Kaspersky Security for Virtualization 6.2 Light Agent
6.2
English

Checking the integrity of solution components

Kaspersky Security solution components contain many different binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker may replace one or more solution modules or files with other modules or files containing malicious code. To prevent the replacement of solution modules and files, Kaspersky Security can check the integrity of solution files and modules. The check detects the presence of unauthorized changes or damage to files and modules of the solution components. If a solution file or module has an incorrect checksum, it is considered corrupted.

The integrity of Kaspersky Security solution components is checked using the integrity check utility. Special lists called manifest files are used to perform the integrity check. The manifest file for a solution component lists the files and modules whose integrity is critical for correct operation of the solution component. The manifest files are digitally signed and their integrity is checked as well.

You can use the integrity check utility to check the integrity of files and modules of the following solution components:

  • Components installed on SVMs: Protection Server and Kaspersky Security Center Network Agent
  • Windows-based Integration Server and Linux-based Integration Server
  • Integration Server Console
  • Management web plug-ins for the Protection Server and Integration Server
  • Protection Server management MMC plug-in
  • Light Agent for Linux and Light Agent for Linux management plug-ins (Kaspersky Endpoint Security for Linux)

To run the integrity check tool on the SVM and on the virtual machine with Light Agent for Linux installed, you need the root account. An administrator account is required for running the integrity check tool for all other solution components.

For detailed information about checking the integrity of Light Agent for Linux and the Light Agent for Linux management plug-ins, see the Kaspersky Endpoint Security for Linux Help of the relevant version.

For detailed information on performing a Kaspersky Security Center Network Agent integrity check, see the Kaspersky Security Center Help.

For Light Agent for Windows (Kaspersky Endpoint Security for Windows), the application integrity is checked using a special task (for more information, see the Kaspersky Endpoint Security for Windows Help of the relevant version).

The manifest files and tool for checking the integrity of the Protection Server, management plug-ins for the Protection Server, Integration Server, and Integration Server Console are located at the following paths:

  • To perform an integrity check of the Protection Server installed on the SVM:
    • Manifest file: /opt/kaspersky/la/bin/integrity_check.xml
    • Integrity check tool: /opt/kaspersky/la/bin/integrity_checker
  • To check the Linux-based Integration Server:
    • Manifest file: /opt/kaspersky/viis/bin/integrity_check.xml.
    • Integrity check utility: /opt/kaspersky/viis/bin/integrity_checker.
  • To check the Windows-based Integration Server:
    • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_check.xml.
    • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\integrity_checker.exe.
  • To check the Integration Server Console:
    • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_check.xml.
    • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\integrity_checker.exe.
  • To check the Protection Server management MMC plug-in:
    • Manifest file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVLA<version number>.SVM.plg\\integrity_check.xml.
    • Integrity check utility: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSVLA<version number>.SVM.plg\integrity_checker.exe.
  • To check the management web plug-ins for the Protection Server and Integration Server
    • Manifest file for the Protection Server web plug-in:
      • /var/opt/kaspersky/ksc-web-console/server/plugins/svm_<version number>/integrity_check.xml – for the Protection Server web plug-in on devices with Linux operating systems
      • %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\server\plugins\svm_<version number>\integrity_check.xml – for the Protection Server web plug-in on devices with Windows operating systems
    • Manifest file for the Integration Server web plug-in:
      • var/opt/kaspersky/ksc-web-console/server/plugins/VIISLA_<version number>/integrity_check.xml – for the Integration Server web plug-in on devices with Linux operating systems
      • %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\server\plugins\VIISLA_<version number>\integrity_check.xml – for the Integration Server web plug-in on devices with Windows operating systems
    • Integrity check tool:
      • /var/opt/kaspersky/ksc-web-console/integrity_checker – on devices with Linux operating systems
      • %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\integrity_checker.exe – on devices with Windows operating systems

To check the integrity of a solution component, you need to run the tool from the folder of that component's tool.

To run the integrity check utility, run one of the following commands:

  • To check the integrity of the Protection Server:

    integrity_checker --signature-type kds-with-filename [<path to manifest file>]

  • To check the integrity of the MMC management plug-in of the Protection Server, Windows-based Integration Server or Integration Server Console:

    integrity_checker.exe --signature-type kds-with-filename [<path to manifest file>]

  • To check the integrity of the Linux-based Integration Server:

    integrity_checker --signature-type kds-with-filename [<path to manifest file>]

  • To check the integrity of management web plug-ins on devices with Linux operating systems:

    integrity_checker --signature-type kds-with-filename [<path to manifest file>]

  • To check the integrity of management web plug-ins on devices with Windows operating systems:

    integrity_checker.exe --signature-type kds-with-filename [<path to manifest file>]

where <path to manifest file> is the full path to the manifest file of the component being checked. By default, the path to the manifest file located in the same directory as the integrity check utility is used.

You can view the description of all available integrity check utility options in the utility options help. To do this, run the tool with the --help option.

The results of checking the integrity of solution components are displayed as follows:

  • SUCCEEDED – integrity of the files and modules is confirmed (return code 0).
  • FAILED – integrity of the files is not confirmed (return code is other than 0).
Article ID: 262066, Last review: Apr 17, 2025
Page top