Solution functions

Kaspersky Security for Virtualization 6.0 Light Agent protects virtual machines running Linux guest operating systems against various types of threats, network attacks, and phishing attacks.

To protect virtual machines running Windows guest operating systems, use Kaspersky Security 5.2 Light Agent.

The main functions for protection and control of virtual machines are provided by the functional components and tasks of Light Agent for Linux:

• File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when Light Agent is started and scans all files that are opened, saved, and started in real time. On-demand File Threat Protection is implemented using the following scan tasks.
  • Malware Scan. Light Agent performs a one-time full or custom scan of file system objects located on the device's local drives, as well as any mounted and shared resources accessed via the SMB and NFS protocols.
  • Critical Areas Scan. Light Agent scans boot sectors, startup objects, process memory, and kernel memory.
• Removable Drives Scan. When the Light Agent component is running, it monitors the connection of removable drives to the device and scans removable drives and their boot sectors for viruses and other malware. Light Agent can scan the following removable drives: CD/DVD drives, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
• Container Scan. While the Container Scan component is running, the Light Agent scans running containers for viruses and other malware. Integration with Docker container management system, CRI-O framework, and Podman and runc utilities is supported. Using the Container Scan task, you can scan containers and images on demand.
• Web Threat Protection. Light Agent scans inbound traffic and prevents downloads of malicious files from the Internet and also blocks phishing, adware, or other malicious websites.
• Network Threat Protection. Light Agent scans inbound network traffic for actions typical of network attacks. Network Threat Protection starts by default when the application is started.
• Firewall Management. Light Agent monitors the operating system firewall settings and filters all network activity according to the network packet rules that you configured.
• Anti-Cryptor. Light Agent monitors access to files located in local directories with network access via SMB/NFS protocols and helps protect files from malicious remote encryption.
• Device Control. Light Agent manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. User access to devices is governed by the access rules that you configured.
• Application Control. Light Agent controls the launching of applications on user devices. This helps reduce the risk of device infection by restricting access to applications. Application launches are governed by the Application Control rules that you configured.
• Behavior Detection. Light Agent monitors malicious activity by applications in the operating system. If malicious activity is detected, Light Agent can terminate the application process that performs the malicious activity.
• System Integrity Monitoring tracks changes to files and directories of the operating system. When the System Integrity Monitoring component is running, the Light Agent monitors in real time the actions taken with objects in the monitoring scope specified in the component settings. Using the System Integrity Monitoring task, you can perform an on-demand system integrity check. Scanning is performed by comparing the current state of objects included in the monitoring scope with the initial state of these objects, previously recorded as a system state snapshot.
• Inventory Scan. The task provides information about all applications' executable files stored on the client devices. This information can be useful, for example, for creating Application Control rules.

Before performing disinfection or deletion, Light Agent can save backup copies of files in storage on the protected virtual machine. You can restore files from backup copies, if necessary.

Light Agent for Linux supports integration with other Kaspersky solutions:

• Integration with the Kaspersky Managed Detection and Response solution lets you continuously search for, detect, and eliminate threats aimed at your organization. For more details, see the Kaspersky Endpoint Security for Linux Help.
• Integration with Kaspersky Endpoint Detection and Response (KATA) (hereinafter also "EDR (KATA)") facilitates protection of the IT infrastructure of organizations and prompt detection of threats, such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). For more details, see the Kaspersky Endpoint Security for Linux Help.

The Kaspersky Security solution uses Kaspersky Endpoint Security for Linux as the Light Agent for Linux. For more information about the features of Light Agent for Linux, see the Kaspersky Endpoint Security for Linux Help.

Additional functions of the Kaspersky Security solution are provided to keep the solution components up to date and extend the solution's capabilities.

• Activation. Using the solution under a commercial license ensures the full functionality of solution components and access to updates of the solution's databases and application modules.
• Updating databases and application modules. Updating the solution's databases and application modules ensures up-to-date protection of virtual machines against viruses and other applications that pose a threat.
• Using Kaspersky Security Network in the operation of solution components. Using Kaspersky's cloud knowledge base about the reputation of files, Internet resources, and software makes it possible to improve protection of virtual machines and user data, ensure faster response times to various threats, and reduce the number of false positives.
• Reports and notifications. Various types of events occur during the operation of solution components. You can receive notifications about events and generate reports based on events.