What's new

New features in Kaspersky Security for Virtualization 5.0 Agentless include:

• Extended functionality of the Network Threat Detection component:
  • Kaspersky Security can still detect network attacks on protected virtual machines, and also detects suspicious network activity that may be a sign of an intrusion into the protected infrastructure.
  • You can now configure network threat protection exclusion rules that Kaspersky Security can use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic. When generating the scope of rules, the application takes into account whether or not the traffic is from a virtual LAN (VLAN).
  • There is now the capability to scan user-requested web addresses against databases of phishing web addresses.
• Application licensing capabilities have been expanded as follows:
  • There is a new licensing scheme based on the number of processors used on hypervisors on which protected virtual machines are running. The licensing scheme employs keys with a limitation on the number of processors. In accordance with the licensing restriction, the application is used to protect all virtual machines running on hypervisors that use a certain number of processors.
  • A new type of commercial license known as an enterprise license has been added. Application functionality that is available under a commercial license depends on the type of commercial license.
• There is now the capability to select a configuration for SVMs that will be deployed on hypervisors during registration of Kaspersky Security services. You can select an SVM configuration that is appropriate for the resources of your virtual infrastructure and your performance requirements.
• You can now select the traffic processing mode that determines the settings of the Network Threat Detection component. The component can operate in standard mode or in monitoring mode. When operating in monitoring mode, Kaspersky Security receives a copy of the traffic of virtual machines. When signs of intrusions or attempts to access malicious web addresses are detected, Kaspersky Security does not take any actions to prevent the threats but only relays information about the events to the Kaspersky Security Center Administration Server. You can select the traffic processing mode when registering the network protection service (Kaspersky Network Protection).
• There is now the capability to restrict access to settings of policies and tasks depending on the role of the user account in Kaspersky Security Center.
• The capabilities for scanning virtual machines have been expanded:
  • When performing scan tasks, Kaspersky Security can scan powered off virtual machines that have Linux operating systems with the following file systems: EXT2, EXT3, EXT4, XFS, BTRFS.
  • When performing scan tasks, Kaspersky Security can scan virtual machine templates.
• While powered off virtual machines are being scanned, Kaspersky Security selects Block action by default, when it detects infected files. This action matches the Choose action automatically option, when scanning powered off virtual machines.
• You can now create a policy for all KSC clusters. This policy defines the settings for protection of all virtual machines within the protected infrastructure of all KSC clusters, which means all virtual machines managed by all VMware vCenter servers.
• Now a default policy is automatically created after installation of the Kaspersky Security administration plug-in. Protection is disabled in the default policy, but the availability of this policy lets you use the following capabilities of Kaspersky Security Center immediately after SVM deployment and before you manually create a policy:
  • Display the list of protected virtual machines in KSC cluster properties.
  • Register events received from SVMs.
  • Display information about the virtual machines whose protection involves the use of a key in a key report, if the application is activated.
  • Display information about protected virtual machines in a protection status report.
• There is now the capability to view a list of virtual machines that are under the protection of each specific SVM.
• There is now the capability to view statistics on the most frequently scanned files. These statistics can be useful when analyzing the load on SVMs.
• Capabilities have been expanded for SNMP monitoring of the status of SVMs:
  • You can now receive information about the status of SVMs with the Network Threat Detection component.
  • There is now the capability to generate a list of IP addresses to which the SNMP Agent relays SVM status information to prevent unauthorized access to the SNMP service.
• There is no support for installation and operation of application components in an infrastructure managed by a VMware vCenter Server and VMware vShield Manager.