Checking the integrity of solution components
5 September 2024
ID 262066
Kaspersky Security solution components contain many different binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker may replace one or more solution modules or files with other modules or files containing malicious code. To prevent the replacement of solution modules and files, Kaspersky Security can check the integrity of solution files and modules. The solution scans files and modules for unauthorized changes or corruption. If a solution file or module has an incorrect checksum, it is considered corrupted.
The integrity of the files and modules of the following solution components is checked:
- Protection Server
- Integration Server
- Integration Server Console
- Light Agent for Linux (of the Kaspersky Endpoint Security for Linux application)
- MMC plug-in for managing the Protection Server
- MMC plug-in for managing Light Agent for Linux (Kaspersky Endpoint Security for Linux)
Special lists called manifest files are used to check the integrity of solution components. The manifest file for a solution component lists the files and modules whose integrity is critical for correct operation of the solution component. The manifest files are digitally signed and their integrity is checked as well.
The integrity of the components is checked using an integrity check tool.
To run the integrity check tool on the SVM and on the virtual machine with Light Agent for Linux installed, you need the root
account. An administrator account is required for running the integrity check tool for all other solution components.
For detailed information about checking the integrity of Light Agent for Linux and the Light Agent for Linux management MMC plug-in, see the Kaspersky Endpoint Security for Linux Help.
The integrity of the Protection Server, MMC plug-in for managing the Protection Server, Integration Server, and Integration Server Console is checked using integrity_check_tool
, an integrity checking utility.
The manifest files and utility for checking the integrity of the Protection Server, MMC plug-in for managing the Protection Server, Integration Server, and Integration Server Console are located at the following paths:
- Protection Server:
- Combined manifest file for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check.xml.
- Protection Server manifest file: /opt/kaspersky/la/config/integrity.xml.
- Network Agent for Linux manifest file: /opt/kaspersky/la/config/klnagent_integrity.xml.
- Integrity check tool for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check_tool.
- Integration Server:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check.xml.
- Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check_tool.exe.
- Integration Server Console:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check.xml.
- Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check_tool.exe.
- MMC plug-in for managing the Protection Server:
- Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check.xml.
- Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check_tool.exe.
To check the integrity of a solution component, execute one of the following commands to run the utility from the folder where the utility is located:
- In Windows operating system:
integrity_check_tool.exe -v[|--verify] -m[|--manifest] <
path to the manifest file
>
- In Linux operating system:
integrity_check_tool -v[|--verify] -m[|--manifest] <
path to the manifest file
>
where <
path to manifest file
>
is the full path to the manifest file of the component.
You can run the utility with the following optional settings:
-V
,--verbose
– display additional information about successfully checked files and modules. If this setting is not specified, only the check result (succeeded/failed), information about errors and general check statistics are displayed.-L
,--log-file <
file
>
, where<
file
>
is the name of the file where the events that occurred during the scan are logged. By default, the events are sent to the standard stdout stream.-l
,--log-level <0-1000>
, where<0-1000>
is the verbosity level for events. The default verbosity level is 0.
You can view the description of all available integrity check tool options in the tool options help. To do this, run the tool with the -h [--help]
setting.
The results of checking the integrity of solution components are displayed as follows:
SUCCEEDED
– integrity of the files and modules is confirmed (return code0
).FAILED
– integrity of the files is not confirmed (return code is other than0
).