Kaspersky Endpoint Security 8 for Linux TR (8.0.0.35) RELEASE NOTES ============================================================================== Version released on: 05/23/2011 Table of Contents: * What's new? * Product Overview * System Requirements * Product Installation * Known Issues & Workaround What's new? -------------------------------------------------------------------------------- The following changes and improvements are introduced in Kaspersky Endpoint Security 8 for Linux TR (8.0.0.35) (further 'the application') * the application installation process involves installation of 2 separate packages: - RPM's: - kes4lwks-8.0.0-35.i386.rpm - klnagent-8.0.0-653.i386.rpm - DEB's - kes4lwks_8.0.0-35_i386.deb - klnagent_8.0.0-653_i386.deb * The application combines functionality both of previous version of the Kaspersky Anti-Virus 5.7 for Linux Workstations and of Kaspersky Anti-Virus 5.5 for SAMBA, being able to intercept file access operations at two levels: a kernel level (kernel module) interceptor and a SAMBA interceptor; * New ways to manage application operation: * support for remote administration using Kaspersky Administration Kit; * support for remote product installation via Kaspersky Administration Kit (The Kaspersky Administration Agent must be installed); * centralized management of the application life cycle and performance of on-demand scan, real-time protection, and Anti-Virus base update tasks; * centralized storage of application configuration settings; application operation settings are no longer stored in text configuration files. Text files are used only to provide the capability for the Administrator to edit the settings using a text editor. To take effect, settings from the text file then have to be imported into the central settings repository. * New local Graphical User Interface, integrating into KDE and GNOME desktop environments,allowing the end-user to keep track of the Anti-Virus activities, easily perform file system scan and anti-virus base update tasks. * Enhanced Anti-Virus Protection: * new Kaspersky Endpoint Security Engine; * heuristic engine (emulator) included; * support for archive contents curing; * Enhanced Anti-Virus Protection configuration: * several scan areas could be specified in a single protection task; * scan settings could be specified for each area individually; * scan areas could be specified by: - full file system path name; - device name; - network access type (Shared, Mounted); - network access protocol (SMB/CIFS, NFS); - remote resource name (SAMBA share name, NFS shared folder); * the scan area definition supports ECMA-262 Regular Expressions; * several exclusion rules could be specified for a single scan area; * actions to be taken with objects could be specified based on the type of threat detected; * the task start/stop scheduling capabilities are enhanced; * Enhanced Real-Time Protection configuration: * a list of users/groups could be specified for a scan area that makes the Real-Time Protection check only the specified user file access attempts; * file operation interceptors could be specified; the available interceptors are: kernel-mode interceptor, SAMBA interceptor or both; * the SAMBA shared resources availability in case of the Anti-Virus is inaccessible could be configured * New Quarantine and Backup storage administrative capabilities allow you to: * move objects to quarantine manually; * search for quarantined objects (by object attribute); * delete found objects; * restore found objects; * rescan objects; * save part of the quarantine or backup storage in an archive (to reduce the amount of used disk space); * import objects from the archive into the quarantine or backup storage; * inform the user that the storage size limit is exceeded; * ACL information is stored in Q/B; * The following application monitoring features have been expanded: * Tools for obtaining - general Anti-Virus information; - Anti-Virus base versions; - license status; - application components status; - Anti-Virus task execution results; - the state of the quarantine and backup storage; - the Anti-Virus Protection tasks statistics; - the Anti-virus Update task statistic; - Quarantine/Backup current state and statistics; - the Virus Activity statistics. * Tools for retrospective analysis of application operation, allowing to: - collect, process, and store the statistics on application operation; - display the application operation statistics collected over a user-specified period of time; - audit the following aspects of application operation: creating/ starting/stopping Anti-Virus tasks, modifying Kaspersky Anti-Virus settings, Administrator actions on objects in the quarantine and backup storage, etc.; * Tools for creating reports on application operation, based on collected statistics, and tools for exporting reports (HTML and CSV formats are supported). * Monitoring application operation and virus activity. The data is stored in the centralized repository of application events. The application provides its own tools for searching, displaying, and analyzing data on its operation. The application administration tools allow the Administrator to execute some event storage administration activities, such as event storage cleaning and event storage data rotation. Product Overview -------------------------------------------------------------------------------- Kaspersky Endpoint Security for Linux is designed to provide protection of workstations running Linux operating systems. Kaspersky Endpoint Security for Linux allows to: * Ensure real-time protection of the file system against malicious code: intercept and analyze attempts to access files, disinfect and delete infected objects. * Scan objects on-demand: search infected and suspicious files; analyze files; disinfect or delete infected files. * Quarantine suspicious and infected files. * Create a copy of an infected object in the backup storage before disinfect or delete attempt to make it possible to restore such an object. * Update the anti-virus bases; the base could be updated from the Kaspersky Lab's updates servers, the Customer update server, the Kaspersky Administration Kit server or from a local folder. * Control Kaspersky Endpoint Security using the command-line configuration utility or local GUI. System Requirements -------------------------------------------------------------------------------- Minimal hardware requirements: * processor Intel Pentium II 400 MHz or higher; * 1 GB RAM. * 1 GB of swap * 2 GB free hard drive space for installation of the application and storage of temporary files. Software requirements: 1. Supported operating systems: 32-bit operating systems * Red Hat Enterprise Linux 6 Desktop * Red Hat Enterprise Linux 5.5 Desktop * Fedora 14 * CentOS-5.5 * SUSE Linux Enterprise Desktop 10 SP3 * SUSE Linux Enterprise Desktop 11 SP1 * openSUSE Linux 11.3 * Mandriva Linux 2010.2 * Ubuntu 10.04.2 LTS Desktop * Debian GNU/Linux 6.0.1 64-bit operating systems * Red Hat Enterprise Linux 6 Desktop * Red Hat Enterprise Linux 5.5 Desktop * Fedora 14 * CentOS-5.5 * SUSE Linux Enterprise Desktop 10 SP3 * SUSE Linux Enterprise Desktop 11 SP1 * openSUSE Linux 11.3 * Ubuntu 10.04.2 LTS Desktop * Debian GNU/Linux 6.0.1 2. Perl interpreter - version 5.0 or higher (www.perl.org). 3. The which utility installed. 4. Software compilation packages installed (gcc, binutils, glibc-devel, make, ld), Linux kernel sources for compiling the kernel-mode interceptor. 5. libc6-i386 library should be installed on 64-bit Debian and 64-bit Ubuntu prior to the Anti-Virus packages installation. 6. The minimum recommended screen resolution is 1024*768 Product Installation -------------------------------------------------------------------------------- Installation from scratch: To install the product run the following commands: - on 32-bit OS's - using rpm package manager: # rpm -i kes4lwks-8.0.0-35.i386.rpm # /opt/kaspersky/kes4lwks/bin/kes4lwks-setup.pl # rpm -i klnagent-8.0.0-653.i386.rpm # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - using dpkg package manager: # dpkg -i kes4lwks_8.0.0-35_i386.deb # /opt/kaspersky/kes4lwks/bin/kes4lwks-setup.pl # dpkg -i klnagent_8.0.0-653_i386.deb # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - on 64-bit OS's - using rpm package manager: # rpm -i kes4lwks-8.0.0-35.i386.rpm # /opt/kaspersky/kes4lwks/bin/kes4lwks-setup.pl # rpm -i klnagent-8.0.0-653.i386.rpm # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - using dpkg package manager: # dpkg -i --force-architecture kes4lwks_8.0.0-35_i386.deb # /opt/kaspersky/kes4lwks/bin/kes4lwks-setup.pl # dpkg -i --force-architecture klnagent_8.0.0-653_i386.deb # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl NOTE: * Upgrade from older versions is not available * klnagent installation is required for remote management via Kaspersky Administration Kit. Known Issues & Workarounds -------------------------------------------------------------------------------- * The symlinks are not checked by the Real-Time Protection and On-Demand Scan. To protect a file make sure the file name (not a symlink) matches the desired scan-area. * The CurlFtpFS hangs machine when the Anti-Virus denies access to a file located on a remote FTP shared resource mounted as read/write on the protected workstation when the FTP user has no write access to the shared resource. Workaround: you should upgrade to curlftpfs v0.9.2 or higher and libcurl v7.19.4 or higher. * In case there are several hardlinks to a file checked by the Anti-Virus, and Quarantine action is applied (or the file is moved to Backup before disinfect or delete attempt), the file is stored in the Quarantine/Backup storage with the name, it was checked with. The restore from Quarantine/Backup procedure will make the file copy with that particular hardlink name. * It is possible to overload Kaspersky Administration Kit policy settings via the local console administration tool regardless of whether the policy is "locked" or not in case the connection to Kaspersky Administration Kit is unavailable. * The product does not check boot MBR for viruses * The following modes of starting the tasks on schedule from the Kaspersky Administration Kit are not supported: - "On virus outbreak"; - "On completing another task". * The "Change Kaspersky Administration Server" task is not working via the proxy-server.