Support

Support for business applications

Kaspersky Embedded Systems Security 3.x

Installing and removing the application

System changes after Kaspersky Embedded Systems Security installation

Kaspersky Embedded Systems Security 3.x
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

System changes after Kaspersky Embedded Systems Security installation

March 10, 2023

ID 147612

Save as PDF

When Kaspersky Embedded Systems Security and the set of "Administration Tools" (including the Application Console) are installed together, the Windows Installer service will make the following modifications on the protected device:

  • Kaspersky Embedded Systems Security folders are created on the protected device and on the protected device where the Application Console is installed.
  • Kaspersky Embedded Systems Security services are registered.
  • Kaspersky Embedded Systems Security user group is created.
  • Kaspersky Embedded Systems Security keys are registered in the system registry.

These changes are described below.

Kaspersky Embedded Systems Security folders on a protected device

When Kaspersky Embedded Systems Security is installed, the following folders are created on a protected device:

  • Kaspersky Embedded Systems Security default installation folder containing the Kaspersky Embedded Systems Security executable files depend on the operating system bit set. Therefore, the default installation folders are as follows:
    • On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Embedded Systems Security
    • On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Embedded Systems Security
  • Management Information Base (MIB) files containing a description of the counters and hooks published by Kaspersky Embedded Systems Security via the SNMP protocol:
    • %Kaspersky Embedded Systems Security%\mibs
  • 64-bit versions of Kaspersky Embedded Systems Security executable files (this folder will be created only during installation of Kaspersky Embedded Systems Security on the 64-bit version of Microsoft Windows):
    • %Kaspersky Embedded Systems Security%\x64
  • Kaspersky Embedded Systems Security service files:
    • %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Data
    • %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Settings
    • %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Dskm

    For Windows XP the path to the Kaspersky Lab folder is %ALLUSERSPROFILE%\Application Data

  • Files with settings for update sources:

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Update

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Update

  • Updates of databases and software modules downloaded using the Copying Updates task (the folder will be created the first time updates are downloaded using the Copying Updates task).

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Update\Distribution

  • Task logs and system audit log.

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Reports

  • Set of databases currently in use.

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Bases\Current

  • Backup copies of databases; they are overwritten each time the databases are updated.

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Bases\Backup

  • Temporary files created during execution of update tasks.

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Bases\Temp

  • Quarantined objects (default folder).

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Quarantine

  • Objects in backup (default folder).

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Backup

  • Objects restored from backup and quarantine (default folder for restored objects).

    %ProgramData%\Kaspersky Lab\Kaspersky Embedded Systems Security\3.2\Restored

Folder created during installation of Application Console

The Application Console default installation folders containing the "Administration Tools" files depend on the operating system bit set. Therefore, the default installation folders are as follows:

  • On the 32-bit version of Microsoft Windows: %ProgramFiles%\Kaspersky Lab\Kaspersky Embedded Systems Security Admins Tools
  • On the 64-bit version of Microsoft Windows: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Embedded Systems Security Admins Tools

Kaspersky Embedded Systems Security services

The following Kaspersky Embedded Systems Security services start using the local system (SYSTEM) account:

  • Kaspersky Security Service (KAVFS) – essential Kaspersky Embedded Systems Security service that manages Kaspersky Embedded Systems Security tasks and workflows.
  • Kaspersky Security Management Service (KAVFSGT) – this service is intended for Kaspersky Embedded Systems Security application management through the Application Console.
  • Kaspersky Security Exploit Prevention Service (KAVFSSLP)– a service that acts as an intermediary to communicate security settings to external security agents, and to receive data about security events.

Kaspersky Embedded Systems Security group

ESS Administrators is a group on the protected device, which users have full access to the Kaspersky Security Management Service and to all Kaspersky Embedded Systems Security functions.

System registry keys

When Kaspersky Embedded Systems Security is installed, the following system registry keys are created:

  • Properties of the Kaspersky Embedded Systems Security: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFS]
  • Kaspersky Embedded Systems Security event log settings (Kaspersky Event Log): [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Security]
  • Properties of the Kaspersky Embedded Systems Security management service: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KAVFSGT]
  • Performance counter settings:
    • On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security\Performance]
    • On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kaspersky Security x64\Performance]
  • SNMP Protocol Support component settings:
    • On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.2\SnmpAgent]
    • On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.2\SnmpAgent]
  • Dump file settings:
    • On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.2\CrashDump]
    • On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.2\CrashDump]
  • Trace file settings:
    • On the 32-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.2\Trace]
    • On the 64-bit version of Microsoft Windows: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.2\Trace]
  • Configuration of the application's tasks and functions: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.2\Environment]

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.