Kaspersky Endpoint Security 10 *** Windows Release Notes MR1 Rus

Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows
Build 10.2.1.23, 12.12.2013
Additional components:
AES Encryption Module
Build 1.0.1.814, 12.12.2013
Kaspersky Endpoint Security 10 for Windows (hereinafter also referred to as the application or as Kaspersky
Endpoint Security) gives corporate users all-in-one protection against digital threats.
MINIMUM CONFIGURATION
For the application to work properly, the computer must meet the following requirements:
General requirements:






Intel Pentium 1 GHz or faster
1 GB of RAM
2 GB of free disk space on the hard drive
Microsoft Internet Explorer 7.0 or later
Microsoft Windows Installer 3.0 or later
An Internet connection for activating the application and for updating databases and application
modules
Full disk encryption of devices requires at least 60416 bytes of conventional memory for running
Authentication Agent. The application automatically checks if this requirement is met prior to starting full
disk encryption. For details see http://support.kaspersky.com/9992
Operating systems:













Microsoft Windows 8.1 Enterprise x86 / х64.
Microsoft Windows 8 Pro x86 / x64.
Microsoft Windows 8 Enterprise x86 / x64.
Microsoft Windows 7 Professional x86 / x64 SP1 or later.
Microsoft Windows 7 Enterprise / Ultimate x86 / x64 SP1 or later.
Microsoft Windows 7 Professional x86 / x64.
Microsoft Windows 7 Enterprise / Ultimate x86 / x64.
Microsoft Windows Vista x86 / x64 SP2 or later.
Microsoft Windows XP Professional x86 SP3 or later.
Windows Embedded POSReady 7 x86 / х64 (file level encryption (FLE) and full disk encryption (FDE)
functionality is not supported).
Windows Embedded Standard 7 with SP1 x86 / х64 (file level encryption (FLE) and full disk
encryption (FDE) functionality is not supported).
Microsoft Small Business Server 2011 Essentials x64.
Microsoft Small Business Server 2011 Standard x64.



















Microsoft Small Business Server 2008 Standard x64.
Microsoft Small Business Server 2008 Premium x64.
Microsoft Windows Server 2012 R2 Standard х64 (Server Core and Cluster Mode configurations are
not supported, ReFS file system is supported with limitations).
Microsoft Windows Server 2012 Foundation х64 (ReFS file system, Server Core and Cluster Mode
configurations are not supported).
Microsoft Windows Server 2012 Essentials х64 (ReFS file system, Server Core and Cluster Mode
configurations are not supported).
Microsoft Windows Server 2012 Standard х64 (ReFS file system, Server Core and Cluster Mode
configurations are not supported).
Microsoft Windows MultiPoint Server 2011 x64.
Microsoft Windows Server 2008 R2 Standard x64 SP1 or later.
Microsoft Windows Server 2008 R2 Standard x64.
Microsoft Windows Server 2008 R2 Enterprise x64 SP1 or later.
Microsoft Windows Server 2008 R2 Enterprise x64.
Microsoft Windows Server 2008 R2 Foundation x64 SP1 or later.
Microsoft Windows Server 2008 R2 Foundation x64.
Microsoft Windows Server 2008 Standard x86 / x64 SP2 or later.
Microsoft Windows Server 2008 Enterprise x86 / x64 SP2 or later.
Microsoft Windows Server 2003 R2 Standard x86 / x64 SP2 or later.
Microsoft Windows Server 2003 R2 Enterprise х86 / x64 SP2 or later.
Microsoft Windows Server 2003 Standard x86 / x64 SP2.
Microsoft Windows Server 2003 Enterprise х86 / x64 SP2 or later.
INSTALLATION
To install the application, run the setup file and follow the instructions of the Setup Wizard.
Important! If you have the previous version of Kaspersky Endpoint Security 10 for Windows installed, you
must decrypt all encrypted hard drives before upgrading it to the new version.
If you previously installed Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows (Beta),
decrypt the encrypted areas and hard drives and remove the beta version of the application prior to
installing Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows.
During installation, Kaspersky Endpoint Security 10 for Windows detects and allows you to uninstall
applications that may affect the performance of the user's computer (even to complete inoperability) when
running at the same time as the product.
You can install the application remotely using Kaspersky Security Center.
Important! The application is compatible with Kaspersky Security Center 10.0 or later.
The application can be installed in silent mode without the user's involvement.
To enable the encryption functionality in Kaspersky Endpoint Security 10 for Windows, you should install
the encryption module.
It is recommended to use Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows build
10.2.1.23 along with the AES Encryption Module build 1.0.1.814
WHAT'S NEW IN KASPERSKY ENDPOINT SECURITY 10 MAINTENANCE RELEASE 1 FOR WINDOWS





Hard drive encryption:
o More keyboard layouts are now supported by Authentication Agent.
o Boot hard drive compatibility with Authentication Agent is now checked automatically
before hard drive encryption starts. For details see http://support.kaspersky.com/9992
o FDE Recovery Tool now provides diagnostic information about encrypted devices.
o The functionality of automatic user logon to the operating system after successful
authentication in Authentication Agent has been improved.
o The version features improved performance of file level encryption (FLE) and full disk
encryption (FDE) functionality.
For better protection, Application Privilege Control functionality has been incorporated into Core
protection.
To minimize the load during activation of the application using an activation code via
Kaspersky Security Center or using an additional key, an activation server connection delay has been
added.
Improvements have been made to other application components.
Support of Microsoft Windows 8.1 and Microsoft Windows Server 2012 R2 operating systems has
been added.
You can view the list of fixed errors by clicking the following link: http://support.kaspersky.com/10578.
LIMITATIONS AND KNOWN ISSUES


The operating system cannot be upgraded to
Microsoft Windows 8.1 / Microsoft Windows Server 2012 R2 if Kaspersky Endpoint Security is
installed. To upgrade the operating system, you must remove the application.
File level encryption (FLE) features:
o File encryption functionality is not supported under operating systems of the Microsoft
Windows Embedded family.
o Once you have installed the application, you must restart the operating system for the file
and folder encryption functionality to work properly.
o When you use a computer where the encryption functionality of
Kaspersky Endpoint Security is unavailable to access a file stored on a computer where the
encryption functionality is available, direct access to the file is granted. When you use a
computer where the encryption functionality of Kaspersky Endpoint Security is available to
copy an encrypted file from a network folder to a computer with unavailable encryption
functionality, such file is copied in non-encrypted format.
o You are advised to decrypt files that were encrypted with Encrypting File System, before
encrypting files with Kaspersky Endpoint Security.
o After a file is encrypted, its size increases by 4 kB.
o After a file is encrypted, the "Archive" attribute is set in the file properties.
o When unpacking an encrypted archive, files from this archive overwrite those in the target
folder in case any files with identical names are detected. The user is not informed of the
overwriting operation.
o Portable File Manager errors are not displayed in the Portable File Manager interface.
o Kaspersky Endpoint Security does not launch Portable File Manager on a computer with file
encryption functionality installed.
o When file encryption functionality is used, the application is incompatible with the Sylpheed
email client.
o
o
o
o
o

Editing of the swap file settings is not supported: the operating system uses default values
instead of user-defined settings.
Management of the directory structure (creating / renaming) in the distributed file system
(DFS) is not supported when file encryption functionality is installed on a computer under
Microsoft Windows XP.
It is not recommended to use file level encryption (FLE) functionality to encrypt the entire
system drive on a computer under Microsoft Windows XP, as this can cause the operating
system to malfunction. You are advised to use full drive encryption (FDE) functionality to
encrypt the system hard drive with the NTFS file system on a computer running under
Microsoft Windows XP.
Safe removal should be used when working with encrypted removable drives. If a
removable drive is removed unsafely, data safety on the removable drive is not guaranteed.
After the files are encrypted, their non-encrypted original copies undergo safe removal.
Full disk encryption (FDE) of hard drives and removable drives:
o Hard drive encryption functionality is not supported under operating systems of the
Microsoft Windows Embedded family.
o Authentication Agent supports only the following keyboard layouts: QWERTY (USA), AZERTY
(France), QWERTZ (Germany), and QWERTZ (Switzerland). Only characters available for the
QWERTY (USA) layout (except | and \) are supported for the AZERTY (France), QWERTZ
(Germany), and QWERTZ (Switzerland) keyboard layouts. All other characters, including
special characters and national characters, are not supported.
o When there are processes that attempt to access encrypted drives before the application
has granted them unobstructed access to such devices, the application shows a warning
saying that such processes must be terminated. If all such processes cannot be terminated,
the encrypted drives have to be reconnected.
o The unique ID's of hard drives are displayed in the device encryption statistics in inverted
format.
o It is not recommended to format logical partitions of the hard drive while it is being
encrypted.
o In some cases, when connecting several removable devices to a computer simultaneously,
the encryption policy applies to one of them only. When reconnecting the rest of the
removable devices, the encryption policy applies correctly.
o If all accounts of Authentication Agent are blocked on a computer, logging in to the
operating system is blocked on this computer.
o Encryption may fail to start on a heavily fragmented hard drive. In this case, hard drive
defragmentation should be performed.
o During hard drive encryption, hibernation is blocked from the time when the encryption
task starts and until the first reboot of a computer under Microsoft Windows XP / 7 / 8 / 8.1
operating systems, and after installation of hard drive encryption – until the first reboot of
Microsoft Windows 8 and Microsoft Windows 8.1 operating systems. During hard drive
decryption, hibernation is blocked from the time when the boot hard drive is fully
decrypted until the first reboot of the operating system.
o It is not recommended to use the xbootmgr.exe tool with additional providers enabled
(such as DISPATCHER, NETWORK, DRIVERS, and others).
o After full disk encryption (FDE) functionality for hard drives and removable drives has been
installed on a computer running Microsoft Windows XP, the option of quickly switching
between operating system users is blocked.
o









Full disk encryption of devices with the FAT32 file system is not supported on computers
running under Microsoft Windows XP and Microsoft Windows Vista. Use file level
encryption (FLE) to encrypt such devices or reformat them to the NTFS file system.
System Watcher: full information about processes is not displayed.
Licensing:
o Under server operating systems, the Licensing window of the application displays the
functionality allowed by the license, not the application components installed.
o The task of adding keys through Kaspersky Security Center might not work correctly. For
more details, please refer to the application page in the Knowledge Base, article ID – 9648.
Advanced Disinfection:
o Under server operating systems, no warning of required advanced disinfection is displayed.
o In some cases, the application does not start automatically after a restart on computers
running under Microsoft Windows XP SP3. In this case, computer restart is required.
In some cases, a web address added to the list of trusted web addresses can be processed
incorrectly.
In some cases, application events are displayed incorrectly in Kaspersky Security Center reports.
Recovery of objects moved to Quarantine by Mail Anti-Virus is not supported.
Device Control:
o In some cases, a Printer device added to the list of trusted devices is blocked by device and
bus blocking rules.
o Blocking of devices at the level of connection buses is not supported on computers running
under Microsoft Windows 8.1. You are advised to block devices by type.
Web Control:
o The ogv and webm formats are not supported.
o The RTMP protocol is not supported.
Installing the application:
o After being installed to an infected computer, the application does not inform the user of
required scan of the computer. Problems with the application activation may be
experienced. To solve this problem, you should run the critical areas scan after the
application installation.
o Aborting the process of upgrading the application to Kaspersky Endpoint Security 10 for
Windows may lead to inoperability of the upgraded version of the application.
o In some cases, the application cannot be installed over Kaspersky Internet Security 2013
MP1. You are recommended to remove Kaspersky Internet Security 2013 MP1 and start the
installation of Kaspersky Endpoint Security from scratch.
o When upgrading Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 to
Kaspersky Endpoint Security 10 for Windows, automatic installation of the encryption
module along with the application is not supported. Encryption Module should be installed
separately.
o If the Encryption Module has been installed separately after the application installation, the
encryption functionality of the application will remain unavailable until you restart the
computer.
o After Kaspersky Endpoint Security 10 for Windows has been restored, the encryption
module has to be restored separately in order for encryption functionality to work correctly.
o Installation of hard drive encryption functionality is not supported on tablets running on
Microsoft Windows 8 and Microsoft Windows 8.1 operating systems.
© 2013 Kaspersky Lab ZAO. All Rights Reserved.