Application components integrity check

Kaspersky Security components contain a multitude of various binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker can replace one or more application modules or files with other modules or files containing malicious code. To prevent the application modules and files from replacement, Kaspersky Security can check the integrity of application files and modules. The application checks files and modules for the presence of unauthorized changes or corruption. If an application file and module has an incorrect checksum, it is considered corrupted.

Integrity check is performed for the files and modules of the following application components:

• Kaspersky Security MMC management plug-ins
• Integration Server
• Integration Server Console
• Protection Server
• Light Agent for Windows
• Light Agent for Linux

The integrity check of the application components files and modules is performed using the integrity_check_tool utility. The utility checks the integrity of files and modules listed in special lists called manifest files. The manifest file for an application component lists the files and modules integrity of which is critical for correct operation of the application component. The integrity of the manifest files is also checked.

During the integrity check of Light Agent for Windows files and modules, the presence of the following Light Agent functional components on the virtual machine is also checked:

• File Anti-Virus.
• Mail Anti-Virus.
• Web Anti-Virus (only on virtual machines with desktop operating systems).
• System Watcher.
• AMSI Protection (except for virtual machines with an OS version earlier than Windows 10 or Windows Server 2016).
• Application Startup Control.
• Web Control (only on virtual machines with desktop operating systems).
• System Integrity Monitoring (only on virtual machines with server operating system).
• Application Privilege Control (only on virtual machines with desktop operating systems).
• Integration with Kaspersky Endpoint Agent.

Light Agent for Windows files and modules integrity check fails if the specified functional components are not installed on the virtual machine.

Location of manifest files and integrity check utilities

• MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent – Protection Server:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check.xml.
  • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.svm.plg\integrity_check_tool.exe.
• MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Windows:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.windows.plg\integrity_check.xml.
  • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.windows.plg\integrity_check_tool.exe.
• MMC management plug-in for Kaspersky Security for Virtualization 5.2 Light Agent for Linux:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.linux.plg\integrity_check.xml.
  • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\ksvla5_2.linux.plg\integrity_check_tool.exe.
• Protection Server:
  • Combined manifest file for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check.xml.
  • Protection Server manifest file: /opt/kaspersky/la/config/integrity.xml.
  • Network Agent for Linux manifest file: /opt/kaspersky/la/config/klnagent_integrity.xml.
  • Integrity check tool for the Protection Server and Network Agent for Linux: /opt/kaspersky/la/bin/integrity_check_tool.
• Integration Server:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check.xml.
  • Integrity check tool: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check_tool.exe.
• Integration Server Console:
  • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check.xml.
  • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check_tool.exe.
• Light Agent for Windows:
  • Manifest file depending on the operating system:
    • %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check.xml – for 64-bit operating systems.
    • %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check.xml – for 32-bit operating systems.
  • Integrity check utility depending on the operating system:
    • %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check_tool.exe – for 64-bit operating systems.
    • %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Virtualization 5.2 Light Agent\integrity_check_tool.exe – for 32-bit operating systems.
• Light Agent for Linux:
  • Combined manifest file for Light Agent for Linux and Network Agent for Linux: /opt/kaspersky/lightagent/bin/integrity_check.xml.
  • Light Agent for Linux manifest file: /opt/kaspersky/lightagent/config/integrity.xml.
  • Network Agent for Linux manifest file: opt/kaspersky/lightagent/config/klnagent_integrity.xml.
  • Integrity check utility for Light Agent for Linux and Network Agent for Linux: /opt/kaspersky/lightagent/bin/integrity_check_tool.

Starting integrity check utility for the application components

To run the integrity check utility on the SVM and on the virtual machine with Light Agent for Linux installed, the root account is required. An administrator account is required for running the integrity check utility for all other application components.

To check the integrity of an application component, run the utility from the folder where the utility is located for this component by executing one of the following commands:

• In Windows operating system:

  integrity_check_tool.exe -v[|--verify] -m[|--manifest] <path to the manifest file>

• In Linux operating system:

  integrity_check_tool -v[|--verify] -m[|--manifest] <path to the manifest file>

where <manifest file path> is the full path to the manifest file of the component.

You can run the tool with the following optional settings:

• -V, --verbose – display additional information about successfully checked files and modules. If this setting is not specified, only the check result (succeeded/failed), information about errors and general check statistics are displayed.
• -L, --log-file <file>, where <file> is the name of the file where the events that occurred during the scan are logged. By default, the events are sent to the standard stdout stream.
• -l, --log-level <0-1000>, where <0-1000> is the verbosity level for events. The default verbosity level is 0.

You can view the description of all available integrity check tool options in the tool options help. To do this, run the utility with the -h [--help] setting.

Application components integrity check results

Application components integrity check results are displayed as follows:

• SUCCEEDED – integrity of the files and modules is confirmed (return code 0).
• FAILED – integrity of the files is not confirmed (return code is other than 0).

Page top