HQ Ghent office Brusselsesteenweg 360 9090 Melle +32 9 265 80 50 Brussels office Rue des Colonies 11 1000 Brussels Antwerp office Uitbreidingsstraat 84 2600 Antwerpen KASPERSKY UPDATE Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows Version 10.2.4.674 30.11.2015 Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows (hereinafter also referred to as the application or as Kaspersky Endpoint Security) gives corporate users all-in-one protection against digital threats. WHAT'S NEW IN KASPERSKY ENDPOINT SECURITY 10 SERVICE PACK 1 MAINTENANCE RELEASE 2 FOR WINDOWS Support of the Microsoft Windows 10 Pro / Enterprise operating system has been added. A new component named BadUSB Attack Prevention has been added. BadUSB Attack Prevention allows you to prevent your computer from connection with reprogrammed USB devices that emulate keyboards. When a USB device is connected to the computer and identified as a keyboard by the operating system, the component prompts the user to authorize the newly connected device. Any keyboard that has not passed authorization will be blocked. The full disk encryption (FDE) functionality has been improved: o Support of the following keyboard layouts has been added in Authentication Agent: AZERTY (Belgium), ЙЦУКЕН (Russia, for 105-key IBM/Windows keyboards), QWERTY (Japan, 106 Japanese). o Support of authorization in Authentication Agent through the following devices has been added: SafeNet etoken 4100-72K (Java), Gemalto IDPrime.NET (511), Rutoken ECP Flash. o Support of USB 3.0 devices in Authentication Agent has been added. The option of filtering by local address, physical interface, and packet time-to-live (TTL) has been added in Firewall rules. IMPAKT nv www.impakt.be sales@impakt.be BTW BE 435 783 980 IBAN BE 97 3101 6039 5549
New options have been added for report management: o The option of protecting the application reports with a password has been added. o The set of security audit events has been extended. A few changes have been made to fix some vulnerabilities, including: o Conversion to the OpenSSL 1.0.1.p library has been performed. o Changes have been made to prevent POODLE attacks on the application. o Conversion to the secure (https) channel for application dumps has been performed. o For other vulnerabilities that have been fixed please click http://support.kaspersky.com/vulnerability.aspx?el=12430 The default value for the local setting of product update installation has been changed from "Install critical and approved updates" to "Install only approved updates". MINIMUM CONFIGURATION For the application to work properly, the computer must meet the following requirements: General requirements: Intel Pentium 1 GHz or faster 1 GB of RAM 2 GB of free disk space on the hard drive Microsoft Internet Explorer 7.0 or later Microsoft Windows Installer 3.0 or later An Internet connection for activating the application and for updating databases and application modules Operating systems: Microsoft Windows 10 Pro x86 / х64 Microsoft Windows 10 Enterprise x86 / х64 Microsoft Windows 8.1 Pro x86 / х64 Microsoft Windows 8.1 Enterprise x86 / х64 Microsoft Windows 8 Pro x86 / х64 Microsoft Windows 8 Enterprise x86 / х64 Microsoft Windows 7 Professional x86 / х64 SP1 or later Microsoft Windows 7 Enterprise / Ultimate x86 / х64 SP1 or later Microsoft Windows 7 Professional x86 / х64 Microsoft Windows 7 Enterprise / Ultimate x86 / х64 Microsoft Windows Vista x86 / х64 SP2 or later Microsoft Windows XP Professional x86 SP3 or later Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 2 van 7
Microsoft Windows Server 2012 R2 Standard / Essentials / Enterprise х64 (ReFS file system is supported with limitations, Server Core and Cluster Mode configurations are not supported) Microsoft Windows Server 2012 Foundation / Standard / Essentials х64 (ReFS file system, Server Core and Cluster Mode configurations are not supported) Microsoft Small Business Server 2011 Standard / Essentials х64 Microsoft Windows MultiPoint Server 2011 х64 Microsoft Windows Server 2008 R2 Standard / Enterprise / Foundation х64 SP1 or later Microsoft Windows Server 2008 R2 Standard / Enterprise / Foundation х64 Microsoft Windows Server 2008 Standard / Enterprise х86 / х64 SP2 or later Microsoft Small Business Server 2008 Standard / Premium x64 Microsoft Windows Server 2003 R2 Standard / Enterprise x86 / x64 SP2 or later Microsoft Windows Server 2003 Standard / Enterprise x86 / x64 SP2 or later Microsoft Windows Embedded 8.0 Standard x64 Microsoft Windows Embedded 8.1 Industry Pro x64 Microsoft Windows Embedded Standard 7* x86 / x64 SP1 Microsoft Windows Embedded POSReady 7* x86 / x64 Features and Limitations: o For Windows 10 support features please see: http://support.kaspersky.com/12515. o According to Microsoft requirements for hardware configurations of devices running on Microsoft Windows Embedded 8.0 Standard x64 (Standard 8) or Microsoft Windows Embedded 8.1 Industry x64 (Industry 8.1), it is recommended to use the product on devices with two or more gigabytes of RAM. o File level encryption (FLE) and full disk encryption (FDE) functionality is not supported on embedded operating systems. Supported virtual platforms: VMWare Workstation 9, 10, 11 VMWare ESXi 5.5.0, 1623387 (5.5 update 1) VMWare ESXi 5.5.0, 2068190 (5.5 update 2) Microsoft Hyper-V 3.0 (Windows Server 2012) Citrix XenServer 6.2 Citrix XenDesktop 7.6 Citrix Provisioning Server 7.1 Features and Limitations: o To enable Kaspersky Endpoint Security compatibility with Citrix PVS, installation has to be performed with the following command line parameter: /pcitrixcompatibility=1. In case of Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 3 van 7
remote installation, the kud file has to be edited by adding the following parameter: /pcitrixcompatibility=1. o Installation of Kaspersky Endpoint Security on a computer running on Microsoft Windows XP that has been started on Citrix XenDesktop is not supported. o Images cannot be created using Target Device from computers running on Microsoft Windows XP and Microsoft Windows Vista with Kaspersky Endpoint Security installed. APPLICATION COMPATIBILITY WITH KASPERSKY SECURITY CENTER The application is compatible with Kaspersky Security Center 10 Service Pack 1 Patch D. For remote application management through Kaspersky Security Center, you need to install Network Agent on the computer. For detailed information, refer to the Kaspersky Security Center Administrator's Guide. If you are upgrading Kaspersky Endpoint Security on a computer managed by Kaspersky Security Center, you must perform the following actions: 1. Decrypt all disks that have been encrypted using full disk encryption (FDE). 2. Upgrade Network Agent to the version, which is compatible with the application. 3. Install the application update using any available method (from the full distribution package or using the Kaspersky Lab updates service, see below for details). APPLICATION COMPATIBILITY WITH AES ENCRYPTION MODULES Important! The application is compatible with AES Encryption Module version 1.1.0.73. Interoperation of Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows and AES Encryption Module versions.0.0.724, 1.0.1.814 and 1.0.2.1068 is not supported. If you are upgrading the application to version Service Pack 1 Maintenance Release 2 with any of the supported versions, AES Encryption Module versions 1.0.0.724, or 1.0.1.814, or 1.0.2.1068 is installed on the computer, but you do not intend to use encryption and you want to remove Encryption Module from the computer, or you want to replace the current Encryption Module with a module with a different key size, you can perform this using any of the following methods: Before installing the application upgrade to version Service Pack 1 Maintenance Release 2, remove your current AES Encryption Module (and, if necessary, install a module with a different key size). Together with the application update, install the update for the current AES Encryption Module to upgrade it to version Service Pack 1 Maintenance Release 2; after that, remove Encryption Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 4 van 7
Module (and, if necessary, install AES Encryption Module version Service Pack 1 Maintenance Release 2 with a different key size). Note that you have to decrypt all hard disks that have been encrypted using full disk encryption (FDE), before removing Encryption Module. No access to folder level encryption (FLE) files will be provided after you remove Encryption Module. INSTALLING OR UPGRADING THE APPLICATION FROM THE DISTRIBUTION PACKAGE To install the application locally, run the setup.exe file from the full distribution package and follow the Setup Wizard instructions. See the Administrator's Guide for more details on how to install the application. During installation, Kaspersky Endpoint Security detects and allows you to uninstall applications that may affect the performance of the user's computer or cause other problems (even to the point of complete inoperability) when running at the same time as the product. The full list of incompatible software is available at http://support.kaspersky.com/9371. You can upgrade the following applications to Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows during installation from the full distribution package: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 CF1 (build 6.0.4.1424), MP4 CF2 (build 6.0.4.1611) Kaspersky Anti-Virus 6.0 for Windows Servers MP4 CF1 (build 6.0.4.1424), MP4 CF2 (build 6.0.4.1611) Kaspersky Endpoint Security 8 for Windows (build 8.1.0.646), CF1 (build 8.1.0.831), CF2 (8.1.0.1042) Kaspersky Endpoint Security 10 for Windows (build 10.1.0.867) Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows (build 10.2.1.23) Kaspersky Endpoint Security 10 Service Pack 1 for Windows (build 10.2.2.10535) Kaspersky Endpoint Security 10 Service Pack 1 for Windows (build 10.2.2.10535(MR1)). Upgrading from beta versions to Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows is not supported. Note that no update can be installed if the computer has hard disks that have been encrypted using full disk encryption (FDE). You need to decrypt all hard disks before installation of an update. Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 5 van 7
The application distribution package includes AES Encryption Module version 1.1.0.73. When installing encryption components of hard drives and removable drives (FDE) or encrypting files and folders (FLE), the module installation will start automatically. If AES Encryption Module versions 1.0.0.724, 1.0.1.814, or 1.0.2.1068 are installed on the computer, it will start upgrading to version 1.1.0.73 automatically. UPGRADING THE APPLICATION USING THE KASPERSKY LAB UPDATE SERVICE Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows and AES Encryption Module (build 1.1.0.73) can be installed using the Kaspersky Lab update service. You can upgrade the following applications using the Kaspersky Lab update service: Kaspersky Endpoint Security 10 Service Pack 1 for Windows (build 10.2.2.10535) Kaspersky Endpoint Security 10 Service Pack 1 for Windows (build 10.2.2.10535(MR1)). AES Encryption Module from the Kaspersky Endpoint Security 10 Service Pack 1 distribution package (Encryption Module build 1.0.2.1068). Upgrading from beta versions to Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows is not supported. Please note the features of the application upgrading using the Kaspersky Lab update service: An update cannot be installed if incompatible private patches have been installed on your computer. Click the following link to view the list of private patches, which are compatible with the update: http://support.kaspersky.com/12508. After you install an update, you will not be able to roll back to the previous application version. If the computer is managed by Kaspersky Security Center, you need to install the application management plug-in version Service Pack 1 Maintenance Release 2 before installing the update, prepare it using a policy, and distribute it on computers on which you intend to install updates. No update can be installed if the computer has hard disks that have been encrypted using full disk encryption (FDE). You need to decrypt all hard disks before installation of an update. Before installation of an update, you must read the text of the End User License Agreement and confirm your acceptance of its terms. If you do not confirm your acceptance, the update will not be installed. If the computer is managed by Kaspersky Security Center, you can confirm your acceptance using the Kaspersky Security Center console, in the Application Management node, in the Software Updates section. If the application has been installed in stand-alone mode (without management using Kaspersky Security Center), you can confirm your acceptance in the local interface of the application. To complete the update installation, you must restart your computer. Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 6 van 7
The full disk encryption (FDE) functionality will remain blocked until installation of the application updates is complete. After the update is installed, the setting of application update installation will change to "Install only approved updates". If Encryption Module for Kaspersky Endpoint Security 10 Service Pack 1 is installed on the computer (Encryption Module build 1.0.2.1068), it also must be upgraded to version Service Pack 1 Maintenance Release 2. Please note the features of Encryption Module updating: After you install an Encryption Module update, you will not be able to roll back to the previous version of Encryption Module. No Encryption Module update can be installed if the computer has hard disks encrypted using full disk encryption (FDE). You need to decrypt all hard disks before installation of an update. Before installation of an Encryption Module update, you must read the text of the End User License Agreement and confirm your acceptance of its terms. If you do not confirm your acceptance, the update will not be installed. To complete the Encryption Module update installation, you must restart your computer, keeping in mind that: o Installation of an update for AES Encryption Module (56 bit) can be performed concurrently with the application update installation during a single restart of your operating system. o Installation of an update for AES Encryption Module (256 bit) can only be performed after the application update is complete. Thus, you have to restart your computer twice to complete full update of the application and Encryption Module. LIMITATIONS AND KNOWN ISSUES You can view the list of limitations and known errors by clicking the following link: http://support.kaspersky.com/12501. FIXED ERRORS You can view the list of fixed errors by clicking the following link: http://support.kaspersky.com/12508. 2015 AO Kaspersky Lab. All Rights Reserved. Auteur: Nancy Nimmegeers Datum: 9-dec-15 Versie: 1 Pagina 7 van 7