Application components integrity check
Kaspersky Security contains a multitude of various binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker can replace one or more application modules or files with other modules or files containing malicious code. To prevent the replacement of application modules and files, Kaspersky Security can check the integrity of application components. The application checks modules and files for the presence of unauthorized changes or corruption. If an application module or file has an incorrect checksum, it is considered to be corrupted.
An integrity check is performed for following components:
- Kaspersky Security management plug-ins
- Integration Server
- Integration Server Console
- SVM
The integrity of application components is checked by using the integrity_check_tool located on the certified compact disk. The tool checks the integrity of the files listed in special lists called manifest files. An application component's manifest file lists the files whose integrity is critical for correct operation of the application component. The integrity of the manifest files is also checked.
Only the root user account can run the integrity check tool on SVMs. An administrator account is required for running the integrity check tool for all other application components.
It is recommended to run the integrity check tool from a certified CD to guarantee the integrity of the tool. When running it from a CD, you must specify the full path to the manifest file in the application folder.
The manifest files for application components are located at the following paths:
- For Kaspersky Security administration plug-ins, by default the manifest files are in the folders where the executable modules (DLLs) of the administration plug-ins are located:
- For 64-bit operating systems:
- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center\Plugins\KSV5.plg\integrity_check.xml – for Kaspersky Security main administration plug-in
- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVT5.plg\integrity_check.xml – for Kaspersky Security administration plug-in for tenants
- For 32-bit operating systems:
- C:\Program Files\Kaspersky Lab\Kaspersky Security Center\Plugins\KSV5.plg\integrity_check.xml – for Kaspersky Security main administration plug-in
- C:\Program Files\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVT5.plg\integrity_check.xml – for Kaspersky Security administration plug-in for tenants
- For 64-bit operating systems:
- for Integration Server, by default, in the same folder as the executable file of the Integration Server:
- C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIIS\integrity_check_manifest.xml – for 64-bit operating systems
- C:\Program Files\Kaspersky Lab\Kaspersky VIIS\integrity_check_manifest.xml – for 32-bit operating systems
- for Integration Server Console, by default, in the same folder as the executable file of the Integration Server Console:
- C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIIS Console\integrity_check_manifest.xml – for 64-bit operating systems
- C:\Program Files\Kaspersky Lab\Kaspersky VIIS Console\integrity_check_manifest.xml – for 32-bit operating systems
- for SVMs:
- /var/opt/kaspersky/ksv/product/integrity_check.xml – for SVMs with the File Threat Protection component installed
- /var/opt/kaspersky/ksvns/product/integrity_check.xml – for SVMs with the Network Threat Protection component installed
To check the integrity of an application component, run the following command:
integrity_check_tool --verify --manifest <manifest file path>
where <manifest file path> is the full path to the manifest file.
You can run the tool with optional switches, which are listed in the Help for the tool settings. To view the Help for the tool, run the tool with the --help switch.
The result of checking each manifest file is displayed next to the name of the manifest file in the following format:
SUCCEEDED—integrity of the files is confirmed (return code0).FAILED– integrity of the files is not confirmed (return code is not0).