Kaspersky Embedded Systems Security 3.x

Other limitations

10 March 2023

ID 161823

Limitations of On-Demand Scan and Real-Time File Protection:

  • Scanning of connected MTP-devices is not available.
  • Archive scanning is unavailable without SFX-archive scanning: if archive scanning is enabled in the protection settings of Kaspersky Embedded Systems Security, the application automatically scans objects in both archives and SFX-archives. SFX-archive scanning is available without archive scanning.
  • If Deeper analysis of launching processes (process launch is blocked until the analysis ends) checkbox and KSN Usage service are enabled simultaneously, any launched process that receives URL web-address as an argument will be blocked, even if Only Statistics mode was chosen. To avoid blocking the process, please choose one of the options:
    • Disable KSN Usage service
    • Disable Deeper analysis of launching processes (process launch is blocked until the analysis ends) checkbox

    Recommended option: Disable Deeper analysis of launching processes checkbox


  • You cannot activate the application with a key via the Setup wizard if the key was created using the SUBST command, or if the path to the key file is a network path.
  • If you plan to use Kaspersky Security Center proxy server to activate the product on a client device, disable VDI optimization on this device when installing Kaspersky Security Center Network Agent.


  • By default, the application icon is hidden after Kaspersky Embedded Systems Security critical modules updates are installed.
  • KLRAMDISK is not supported on protected devices running the Windows XP or Windows Server® 2003 operating system.


  • In the Application Console, filtering in the Quarantine, Backup, System audit log or Task log is case sensitive.
  • When configuring a protection or scan scope in the Application Console, you can use only one mask and only at the end of the path. Following are the examples of correct masks: "C:\Temp\Temp*", or "C:\Temp\Temp???.doc", and "C:\Temp\Temp*.doc". This limitation does not affect configuration of the Trusted Zone.


  • If the operating system’s User Account Control feature is enabled, a user account must be part of the KAVWSEE Administrators group to open the Application Console with a double-click on the application icon in the tray notification area. Otherwise, it will be necessary to login as a user who is allowed to open the Compact Diagnostic Interface or Microsoft Management Console snap-in.
  • If User Account Control is enabled, you cannot uninstall the application via the Microsoft Windows Programs and Features window.

Integration with Kaspersky Security Center:

  • When update packages are received, Administration Server verifies database updates before sending the updates to protected devices on the network. Administration Server does not verify software module updates.
  • Make sure that the required check boxes are selected in the Interaction with the Administration Server settings when you use the components that transmit dynamic data to Kaspersky Security Center using network lists (Quarantine, Backup).

Exploit prevention:

  • Exploit Prevention is unavailable if the apphelp.dll libraries are not loaded in the current environment configuration.
  • The Exploit Prevention component is incompatible with Microsoft’s EMET utility on protected devices running the Microsoft Windows 10 operating system: Kaspersky Embedded Systems Security blocks EMET, if the Exploit Prevention component is being installed on a protected device with EMET installed.
  • Exploit Prevention component is incompatible with SQL Server® 2012 Database Engine. If you install Kaspersky Embedded Systems Security on the computer with installed MS SQL Server 2012, you must add the sqlos.dll library of the database server to the list of exclusions in the Exploit Prevention task.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.