 protocol traffic invoke the same event - REGISTER ADDRESS MISMATCH.
• [2528058] There is limited support for ABB Relion 670 devices: on some devices (for example, ABB REL670 with embedded software version 2.0.0), the ABB SPA-Bus protocol is not used, while an encrypted option (TLS) is used for the FTP protocol. Therefore, for these devices, only the system command "INITIALIZE CONNECTION" received over the FTP protocol is monitored. After a connection is established, the application can register PARSING ERROR: UNKNOWN COMMAND events.
• [2487474] Support of EKRA 243 devices is limited: depending on the version of the installed software on these devices, certain system commands might not be monitored.
• [3094764] When DMS protocol communications over the UDP transport protocol are detected, the application does not monitor the values of tags that are transmitted by the server as part of a client subscription to receive up-to-date values of those tags.
• [4756649] When Process Control settings are automatically detected by the application, the settings added for a device can only come from one of the supported protocols, which is the protocol whose traffic was detected earlier.
  • Solution: if a Process Control device communicates over multiple protocols, you can manually add the settings of the protocols that were not detected automatically.
• [4757273] When Process Control settings are automatically detected and custom settings for one of the supported protocols are defined for a device, the application does not automatically add device settings that were detected for another supported protocol.
  • Solution: if a Process Control device communicates over multiple protocols, you can manually add the settings of the protocols that were not detected automatically.

External

• [1268351] The application transmits data to a SIEM system in CEF 20 format. Data is not converted to Syslog standard format.
  • Solution: when it is necessary to transmit data in Syslog standard format, you must configure data transmission in Syslog standard format instead of SIEM systems format.

Application maintenance

• [4788300] In data regarding the Server or sensor node, the value of the "Maximum volume of application data" parameter is an estimate. In some cases, application files may occupy more disk space than the specified volume.
• [2466729] When the filter process is disrupted, the application might not register all events corresponding to the period, or might create duplicate events.
• [3519607] If an error occurred when enabling a monitoring point, this state is retained even after the cause of the error is resolved (for example, if the network interface is enabled after enabling the monitoring point).
  • Solution: after resolving the cause of the error, disable the monitoring point and enable it again.
• [4805965] After a sensor is removed through the web interface or after the Server is returned to its initial state (using the kics4net-reset-to-defaults.sh script located in the /opt/kaspersky/kics4net/sbin/ folder), the application may continue to create traffic dump files on the sensor node.
  • Solution: to prevent the creation of traffic dump files, you can first disable monitoring points on the sensor node.

© 2023 AO Kaspersky Lab.

Page top