Kaspersky Anti Targeted Attack Platform

Kaspersky Anti Targeted Attack Platform (hereinafter also referred to as "the program") is a solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereinafter also referred to as "APT"). The program is developed for corporate users.

Kaspersky Anti Targeted Attack Platform includes two functional blocks:

• Kaspersky Anti Targeted Attack (hereinafter also referred to as "KATA"), which provides perimeter security for the enterprise IT infrastructure.
• Kaspersky Endpoint Detection and Response (hereinafter also referred to as "KEDR"), which provides protection for the local area network of the organization.

The program can receive and process data in the following ways:

• Integrate into the local area network, receive and process mirrored
  SPAN, ERSPAN and RSPAN traffic

  A copy of traffic redirected from one switch port to another port of the same switch (local mirroring) or to a remote switch (remote mirroring). The network administrator can configure which part of traffic should be mirrored for transmission to Kaspersky Anti Targeted Attack Platform.

  , and extract objects and metadata from the HTTP, FTP, SMTP, and DNS protocols.
• Connect to the proxy server via the ICAP protocol, receive and process data of HTTP and FTP traffic, as well as HTTPS traffic if the administrator has configured SSL certificate replacement on the proxy server.
• Connect to the mail server via the POP3 (S) and SMTP protocols, receive and process copies of e-mail messages.
• Integrate with Kaspersky Secure Mail Gateway and Kaspersky Security for Linux Mail Server, receive, and process copies of email messages.

  For detailed information on Kaspersky Secure Mail Gateway and Kaspersky Security for Linux Mail Server, please refer to the documentation on these programs.

• Integrate with Kaspersky Endpoint Agent and receive data from individual computers running Microsoft Windows and Linux operating systems in the corporate IT infrastructure. Kaspersky Endpoint Agent continuously monitors processes running, active network connections, and files that are being modified on those computers.
• Integrate with external systems with the use of the REST API interface and scan files on these systems.

The program uses the following means of Threat Intelligence:

• Infrastructure of Kaspersky Security Network (also referred to as "KSN") cloud services that provides access to the online Knowledge Base of Kaspersky, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky programs to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
• Integration with Kaspersky Private Security Network (KPSN) to access the reputation databases of Kaspersky Security Network and other statistical data without sending data from user computers to Kaspersky Security Network.
• Integration with the Kaspersky information system known as Kaspersky Threat Intelligence Portal, which contains and displays information about the reputation of files and URLs.
• The Kaspersky Threats database.

The program can provide the user with the results of its performance and Threat Intelligence in the following ways:

• Display the results of work done in the web interface of the Central Node, Primary Central Node (hereinafter also PCN) or Secondary Central Node (hereinafter also SCN) servers.
• Publish alerts to a SIEM system already being used in your organization via the Syslog protocol.
• Integrate with external systems via the REST API and send information on detects to external systems on demand.
• Publish information on Sandbox component alerts in the
  local reputation database of Kaspersky Private Security Network

  Database of the reputations of objects (files or URLs) that is stored on the Kaspersky Private Security Network server but not on Kaspersky Security Network servers. Local reputation databases are managed by the KPSN administrator.

  .

Users with the Senior security officer or Security officer role can perform the following actions in the program:

• Monitor program performance.
• View the table of detected signs of targeted attacks and intrusions into the corporate IT infrastructure, filter and search alerts, view and manage each alert, and follow recommendations for evaluating and investigating incidents.
• Look through the table of events occurring on computers and servers of the corporate IT infrastructure, search for threats, filter, view and manage each event, follow recommendations for evaluating and investigating incidents.
• Run tasks on hosts with Kaspersky Endpoint Agent: run programs and stop processes, download and delete files, quarantine objects on Kaspersky Endpoint Agent workstations, place copies of files in Storage, and restore files from quarantine.
• Set up policies for preventing the running of files that they consider to be unsafe on selected hosts with Kaspersky Endpoint Agent.
• Isolate separate hosts with Kaspersky Endpoint Agent from the network.
• Work with TAA (IOA) rules to classify and analyze events.
• Manage user-defined Targeted Attack Analyzer TAA (IOA), Intrusion Detection System (IDS), and YARA rules — upload rules to be used for scanning events and creating alerts.
• Work with OpenIOC compliant files (IOC files) to search for signs of targeted attacks, infected and probably infected objects on hosts with the Endpoint Agent component and in the Alerts database.
• Exclude TAA (IOA) rules and IDS rules defined by Kaspersky from scanning.
• Manage objects in quarantine and copies of objects in Storage.
• Manage reports on the program performance and on detects.
• Configure forwarding of notifications about alerts and about program operation problems to one or multiple email addresses.
• Manage the list of VIP alerts and the list of data excluded from the scan, and populate the local reputation database of KPSN.

Users with the Security auditor role can perform the following actions in the program:

• Monitor program performance.
• View the table of detected signs of targeted attacks and intrusions into the enterprise IT infrastructure, filter and search alerts, and view the data of each alert.
• Look through the table of events occurring on the computers and servers of the enterprise IT infrastructure, search for threats, filter and view each event.
• View the list of hosts with the Endpoint Agent component and information about selected hosts.
• View the custom rules for Targeted Attack Analyzer TAA (IOA), Intrusion Detection System (IDS), and YARA.
• View the scan-excluded TAA (IOA) rules and IDS rules defined by Kaspersky experts.
• View reports on program performance and reports on alerts.
• View the list of VIP alerts and the list of data excluded from the scan.
• Monitor program performance.
• View all settings made in the program web interface.

Users with the Local administrator or Administrator role can perform the following actions in the program:

• Configure program operation settings.
• Configure servers for the distributed solution and multitenancy mode.
• Administer integration of the program with other programs and systems.
• Manage TLS certificates and set up trusted connections between Central Node and Sandbox servers and between Kaspersky Anti Targeted Attack Platform servers and Kaspersky Endpoint Agent as well as external systems.
• Manage accounts of program users.
• Monitor program performance.

The program detects the following events occurring within the corporate IT infrastructure and notifies the user accordingly:

• A file has been downloaded or an attempt was made to download a file to a corporate LAN computer.
• A file has been sent to the email address of a user on the corporate LAN.
• A website link was opened on a corporate LAN computer.
• Network activity has occurred in which the IP address or domain name of a corporate LAN computer was detected.
• Processes have been started on a corporate LAN computer.

Kaspersky Anti Targeted Attack Platform evaluates events and advises the user to direct attention to each detected event (alert) according to the impact that this alert may have on computer or corporate LAN security based on Kaspersky experience.

The Kaspersky Anti Targeted Attack Platform user independently makes a decision about further actions in response to alerts.

What's new

Kaspersky Anti Targeted Attack Platform now includes the following new functionality and fixes:

1. The Central Node component can be deployed as a fault-tolerant cluster that consists of 2 server roles: storage servers and processing servers. Fault tolerance is achieved through duplication of data between the storage servers and the redundancy of computing resources: if one server fails, its functions are performed by another server with the same role. Meanwhile, the program continues to work.
2. The ability to configure the sizing settings of the program was added. You can specify the planned volume of SPAN traffic, mail traffic, the number of hosts with Kaspersky Endpoint Agent, as well as the planned size of the Storage and event database. The program configures the servers with the Central Node component in accordance with the specified settings.

   A separate web interface is used to configure the sizing settings, called the web interface for sizing management. If the Central Node component is deployed as a cluster, you can also view the list of servers and shut down the cluster using the web interface for sizing management.

3. For the Sandbox component, installation of the Astra Linux 1.7 operating system and running objects in this operating system is supported.

   Using an operating system is optional: you can select a set of operating systems that will be used to generate object scan tasks for the Sandbox component: Windows XP, Windows 7, Windows 10; Windows XP, Windows 7, Windows 10, CentOS 7.8 or Windows XP, Windows 7, Windows 10, Astra Linux 1.7.

   The program can run the following objects in Astra Linux 1.7:

   • Files from Kaspersky Endpoint Agent hosts sent to be scanned by the Sandbox component in accordance with Kaspersky TAA (IOA) rules.
   • Files uploaded to Storage manually or by the Get file task (if that specific object was sent to be scanned).
   • Files received from mail or network traffic.
4. New task functionality for hosts with the Kaspersky Endpoint Agent for Windows component:
   • The task Get disk image was added.

     This task lets you get a disk image of the selected host.

   • The task Get memory dump was added.

     This task lets you get a RAM dump of the selected host.

     The files resulting from the tasks are saved to a shared network resource.

   Adding new task types resulted in the following changes in the program:

   • Data collection tasks are now grouped in the Get data submenu.
   • Renamed task types:
     • Get file → File.
     • Collect data → Forensics.
     • Get registry key → Registry key.
     • NTFS metafiles → NTFS metafiles.
     • Get process memory dump → Process memory dump.
5. New event type added: Process terminated.
6. The program web interface is changed in the following ways:
   • In the network interface settings window, the option to choose how to configure this interface has been added: manually or import settings from a DHCP server.
   • The option to disable synchronization with an NTP-server was removed from the Settings section, subsection Date and time.
   • The option to enter the maximum allowed hard disk space usage for Central Node and Sensor servers was removed.

Kaspersky Endpoint Agent for Windows 3.14 now includes the following new functionality and fixes:

1. Now you can interact with the fault-tolerant clusters of Kaspersky Anti Targeted Attack Platform servers.
2. Now you can create a full memory and a full disk dump of a protected device through the command line interface for further use of Kaspersky Anti Targeted Attack Platform.
3. Introduced Kaspersky Endpoint Agent operation mode in which the program is compatible with Azure WVD.
4. An error related to the possible blocking of files processed by Kaspersky Endpoint Agent is fixed.

Kaspersky Endpoint Agent 3.12 for Linux has the following changes:

Managing the Kaspersky Managed Detection and Response solution is no longer supported. It is not recommended to use Kaspersky Endpoint Agent for Linux to work with this solution. To work with Kaspersky Managed Detection and Response, use Kaspersky Endpoint Security for Linux.

About Kaspersky Threat Intelligence Portal

For additional information about files that you consider to be suspicious, you can go to the website of the Kaspersky application Kaspersky Threat Intelligence Portal, which analyzes each file for malicious code and shows information about the reputation of the file.

Access to the Kaspersky Threat Intelligence application is provided based on a fee. Authorization on the program website requires that a program access certificate is installed in the certificate storage on your computer. In addition, you must have a user name and password for accessing the program.

For more details about the Kaspersky Threat Intelligence Portal, please visit the Kaspersky website.

Distribution kit

The Kaspersky Anti Targeted Attack Platform distribution kit includes the following files:

1. Disk image (file with the iso extension) containing the installation files for the Ubuntu Server 20.04.5 operating system and for the Sensor and Central Node components.
2. Disk image (file with the iso extension) containing the installation files for the CentOS 7.9 operating system and for the Sandbox component.
3. Disk images (files with the .iso extension) of the Windows XP SP3, Windows 7 (64-bit), Windows 10 (64-bit), and CentOS 7.8 operating systems that the Sandbox component will use for running files.

   For Russian users, a disk image with the Astra Linux 1.7 operating system is also supplied.

4. The kata-upgrade-preparation script for updating the Central Node component.
5. File with information about third-party code used in Kaspersky Anti Targeted Attack Platform.

Kaspersky Endpoint Agent distribution kit includes the following files:

Kaspersky Endpoint Agent distribution kit

Hardware and software requirements

One of the following browsers must be installed on the computers in order to configure and work with the application over the web interface:

• Mozilla Firefox for Linux.
• Mozilla Firefox for Windows.
• Google Chrome for Windows.
• Google Chrome for Linux.
• Edge (Windows).
• Safari (Mac).

Minimum screen resolution to use web interface: 1366x768.

Deploying the application on a virtual platform requires installing the VMware ESXi hypervisor version 6.7.0 or 7.0.

For the application to work correctly in a virtual environment, you must install an up-to-date patch for the hypervisor.

The configuration of the servers hosting the Central Node, Sandbox and Sensor components depends on the volume of data processed by the application and the bandwidth of the communication channel.

For the Central Node, Sensor and Sandbox hardware requirements see the Sizing Guide.

Requirements for Kaspersky Endpoint Agent for Windows

This section describes hardware and software requirements of Kaspersky Endpoint Agent 3.14 for Windows.

If the version of Kaspersky Anti Targeted Attack Platform on the Central Node servers is incompatible with the version of Kaspersky Endpoint Agent 3.14 for Windows that is installed on the computers of the corporate LAN, the functionality of Kaspersky Anti Targeted Attack Platform may be limited.

Kaspersky Endpoint Agent for Windows has predefined settings that determine the impact that the application has on the performance of the local computer in scenarios of information retrieval and interaction with the Central Node component.

Software requirements for installing Kaspersky Endpoint Agent 3.14 for Windows

Supported operating systems for workstations:

• Windows 7 SP1 Home / Professional / Enterprise / Ultimate 32-bit / 64-bit
• Windows 8.1.1 Professional / Enterprise 32-bit / 64-bit
• Windows 10 RS3 (version 1703) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 RS4 (version 1803) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 RS5 (version 1809) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 19H1 (version 1903) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 19H2 (version 1909) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 20H1 (version 2004) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 20H2 (version 2009) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 21H1 (version 21H1) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 10 21H2 (version 21H2) Home / Professional / Education / Enterprise 32-bit / 64-bit
• Windows 11 21H2 (version 21H2) Home / Professional / Education / Enterprise 32-bit / 64-bit

Supported server operating systems:

• Windows Server 2008 SP2 Standard / Enterprise 64-bit
• Windows Server 2008 R2 SP1 Foundation / Standard / Enterprise 64-bit
• Windows Server 2012 Foundation / Standard / Enterprise / Datacenter 64-bit
• Windows Server 2012 R2 Foundation / Standard / Enterprise / Datacenter 64-bit
• Windows Server 2016 Essentials / Standard / Datacenter 64-bit
• Windows Server 2019 Essentials / Standard / Datacenter 64-bit
• Windows Server 20H2 Standard Core / Datacenter Core 64-bit
• Windows Server 2022 Standard / Datacenter 64-bit

Supported embedded operating systems:

• Windows Embedded Standard 7 SP1 32-bit / 64-bit.

Software requirements for installing Kaspersky Endpoint Agent 3.14 for Windows when integrating with Kaspersky Industrial CyberSecurity for Nodes

Supported operating systems for workstations:

• Windows XP Professional SP2 32-bit / 64-bit.
• Windows XP Professional SP3 32-bit.
• Windows Vista SP2 32-bit / 64-bit.
• Windows 7 SP1 Home / Pro / Enterprise / Ultimate 32-bit / 64-bit.
• Windows 8 Pro / Enterprise 32-bit / 64-bit.
• Windows 8.1 Pro / Enterprise 32-bit / 64-bit.
• Windows 10 LTSC 2015 (1507) 32-bit / 64-bit.
• Windows 10 LTSC 2016 (1607) 32-bit / 64-bit.
• Windows 10 LTSC 2019 (1809) 32-bit / 64-bit.
• Windows 10 LTSC 2021 (21H2) 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 1703 RS2 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 1803 RS4 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 1809 RS5 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 1903 19H1 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 1909 19H2 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 2004 20H1 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 2009 20H2 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 21H1 32-bit / 64-bit.
• Windows 10 Home / Pro / Education / Enterprise 21H2 32-bit / 64-bit.

Supported server operating systems:

• Windows Server 2003 SP1 Standard / Enterprise / Datacenter 32-bit / 64-bit.
• Windows Server 2003 SP2 Standard / Enterprise / Datacenter 32-bit / 64-bit.
• Windows Server 2008 SP2 Standard / Enterprise / Datacenter 32-bit / 64-bit.
• Windows Server 2003 R2 Standard / Enterprise / Datacenter 32-bit / 64-bit.
• Windows Server 2008 R2 SP1 Standard / Enterprise / Datacenter 32-bit / 64-bit.
• Windows Server 2012 Foundation / Standard / Essentials / Datacenter 64-bit.
• Windows Server 2012 R2 Foundation / Standard / Enterprise / Datacenter 64-bit.
• Windows Server 2016 Essentials / Standard / Datacenter 64-bit, versions 1709 and 1803.
• Windows Server 2019 Standard Core / Datacenter Core 64-bit, versions 1903, 1909, 2004, 20H2, and 21H2.

Supported embedded operating systems:

• Windows XP Embedded SP2 (WEPOS) 32-bit / 64-bit.
• Windows XP Embedded SP3 (POSReady 2009) 32-bit.
• Windows 7 SP1 Embedded (POSReady 7) 32-bit / 64-bit.
• Windows Embedded 8.1 Industry Pro 32-bit / 64-bit.
• Windows 10 IoT Enterprise 32-bit / 64-bit versions 1703, 1803, 1809, 1903, 1909, 2004, 2009, 21H1, and 21H2.

When creating an installation package in Kaspersky Security Center version 12 or later to install Kaspersky Endpoint Agent on Windows XP devices, you must use the installer file (setup.exe) from the installation package created in Kaspersky Security Center version 10.5.

Hardware requirements for installing Kaspersky Endpoint Agent 3.14 for Windows

Minimum configuration:

• CPU: 1.4 GHz (single core) or higher.
• RAM: 256 MB (512 MB for a 64-bit operating system).
• Available disk space: 500 MB.
• One network adapter with a data transfer speed of 1 Gbit/s.

When integrated with Kaspersky Endpoint Security, the Kaspersky Anti Targeted Attack Platform has limited functionality if the Windows Server 2008 SP2 64-bit operating system is installed on the Kaspersky Endpoint Security server.

To manage Kaspersky Endpoint Agent using the Kaspersky Security Center Web Console, you need Google Chrome for Windows.

Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Kaspersky Endpoint Agent uses predefined settings that determine the impact that it has on the performance of the local computer under scenarios of information retrieval and interaction with the Central Node component.

If the version of Kaspersky Anti Targeted Attack Platform installed on Central Node servers is incompatible with the version of Kaspersky Endpoint Agent installed on computers on the corporate LAN, the functionality of Kaspersky Anti Targeted Attack Platform may be limited.

Information about the compatibility of Kaspersky Endpoint Agent component versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Version Kaspersky Endpoint Agent	Type Kaspersky Endpoint Agent	Compatibility with KATA 3.7	Compatibility with KATA 3.7.1	Compatibility with KATA 3.7.2	Compatibility with KATA 4.0	Compatibility with KATA 4.1	Compatibility with KATA 5.0
Endpoint Agent 3.7	Standalone installation or as part of KES versions 11.2 and 11.3	No	No	No	No	No	No
Endpoint Agent 3.8	Standalone installation	Yes	Yes	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: AMSI scan event data not available. The amount of data sent by Kaspersky Endpoint Agent for Module loaded, File changed, Registry modified, Process: console interactive input events is limited. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform Help for version 3.7.1. The Get list of files and processes task is not supported.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: Event information does not display the OS name and OS name fields. The amount of data sent by Kaspersky Endpoint Agent for Module loaded, File changed, Registry modified, Process: console interactive input, and Connection to remote host events is limited. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform Help for version 3.7.1. AMSI scan event data not available. The tasks Collect data, Start YARA scan, Service management are not supported.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: Event information does not display the OS name and OS name fields. The amount of data sent by Kaspersky Endpoint Agent for Module loaded, File changed, Registry modified, Process: console interactive input, and Connection to remote host events is limited. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform Help for version 3.7.1. AMSI scan event data not available. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform version 3.7.2 Help. The tasks Collect data, Start YARA scan, Service management, Get NTFS metafiles, Get process memory dump, Get registry key are not supported. For detailed information about these tasks, refer to Kaspersky Anti Targeted Attack Platform version 4.0 Help.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: AMSI scan event data not available. The amount of data sent by Kaspersky Endpoint Agent is limited for the events: Module loaded, File changed (File created), Registry modified, Process: console interactive input. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform version 3.7.1 Help. OS name, OS name, and Host IP are not displayed in information about events. The tasks Start YARA scan, Service management, Get forensics, Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump are not supported.
Endpoint Agent 3.9	Standalone installation or as part of EPP applications	Yes	Yes	There are limitations	There are limitations	There are limitations	There are limitations
Endpoint Agent 3.10	Standalone installation or as part of EPP applications	No	There are limitations The server of this version of Kaspersky Anti Targeted Attack Platform accepts a limited amount of data from the Kaspersky Endpoint Agent application for Module loaded, File changed, Registry modified, Process: console interactive input events. Details of the scope of data for these events are described in the Kaspersky Anti Targeted Attack Platform version 3.7.1 Help.	Yes	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: The Host IP is not displayed in information about events. Getting an autorun points list using the Get forensics task is not supported. The tasks Start YARA scan and Service management are not supported.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: The Host IP is not displayed in information about events. Getting a list of autorun points using the Collect data task is not supported. The tasks Start YARA scan, Service management, Get NTFS metafiles, Get process memory dump, Get registry key are not supported.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: The Host IP is not displayed in information about events. Getting a list of autorun points using the Collect data task is not supported. The tasks Start YARA scan, Service management, Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump are not supported.
Endpoint Agent 3.11	Standalone installation or as part of KES version 11.7	No	There are limitations	Yes	There are limitations	There are limitations	There are limitations
Endpoint Agent 3.12	Standalone installation	No	No	No	Yes	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: Scanning autorun points using the Start YARA scan task is not supported. The tasks Get NTFS metafiles, Get process memory dump, Get registry key are not supported.	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: Scanning autorun points using the Start YARA scan task is not supported. The tasks Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump are not supported.
Endpoint Agent 3.13	Standalone installation	No	No	No	There are limitations The server of this Kaspersky Anti Targeted Attack Platform version receives a limited scope of data from the Kaspersky Endpoint Agent program: You cannot create the tasks Get NTFS metafiles, Get process memory dump, Get registry key in the web interface of the program.	Yes	There are limitations The amount of data sent by Kaspersky Endpoint Agent is limited: The tasks Get disk image and Get memory dump are not supported.
Endpoint Agent 3.14	Standalone installation	No	No	No	There are limitations The server of this Kaspersky Anti Targeted Attack Platform version can receive a limited scope of data from the Kaspersky Endpoint Agent program: the tasks Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump cannot be created in the web interface of the program.	There are limitations A server of this Kaspersky Anti Targeted Attack Platform version receives a limited scope of data from the Kaspersky Endpoint Agent program: the tasks Get disk image and Get memory dump cannot be created in the web interface of the program.	Yes

Page top

Compatibility of Kaspersky Endpoint Agent for Windows versions with EPP applications

You can use Kaspersky Endpoint Agent alone or set up an integration of Kaspersky Endpoint Agent with workstation protection programs (Endpoint Protection Platform, hereinafter also "EPP"), Kaspersky Endpoint Security for Windows, Kaspersky Security for Windows Server, and Kaspersky Security for Virtualization Light Agent. If the integration of programs is configured, Kaspersky Endpoint Agent also sends the information about threats detected by EPP programs and their processing results to the Central Node server.

The integration scenarios described above do not work when Kaspersky Endpoint Agent is installed on a virtual desktop in Virtual Desktop Infrastructure.

Integration of Kaspersky Endpoint Agent with Kaspersky Endpoint Security for Windows and Kaspersky Security for Windows Server requires installing Kaspersky Endpoint Agent as part of those programs.

Compatibility of Kaspersky Endpoint Agent for Windows with versions of Kaspersky Security for Windows Server

You can install the following versions of Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server:

• Kaspersky Endpoint Agent 3.9 as part of Kaspersky Security 11 for Windows Server.
• Kaspersky Endpoint Agent 3.10 as part of Kaspersky Security 11.0.1 for Windows Server.

When you install Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server, the standalone Kaspersky Endpoint Agent of the same or earlier version is removed. If Kaspersky Endpoint Agent installed as part of Kaspersky Security for Windows Server has an earlier version, it will not be installed. In this case, you must first remove the standalone Kaspersky Endpoint Agent.

If necessary, you can upgrade the Kaspersky Endpoint Agent that is already installed as part of Kaspersky Security for Windows Server. Integration between compatible versions of the programs is maintained both when Kaspersky Endpoint Agent is upgraded and when Kaspersky Security for Windows Server is upgraded.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Windows Server versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Windows Server versions

For more details about installing Kaspersky Security for Windows Server, see Kaspersky Security for Windows Server Help.

Compatibility of Kaspersky Endpoint Agent for Windows with versions of Kaspersky Endpoint Security for Windows

You can install the following versions of Kaspersky Endpoint Agent (Endpoint Sensors) as part of Kaspersky Endpoint Security for Windows:

• Kaspersky Endpoint Agent 3.7 or Kaspersky Endpoint Agent (Endpoint Sensors) 3.6.1 as part of Kaspersky Endpoint Security 11.2, 11.3 for Windows.

  Kaspersky Endpoint Agent (Endpoint Sensors) 3.6.1 is not compatible with Kaspersky Anti Targeted Attack Platform version 4.1 or later.

  Kaspersky Endpoint Agent 3.7 is incompatible with all versions of Kaspersky Anti Targeted Attack Platform.

• Kaspersky Endpoint Agent 3.9 as part of Kaspersky Endpoint Security 11.4, 11.5.
• Kaspersky Endpoint Agent 3.10 as part of Kaspersky Endpoint Security 11.6.
• Kaspersky Endpoint Agent 3.11 as part of Kaspersky Endpoint Security 11.7, 11.8.

When you install Kaspersky Endpoint Agent 3.10 or later as part of Kaspersky Endpoint Security for Windows, the standalone Kaspersky Endpoint Agent program of the same or earlier version is removed. If the separately installed Kaspersky Endpoint Agent has a later version, the program bundled with Kaspersky Endpoint Security for Windows is not installed. In this case, you must first remove the standalone Kaspersky Endpoint Agent.

If necessary, you can upgrade the Kaspersky Endpoint Agent that is already installed as part of Kaspersky Endpoint Security for Windows. Integration between compatible versions of the programs is maintained when both Kaspersky Endpoint Agent is updated and when Kaspersky Endpoint Security for Windows is updated. You can upgrade a previous version of Kaspersky Endpoint Agent to version 3.14 only for Kaspersky Endpoint Agent version 3.7 or later.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Endpoint Security for Windows versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions with Kaspersky Endpoint Security for Windows versions

For more details about installing Kaspersky Endpoint Security, see Kaspersky Endpoint Security for Windows Help.

Compatibility of Kaspersky Endpoint Agent with versions of Kaspersky Security for Virtualization Light Agent

You can configure the integration of separately installed Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Virtualization Light Agent is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions and Kaspersky Security for Virtualization Light Agent versions

Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent installed on a virtual machine generate the same load on the Central Node server as Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent installed on the host.

For more details about enabling the integration of Kaspersky Endpoint Agent with Kaspersky Security for Virtualization Light Agent, see Kaspersky Security for Virtualization Light Agent Help.

Compatibility of Kaspersky Endpoint Agent with versions of Kaspersky Industrial CyberSecurity for Nodes

You can install Kaspersky Endpoint Agent on a device with Kaspersky Industrial CyberSecurity for Nodes installed. The applications are integrated automatically.

Integration is supported only for Kaspersky Endpoint Agent version 3.14 and Kaspersky Industrial CyberSecurity for Nodes version 3.1. Integration between other versions of the programs is not supported.

To integrate with Kaspersky Industrial CyberSecurity for Nodes, the corresponding license key must be installed in the Kaspersky Endpoint Agent.

For detailed information, you can contact your account manager.

Compatibility of Kaspersky Endpoint Agent for Windows versions with other applications

Kaspersky Anti Targeted Attack Platform does not support joint operation with programs not listed in this section.

Compatibility of Kaspersky Endpoint Agent 3.8 and 3.9 for Windows with other Kaspersky programs

Kaspersky Endpoint Agent program versions 3.8 and 3.9 are compatible with the following Kaspersky programs and solutions:

• Kaspersky Security Center 11, 12, or later.
• Kaspersky Sandbox 1.0.

Compatibility of Kaspersky Endpoint Agent 3.8 and 3.9 for Windows with third-party anti-virus programs

One of the following third-party anti-virus programs can be installed on computers on which you want to install Kaspersky Endpoint Agent:

• Symantec Endpoint Protection.
• Sophos Endpoint Protection.
• ESET NOD32 Business Edition Smart Security.
• Bitdefender GravityZone Advanced Business Security.
• McAfee Endpoint Security 10.6.1.
• McAfee Endpoint Security 10.7.

If multiple third-party anti-virus programs are simultaneously installed on the computer, correct operation of Kaspersky Endpoint Agent is not guaranteed.

If RealTimes Desktop Service is installed on computers on which you want to install Kaspersky Endpoint Agent, you are advised to remove it before installing Kaspersky Endpoint Agent.

Compatibility of Kaspersky Endpoint Agent for Windows version 3.10 with other Kaspersky programs

Kaspersky Endpoint Agent version 3.10 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center versions 11 and 12.1.
• Kaspersky Sandbox 1.0.
• Kaspersky Endpoint Detection and Response Optimum 1.0.

Compatibility of Kaspersky Endpoint Agent 3.10 for Windows with third-party anti-virus programs

Computers on which you want to install Kaspersky Endpoint Agent 3.10 can have Bitdefender GravityZone Advanced Business Security installed.

Compatibility of Kaspersky Endpoint Agent for Windows version 3.11 with other Kaspersky programs

Kaspersky Endpoint Agent version 3.11 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center 10.5, 11, 12.1, 13, or later.
• Kaspersky Sandbox 1.0.
• Kaspersky Endpoint Detection and Response Optimum 1.0.
• Kaspersky Industrial CyberSecurity for Networks 3.0.

Compatibility of Kaspersky Endpoint Agent 3.11 for Windows with third-party anti-virus programs

Computers on which you want to install Kaspersky Endpoint Agent 3.11 can have Bitdefender GravityZone Advanced Business Security installed.

Compatibility of Kaspersky Endpoint Agent 3.12 for Windows with other Kaspersky programs

Kaspersky Endpoint Agent 3.12 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center versions 13, 13.1, and 13.2.
• Kaspersky Security Center Cloud Console.
• Kaspersky Sandbox 1.0.
• Kaspersky Endpoint Detection and Response Optimum 1.0.

Compatibility of Kaspersky Endpoint Agent for Windows versions 3.13 and 3.14 with other Kaspersky programs

Kaspersky Endpoint Agent versions 3.13 and 3.14 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center versions 13, 13.1, 13.2, and 14.
• Kaspersky Sandbox 2.0.
• Kaspersky Endpoint Detection and Response Optimum 1.0.

Requirements for Kaspersky Endpoint Agent for Linux

This section describes hardware and software requirements of Kaspersky Endpoint Agent 3.12 for Linux.

Software requirements for installing Kaspersky Endpoint Agent 3.12 for Linux

Kaspersky Endpoint Agent 3.12 only works on computers that have one of the following operating systems installed:

• Ubuntu 16.04 LTS or later
• Ubuntu 18.04 LTS or later
• Ubuntu 20.04 LTS
• Red Hat Enterprise Linux 7.2 or later
• Red Hat Enterprise Linux 8.0 or later
• CentOS 7.2 or later
• CentOS 8.0 or later
• Debian GNU / Linux 9.4 or later
• Debian GNU / Linux 10.1 or later
• Debian GNU / Linux 11 or later
• Oracle Linux 7.3 or later
• Oracle Linux 8 or later
• SUSE Linux Enterprise Server 12 or later
• SUSE Linux Enterprise Server 15
• Astra Linux Special Edition RUSB.10015-01 (regular update 1.6)
• Astra Linux Special Edition RUSB.10015-01 (regular update 1.7)
• Astra Linux Special Edition RUSB.10015-16 (variant 1) (regular update 1.6)
• Astra Linux Common Edition (regular update 2.12)
• Alt 8 SP Server
• Alt Server 9
• Alt Workstation 9
• Goslinux 7.17
• RED OS 7.3

Hardware requirements for installing Kaspersky Endpoint Agent 3.12 for Linux

Minimum hardware requirements:

• CPU: 2 GHz.
• RAM: 512 MB.
• Available disk space: 1 GB.

Required software

Kaspersky Endpoint Agent for Linux requires Linux Audit Daemon 2.8 or later. Installed on hosts with Kaspersky Endpoint Agent.

Compatibility of Kaspersky Endpoint Agent 3.12 for Linux with Kaspersky EPP programs

Kaspersky Endpoint Agent 3.12 supports integration with Kaspersky Endpoint Security for Linux 11.1, 11.2.

Compatibility of Kaspersky Endpoint Agent 3.12 for Linux with other Kaspersky programs

Kaspersky Endpoint Agent 3.12 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center 13, 13.2.
• Kaspersky Endpoint Agent administration plug-in 3.10, 3.11, 3.12.
• Kaspersky Endpoint Agent web plug-in 3.10, 3.11, 3.12.

Compatibility of Kaspersky Endpoint Agent for Linux versions with Kaspersky Anti Targeted Attack Platform versions

Information about the compatibility of Kaspersky Endpoint Agent program versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent for Linux versions with Kaspersky Anti Targeted Attack Platform versions

Page top

Compatibility of Kaspersky Endpoint Agent for Linux versions with EPP applications

You can use Kaspersky Endpoint Agent alone or configure the integration of Kaspersky Endpoint Agent with the workstation protection program (Endpoint Protection Platform, hereinafter also called EPP) Kaspersky Endpoint Security for Linux. If the integration is configured, Kaspersky Endpoint Agent also sends the information about threats detected by this program and the results of threat processing to the Central Node server.

Kaspersky Endpoint Agent 3.9 and 3.12 are compatible with the following versions of Kaspersky Endpoint Security for Linux: 11.1, 11.2.

For more details about installing Kaspersky Endpoint Security, see Kaspersky Endpoint Security for Linux Help.

Compatibility of Kaspersky Endpoint Agent for Linux versions with other applications

Compatibility of Kaspersky Endpoint Agent 3.9 for Linux with other Kaspersky programs

Kaspersky Endpoint Agent 3.9 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center versions 12.1 and 12.2.
• Kaspersky Endpoint Agent administration plug-in 3.10.
• Kaspersky Endpoint Agent web plug-in 3.10.

Compatibility of Kaspersky Endpoint Agent 3.12 for Linux with other Kaspersky programs

Kaspersky Endpoint Agent 3.12 can be integrated with the following Kaspersky programs and solutions:

• Kaspersky Security Center 13, 13.2.
• Kaspersky Endpoint Agent administration plug-in 3.10, 3.11, 3.12.
• Kaspersky Endpoint Agent web plug-in 3.10, 3.11, 3.12.

Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

You can use Kaspersky Endpoint Security as the Endpoint Agent component.

Information about the compatibility of Kaspersky Endpoint Security versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

To integrate Kaspersky Endpoint Security 12.1 with Kaspersky Anti Targeted Attack Platform, you do not need to install Kaspersky Endpoint Agent.

Limitations of the current version of the application

Kaspersky Anti Targeted Attack Platform 5.0 has the following known limitations:

1. When you upgrade to version 5.0, a non fault-tolerant version of the program is installed. The program data is saved during the update process.
2. To update the Central Node component on the server with this component, you must first run the script. The script is included in the program distribution kit.
3. If the Central Node component is installed on a virtual server, before you upgrade the application, make sure that BIOS boot mode is selected for the virtual machine. If EFI boot mode is selected for the virtual machine, an error will occur if you try to install the upgrade.

Restrictions that apply when deploying the Central Node component:

The password for the local administrator account is preset. You can change the password in the web interface of the program.

Restrictions that apply when deploying the Central Node component as a cluster:

1. A Central Node cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can scale the cluster to increase the amount of traffic handled or the number of connected hosts in accordance with the Sizing Guide.
2. It is recommended to add servers with the same hardware configuration to the cluster. Otherwise, a proportional increase in performance is not guaranteed.
3. Adding an extra server to the cluster does not speed up the processing of objects that are already in the scan queue.
4. The web interface of the program can be unavailable for some time if the server on which it is located fails.
5. If the processing server fails, you may lose ICAP, POP3, and SMTP traffic data as well as the copies of emails that are waiting to be processed and the detections associated with them.
6. If the processing server is configured to receive mirrored traffic from SPAN ports, then SPAN traffic is not processed if this server fails.
7. If one of the cluster servers fails or the connection between the server and the Kaspersky Endpoint Agent program is temporarily lost, temporary data synchronization in the event database is still possible.
8. If the configuration of the cluster servers is changed, traffic and events from hosts with Kaspersky Endpoint Agent may be temporarily slowed down.

Restrictions that apply to the Sandbox component:

If the set of operating systems installed on the Sandbox server does not match the set selected on the Central Node server, Kaspersky Anti Targeted Attack Platform does not send objects to be scanned by the Sandbox server. If multiple Sandbox servers are connected to the Central Node server, the program sends objects to those Sandbox servers whose installed operating systems match the set selected on Central Node.

Limitations that apply when integrating with the Kaspersky Endpoint Agent for Windows:

1. RAM dump retrieval and disk image retrieval tasks can only be assigned to hosts with Kaspersky Endpoint Agent for Windows version 3.14.
2. Tasks for getting process memory dumps, NTFS metafiles, and registry keys can only be assigned to hosts with Kaspersky Endpoint Agent for Windows version 3.13 or later.
3. The task of scanning hosts using YARA rules can only be assigned to hosts with Kaspersky Endpoint Agent for Windows versions 3.12 or later. If you simultaneously assign a task to hosts with Kaspersky Endpoint Agent version 3.12 or later, and to hosts with earlier versions of the program, the task is executed only on hosts with Kaspersky Endpoint Agent 3.12 or later.

   If autorun points are selected as the scan scope, the task is run only on hosts with Kaspersky Endpoint Agent 3.13 or later.

Limitations that apply when integrating with Kaspersky Endpoint Agent 3.12 for Linux:

1. Hosts with Kaspersky Endpoint Agent for Linux program cannot use the following functions:
   • Network isolation of a host.
   • Creating a prevention rule.

     No notifications are created about the unsuccessful application of a prevention rule on hosts with Kaspersky Endpoint Agent for Linux program.

   • Finding indicators of compromise on hosts using IOC files.

     No notifications are created about the unsuccessful search of indicators of compromise on hosts with the Kaspersky Endpoint Agent for Linux program.

2. Searching the event database using the OSVersion criterion displays only hosts with the Kaspersky Endpoint Agent for Linux program. Hosts with the Kaspersky Endpoint Agent for Windows program are not displayed in search results.
3. The OS name field in the event information is only filled in for events that are logged in the event database by Kaspersky Endpoint Agent for Linux. Event information logged in the event database by Kaspersky Endpoint Agent for Windows does not have this field filled in.
4. The list of events that Kaspersky Endpoint Agent for Linux logs in the event database is limited to the following types:
   • File modified.
   • Process started.
   • System event log.
   • Scan: detect.
   • Scan: detect processing result.
5. The list of tasks that you can create on hosts with the Kaspersky Endpoint Agent for Linux program is limited to the following types:
   • Get file
   • Run program

     When you create the task, the program does not attempt to verify the path to the executable file or the file that you want to receive.

6. In information about events registered in the event database by Kaspersky Endpoint Agent for Linux, the Time created field displays file modification time.

Kaspersky Endpoint Agent 3.14 for Windows has the following known limitations:

1. SHA-2 support in Windows is required for Kaspersky Endpoint Agent to work correctly.
2. When creating an installation package in Kaspersky Security Center version 12 or later to install Kaspersky Endpoint Agent on Windows XP devices, you must use the installer file (setup.exe) from the installation package created in Kaspersky Security Center version 10.5.
3. In Kaspersky Security Center 13.2 or later, to install Kaspersky Endpoint Agent on Windows XP devices, you must use the standard Kaspersky Endpoint Agent 3.14 distribution kit instead of the installation package created in Kaspersky Security Center.
4. The installer cannot stop the soyuz service until the service is initialized. For example, the installer returns the Invalid password error when trying to remove or modify the configuration of the application immediately after installation is completed, since initialization of the soyuz service is not completed and the service cannot be stopped.
5. Kaspersky Endpoint Agent cannot be restored or uninstalled from the device if the integrity of the agent.exe module (Kaspersky Endpoint Agent command line utility) is violated.
6. The capability to run and execute Kaspersky Endpoint Agent service (soyuz.exe) with the PPL flag is implemented. This feature is provided by the klelaml.sys driver. Violation of the klelaml.sys driver integrity results in the operating system loading failure. In this case, it is recommended to use Windows system recovery utilities. The absence of the klelaml.sys driver when the PPL flag is enabled for the soyuz.exe process does not lead to the operating system failure, but results in Kaspersky Endpoint Agent crash. In this case, it is recommended to run the program installer and perform recovery in the quiet mode with the REINSTALL=Drivers.klelam key.
7. After installing, restoring, changing set of components, or removing Kaspersky Endpoint Agent, it is recommended to restart the operating system as soon as possible because changes to some program settings can only be finalized at system startup.
8. Kaspersky Endpoint Agent installer cannot be launched on a device with the operating system to which the active CodeIntegrity policy is applied.
9. The component that prohibits opening documents has the following limitation: document blocking rules are not applied to objects that are opened using OLE automation.
10. Before sending telemetry events to the KATA Central Node server, Kaspersky Endpoint Agent saves data in the event queue. If the event queue exceeds 10,000 unprocessed events, Kaspersky Endpoint Agent does not queue the events until free slots appear in the queue.
11. If Kaspersky Endpoint Agent is running on devices with the Windows 7 operation system, the program excludes data about network connections related to processes with PID=4 and PID=0 from telemetry.
12. If Kaspersky Endpoint Agent is used on the same device with Kaspersky Endpoint Security, and the file system level encryption (FLE) component is installed in Kaspersky Endpoint Security, Kaspersky Endpoint Agent does not register telemetry events about loading modules (LoadImage) and does not send these events to KATA Central Node component.
13. If more than one application is specified as the value of the Application criterion when configuring the settings of network isolation exclusions, Kaspersky Endpoint Agent allows connection only for the first application in the list. Network connections for other applications specified in the list will be ignored. This limitation is reproduced when isolating devices with Windows 7 or Windows Server 2008 R2 operating systems.
14. When scanning for indicators of compromise, if the search involves parsing text strings, the "is" condition takes into account whitespace, and the need to escape the indicator description in the IOC file with CDATA characters. For example, to detect an object with the copyright Copyright (C) 1998-2017 John Smith by the is condition, the indicator description must be specified in the following format: <Content type="string"><![CDATA[Copyright (C) 1998-2017 John Smith]]></Content>. To simplify description of the indicators, the contains condition can also be used.
15. Objects quarantined by Kaspersky Endpoint Agent cannot be sent from Kaspersky Security Center quarantine to Kaspersky for analysis.
16. The check boxes corresponding to the "Read" and "Perform operations with device selections" permissions that are displayed in the group of settings for role-based access control (RBAC) in the Administration Console, in the section with permissions for managing Kaspersky Endpoint Agent plug-in, do not apply to the group of settings in Kaspersky Security Center. If you select these check boxes, the Read and Perform operations with device selections permissions will not be restricted for the specified users.
17. When generating event selections, the filters are not applied to some of Kaspersky Endpoint Agent events published in Kaspersky Security Center Administration Console.
18. The installer of Kaspersky Endpoint Agent and Kaspersky Endpoint Agent management plug-in automatically selects the program localization based on the operating system regional settings on the device where the program or management plug-in is installed:
    • If the operating system uses the RU-RU locale, the Russian version of Kaspersky Endpoint Agent and Kaspersky Endpoint Agent administration plug-in is installed.
    • If the operating system uses any locale other than RU-RU, the English version of Kaspersky Endpoint Agent and Kaspersky Endpoint Agent administration plug-in is installed.

    Program localization affects the language of texts used to describe program modules in the system and when publishing program events to the Windows Event Log, as well as texts of Kaspersky Security Center reports. Kaspersky Endpoint Agent management plug-in localization affects the language of texts used in the program interface of Administration Console (interface of policies, group tasks, and program properties). Configuring the localization of the program manually is not supported.

    Please note that if regional settings on managed devices and on the device with Kaspersky Endpoint Agent administration plug-in do not match, localization of Kaspersky Endpoint Agent interface in the Administration Console and localization of events published by the program in Kaspersky Security Center reports may not be the same. Also, the localization of the program interface in the Administration Console and the localization of events published by the program in Kaspersky Security Center reports may differ from the localization of Administration Console interface and the compatible EPP interface in the Administration Console.

19. After installing, restoring, changing set of components, or removing Kaspersky Endpoint Agent, it is recommended to restart the operating system as soon as possible because changes to some program settings can only be finalized at system startup.
20. If the start schedule for a group task is set to On application launch, the task execution status is updated with a delay in the task execution history For this reason, in some cases, the task execution history will not display the task execution statuses.
21. If the operating system is activated under a Volume License, you may need to reactivate the operating system after Kaspersky Endpoint Agent is installed due to the installation of the program network drivers.
22. In the Windows XP and Windows Vista operating systems, some information about files in telemetry events sent to the Telemetry collection server may be missing. This is due to the fact that the possibility of obtaining some information about files appeared in later versions of MS Windows operating systems.

Kaspersky Endpoint Agent 3.12 for Linux has the following known limitations:

1. Kaspersky Endpoint Agent for Linux does not support AppArmor and SELinux mandatory access control systems in their enforcing modes. For the program to work correctly, these systems must be switched to permissive mode.
2. Kaspersky Endpoint Agent for Linux requires installing Linux Audit Daemon 2.8 or later on the device.
3. For connection of Kaspersky Endpoint Agent for Linux with Kaspersky Endpoint Security for Linux rsyslog service with loaded imuxsock module is used. To check if the module is loaded in the rsyslog service configuration, run the following command: grep -r imuxsock /etc/rsyslog*. If the module loading string is commented, remove the # comment sign before the string and restart rsyslog service to save the changes.