Kaspersky Security solution components contain many different binary modules in the form of dynamic-link libraries, executable files, configuration files, and interface files. A hacker may replace one or more solution modules or files with other modules or files containing malicious code. To prevent the replacement of solution modules and files, Kaspersky Security can check the integrity of solution files and modules. The check detects the presence of unauthorized changes or damage to files and modules of the solution components. If a solution file or module has an incorrect checksum, it is considered corrupted.
The integrity of Kaspersky Security solution components is checked using the integrity check utility. Special lists called manifest files are used to perform the integrity check. The manifest file for a solution component lists the files and modules whose integrity is critical for correct operation of the solution component. The manifest files are digitally signed and their integrity is checked as well.
You can use the integrity check utility to check the integrity of files and modules of the following solution components:
To run the integrity check tool on the SVM and on the virtual machine with Light Agent for Linux installed, you need the root account. An administrator account is required for running the integrity check tool for all other solution components.
For detailed information about checking the integrity of Light Agent for Linux and the Light Agent for Linux management plug-ins, see the Kaspersky Endpoint Security for Linux Help of the relevant version.
For detailed information on performing a Kaspersky Security Center Network Agent integrity check, see the Kaspersky Security Center Help.
For Light Agent for Windows (Kaspersky Endpoint Security for Windows), the application integrity is checked using a special task (for more information, see the Kaspersky Endpoint Security for Windows Help of the relevant version).
The manifest files and tool for checking the integrity of the Protection Server, management plug-ins for the Protection Server, Integration Server, and Integration Server Console are located at the following paths:
To check the integrity of a solution component, you need to run the tool from the folder of that component's tool.
To run the integrity check utility, run one of the following commands:
integrity_checker --signature-type kds-with-filename [<path to manifest file>]
integrity_checker.exe --signature-type kds-with-filename [<path to manifest file>]
integrity_checker --signature-type kds-with-filename [<path to manifest file>]
integrity_checker --signature-type kds-with-filename [<path to manifest file>]
integrity_checker.exe --signature-type kds-with-filename [<path to manifest file>]
where <path to manifest file> is the full path to the manifest file of the component being checked. By default, the path to the manifest file located in the same directory as the integrity check utility is used.
You can view the description of all available integrity check utility options in the utility options help. To do this, run the tool with the --help option.
The results of checking the integrity of solution components are displayed as follows:
SUCCEEDED – integrity of the files and modules is confirmed (return code 0).FAILED – integrity of the files is not confirmed (return code is other than 0).