About Kaspersky Security for Windows Server

Kaspersky Security for Windows Server protects servers running Microsoft® Windows® operating systems (hereinafter also referred to as protected devices) and network attached storages against viruses and other computer security threats which servers and network attached storages are exposed to while exchanging files. Kaspersky Security for Windows Server is designed for use on local area networks of medium to large organizations. Kaspersky Security for Windows Server users are corporate network administrators and specialists responsible for anti-virus protection of the corporate network.

You can install Kaspersky Security for Windows Server on servers with the following roles:

• Active Directory® Certificate Services
• Active Directory Domain Services
• Active Directory Federation Services
• Active Directory Lightweight Directory Services
• Active Directory Rights Management Services
• Device Health Attestation
• DHCP Server
• DNS Server
• Fax Server
• File and Storage Services
• Host Guardian Services
• Hyper-V®
• Network Controller
• Network Policy and Access Services
• Print and Document Services
• Remote Access
• Remote Desktop Services
• Volume Activation Services
• Web Server (IIS)
• Windows Deployment Services
• Windows Server® Update Services

Kaspersky Security for Windows Server can be managed in the following ways:

• Via the Application Console installed on the same device as Kaspersky Security for Windows Server or on a different device.
• Using commands in the command line.
• Via Kaspersky Security Center Administration Console.

The Kaspersky Security Center application can also be used for centralized administration of multiple devices running Kaspersky Security for Windows Server.

You can review Kaspersky Security for Windows Server performance counters for the "System Monitor" application, as well as SNMP counters and traps.

An update or upgrade of supported Microsoft Windows operating systems does not affect the functionality of Kaspersky Security for Windows Server.

Kaspersky Security for Windows Server components and functions

The application includes the following components:

• Real-Time File Protection. Kaspersky Security for Windows Server scans objects when they are accessed. Kaspersky Security for Windows Server scans the following objects:
  • Files
  • Alternate file system streams (NTFS streams)
  • Master boot record and boot sectors on local hard drives and removable drives
  • Windows Server 2016 and Windows Server 2019 container files
• On-Demand Scan. Kaspersky Security for Windows Server runs a single scan of the specified area for viruses and other computer security threats. The application scans files, RAM, and startup objects on a protected device.
• RPC Network Storage Protection and ICAP Network Storage Protection. Kaspersky Security for Windows Server installed on a device running a Microsoft Windows operating system protects network attached storages against viruses and other security threats that infiltrate the device through file exchange.
• Applications Launch Control. This component tracks users' attempts to launch application and controls application launches.
• Device Control. This component controls registration and use of external devices in order to protect the device against security threats that may arise while exchanging files with USB-connected flash drives or other types of external device.
• Anti-Cryptor and Anti-Cryptor for NetApp. These components protect shared folders on devices and network attached storages from malicious encryption by blocking hosts that show malicious activity.
• Script Monitoring. This component controls the execution of scripts created using Microsoft Windows scripting technologies.
• Traffic Security. This component intercepts and scans objects transferred through web traffic (including mail) to detect known computer and other threats on the protected device.
• Firewall Management. This component provides the ability to manage the Windows Firewall: configure settings and the operating system's firewall rules and block any external attempts to configure the firewall.
• File Integrity Monitor. Kaspersky Security for Windows Server detects changes in files within the monitoring scopes specified in the task settings. These changes may indicate a security breach on the protected device.
• Network Threat Protection. This component scans inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Security for Windows Server blocks network activity from the attacking computer.
• Log Inspection. This component monitors the integrity of the protected environment based on the results of an inspection of Windows event logs.

The following functions are implemented in the application:

• Database Update and Software Modules Update. Kaspersky Security for Windows Server downloads updates of application databases and modules from Kaspersky's FTP or HTTP update servers, Kaspersky Security Center Administration Server, or other update sources.
• Quarantine. Kaspersky Security for Windows Server quarantines probably infected objects by moving such objects from their original location to the Quarantine folder. For security purposes, objects in the Quarantine folder are stored in encrypted form.
• Backup. Kaspersky Security for Windows Server stores encrypted copies of objects classified as Infected in Backup before disinfecting or deleting them.
• Administrator and user notifications. You can configure the application to notify the protected device's administrator and users about events related to the operation of Kaspersky Security for Windows Server and the status of anti-virus protection on the device.
• Importing and exporting settings. You can export Kaspersky Security for Windows Server settings to an XML configuration file and import settings into Kaspersky Security for Windows Server from the configuration file. You can save all application settings or only settings for individual components to a configuration file.
• Applying templates. You can manually configure a node's security settings in the tree or list of the device's file resources, and save the configured setting values as a template. This template can then be used to configure the security settings of other nodes in Kaspersky Security for Windows Server protection and scan tasks.
• Managing access permissions for Kaspersky Security for Windows Server functions. You can configure the rights to manage Kaspersky Security for Windows Server and the Windows services registered by the application, for users and groups of users.
• Writing events to the application event log. Kaspersky Security for Windows Server logs information about software component settings, the current status of tasks, events that occur while tasks run, events associated with Kaspersky Security for Windows Server management, and information required to diagnose errors in Kaspersky Security for Windows Server.
• Hierarchical storage. Kaspersky Security for Windows Server can operate in hierarchical storage management mode (to work with HSM systems). HSM systems allow data to be relocated between fast local drives and slow long-term mass storage devices.
• Trusted Zone. You can generate a list of exclusions from the protection or scan scope, that Kaspersky Security for Windows Server will apply in the On-Demand and Real-Time Server Protection tasks.
• Exploit Prevention. You can protect process memory from exploits using an Agent injected into the process.
• Blocked Hosts storage. You can block remote hosts that try to access the device's shared folders if they exhibit any malicious activity.