The new version of Kaspersky Security 10.1 for Windows Server brings you the following::

• A new Traffic Security component: now you can protect your server from web threats sent via HTTP or HTTPS traffic, and from other email-based threats. This new component supports the following protection scenarios:
  • Anti-virus and anti-phishing protection of email traffic using an Microsoft Outlook extension
  • Anti-virus and anti-phishing protection of web traffic
  • Link verification using databases of malicious web addresses
  • Link verification using cloud-based databases of malicious web addresses
  • Web control using rules for links and certificates
  • Web resource control based on categories
  • Web server certificates control upon connection
• Traffic Security can be set up in one of three configurations:
  • External Proxy with ICAP service: analysis of traffic redirected from an external proxy server (without a network driver).
  • Redirector: analysis of traffic redirected from browsers launched in a terminal session (without a network driver). The program uses an internal system proxy.
  • Driver Interceptor: Traffic is intercepted using a network driver in protected server terminal sessions.
• A new Anti-Cryptor for NetApp component: now you can use a server with Kaspersky Security 10.1 for Windows Server installed to protect cluster connected NetApp network attached storages (version 8.2 and higher) from malicious encryption.
• A new Device Control component: now you can generate lists of rules that the application uses to allow or block file transfers with external data storage devices (USB and MTP storage devices, CD/DVD devices).
• A new Exploit Prevention component: now you can configure settings to protect processes from exploits using distributed mitigation techniques.
• A new File Integrity Monitor component: now you can indicate the objects whose integrity you want to monitor.
• A new Log Inspection component: now you can generate log inspection rules for Windows event logs, and configure the use of the heuristic analyzer for Windows event logs.
• A new functionality that allows to protect and control Microsoft Windows Server 2016 containers: now you can protect Microsoft Windows Server 2016 containers with the help of the following technologies:
  • File threat real-time protection (Kaspersky Security 10.1 for Windows Server must be installed on a host with deployed Microsoft Windows Server 2016 containers).
  • Applications Launch Control in a container according to the rule list specified in the Applications Launch Control task (Kaspersky Security 10.1 for Windows Server with the Applications Launch Control component must be installed on a host with deployed Microsoft Windows Server 2016 containers).
  • Exploit protection of processes, running in the containers (Kaspersky Security 10.1 for Windows Server with the Exploit Prevention component must be installed on a host with deployed Microsoft Windows Server 2016 containers).
• Compact Diagnostic Interface: now you can control the server protection status, review important application status markers and manage the trace and dump files settings without installing the Administration Tools.  Compact Diagnostic Interface is installed along with the Tray Icon component and performs important diagnostic functions of Kaspersky Security 10.1 Console. 
• Integration with the Kaspersky Managed Protection services: now you can improve network protection with the around-the-clock analysis services and security event reporting from the Kaspersky Lab experts. 
• Integration with the Operations Management Suite.
• The ability to integrate with external SIEM systems has been added: now you can configure settings to export application logs to external event aggregation systems using the syslog protocol.
• The ability to track USB connections to protected devices: now you can configure settings for notifications about USB connections to protected servers made by various types of devices.
• Security Event Log implemented: now you can view, in a single log, all events logged by application components that indicate the protected system may be compromised.
• A new Firewall Management component: now you can manage Windows Firewall rules through the graphical user interface of Kaspersky Security 10.1 for Windows Server.
• Scanning of USB storage devices has been added: now you can automatically scan storage devices when they are connected to a protected computer.
• Password-protection of the access to application management has been added: now you can also protect Kaspersky Security 10.1 for Windows Server and use a password to limit access to critical operations.
• The new ability to automatically allow applications to start based on trusted distribution packages: now you can add exclusions for distribution packages in the Applications Launch Control task settings in order to simplify the process of allowing files to start when installing or updating software.
• The feature of blocking access to network file resources has been simplified: now the Anti-Cryptor and Real-Time File Protection components put identifiers for compromised hosts in the Blocked Hosts storage. You can disable the population of Blocked Hosts storage in the protection task settings. You can also view information about all blocked hosts in a centralized list in the Administration Server Console.
• Optimized feature of generating a list of trusted process rules for the Trusted Zone: now you can exclude a process based on its checksum, only its path, or both its path and checksum. Also, you can add multiple processes to the list of trusted processes simultaneously. 
• Simplified and extended mechanism for populating lists of rules for application launch control: added the ability to simultaneously use lists of rules configured on local hosts and in a policy, and implemented a way to generate rules based on task events in Kaspersky Security Center.
• The Default Allow mode for the Applications Launch Control task has been optimized: now you can use the Applications Launch Control functionality to allow all launches except for the launches of blocked applications. 

Traffic Security:

• We do not recommended that you include VPN traffic in the protection scope (port 1723).
• Web browser Opera Presto Engine informs about an attempt of connection with untrusted certificate, if Kaspersky Security 10.1 for Windows Server is used for HTTPS traffic protection.
• Traffic from IP addresses in IPv6 format cannot be scanned.
• The component is available on operating systems higher than Microsoft Windows Server 2008 R2.
• The application only processes TCP traffic.
• We recommend that you install the Agent before deploying the Traffic Security component, as the Network Agent of the Administration Server detects the Traffic Security component when connecting to the Administration Plug-In. If Traffic Security was installed and the task started before the installation of Agent, restart the Traffic Security task.

On-Demand Scan, Real-Time Protection, Anti-Cryptor and Process Memory Protection:

• Anti-virus scan of the MTP-connected devices upon connection is not available.
• Archive object scanning is not available without SFX-archive scanning: if archive scanning is enabled in the protection settings of Kaspersky Security 10.1 for Windows Server, the application automatically scans objects in both archives and SFX-archives. SFX-archives scanning without archives scanning is available..
• Trusted Zone exclusions are not applied during scanning in the Windows Server 2016 containers.
• iSwift technology is not used during scanning in the Windows Server 2016 containers.
• The Exploit Prevention component does not protect applications, that were installed via Microsoft Store, on the Windows Server 2012 and Windows Server 2012 R2 operating systems.

Computer control and diagnostics:

• Log Inspection task only detects potential Kerberos attack patterns (MS14-068) on computers running on Windows Server 2008 or higher as a domain controller with installed updates..
• In active mode the Device control task blocks any connections via MTP.

Firewall Management:

• Working with IP addresses in IPv6 format is not available when specified applied rule scope consists of one address.
• When the Firewall Management task is started, the following types of rules are automatically removed from the operating system's firewall settings:
  • denying rules 
  • rules monitoring outgoing traffic
• Preset Firewall policy rules provide execution of basic scenarios of interaction between local computers and Administration Server. For full usage of Kaspersky Security Center functions, it is required to set up rules for ports manually. Information about port numbers, protocols and their functions is contained in the Knowledge Base article.
• The application does not control modification of Windows Firewall rules and rule groups during the minutely inquiries of the Firewall management task, if those rules were not added to the task configuration upon the application installation. To update the status and include such rules the Firewall management task must be restarted.
• For the Microsoft Windows Server family of operating systems, 2008 and higher: the Windows Firewall service must be started (started by default) before installing the Firewall Management component. 
• For the Microsoft Windows Server 2003 operating systems: Windows Firewall requires SharedAccess service to be stared. The service is stopped by default and can be started by the user with Administrator rights only. If the Firewall Management task is started while the SharedAccess service is not running, the application displays an incorrect state of the task: the task is displayed as running, but Windows Firewall is not started and network rules are not applied.  For the Firewall Management component to work correctly, start the SharedAccess service.

Installation:

• During application installation, a warning that the path is too long appears if the full path to the Kaspersky Security 10.1 for Windows Server installation folder contains more than 150 symbols. The warning does not affect the installation process: Kaspersky Security 10.1 for Windows Server will install and then run successfully.
• To install the SNMP Support component the SNMP service must be installed on the protected server.
• To install the SNMP Support component, the SNMP service must be restarted if it is running.
• Kaspersky Security 10.1 for Windows Server Administration Tools cannot be installed via Microsoft Active Directory group policies.
• When installing the application on computers running older operating systems that can no longer receive regular updates, the following root certificates must be checked: DigiCert Assured ID Root CA, DigiCert_High_Assurance_EV_Root_CA, DigiCertAssuredIDRootCA. Lack of specified certificates can lead to incorrect application functioning. It is recommended to install specified certificates in any possible way. Manual for downloading and applying actual certificates is available in the Knowledge Base article.

Licensing:

• Application activation with the key via the Setup wizard is not available, if the key is stored on the disk, which was created with the SUBST command, or if the network path to the key file is specified.

Updates:

• After installing critical updates for Kaspersky Security 10.1 for Windows Server modules, the application icon is hidden by default.

Interface:

• If you use filtering in Kaspersky Security 10.1 Console in the Quarantine, Backup, System audit log or Task log tasks, the case should be maintained.
• You can use only one mask and only in the path end, when configuring protection or scan scope in Kaspersky Security 10.1 Console. Correct mask usage examples: "C:\Temp\Temp*", or "C:\Temp\Temp???.doc", or "C:\Temp\Temp*.doc". Limitation does not affect Trusted Zone configuration.

Integration with Kaspersky Security Center:

• Administration Server checks the database updates validity when receiving the update packages, and before sending the updates to network computers. Administration Server does not check validity of the received software module updates.
• Make sure the required check boxes are selected in the Interaction with the Administration Server settings, when you use the components that transmit the dynamically changed data to Kaspersky Security Center with the help of network lists (Quarantine, Backup).

Other functions:

• When using the command line utility, special symbols can be displayed if the operating system's regional settings match the user interface locale of Kaspersky Security 10.1 for Windows Server.
• When using basic authentication on a proxy server, an authentication error may occur if the user name or password was set using a multibyte encoding.
• When restoring a file from Quarantine or Backup, the file's “Encrypted” attribute is not restored.
• A mirrored server cannot be used when connecting to the syslog server via UDP.
• The device type might not be recognized when a USB connection event is generated. In this case, the event will contain only the device GUID.
• The Device Instance Path is indicated in different formats for the Device Control component and the USB connection monitoring feature.