Kaspersky Endpoint Security 12.0 for Linux

This intended audience of this Help are technical professionals responsible for installing and administering the Kaspersky Endpoint Security application, as well as supporting organizations that use Kaspersky Endpoint Security. This Help is intended for professionals who are familiar with operating systems and Linux, have mastered the basic techniques of managing them, and have experience using the Kaspersky Security Center remote centralized management system for Kaspersky applications.

Kaspersky Endpoint Security 12.0 for Linux ("Kaspersky Endpoint Security", "application") protects devices running Linux operating systems against various types of threats, including network and scam attacks. You can use Kaspersky Endpoint Security as part of Kaspersky Security for Virtualization Light Agent to protect virtual machines running Linux guest operating systems.

The application is not intended for use in industrial processes involving automated control systems. To protect devices in these systems, we recommend using Kaspersky Industrial CyberSecurity for Linux Nodes.

The application is used to:

• Scan objects in the file system both in real time using the File Threat Protection task and on demand using scan tasks. Including:
  • Scan file system objects located on local disks of your device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols.
  • Scan startup objects, boot sectors, process memory, and kernel memory.
  • Check removable drives when connected to your device.
  • Scan containers, images and namespaces, as well as use Kaspersky Endpoint Security as a container application (hereinafter referred to as KESL container).

    The KESL container functionality is not supported if Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments.

• Detect infected objects and neutralize threats detected in them.
  • Use application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
  • Use Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Endpoint Security to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.
  • Automatically select an action to neutralize the threat.
• Save backup copies of files before disinfection or deletion and restore files from backups.
• Protect files in local directories with network access via SMB / NFS from remote malicious encryption.
• Manage the operating system firewall and restore the set of firewall rules if they were changed.
• Analyze traffic sent to users' devices via HTTP / HTTPS and FTP and check if web addresses are malicious or phishing.
• Configure encrypted connections scan settings.
• Check incoming network traffic for activity typical of network attacks.
• Configure flexible restrictions on access to data storage devices (hard disks, removable disks, CD / DVD drives), data transfer equipment (modems), data conversion devices (printers) and interfaces for connecting devices (USB, FireWire).
• Receive information about application actions on your device.
• Control the start of applications and restrict access to applications on user devices to help reduce the risk of client device infections.
• Get information about all executable files of the applications installed on client devices using the Inventory Scan task, which can be useful, for example, for creating Application Control rules.
• Monitor the integrity of the system or specified files and report changes. System Integrity Monitoring can be performed in continuous monitoring mode and in on-demand scan mode.
• Configure the application to work in "Notify only" mode. Notify only is a mode in which, if a threat is detected, application components and tasks do not attempt to disinfect or remove malicious objects, deny access, or block program activity, but instead only inform the user that a threat was detected.

Additional features are provided to keep the application up to date and extend the functionality of the application. The application is used to:

• Activate the application using a key file or activation code.

  If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, activation is performed on the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).

• Update application databases and modules from Kaspersky update servers, via the Administration Server, or from a user-specified source on a schedule and on demand.

  If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, the application receives updates of databases and application modules from the Protection Server (a component of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).

• Configure integration between Kaspersky Endpoint Security and Kaspersky Managed Detection and Response to enable continuous search, detection and elimination of threats aimed at your organization.
• Configure integration of Kaspersky Endpoint Security with Kaspersky Endpoint Detection and Response (KATA), a component of the Kaspersky Anti Targeted Attack Platform solution, to ensure the protection of your organization's IT infrastructure and timely detect threats including zero-day attacks, targeted attacks and advanced persistent threats.
• Differentiate user access to application functions according to user roles.
• Notify the administrator about events that occurred while the application was running.
• Check the integrity of application components using the integrity check tool.

To familiarize yourself with the functionality of Kaspersky Endpoint Security 12.0 for Linux, you can install the application in standalone mode on an individual device in your infrastructure. Instructions on the installation and initial configuration of the application in standalone mode on the command line, as well as recommendations on how to optimize the application are provided in the Quick Start Guide (open the Quick Start Guide).

You can manage Kaspersky Endpoint Security using the following methods:

• Using control commands from the command line.
• Using Kaspersky Security Center Administration Console.
• Using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console.
• Using a graphical user interface.

  If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments, management of the application using Kaspersky Security Center Cloud Console and the graphical user interface is not available.

The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality may not be available in the application in the territory of the USA.