Kaspersky Embedded Systems Security 3.4 for Linux

Kaspersky Embedded Systems Security 3.4 for Linux ("Kaspersky Embedded Systems Security", "Application") is designed for protecting devices running Linux operating systems against various types of threats, including network and scam attacks.

The application allows you to protect both physical devices and virtual machines.

The application is not intended for industrial processes that use automated control systems. To protect devices in such systems, we recommend using Kaspersky Industrial CyberSecurity for Linux Nodes.

The following functional components and tasks of the application provide the main functions of device protection and control:

• File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when Kaspersky Embedded Systems Security is launched and scans all files that are opened, saved, and started in real time.

  You can also scan protected devices on demand using the following scan tasks:

  • Malware Scan. The application scans for the presence of malware in file system objects located on local disks of the device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols. You can use this task to perform a full or custom scan of the device.
  • Critical Areas Scan. The application scans boot sectors, startup objects, process memory, and kernel memory.
• Removable Drives Scan. The Removable Drives Scan component allows you to monitor the connection of media to the device in real time and scan removable media with its boot sectors for malware. Kaspersky Embedded Systems Security can scan the following removable drives: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
• Web Threat Protection. The Web Threat Protection component allows you to scan inbound traffic, prevent downloads of malicious files from the Internet, and block phishing, adware, and other malicious websites. Kaspersky Embedded Systems Security can scan encrypted connections.
• Network Threat Protection. The Network Threat Protection component allows you to scan inbound network traffic for activity that is typical for network attacks.
• Firewall Management. The Firewall Management component allows you to monitor the firewall settings of the operating system and filter all network activity in accordance with the network packet rules that you have configured.
• Anti-Cryptor. The Anti-Cryptor component allows you to scan remote devices' calls to files located in local directories with network access via SMB/NFS protocols and protect files from remote malicious encryption.
• Device Control. The Device Control component allows you to manage user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks. User access to devices is governed by access regimes and access rules that you have configured.
• Application Control. The Application Control component allows you to manage the launch of applications on user devices. This reduces the risk of device infection by restricting access to applications. Application launching is regulated by the Application Control rules that you have configured.
• Inventory. The Inventory task provides information about all applications executable files stored on the client devices. This information can be useful, for example, for creating Application Control rules.
• Behavior Detection. The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, Kaspersky Embedded Systems Security can terminate the process of the application that performs malicious activity.
• System Integrity Monitoring allows you to track changes to files and directories of the operating system. The System Integrity Monitoring component monitors the actions performed with objects from the monitoring scope specified in the component settings in real time. You can use the System Integrity Check task to check the integrity of the system on demand. The check is performed by comparing the current states of objects included in the monitoring scope with their initial states, which were previously established as a baseline.

Kaspersky Embedded Systems Security allows you to detect infected objects and neutralize the threats detected in them. For this, the application can use:

• Application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
• Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky Embedded Systems Security to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.

Prior to disinfection or removal, Kaspersky Embedded Systems Security saves backup copies of files in the Backup located on the device. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can restore the file from the copy.

While performing scan tasks, Kaspersky Embedded Systems Security can disinfect and delete files that are protected from modification: files with the 'immutable' and 'append-only' attributes and files in directories with the 'immutable' and 'append-only' attributes. Backup stores copies of these files that were created before disinfection or deletion. You can restore files from backup copies, if necessary. When scan tasks are completed, the 'immutable' and 'append-only' attributes of disinfected files are reset.

Kaspersky Embedded Systems Security can operate in Notify-only mode. Notify-only mode is an operation mode for the application in which, if a threat is detected, application components and tasks do not attempt to disinfect or delete malicious objects, deny access or block the activity of applications. Instead, the application only informs the user about the detected threat.

To keep the application up to date, additional application functions are provided:

• Activating the application with a key file or activation code.
• Updating the databases and application modules from Kaspersky update servers, via the Administration Server, or from a user-specified source on schedule and on demand.
• User access control for the application functions according to the user roles.
• Notification of the administrator about events that occurred while the application was running.
• Integrity check of application components using the integrity check tool.

You can manage Kaspersky Embedded Systems Security using the following methods:

• Using Kaspersky Security Center through the Kaspersky Security Center Web Console, Kaspersky Security Center Cloud Console, or the Administration Console.
• Using control commands from the command line.
• Using a graphical user interface.

The update functionality (including anti-virus signature updates and code base updates), as well as the KSN functionality may not be available in the application in the territory of the USA.

Distribution kit

You can download the files that are included in the Kaspersky Embedded Systems Security distribution kit, as well as the files needed to remotely install the application using Kaspersky Security Center, on the Kaspersky website.

The Kaspersky Embedded Systems Security distribution kit includes the following files:

• kess-3.4.0-<build number>.i386.rpm, kess_3.4.0-<build number>_i386.deb

  Contain the main application files. Packages can be installed to 32-bit operating systems based on the type of package manager.

• kess-3.4.0-<build number>.x86_64.rpm, kess_3.4.0-<build number>_amd64.deb

  Contain the main application files. Packages can be installed to 64-bit operating systems based on the type of package manager.

• kess-gui-3.4.0-<build number>.i386.rpm, kess-gui-3.4.0-<build number>_i386.deb

  Contain the files of the application graphical user interface. Packages can be installed to 32-bit operating systems based on the type of package manager.

• kess-gui-3.4.0-<build number>.x86_64.rpm, kess-gui-3.4.0-<build number>_amd64.deb

  Contain the files of the application graphical user interface. Packages can be installed to 64-bit operating systems based on the type of package manager.

• kess-3.4.0.<build number>.zip

  Contains the files used for remote application installation using Kaspersky Security Center, including license.<language ID> and ksn_license.<language ID> files.

  Kaspersky Security Center Network Agent is not included in the distribution kit. You can download it on the application download page in the Kaspersky Security Center section.

• ksn_license.<language ID>

  This file contains the text of the Statement on Kaspersky Security Network.

• license.<language ID>

  This file contains the text of the End User License Agreement. The End User License Agreement specifies the terms for using the application.

Editing configuration files of the application on your on using means not described in the application documentation or not recommended by Technical Support may cause poor performance and failures of the application and operating system, reduced protection of your device, inaccessible and corrupted data, as well as the sending of additional statistics to KSN getting turned on.

Page top

Hardware and software requirements

This section contains the hardware and software requirements for Kaspersky Embedded Systems Security.

Hardware requirements

Kaspersky Embedded Systems Security has the following hardware requirements:

Minimum hardware requirements:

• Core 2 Duo 1.86 GHz or faster processor
• swap partition at least 1 GB
• 1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bit operating systems
• 4 GB of free hard disk space for installation of the application and storage of temporary and log files
• When using a graphical user interface, the monitor must be capable of displaying windows 1000 pixels wide and 600 pixels high (if screen scaling is applied, these dimensions are also scaled)

Software requirements

To install Kaspersky Embedded Systems Security, one of the following operating systems must be installed on the device:

• Supported 32-bit operating systems:
  • Debian GNU/Linux 11.0 and later.
  • Debian GNU/Linux 12.0 and later.
• Supported 64-bit operating systems:
  • AlmaLinux OS 9.0 and later.
  • AlterOS 7.5 and later.
  • Astra Linux Special Edition RUSB.10015-01 (operational update 1.7).
  • Astra Linux Special Edition RUSB.10015-01 (operational update 1.8).
  • CentOS Stream 9.
  • Debian GNU/Linux 11.0 and later.
  • Debian GNU/Linux 12.0 and later.
  • EMIAS 1.0 and later.
  • EulerOS 2.0 SP10.
  • Oracle Linux 9.0 and later.
  • Red Hat Enterprise Linux 8.0 and later.
  • Red Hat Enterprise Linux 9.0 and later.
  • Rocky Linux 9.0 and later.
  • SUSE Linux Enterprise Server 15 and later.
  • Ubuntu 20.04 LTS.
  • Ubuntu 22.04 LTS.
  • Ubuntu 24.04 LTS.
  • ALT SP Workstation release 10.
  • ALT SP Server release 10.
  • RED OS 7.3.
  • RED OS 8.0.
  • ROSA "Cobalt" 7.9 Workstation.
  • ROSA "Cobalt" 7.9 Server.
  • ROSA "Chrome" 12 Workstation.

Due to technical limitations of fanotify, the application does not support the following file systems: autofs, binfmt_misc, cgroup, configfs, debugfs, devpts, devtmpfs, fuse, fuse.gvfsd-fuse, gfs2, gvfs, hugetlbfs, mqueue, nfsd, proc, parsecfs, pipefs, pstore, usbfs, rpc_pipefs, securityfs, selinuxfs, sysfs, tracefs.

Page top

Supported versions of Kaspersky Security Center

Kaspersky Embedded Systems Security is compatible with the following Kaspersky Security Center versions:

• Kaspersky Security Center 14.2 Windows. You can manage the Kaspersky Embedded Systems Security application in the Administration Console using the administration MMC plug-in and in the Kaspersky Security Center Web Console using the administration web plug-in.
• Kaspersky Security Center 15.2 Linux. The web administration plug-in can be used to administer Kaspersky Embedded Systems Security through Kaspersky Security Center Web Console.

Kaspersky Security Center Network Agent is required to manage Kaspersky Embedded Systems Security through Kaspersky Security Center.

Kaspersky Security Center Network Agent is not included in the Kaspersky Embedded Systems Security distribution kit. You can download it on the application download page in the Kaspersky Security Center section.