Kaspersky – Embedded Systems Security 3.x

May 4, 2020

Kaspersky Embedded Systems Security 3.0 was released on April 23, 2020. Full version number is 3.0.0.102. Kaspersky Embedded Systems Security protects a variety of embedded systems under Microsoft Windows OS, including ATM (automated teller machines) and POS (points of sale), against viruses and other computer threats. It protects devices with limited RAM (256 MB or more) and limited hard disk space (100 MB or more).

Discover below what Kaspersky have added and extended

Added

• Network Threat Protection: a new component that provides analysis of incoming traffic for the signs of network attacks is implemented. If a threat is detected, the Network Threat Protection component blocks the compromised IP address.
• Processing of persistent WMI subscriptions. Now the application detects suspicious WMI subscriptions in the WMI namespace and deletes them. Monitoring of persistent WMI subscriptions is performed as part of the on-demand scan tasks with the “Startup Objects” scan area enabled.
• Anti-virus scan of the tasks created in the System Planner. Monitoring of tasks created by the System Planner is performed as part of the on-demand scan tasks with the “Startup Objects” scan area enabled.
• Administration Web-Plug-in. Now you can manage the application using Kaspersky Security Center Web Console.
• The capability to use the application in the Long Term mode. Now you can activate the application for a long term, during which it will control launches of restricted applications.
• Kaspersky Security Center policy profiles for the Trusted Zone lists. Now you can create policy profiles for the lists of trusted processes and for the Trusted Zone exclusion lists using the Management Plug-in version 3.0.
• Monitoring of on-demand file changes based on cryptography. The application allows generating baseline lists of files and running checks on the compliance of files on the disk with the baseline parameters. The application detects the following mismatches with the baseline: creation of new files in the monitored areas, deletion of files from the monitored areas, changes of the monitored file checksum.
• Generation of Kaspersky Security Center incidents basing on events of blocked application launches and connection of devices in audit mode.
• Blocking changes of the important parameters in the USN (Update Sequence Number) log. The application uses USN log entries to monitor file operations. You can prevent deletion of USN log entries and change the threshold for the maximum USN log size.
• Notification on changes of the important parameters in the USN (Update Sequence Number) log. If you have not prohibited changes to the important parameters in the USN log, the application will report attempts to delete entries from the USN log by publishing the events in application reports.
• The Real-Time Protection task settings now allow you to enable the launch of the Critical Areas Scan task if signs of active infection are detected. If this option is enabled, the application automatically creates and starts a temporary Critical Areas Scan task on the computer where an active infection was detected.
• Information about the checksum of the object being processed in detection events, which are published in Kaspersky Security Center reports, is added.
• The capability is added to configure the triggering criteria for the applications launch control rule when creating rules based on events of blocked launches in the Kaspersky Security Center Console.
• Control of the network cards and modems connection. The Device Control and Automatic Rule Generator for Device Control tasks support creation and application of rules that block connection of untrusted network cards and modems via USB.

Extended

• Triggering criteria for custom rules of the Log Analysis component. Now you can set the rules for the value of the “Source” parameter in the Windows Event Log entry.
• Trace log files rotation options.
• The list of supported operating systems.
• Methods of protection against active threats are optimized. Now the application notifies you if the signs of active infection are detected during the Real-Time Protection tasks execution. The application marks the detected objects for deletion and deletes such objects from the computer after reboot.
• The application interface is aligned with the new brand policy of the company.
• Bugs from the previous versions are fixed: the application includes the bug-fixes, issued for the previous versions.