Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows Build 10.2.1.23, 12.12.2013 Additional components: AES Encryption Module Build 1.0.1.814, 12.12.2013 Kaspersky Endpoint Security 10 for Windows (hereinafter also referred to as the application or as Kaspersky Endpoint Security) gives corporate users all-in-one protection against digital threats. MINIMUM CONFIGURATION For the application to work properly, the computer must meet the following requirements: General requirements: Intel Pentium 1 GHz or faster 1 GB of RAM 2 GB of free disk space on the hard drive Microsoft Internet Explorer 7.0 or later Microsoft Windows Installer 3.0 or later An Internet connection for activating the application and for updating databases and application modules Full disk encryption of devices requires at least 60416 bytes of conventional memory for running Authentication Agent. The application automatically checks if this requirement is met prior to starting full disk encryption. For details see http://support.kaspersky.com/9992 Operating systems: Microsoft Windows 8.1 Enterprise x86 / х64. Microsoft Windows 8 Pro x86 / x64. Microsoft Windows 8 Enterprise x86 / x64. Microsoft Windows 7 Professional x86 / x64 SP1 or later. Microsoft Windows 7 Enterprise / Ultimate x86 / x64 SP1 or later. Microsoft Windows 7 Professional x86 / x64. Microsoft Windows 7 Enterprise / Ultimate x86 / x64. Microsoft Windows Vista x86 / x64 SP2 or later. Microsoft Windows XP Professional x86 SP3 or later. Windows Embedded POSReady 7 x86 / х64 (file level encryption (FLE) and full disk encryption (FDE) functionality is not supported). Windows Embedded Standard 7 with SP1 x86 / х64 (file level encryption (FLE) and full disk encryption (FDE) functionality is not supported). Microsoft Small Business Server 2011 Essentials x64. Microsoft Small Business Server 2011 Standard x64. Microsoft Small Business Server 2008 Standard x64. Microsoft Small Business Server 2008 Premium x64. Microsoft Windows Server 2012 R2 Standard х64 (Server Core and Cluster Mode configurations are not supported, ReFS file system is supported with limitations). Microsoft Windows Server 2012 Foundation х64 (ReFS file system, Server Core and Cluster Mode configurations are not supported). Microsoft Windows Server 2012 Essentials х64 (ReFS file system, Server Core and Cluster Mode configurations are not supported). Microsoft Windows Server 2012 Standard х64 (ReFS file system, Server Core and Cluster Mode configurations are not supported). Microsoft Windows MultiPoint Server 2011 x64. Microsoft Windows Server 2008 R2 Standard x64 SP1 or later. Microsoft Windows Server 2008 R2 Standard x64. Microsoft Windows Server 2008 R2 Enterprise x64 SP1 or later. Microsoft Windows Server 2008 R2 Enterprise x64. Microsoft Windows Server 2008 R2 Foundation x64 SP1 or later. Microsoft Windows Server 2008 R2 Foundation x64. Microsoft Windows Server 2008 Standard x86 / x64 SP2 or later. Microsoft Windows Server 2008 Enterprise x86 / x64 SP2 or later. Microsoft Windows Server 2003 R2 Standard x86 / x64 SP2 or later. Microsoft Windows Server 2003 R2 Enterprise х86 / x64 SP2 or later. Microsoft Windows Server 2003 Standard x86 / x64 SP2. Microsoft Windows Server 2003 Enterprise х86 / x64 SP2 or later. INSTALLATION To install the application, run the setup file and follow the instructions of the Setup Wizard. Important! If you have the previous version of Kaspersky Endpoint Security 10 for Windows installed, you must decrypt all encrypted hard drives before upgrading it to the new version. If you previously installed Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows (Beta), decrypt the encrypted areas and hard drives and remove the beta version of the application prior to installing Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows. During installation, Kaspersky Endpoint Security 10 for Windows detects and allows you to uninstall applications that may affect the performance of the user's computer (even to complete inoperability) when running at the same time as the product. You can install the application remotely using Kaspersky Security Center. Important! The application is compatible with Kaspersky Security Center 10.0 or later. The application can be installed in silent mode without the user's involvement. To enable the encryption functionality in Kaspersky Endpoint Security 10 for Windows, you should install the encryption module. It is recommended to use Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows build 10.2.1.23 along with the AES Encryption Module build 1.0.1.814 WHAT'S NEW IN KASPERSKY ENDPOINT SECURITY 10 MAINTENANCE RELEASE 1 FOR WINDOWS Hard drive encryption: o More keyboard layouts are now supported by Authentication Agent. o Boot hard drive compatibility with Authentication Agent is now checked automatically before hard drive encryption starts. For details see http://support.kaspersky.com/9992 o FDE Recovery Tool now provides diagnostic information about encrypted devices. o The functionality of automatic user logon to the operating system after successful authentication in Authentication Agent has been improved. o The version features improved performance of file level encryption (FLE) and full disk encryption (FDE) functionality. For better protection, Application Privilege Control functionality has been incorporated into Core protection. To minimize the load during activation of the application using an activation code via Kaspersky Security Center or using an additional key, an activation server connection delay has been added. Improvements have been made to other application components. Support of Microsoft Windows 8.1 and Microsoft Windows Server 2012 R2 operating systems has been added. You can view the list of fixed errors by clicking the following link: http://support.kaspersky.com/10578. LIMITATIONS AND KNOWN ISSUES The operating system cannot be upgraded to Microsoft Windows 8.1 / Microsoft Windows Server 2012 R2 if Kaspersky Endpoint Security is installed. To upgrade the operating system, you must remove the application. File level encryption (FLE) features: o File encryption functionality is not supported under operating systems of the Microsoft Windows Embedded family. o Once you have installed the application, you must restart the operating system for the file and folder encryption functionality to work properly. o When you use a computer where the encryption functionality of Kaspersky Endpoint Security is unavailable to access a file stored on a computer where the encryption functionality is available, direct access to the file is granted. When you use a computer where the encryption functionality of Kaspersky Endpoint Security is available to copy an encrypted file from a network folder to a computer with unavailable encryption functionality, such file is copied in non-encrypted format. o You are advised to decrypt files that were encrypted with Encrypting File System, before encrypting files with Kaspersky Endpoint Security. o After a file is encrypted, its size increases by 4 kB. o After a file is encrypted, the "Archive" attribute is set in the file properties. o When unpacking an encrypted archive, files from this archive overwrite those in the target folder in case any files with identical names are detected. The user is not informed of the overwriting operation. o Portable File Manager errors are not displayed in the Portable File Manager interface. o Kaspersky Endpoint Security does not launch Portable File Manager on a computer with file encryption functionality installed. o When file encryption functionality is used, the application is incompatible with the Sylpheed email client. o o o o o Editing of the swap file settings is not supported: the operating system uses default values instead of user-defined settings. Management of the directory structure (creating / renaming) in the distributed file system (DFS) is not supported when file encryption functionality is installed on a computer under Microsoft Windows XP. It is not recommended to use file level encryption (FLE) functionality to encrypt the entire system drive on a computer under Microsoft Windows XP, as this can cause the operating system to malfunction. You are advised to use full drive encryption (FDE) functionality to encrypt the system hard drive with the NTFS file system on a computer running under Microsoft Windows XP. Safe removal should be used when working with encrypted removable drives. If a removable drive is removed unsafely, data safety on the removable drive is not guaranteed. After the files are encrypted, their non-encrypted original copies undergo safe removal. Full disk encryption (FDE) of hard drives and removable drives: o Hard drive encryption functionality is not supported under operating systems of the Microsoft Windows Embedded family. o Authentication Agent supports only the following keyboard layouts: QWERTY (USA), AZERTY (France), QWERTZ (Germany), and QWERTZ (Switzerland). Only characters available for the QWERTY (USA) layout (except | and \) are supported for the AZERTY (France), QWERTZ (Germany), and QWERTZ (Switzerland) keyboard layouts. All other characters, including special characters and national characters, are not supported. o When there are processes that attempt to access encrypted drives before the application has granted them unobstructed access to such devices, the application shows a warning saying that such processes must be terminated. If all such processes cannot be terminated, the encrypted drives have to be reconnected. o The unique ID's of hard drives are displayed in the device encryption statistics in inverted format. o It is not recommended to format logical partitions of the hard drive while it is being encrypted. o In some cases, when connecting several removable devices to a computer simultaneously, the encryption policy applies to one of them only. When reconnecting the rest of the removable devices, the encryption policy applies correctly. o If all accounts of Authentication Agent are blocked on a computer, logging in to the operating system is blocked on this computer. o Encryption may fail to start on a heavily fragmented hard drive. In this case, hard drive defragmentation should be performed. o During hard drive encryption, hibernation is blocked from the time when the encryption task starts and until the first reboot of a computer under Microsoft Windows XP / 7 / 8 / 8.1 operating systems, and after installation of hard drive encryption – until the first reboot of Microsoft Windows 8 and Microsoft Windows 8.1 operating systems. During hard drive decryption, hibernation is blocked from the time when the boot hard drive is fully decrypted until the first reboot of the operating system. o It is not recommended to use the xbootmgr.exe tool with additional providers enabled (such as DISPATCHER, NETWORK, DRIVERS, and others). o After full disk encryption (FDE) functionality for hard drives and removable drives has been installed on a computer running Microsoft Windows XP, the option of quickly switching between operating system users is blocked. o Full disk encryption of devices with the FAT32 file system is not supported on computers running under Microsoft Windows XP and Microsoft Windows Vista. Use file level encryption (FLE) to encrypt such devices or reformat them to the NTFS file system. System Watcher: full information about processes is not displayed. Licensing: o Under server operating systems, the Licensing window of the application displays the functionality allowed by the license, not the application components installed. o The task of adding keys through Kaspersky Security Center might not work correctly. For more details, please refer to the application page in the Knowledge Base, article ID – 9648. Advanced Disinfection: o Under server operating systems, no warning of required advanced disinfection is displayed. o In some cases, the application does not start automatically after a restart on computers running under Microsoft Windows XP SP3. In this case, computer restart is required. In some cases, a web address added to the list of trusted web addresses can be processed incorrectly. In some cases, application events are displayed incorrectly in Kaspersky Security Center reports. Recovery of objects moved to Quarantine by Mail Anti-Virus is not supported. Device Control: o In some cases, a Printer device added to the list of trusted devices is blocked by device and bus blocking rules. o Blocking of devices at the level of connection buses is not supported on computers running under Microsoft Windows 8.1. You are advised to block devices by type. Web Control: o The ogv and webm formats are not supported. o The RTMP protocol is not supported. Installing the application: o After being installed to an infected computer, the application does not inform the user of required scan of the computer. Problems with the application activation may be experienced. To solve this problem, you should run the critical areas scan after the application installation. o Aborting the process of upgrading the application to Kaspersky Endpoint Security 10 for Windows may lead to inoperability of the upgraded version of the application. o In some cases, the application cannot be installed over Kaspersky Internet Security 2013 MP1. You are recommended to remove Kaspersky Internet Security 2013 MP1 and start the installation of Kaspersky Endpoint Security from scratch. o When upgrading Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 to Kaspersky Endpoint Security 10 for Windows, automatic installation of the encryption module along with the application is not supported. Encryption Module should be installed separately. o If the Encryption Module has been installed separately after the application installation, the encryption functionality of the application will remain unavailable until you restart the computer. o After Kaspersky Endpoint Security 10 for Windows has been restored, the encryption module has to be restored separately in order for encryption functionality to work correctly. o Installation of hard drive encryption functionality is not supported on tablets running on Microsoft Windows 8 and Microsoft Windows 8.1 operating systems. © 2013 Kaspersky Lab ZAO. All Rights Reserved.