Kaspersky Endpoint Security for Windows

Kaspersky Endpoint Security for Windows (hereinafter also referred to as Kaspersky Endpoint Security) provides comprehensive computer protection against various types of threats, network and phishing attacks.

To protect your computer, Kaspersky Endpoint Security uses the following threat detection technologies:

• Machine learning. Kaspersky Endpoint Security uses a model based on machine learning. This model was developed by Kaspersky experts. Throughout its use, the model continually receives updated threat data from KSN, thereby training the model.
• Cloud analysis. Kaspersky Endpoint Security receives threat data from Kaspersky Security Network. Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the online Kaspersky Knowledge Base that contains information about the reputation of files, web resources, and software.
• Expert analysis. Kaspersky Endpoint Security uses threat data added by Kaspersky virus analysts. Virus analysts manually check objects if the reputation of an object cannot be determined automatically.
• Behavior analysis. Kaspersky Endpoint Security analyzes the activity of an object in real time.
• Automatic analysis. Kaspersky Endpoint Security receives data from an automatic object analysis system. The system processes all objects received by Kaspersky, and then determines the reputation of objects and adds the corresponding data to the anti-virus databases. If the system is unable to determine the reputation of an object, it sends a request to Kaspersky virus analysts.
• Kaspersky Sandbox. Kaspersky Endpoint Security scans objects on a virtual machine. Kaspersky Sandbox analyzes the behavior of an object and makes a decision on its reputation. This technology is available only if you are using Kaspersky Sandbox.

Each type of threat is handled by a dedicated component. Components can be enabled or disabled independently, and their settings can be configured.

The following application components are control components:

• Application Control. This component keeps track of user attempts to start applications and regulates the startup of applications.
• Device Control. This component lets you configure flexible access restrictions to data storage devices (such as hard drives, removable drives, and CD/DVD disks), data transmission equipment (such as modems), equipment that converts information (such as printers), or interfaces for connecting devices to computers (such as USB, Bluetooth).
• Web Control. This component lets you set flexible restrictions on access to web resources for different user groups.
• Adaptive Anomaly Control. This component monitors and controls potentially harmful actions that are not typical of the protected computer.

The following application components are protection components:

• Behavior Detection. This component receives information about the actions of applications on your computer and provides this information to other components for more effective protection.
• Exploit Prevention. This component tracks executable files that are run by vulnerable applications. When there is an attempt to run an executable file from a vulnerable application that was not initiated by the user, Kaspersky Endpoint Security blocks this file from running.
• Host Intrusion Prevention. This component registers the actions of applications in the operating system and regulates application activity depending on the trust group of a particular application. A set of rules is specified for each group of applications. These rules regulate the access of applications to user data and to resources of the operating system. Such data includes user files in Documents folder, cookies, user activity log files and files, folders, and registry keys that contain settings and important information for the most frequently used applications.
• Remediation Engine. This component lets Kaspersky Endpoint Security roll back actions that have been performed by malware in the operating system.
• File Threat Protection. This component protects the file system of the computer from infection. The component starts immediately after Kaspersky Endpoint Security is launched; it continuously remains in computer RAM, and scans all files that are opened, saved, or started on the computer and on all connected storage devices. This component intercepts every attempt to access a file and scans the file for viruses and other threats.
• Web Threat Protection. This component scans traffic that arrives to the user computer via the HTTP and FTP protocols, and checks whether web addresses are malicious or phishing.
• Mail Threat Protection. This component scans incoming and outgoing email messages for viruses and other threats.
• Network Threat Protection. This component inspects inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Endpoint Security blocks network activity from the attacking computer.
• Firewall. This component protects data that is stored on the computer and blocks most possible threats to the operating system while the computer is connected to the Internet or to a local area network.
• BadUSB Attack Prevention. This component prevents infected USB devices emulating a keyboard from connecting to the computer.
• AMSI Protection. This component scans objects based on a request from third-party applications and notifies the requesting application about the scan result.

In addition to the real-time protection that the application components provide, we recommend that you regularly scan the computer for viruses and other threats. This helps to rule out the possibility of spreading malware that was not detected by protection components, for example, due to a low security level.

To keep computer protection up to date, you must update the databases and modules that the application uses. The application is updated automatically by default, but if necessary, you can update the databases and application modules manually.

The following tasks are provided in Kaspersky Endpoint Security:

• Integrity Check. Kaspersky Endpoint Security checks the application modules in the application installation folder for corruption or modifications. If an application module has an incorrect digital signature, the module is considered corrupt.
• Full Scan. Kaspersky Endpoint Security scans the operating system, including kernel memory, objects that are loaded at operation system startup, disk boot sectors, backup storage of the operating system, and all hard drives and removable drives.
• Custom Scan. Kaspersky Endpoint Security scans the objects that are selected by the user.
• Critical Areas Scan. Kaspersky Endpoint Security scans the kernel memory, objects that are loaded at operation system startup and disk boot sectors.
• Update. Kaspersky Endpoint Security downloads updated databases and application modules. Updating keeps the computer protected against the latest viruses and other threats.
• Last update rollback. Kaspersky Endpoint Security rolls back the last update of databases and modules. This lets you roll back the databases and application modules to their previous versions when necessary, for example, when the new database version contains an invalid signature that causes Kaspersky Endpoint Security to block a safe application.

Service functions of the application

Kaspersky Endpoint Security includes a number of service functions. Service functions are provided for keeping the application up to date, expand its functionality, and assist the user with operating the application.

• Reports. In the course of its operation, the application keeps a report on each application component. You can also use reports to track the results of completed tasks. The reports contain lists of events that occurred during Kaspersky Endpoint Security operation and all the operations that the application performs. In case of an incident, you can send reports to Kaspersky, where Technical Support specialists can look into the issue in more detail.
• Data storage. If the application detects infected files while scanning the computer for viruses and other threats, it blocks those files. Kaspersky Endpoint Security stores copies of disinfected and deleted files in Backup. Kaspersky Endpoint Security moves files that are not processed for any reason to the list of active threats. You can scan files, restore files to their original folders, and empty the data storage.
• Notification service. The notification service helps the user to track the events that influence the computer protection status and Kaspersky Endpoint Security operation. Notifications can be displayed on the screen or sent by email.
• Kaspersky Security Network. User participation in Kaspersky Security Network enhances efficiency of computer protection through real-time use of information on the reputation of files, web resources, and software received from users worldwide.
• License. Purchasing a license unlocks full application functionality, provides access to application database and module updates, and support by phone or via email on issues related to installation, configuration, and use of the application.
• Support. All registered users of Kaspersky Endpoint Security can contact Technical Support specialists for assistance. You can send a request to Kaspersky Technical Support through the Kaspersky CompanyAccount portal or call Technical Support by phone.

If the application returns errors or hangs up during operation, it may be restarted automatically.

If the application encounters recurring errors that cause the application to crash, the application performs the following operations:

1. Disables control and protection functions (encryption functionality remains enabled).
2. Notifies the user that the functions have been disabled.
3. Attempts to restore the application to a functional state after updating anti-virus databases or applying application module updates.