Commercial release of Kaspersky Endpoint Security 11 for Linux (version 22.214.171.12406)
Kaspersky Endpoint Security 11 for Linux was released on January 16, 2020. The full version number is 126.96.36.19906.
Kaspersky Endpoint Security 11 for Linux is designed to provide anti-virus protection for file servers and workstations running Linux operating systems.
Kaspersky Endpoint Security 11 for Linux can:
- Protect the file system against malicious code in real time: intercept file access requests, analyze them, and disinfect or delete infected objects.
- Scan objects on demand: search for infected and probably infected files within the defined scan scopes, analyze files, and disinfect or delete infected objects.
- Create copies of infected objects in Storage before disinfection or deletion for the purpose of possible recovery of objects that contain valuable information.
- Update anti-virus databases: anti-virus database updates are provided by Kaspersky update servers or the Kaspersky Security Center Administration Server, and it is also possible to configure Kaspersky Endpoint Security 11 for Linux to update the databases from a local folder.
- Monitor integrity of the specified files and receive notifications about changes. System_Integrity_Monitoring task can be performed in real-time monitoring mode, and in on-demand scan mode.
- Manage an operating system firewall and, if necessary, restore a set of the firewall rules that was changed.
- Protect files in the local directories with network access by SMB / NFS protocols from remote malicious encrypting.
- Allow non-root users to manage basic application functions by using the localized graphical user interface (GUI).
- Manage the application and configure its settings via administration utility from the command line and remotely via Kaspersky Security Center and Kaspersky Security Center 12 Web Console.
- On March 18, 2020 we have implemented the feature for managing devices with Kaspersky Endpoint Security 11 for Linux installed through Kaspersky Security Center Cloud Console and uploaded new installation files.
- Managing devices with Kaspersky Endpoint Security 11 for Linux installed via Kaspersky Security Center Hosted is now supported.
- Managing user access to installed or connected devices by device type and connection buses is now supported (Device_Control task).
- Implemented the tracking of activities that are typical for network attacks in the incoming traffic (Network_Threat_Protection task).
- Removable drives can now be scanned (Removable_Drives_Scan task).
- You can now obtain data on actions of applications on the user computer (Behavior_Detection task).
- You can now scan incoming HTTP/HTTPS and FTP traffic of the user computer, and detect phishing and malicious web addresses (Web_Threat_Protection task).
- Implemented name spaces and Docker containers scanning in monitoring mode and the ability to specify the action to apply to a Docker container when a malicious object is detected (global application settings).
- Implemented the on-demand scan of Docker containers and images (Container_Scan task).
- The role-based model for managing the application has been changed. There are now three system groups of roles: Administrator, User, and Auditor. If a role was not assigned to the user, the user is placed into the group with no privileges. Administrator has root privileges. Other roles have limited privileges for managing the application settings and viewing reports.
- Changes in task names:
- File_Monitoring was renamed to File_Threat_Protection
- Integrity_Monitoring was renamed to System_Integrity_Monitoring
- Firewall_Manager was renamed to Firewall_Management
- The anti-virus databases retranslate task (Retranslate) was deleted. The databases retranslate function is available via Kaspersky Update Utility.
- You can now scan the kernel memory with Memory_Scan task.
- The suspend-task/resume-task functions are no longer available for Update tasks.
- It is now possible to specify the priority of custom and on-demand scan tasks, including the Container_Scan tasks.
- It is now possible to automatically add dynamic rules for Network Agent (nagent) to packet rules of the Firewall_Management task.
- You can now enable the file block option during the scan. When enabled, no action on detection of object for file interceptors (Removable_Drives_Scan, File_Threat_Protection, Anti_Cryptor) will be applied. The application will only log the object detection event. The Skip option is no longer available in the File_Threat_Protection settings.
- Possible and default values of trace file settings were changed (maximum number of entries in the file and maximum file size).
- kesl-supervisor was renamed to kesl.
- Information on initiator was added to all events.
- Сure action was renamed to Disinfect.
- You can now specify the list of device masks to be scanned by the Boot_Scan task.
- Updated the list of supported operating systems.
For 32-bit operating systems:
- For systems using RPM:
rpm -i kesl-11.0.0-2706.i386.rpm
rpm -i klnagent-12.0.1-45.i386.rpm
- For systems using dpkg:
dpkg -i kesl_11.0.0-2706_i386.deb
dpkg -i klnagent_12.0.1-45_i386.deb
For 64-bit operating systems:
- For systems using RPM:
rpm -i kesl-11.0.0-2706.x86_64.rpm
rpm -i klnagent64-12.0.0-45.x86_64.rpm
- For systems using dpkg:
dpkg -i kesl_11.0.0-2706_amd64.deb
dpkg -i klnagent64_12.0.0-45_amd64.deb
After updating, Kaspersky Endpoint Security 11 for Linux is started, even if it was stopped before the update process.
Known issues and solutions
- Anti-Cryptor works with SMB1, SMB2, SMB3, and NFS3 protocols.
- If you disable Kaspersky Endpoint Security 11 for Linux in operating systems of the Red Hat® Enterprise Linux® 7.3 family when working with NFS4, the product might not actually be disabled. Possible solution: Configure the network partitions to use NFS3.
- If Kaspersky Endpoint Security 11 for Linux is running in operating systems of the Red Hat® Enterprise Linux® 7.2 family, files larger than 2 GB may be blocked. Possible solution: Upgrade the operating system to Red Hat® Enterprise Linux® 7.3 and later.
- If Kaspersky Endpoint Security 11 for Linux is running in operating systems of the Red Hat® Enterprise Linux® 7 family and CIFS (SMB1) is being used, files on remote network partitions may take a long time to be created. Possible solution: Switch to SMB2 protocol and disable CIFS oplock.
- If a network connection is disrupted while remote network partitions are being actively used simultaneously, the operating system may be slowed down by delays.
- When using the scan-file command, it may be impossible to scan a file whose name is not specified in the encoding of the operating system. Possible solution: Change the file name or configure a scan of the entire folder, or use the standard ODS task.
- The application might not process files in virtual pseudo file systems. Possible solution: Use the mount command to connect network or local partitions.
- In the Mageia 4 operating system, a remote installation of the Kaspersky Security Center package klnagent\kesl via SSH protocol does not work. Possible solution: Remove the "Defaults requiretty" setting from the configuration file /etc/sudoers.
- In the Red Hat® Enterprise Linux® 8 operating system, if firewall blocks the SMB protocol, the errors are possible when unloading the application or stopping the OAS task. Possible solution: Remove the block of the SMB protocol for the mounted SMB partition.
- When using Docker container system, the threats inside the containers may not be intercepted immediately.
- When changing the SizeLimit setting from the command line, the current value does not change until the application restart. Possible solution: restart the application after changing this setting.
- The klnagent-astra package cannot be removed by Kaspersky Security Center tools. Possible solution: remove the package manually from the command line.
- In the Red Hat® Enterprise Linux® 8 operating system, firewall is managed through the iptables-legacy package. Possible solution: do not use nftables to manage the firewall rules.
- When using Docker container system, the application Storage will contain only one instance of the malicious object for the containers started from one image.
- The Device_Control task does not block the floppy disks connected via the ISA bus.
- When changing the user role from "admin" to "user" and backwards, the new role will not be assigned until GUI is restarted. Restart the GUI to assign a new role.
- If during the scanning of files in Docker containers with the File Threat Protection (File_Threat_Protection) enabled, an infected file located in the same path in two containers is detected, the application blocks the infected file in both containers, but the additional action (ContainerScanAction=StopContainer) will be applied only to one of these containers.
- If an on-demand scan task schedule is configured to run each month (Monthly) and a number greater than 12 is specified, desynchronization occurs, and the Network Agent may not work for some time. This issue remains while the Kaspersky Security Center task with specified schedule exists.