Protection from changes to Kaspersky Embedded Systems Security for Windows registry keys
Kaspersky Embedded Systems Security for Windows restricts access to the following registry branches and keys, which facilitates loading of application drivers and services:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfs]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsgt]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsslp]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klam]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klelaml]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klfltdev]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klramdisk]
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.3\CrashDump]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.3] (on Microsoft Windows 64-bit)
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.3\Trace]
The rights to change these registry branches and keys are granted to Local System (SYSTEM) account only. User and Administrator accounts are granted read-only rights.
Protection from changes to the memory of program service parts
To protect program service parts from third-party processes, Kaspersky Embedded Systems Security for Windows drivers restrict access to the following executable files:
- kavfs.exe
- kavfswp.exe
- kavfswh.exe
- kavfsgt.exe
By default, access to the memory of Kaspersky Embedded Systems Security for Windows service parts is restricted for third-party processes.
You can enable the self-defense functions in the policy properties of Kaspersky Embedded Systems Security for Windows Console and Kaspersky Embedded Systems Security for Windows Administration Plug-in.
