Kaspersky Security Center 9.0 Critical Fix 3 (9.3.75) _________________________________________________________________________ GENERAL DESCRIPTION Kaspersky Security Center is a tool designed for centralized management of comprehensive protection system for enterprise networks. Kaspersky Security Center provides the administrator access to detailed information about the security level of an enterprise network and allows flexible configuration of protection system components. This application version can be used for both the initial setup of Kaspersky Security Center, and updating Kaspersky Administration Kit 8.0 and earlier versions of the application. ------------------------------------------------------------------------- INSTALLING AND UPDATING The following procedure is recommended to upgrade the application: 1) Read this document carefully and determine whether you need this update. 2) Back up Administration Server data using klbackup.exe utility or the Administration Server backup tasks. Please note that complete restoration of the Administration Server data requires saving the Server certificate. 3) Run the installation of Kaspersky Security Center 9.3.75 on a computer with Administration Server installed and update this version of Administration Server. Reverse compatibility of Administration Server versions is supported. All data related to the previous version of the Administration Server version is stored after update. 4) Create a task of remote installation of Network Agent 9.3.75 to corporate computers: a group task or a task for specific computers. Run the task manually or according to a schedule. After the task is completed, Network Agent will be updated on client computers. ------------------------------------------------------------------------- WHAT'S NEW Changes made to version 9.3.75 (Kaspersky Security Center 9.0 Critical Fix 3) as compared with version 9.2.69 (Kaspersky Security Center 9.0 Critical Fix 2): - New settings for connection with a connection gateway have been added. - Performance of update agents has been optimized. - Administration Server applies forced termination to unused connections. - The feature of import of a list of computers from a file when creating a task has been added. Changes made to version 9.2.69 (Kaspersky Security Center 9.0 Critical Fix 2) as compared with version 9.0.2825 (Kaspersky Security Center 9.0 Critical Fix 1): - Support of Kaspersky Security for Virtualization 1.1 has been added. - The error of display of dialog boxes for the management plugin of Kaspersky Antivirus for Windows Servers Enterprise Edition 8.0 has been fixed. - The problem with decreased performance and probable blocking of Administration Server with a large number of remote installation tasks running concurrently, has been fixed. - The error occurring when deleting the remote installation task that has created a group policy object in Active Directory, has been fixed. - A set of errors causing abort and decreased performance of Administration Server, has been fixed. - Disabling the Applications registry functionality clears the lists of applications on corresponding managed computers. - The error causing display of two copies of Network Agent in Applications registry, has been fixed. - The option to use NTLM authentication for the KSN Proxy component has been added. - The option of key file export has been added. - The option to view allocation rules created using the automation interface, has been added in Administration Console. Changes made to version 9.0.2825 (Kaspersky Security Center 9.0 Critical Fix 1) as compared with version 9.0.2786 (Kaspersky Security Center 9.0): - The option of forced category updating and the option to specify a period of forced updating have been added. - The problem with KSN Proxy service halting in case Administration Server is installed on a cluster has been solved. - The option to export lists to text files has been added in dialog boxes of Administration Console. - The display of the equipment registry report in case the MySQL database server is used has been improved. - The error of automatic assignment of update agents has been fixed. - The error of high workload on the CPU from Network Agent and Administration Server has been fixed. - The error of high workload on the CPU when updating Administration Server has been fixed. - The option to select the Windows Updates search mode has been added to the policy properties window of Network Agent. - By default, network poll is disabled for automatically appointed update agents. - The column in public view in the database v_akpub_host.bHasUpadateAgent has been fixed. - The error in Kaspersky Event Log appearing as "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `__ttmp_wus_delete_patch_host_states`" has been fixed. - Administration Server is not blocked when processing the list of vulnerabilities. - The errors in Kaspersky Event Log appearing as "Violation of PRIMARY KEY constraint 'PK__#ftsrch___28005A2F2FC8F19C'." have been fixed. - The error of display of the up-to-date versions of applications in case the MySQL Database Server is used has been fixed. - A number of errors in the update of Kaspersky Administration Kit 8.0 version have been fixed. - Network Agent does not stop running in case incomplete data are received from Windows Update Agent. - Potentially high workload on the SQL server when the option to collect information about Windows updates is enabled and when receiving information about device drivers from Windows Update Agent, has been fixed. - The empty list of Windows updates in localizations other than RU, EN, FR, and DE, has been fixed. - The increasing workload on the disk subsystem of client computers after updating Kaspersky Administration Kit 8.0 when Kaspersky Administration Kit 8.0 provides remote scheduled installation tasks, has been fixed. - The error of display of the progress status of Windows update installation tasks and the error of closure of vulnerabilities after restarting computers have been fixed. - The potential failure in Administration Server's operation after removing an active task of remote installation has been fixed. - The error occurring when running the group task of remote installation on computers connected to the virtual Administration Server if installation packages have been transferred from the master Administration Server instead of being created on the virtual Server, has been fixed. - The option to disable Windows update search has been added for Network Agent. - The potential closure of Network Agent in case data of installed applications are received, has been fixed. - The algorithm used for synchronizing data of incompatible applications between Administration Server and Network Agent. - The error of automatic applying of Network Agent updates on client computers running under virtual Administration Servers, has been fixed. Changes made to the version 9.0.2786 (Kaspersky Security Center 9.0) as opposed to the version 8.0.2134 (Kaspersky Administration Kit 8.0 CF 2): - Functionality of virtual Administration Server has been added. - The Kaspersky Security Center Web-Console component has been added. - The applications control functionality has been added. - The functionality of centralized collection of information about the condition of software on managed computers has been added. - The functionality of centralized applications registry has been expanded. - The functionality of controlling vulnerabilities in applications on managed computers has been added. - Support of Windows Failover Clustering has been added for the Administration Server. - The functionality of updating the description of incompatible applications when creating installation packages for anti-virus applications has been added. - The option of receiving notifications on new versions of corporate applications from Kaspersky Lab and the option of retrieving new versions within the Administration Server update task have been added. - The functionality of synchronizing the structure of Active Directory with that of administration groups has been expanded. - The set of reports and information panels has been expanded. - The mechanism of automatic assignment of update agents has been implemented. - The option of network polling and remote installation of applications using Network Agent has been added. - The user interface of the Administration Console has been reworked. - The option of using connection gateway has been added. A connection gateway can be used to manage client computers that do not have a direct connection to the Administration Server (for example, if client computers are located outside a corporate network while the Administration Server is within one). - A dedicated installer for the Administration Console has been added. A mode of full-text information search via the Administration Console has been implemented. - Support of dynamic mode for Virtual Desktop Infrastructure (VDI) has been implemented. - The function of identifying virtual machines has been implemented: now you can perform the search and set rules for moving computers according to the settings of a virtual machine. - The volume of data transferred from the Administration Server to update agents, has been optimized. - Support of MS SQL 2000 has been discontinued. - The Connection Manager component has been added, which allows setting time intervals for transfer of data from Network Agent to the Server. - The option of managing interactions with Microsoft NAP in the policy of Network Agent has been added. - The option of creating Kaspersky Security Center accounts that are not Windows user accounts, has been added. - The option of excluding selected administration groups from the scope of a task has been added. - A dedicated installer has been developed for the installation of Kaspersky Security Center System Health Validator: its distribution package has been excluded from the application. - The display of computers in administration groups has been optimized. No limit can be set to the number of computers included in a group. ------------------------------------------------------------------------- LIST OF KNOWN ISSUES - In case Administration Server is installed on the cluster, automatic installation of Administration Server patches cannot be activated (176434). - Update Agent and Connection Gateway components cannot be used under Linux and Mac platforms (175425, 136018, 149884). - Errors may occur when performing remote upgrade of Network Agent from version 6.0 to version 9.0 (158793). - An error may occur when upgrading Administration Server from version SC 9 CF3 (9.3.75) to version SC 10 (10.0.3361). To solve this issue, please restart the Installer of SC 10 (10.0.3361). ------------------------------------------------------------------------- ADDITIONAL SOURCES OF INFORMATION You can use the following sources to find information about the application on your own: - page on Kaspersky Lab website: http://www.kaspersky.com/security-center; - page on Technical Support Service website (Knowledge Database): http://support.kaspersky.com/remote_adm; - help system: Full Help; - documentation: Administrator's Guide, Implementation Guide, Getting Started. ------------------------------------------------------------------------- © 2012 Kaspersky Lab ZAO. All Rights Reserved.