Jump to content

Kaspersky Endpoint Security 11 for Windows v11.2.0.2254


l0gic
 Share

Recommended Posts

Kaspersky Endpoint Security 11 for Windows v11.2.0.2254

 

Spoiler
Kaspersky Endpoint Security for Windows 11

Kaspersky Endpoint Security for Windows (hereinafter also referred to as Kaspersky Endpoint Security) provides comprehensive computer protection against various types of threats, network and phishing attacks.

Each type of threat is handled by a dedicated component. Components can be enabled or disabled independently, and their settings can be configured.

The following application components are control components:

  • Application Control. This component keeps track of user attempts to start applications and regulates the startup of applications.
  • Device Control. This component lets you configure flexible access restrictions to data storage devices (such as hard drives, removable drives, and CD/DVD disks), data transmission equipment (such as modems), equipment that converts information (such as printers), or interfaces for connecting devices to computers (such as USB, Bluetooth).
  • Web Control. This component lets you set flexible restrictions on access to web resources for different user groups.
  • Adaptive Anomaly Control. This component monitors and controls potentially harmful actions that are not typical of the protected computer.

The operation of control components is based on the following rules:

The following application components are protection components:

  • Behavior Detection. This component receives information about the actions of applications on your computer and provides this information to other components for more effective protection.
  • Exploit Prevention. This component tracks executable files that are run by vulnerable applications. When there is an attempt to run an executable file from a vulnerable application that was not initiated by the user, Kaspersky Endpoint Security blocks this file from running.
  • Host Intrusion Prevention. This component registers the actions of applications in the operating system and regulates application activity depending on the trust group of a particular application. A set of rules is specified for each group of applications. These rules regulate the access of applications to user data and to resources of the operating system. Such data includes user files in Documents folder, cookies, user activity log files and files, folders, and registry keys that contain settings and important information for the most frequently used applications.
  • Remediation Engine. This component lets Kaspersky Endpoint Security roll back actions that have been performed by malware in the operating system.
  • File Threat Protection. This component protects the file system of the computer from infection. The component starts immediately after Kaspersky Endpoint Security is launched; it continuously remains in computer RAM, and scans all files that are opened, saved, or started on the computer and on all connected storage devices. This component intercepts every attempt to access a file and scans the file for viruses and other threats.
  • Web Threat Protection. This component scans traffic that arrives to the user computer via the HTTP and FTP protocols, and checks whether web addresses are malicious or phishing.
  • Mail Threat Protection. This component scans incoming and outgoing email messages for viruses and other threats.
  • Network Threat Protection. This component inspects inbound network traffic for activity that is typical of network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky Endpoint Security blocks network activity from the attacking computer.
  • Firewall. This component protects data that is stored on the computer and blocks most possible threats to the operating system while the computer is connected to the Internet or to a local area network. The component filters all network activity according to rules of two kinds: network rules for applications and network packet rules.
  • BadUSB Attack Prevention. This component prevents infected USB devices emulating a keyboard from connecting to the computer.
  • AMSI Protection Provider. This component scans objects based on a request from third-party applications and notifies the requesting application about the scan result.

In addition to the real-time protection that the application components provide, we recommend that you regularly scan the computer for viruses and other threats. This helps to rule out the possibility of spreading malware that was not detected by protection components, for example, due to a low security level.

To keep computer protection up to date, you must update the databases and modules that the application uses. The application is updated automatically by default, but if necessary, you can update the databases and application modules manually.

The following tasks are provided in Kaspersky Endpoint Security:

  • Integrity Check. Kaspersky Endpoint Security checks the application modules in the application installation folder for corruption or modifications. If an application module has an incorrect digital signature, the module is considered corrupt.
  • Full Scan. Kaspersky Endpoint Security scans the operating system, including kernel memory, objects that are loaded at operation system startup, disk boot sectors, backup storage of the operating system, and all hard drives and removable drives.
  • Custom Scan. Kaspersky Endpoint Security scans the objects that are selected by the user.
  • Critical Areas Scan. Kaspersky Endpoint Security scans the kernel memory, objects that are loaded at operation system startup and disk boot sectors.
  • Update. Kaspersky Endpoint Security downloads updated databases and application modules. Updating keeps the computer protected against the latest viruses and other threats.
  • Last update rollback. Kaspersky Endpoint Security rolls back the last update of databases and modules. This lets you roll back the databases and application modules to their previous versions when necessary, for example, when the new database version contains an invalid signature that causes Kaspersky Endpoint Security to block a safe application.

Remote administration through Kaspersky Security Center

Kaspersky Security Center makes it possible to remotely start and stop Kaspersky Endpoint Security on a client computer, manage tasks, configure application settings as well as perform file encryption and full disk encryption.

File encryption functionality lets you encrypt files and folders that are stored on local computer drives. The full disk encryption functionality allows encryption of hard drives and removable drives.

Service functions of the application

Kaspersky Endpoint Security includes a number of service functions. Service functions are provided for keeping the application up to date, expand its functionality, and assist the user with operating the application.

  • Reports. In the course of its operation, the application keeps a report on each application component. You can also use reports to track the results of completed tasks. The reports contain lists of events that occurred during Kaspersky Endpoint Security operation and all the operations that the application performs. In case of an incident, you can send reports to Kaspersky, where Technical Support specialists can look into the issue in more detail.
  • Data storage. If the application detects infected files while scanning the computer for viruses and other threats, it blocks those files. Kaspersky Endpoint Security stores copies of disinfected and deleted files in Backup. Kaspersky Endpoint Security moves files that are not processed for any reason to the list of active threats. You can scan files, restore files to their original folders, and empty the data storage.
  • Notification service. The notification service helps the user to track the events that influence the computer protection status and Kaspersky Endpoint Security operation. Notifications can be displayed on the screen or sent by email.
  • Kaspersky Security Network. User participation in Kaspersky Security Network enhances efficiency of computer protection through real-time use of information on the reputation of files, web resources, and software received from users worldwide.
  • License. Purchasing a license unlocks full application functionality, provides access to application database and module updates, and support by phone or via email on issues related to installation, configuration, and use of the application.
  • Support. All registered users of Kaspersky Endpoint Security can contact Technical Support specialists for assistance. You can send a request to Kaspersky Technical Support through the Kaspersky CompanyAccount portal or call Technical Support by phone.

If the application returns errors or hangs up during operation, it may be restarted automatically.

If the application encounters recurring errors that cause the application to crash, the application performs the following operations:

  1. Disables control and protection functions (encryption functionality remains enabled).
  2. Notifies the user that the functions have been disabled.
  3. Attempts to restore the application to a functional state after updating anti-virus databases or applying application module updates.

The application receives information on recurring crash-inducing errors using special-purpose algorithms developed by Kaspersky experts. This information is required for application recovery.

 

 

What's new:

Kaspersky Endpoint Security for Windows 11.2.0 offers the following features and improvements:

    Support for operating systems:
        Support for Windows 10 operating system version 1909 (19H2).
        The settings for Kaspersky Endpoint Security for Windows 11.2.0 can now be saved when upgrading Windows 7 / 8 / 8.1 to Windows 10. No additional configuration of the application is required after upgrading the operating system.
        Support for AM-PPL (Antimalware Protected Process Light) technology for the Windows Server 2019 operating system. Support was previously added for AM-PPL technology for Windows 10 version 1703 (RS2) or later operating systems. AM-PPL technology protects services of Kaspersky Endpoint Security against malicious actions. AM-PPL technology is enabled by default. You can turn off the technology by using setup.ini file. For more details about AM-PPL technology, please visit the Microsoft website.
        It is no longer necessary to decrypt hard drives when upgrading the Windows 10 operating system through WSUS (Windows Server Update Services) on computers that are protected by Kaspersky Disk Encryption technology. This feature is available for Windows 10 version 1607 (RS1) or later. Before upgrading earlier versions of the operating system, you need to first decrypt the data, upgrade the operating system, and then encrypt the data again.
    Support for Kaspersky Sandbox. Kaspersky Sandbox is a solution for detecting sophisticated threats. Kaspersky Sandbox runs suspicious objects on a virtual machine and analyzes their behavior. To start working with Kaspersky Sandbox, you need to install the Endpoint Agent component. The Endpoint Agent component is displayed separately in the list of installed applications of the operating system. For detailed information on the operation of Kaspersky Sandbox, please refer to Kaspersky Sandbox Help.
    Capability to use a task to delete data on users' computers. The task allows you to delete data in the following modes: immediate data deletion and delayed data deletion. In immediate data deletion mode, you can, for example, delete outdated data to free up disk space. In delayed deletion mode, you can, for example, protect data on a laptop in case of loss or theft. To do so, you can configure automatic data deletion if the laptop goes outside the boundaries of the corporate network and has not been synchronized with Kaspersky Security Center in a long time. To delete data on users' computers, you need to create and run a special task of Kaspersky Endpoint Security.
    Support for managing the application through the REST API. Using a third-party REST client, you can configure the settings of Kaspersky Endpoint Security, run a virus scan, update anti-virus databases, and perform other actions. To get started with the REST API, you need to enable the REST service when installing or upgrading the application. You can enable the REST service by using setup.ini file.
    Device Control:
        Notifications have been optimized for CD/DVD drives. Device Control does not display notifications if there is no disc in the CD/DVD drive or a disk image is not mounted for the virtual drive.
        Anti-Bridging settings are highlighted in a separate Device Control block. You can use a separate "lock" attribute to prohibit changes in the Anti-Bridging settings block in the child policies and local settings of the application.
    Other improvements:
        There is now the capability to monitor user activity on the Internet (Web Control). Kaspersky Endpoint Security logs data on user visits to all websites, including allowed websites. This enables you to obtain the complete history of browser views. To enable logging of events for visits to allowed websites in Kaspersky Endpoint Security, you need to configure Web Control.
        User access to application uninstallation, modification, and recovery operations (Password Protection) has been optimized. These operations are available not only to the KLAdmin user, but also to other users, including the Everyone group. Access to other application functions has also been optimized.
        There is now the capability to change the length of the encryption key (AES56 / AES256) through a Kaspersky Endpoint Security upgrade. However, there are limitations on changing the length of the encryption key through an application upgrade.

 

 

Release date: 11 November 2019
 
 
 
 
Edited by l0gic
Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...