About the Wi-Fi Control Task
3 August 2023
ID 151178
When the Wi-Fi Control task runs, Kaspersky Industrial CyberSecurity for Nodes monitors the protected device's attempts to connect to Wi-Fi networks and blocks or allows connections to detected Wi-Fi networks. The Wi-Fi Control task is based on the Default Deny principle, which implies automatically blocking connections to any Wi-Fi network not allowed in the task settings.
The Wi-Fi Control task can operate in two modes:
- Active. Kaspersky Industrial CyberSecurity for Nodes controls connections to Wi-Fi networks in accordance with the specified task settings. If the list of trusted Wi-Fi networks is applied in the task, then the application blocks connections to all Wi-Fi networks, except those indicated in the list. If the list of trusted Wi-Fi networks is not applied in the task, then the application blocks connections to all Wi-Fi networks.
When running the task in the Active mode, Kaspersky Industrial CyberSecurity for Nodes blocks all current connections to Wi-Fi networks, unless the used networks have not been added to the list of trusted Wi-Fi networks.
- Notify Only. Kaspersky Industrial CyberSecurity for Nodes does not block connections to Wi-Fi networks. Instead, in the task log it only records information about connections to available Wi-Fi networks and the application's possible response to connection attempts. Connection to all Wi-Fi networks is allowed.
This mode is set by default.
You can use this mode to subsequently generate a list of trusted Wi-Fi networks on the basis of information recorded in the task log.
The Wi-Fi Control task can be started on computers running operating systems with the Wireless LAN Service feature installed and its WLAN Autoconfig (wlansvc) service started. The Wi-Fi Control task is not available without reconfiguring settings on operating systems that do not include wlansvc as a pre-installed service:
- Microsoft Windows XP - The wlanapi.dll file should be available and the wzcsvc service must be installed and started before the Wi-Fi Control task is started.
- Microsoft Windows Server 2003 - The wlanapi.dll file should be available and the wzcsvc service must be installed and started before the Wi-Fi Control task is started.
- Microsoft Windows Server 2003R2 - The wlanapi.dll file should be available and the wzcsvc service must be installed and started before the Wi-Fi Control task is started.
- Microsoft Windows Server 2008 - The wlansvc service is missing and must be installed and started before the Wi-Fi Control task is started.
- Microsoft Windows Server 2008 R2 - The wlansvc service is missing and must be installed and started before the Wi-Fi Control task is started.
- Microsoft Windows Server 2012 R2 - The wlansvc service is missing and must be installed and started before the Wi-Fi Control task is started.
The protected device must be restarted to install the wlansvc service on a protected device running Microsoft Windows Server 2012 R2.
- Microsoft Windows Server 2016 - The wlansvc service is missing and must be installed before the Wi-Fi Control task is started.
Kaspersky Industrial CyberSecurity for Nodes automatically checks for the presence of the wlansvc service in the operating system during installation and removes the Wi-Fi Control component from the recommended installation list if the wlansvc service is not detected. In this case, you can still select the Wi-Fi Control component in the custom installation list: you will not be able to start the Wi-Fi Control task until the Wireless LAN Service feature is installed and its WLAN Autoconfig (wlansvc) service started.