Known limitations

Kaspersky Endpoint Detection and Response Optimum 3.0 has the following limitations:

• To work with alert details, the web plug-in for Kaspersky Endpoint Security for Windows 11.7.0 or later is required. Alert details are available only in Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console.
• Alert details and detailed results of the IOC Scan task execution are deleted one month after creation.
• When using Kaspersky Endpoint Security for Mac 12.1:
  • Alert details for threats detected within compound objects contain information only about the detected object itself without a graph of the threat development chain.
  • When performing the Get file and Move file to Quarantine tasks, Backup is used as a file storage.
• When using Kaspersky Endpoint Security for Linux 12.1:
  • You cannot create, run, or configure the Kaspersky Endpoint Detection and Response Optimum tasks using the command line.
• When using Kaspersky Endpoint Security for Windows:
  • You cannot scan an object quarantined as a result of the Move file to Quarantine task.
  • It is not possible to quarantine an Alternate Data Stream (ADS) that is larger than 4 MB. Kaspersky Endpoint Security for Windows skips any ADS this large without notifying the user.
  • Kaspersky Endpoint Security for Windows does not run IOC Scan tasks on network drives if the path in the task properties begins with a drive letter. Kaspersky Endpoint Security for Windows supports only the UNC path format for IOC Scan tasks on network drives. For example, \\server\shared_folder.
  • When an indicator of compromise is detected while running the IOC Scan task, the application quarantines a file only for the FileItem term. Quarantining a file for other terms is not supported.

Multitenancy support in Kaspersky Endpoint Detection and Response Optimum has the following limitations:

• In Kaspersky Security Center Cloud Console, permissions can be assigned only to accounts registered using Active Directory.
• When using Kaspersky Security Center Cloud Console and Kaspersky Security Center Web Console 14 and earlier:
  • Administrator permissions for the tenant organization must be assigned before creating a virtual Administration Server. After creating a virtual Administration Server, it is not possible to add or remove the Administrator account.
  • Administrators of virtual Administration Servers have the Read permission for the main Server.

For detailed information about known limitations when using Kaspersky Endpoint Security for Windows, refer to the Help for the corresponding application version:

• Kaspersky Endpoint Security for Windows 12.5
• Kaspersky Endpoint Security for Windows 12.4
• Kaspersky Endpoint Security for Windows 12.3
• Kaspersky Endpoint Security for Windows 12.2
• Kaspersky Endpoint Security for Windows 12.1
• Kaspersky Endpoint Security for Windows 12.0
• Kaspersky Endpoint Security for Windows 11.11.0
• Kaspersky Endpoint Security for Windows 11.10.0

For detailed information about known limitations when using Kaspersky Endpoint Agent, refer to the Help for the corresponding application version:

• Kaspersky Endpoint Agent 3.16
• Kaspersky Endpoint Agent 3.15
• Kaspersky Endpoint Agent 3.14
• Kaspersky Endpoint Agent 3.13
• Kaspersky Endpoint Agent 3.12
• Kaspersky Endpoint Agent 3.11