Kaspersky Security Center 11 (version 11.0.0.1131): commercial release
Kaspersky Security Center 11 version 11.0.0.1131 was released on March 14, 2019.
Kaspersky Security Center is a single administration console for controlling all Kaspersky Lab security solutions and system administration tools that you use. It makes every endpoint and device on your network more visible, simplifies IT administration tasks, and helps to reduce operating costs and increase productivity.
This application version can be used both for initial installation of Kaspersky Security Center 11 and for upgrades of earlier versions.
What’s new
Kaspersky Security Center 11 Web Console
Kaspersky Security Center 11 Web Console is a web app that only requires a web browser. Kaspersky Security Center 11 Web Console is available for touchscreen devices and has a broader functional scope compared to Kaspersky Security Center 10 Web Console.
- The grouping of reports by topic has been implemented in Kaspersky Security Center 11 Web Console.
- The effective settings are always displayed in the device properties (that is, settings with policies and policy profiles applied). In the properties of each device, the time of delivery to the device is displayed for the last change of policies / policy profiles.
- During Kaspersky Security Center 11 installation, Microsoft Management Console-based Administration Console is also installed, as well as Kaspersky Security Center 11 Web Console. You can also install Kaspersky Security Center 11 Web Console later on a specially assigned device.
Performance
- Increased the number of client devices supported by a single distribution point up to 10 000. If you want to rearrange your network and use a client device as a distribution point for as many as 10 000 devices, please make sure that the device meets the hardware requirements.
- Enhanced the performance of KSN Proxy and Administration Server. If you want to benefit from the new features of Administration Server, please make sure that your Server meets the hardware requirements.
Updates
- Implemented the download of differential files instead of downloading full update packages. The "Download diff files" option allows Administration Server and distribution points to save in a shared folder differential files of updates for Kaspersky Lab databases and software modules. This option can be useful if you manage a significant pool of client devices and seek ways of saving traffic within your network: only differential portions will be downloaded by distribution points and distributed among client devices. This would considerably reduce the traffic rates between Administration Server, distribution points, and client devices.
- If the offline model of update download is enabled in the settings of the same Network Agent instance, the feature becomes inefficient.
Integration
- Implemented and documented a new integration of Kaspersky Security Center with an application programming interface (API), namely, OpenAPI.
- The kscopenapi.chm file is now included in the distribution package. This file provides the description of the API. This description can be used for integration of other applications with Kaspersky Security Center 11.
Ease of use
- Improved the selection of columns in report properties. The Details and Summary sections in report properties now display a list of all available columns while columns that have already been selected to display in the report are flagged at that.
- Implemented a general list of subnets. The list has {display name, note, IPv4 address, subnet mask} format, where the {IPv4 address, subnet mask} pair acts as the ID. You can use this list to select subnets when configuring the traffic limit and configuring network level authentication (NLA), without specifying the subnet manually each time.
- Improved the diagnostics of errors that caused interruptions of connection between Administration Console and Administration Server. The interruption cause is specified in the corresponding error message at each interruption.
- Improved the password strength check. The rules that must be adhered to when creating a password are displayed in the input window; the administrator thus can create the password knowing in advance which symbols it must contain. A password that lacks strength remains highlighted when typed.
- The status of a device is updated automatically after you close the device settings window.
- Added the capability of copying the automatic moving rules for devices. When copied, a new rule automatically takes the Disabled status and is placed at the bottom of the list of automatic moving rules.
Troubleshooting
Implemented advanced diagnostics in the settings of the Windows updates installation task. The "Enable advanced diagnostics" check box is cleared by default; if you select the check box, Network Agent writes traces to files in the %WINDIR%\Temp folder during the task run. The files are available for download through the remote diagnostics utility. This utility also allows you to delete these files.
Sizing
- Visibility of devices in the hierarchy of Kaspersky Security Center 11 Administration Servers has been improved. If the network has more than one Administration Server installed, these Administration Servers may see the same client devices. This may cause, for example, an application to be installed remotely on the same client device multiple times through different Administration Servers, or other conflicts. To avoid such issues, prohibition of application installation on a device managed through a different Administration Server has been implemented in Kaspersky Security Center 11.
- Roles of role-based access control (RBAC) type are now supported in the hierarchy of Administration Servers. All roles assigned on the primary Administration Server can be used on secondary Administration Servers. This option is disabled by default. You can enable it by selecting the "Relay list of roles to secondary Administration Servers" check box in the "Roles” section of the Administration Server properties window. If the "Relay list of roles to secondary Administration Servers" option is enabled, adding a role (or modifying one) on the primary Administration Server results in the same changes applied on the secondary Administration Servers. You can disable this option at any time. In this case, the roles are saved on the secondary Administration Servers but changes made on the primary Administration Server will not be distributed to the secondary Administration Servers any longer. You can use this option if the organization’s network includes at least one secondary Administration Server.
- Added the following new preset roles to Kaspersky Security Center 11: Auditor, Supervisor, and Security Officer. By default, these roles are not assigned to any users. You can assign them manually.
- Implemented the stand-alone KSN proxy server. KSN Proxy is now part of Network Agent. If a client device acts as a connection gateway, you can configure it so that it also act as the KSN proxy server, even if the device is located in an isolated segment of the network. You can use a connection gateway as the KSN proxy server if, for example, it is connected to the Administration Server through a virtual private network (VPN) but no Internet connection is currently maintained. To do this, select the "Enable KSN Proxy on distribution point side" check box in the "KSN Proxy" section of the properties window of the managed device. You can use this feature only if the KSN proxy server is enabled.
Reports
- Added the report on threats detected on client devices. The report shows information about which protection component detected a threat.
- Expanded the report on prohibited applications and report on prohibited applications in test mode. The reports show a list of blocked files, as well as the following information: number of blocks for the selected object and full path to the corresponding file. Implemented new reports on blocks of object runs that contain additional data fields.
- Added the report on the status of application components. This report shows the statuses of components (installed / not installed) on client devices regardless of whether a policy exists for these devices. The report provides the capability of specifying the filtering by any component and its status.
Vulnerability and Patch Management
- Added new fields to the description of a vulnerability: "Exploit found for this vulnerability" and "Threat found for this vulnerability". These fields display known exploits and threats that use this vulnerability. Information is only available if a Vulnerability and Patch Management license has been activated.
- Added the option for the administrator to restrict the client device users’ capability of installing Microsoft Windows updates on their own. The administrator can specify which updates can be installed by users, using the Network Agent policy: all (default option), those approved by the administrator, or none at all.
- Added the option for the administrator to view the list of updates and patches unrelated to client devices, that is, an update is listed only once if it meets the task rules for at least one target device. The list of updates displayed is based on the currently applied settings, not on the settings that have been modified but not yet taken effect after this modification.
- Added the "CVE" column to the vulnerabilities report.
- File duplication is eliminated, and therefore updates downloaded to a device take up half the space than with earlier versions of the application.
- Basic integration of security information and event management (SIEM) systems (using the Syslog protocol) is available without the commercial license. Even the basic functionality of Kaspersky Security Center 11 allows you to use the Syslog protocol for export of events to SIEM systems. If your organization uses a SIEM system, you can now export to this system any events that occur in Administration Server and other Kaspersky Lab applications installed on managed devices.
Other improvements
- Creation of new roles is now available without a dedicated license.
- Improved and expanded Online Help, which now includes information from all Kaspersky Security Center guides.
- Information about policies, tasks, and installation packages is now saved even after these objects are deleted.
- Added the "Device is out of disk space" reason for the Critical status. A device is now assigned the Critical status if synchronization with that device fails due to an error caused by lack of disk space, that is, if the amount of available disk space on the device is less than the specified minimum requirement (100 MB by default). The status changes to OK if these two conditions are met: 1) synchronization has completed successfully, 2) amount of available disk space reaches the minimum requirement.
- Additionally detailed the administrator rights. To run a report, you now need only the read permission in the "Reports management" area. A separate permissions area named "Management of administration groups" has been added to the "General features".
- The device properties display the Microsoft Windows 10 (Redstone) version. Added the capability of creating device selections based on this criterion.
- Implemented the protection against event overflows in the database. For batch events, a warning is displayed if delivery of such events to the Administration Server is enabled.
- Added an option to the Administration Server settings that allows you to call Private KSN directly, without using the proxy server settings.
- Removed the "Force downloading of the following types of updates" option from the properties of the "Download updates to the repository" task of Administration Server (particularly because users reported a negative experience when using the option of manual selection of the list of update types to download). The set of updates to download is now defined automatically.
Known limitations
Kaspersky Security Center 11
- Deployment of the Windows 10 (version 2004) operating system image using Kaspersky Security Center 10 through a PXE server is not supported.
- In Microsoft Windows XP, Network Agent may perform the following operations improperly: downloading updates directly from Kaspersky Lab servers (if Network Agent functions as the distribution point); acting as KSN proxy server (if Network Agent functions as the distribution point); detecting vulnerabilities in third-party applications (when using Vulnerability and Patch Management).
- The Administration Server certificate may contain symbol codes in the Subject field instead of a conventional device name.
- When creating a task of remote installation of applications on virtual machines in Microsoft Azure cloud environment, "IAM role” is prompted among other account options but this option cannot be used.
- If a remote installation task is run by using a distribution point with multicasting enabled and the network is under a light load, the task may return an error displayed as "Setup process error: Unknown error. (1)".
- The link in the Kaspersky Security Network window of the Administration Server Quick Start Wizard does not redirect to the Kaspersky Security Network description, redirecting to the main page of the Kaspersky Lab website.
- On the "Distribution of the database versions” chart, the "Up to date" and "Updated during last 24 hours” values are swapped.
- Administration Console may return error messages when running the Administration Server data backup task.
- Search across the Deleted objects list does not function in Administration Server.
- The status descriptions of mobile devices may update with a certain delay.
- The properties of a command sent to a mobile device may display incorrect information differing from information displayed in the list of commands.
Kaspersky Security Center 11 Web Console
- When going to the "Device discovery" section, the "Access denied" error message is displayed in the properties of the virtual Administration Server. Further operations are still possible after closing the error message.
- In the "Tasks" section, the list of tasks contains no information in the “Application" and "Task type" columns after you refresh the page.
- In the "Event selections" section, creation of an event selection fails if you click the "Reconfigure sorting and start" button and sort the columns.
- In the properties of the Network Agent installation package, on the Settings tab, in the Advanced section the Use Network Agent as connection gateway in DMZ option cannot be saved as selection if the user previously made any changes in the Connection section.
- In the task properties, on the Settings tab no changes made to the section can be saved.
- Some interface items may be displayed in English even if a different localization language is selected.
- In the settings of a task, if the account under which the task must be run is specified, this account is not copied when copying the task.
- In case Kaspersky Security Center 10 Web Console is already installed with the default settings on the device, and the new version of the Kaspersky Security Center 11 Web Console (with Kaspersky Security Center 11) has been installed on the same device, then, when a you launch Web Console, Kaspersky Security Center 10 Web Console starts. In order to launch Kaspersky Security Center 11 Web Console, you have to run the Kaspersky Security Center 11 Web Console installer again in the configuration mode and set up a port different from that assigned for the Kaspersky Security Center 10 Web Console.