Kaspersky Security 10.1 for Windows Server is a solution for protecting corporate servers and data storage systems. The available protection scope (servers running Windows, data storage systems) and the set of functional components depend on the type of purchased license.
Kaspersky Security 10.1 for Windows Server improves and fully retains the functionality of the previous version of the program, while also adding new protection components.
The new version of Kaspersky Security 10.1 for Windows Server brings you the following:
A new Traffic Security component: now you can protect your server from web threats sent via HTTP or HTTPS traffic, and from other email-based threats. This new component supports the following protection scenarios:
- anti-virus and anti-phishing protection of email traffic using an Microsoft Outlook extension;
- anti-virus and anti-phishing protection of web traffic;
- link verification using databases of malicious web addresses;
- link verification using cloud-based databases of malicious web addresses;
- web control using rules for links and certificates;
- web resource control based on categories;
- web server certificates control upon connection.
Traffic Security can be set up in one of three configurations:
- External Proxy with ICAP service: analysis of traffic redirected from an external proxy server (without a network driver).
- Redirector: analysis of traffic redirected from browsers launched in a terminal session (without a network driver). The program uses an internal system proxy.
- Driver Interceptor: Traffic is intercepted using a network driver in protected server terminal sessions.
- A new Anti-Cryptor for NetApp component: now you can use a server with Kaspersky Security 10.1 for Windows Server installed to protect cluster connected NetApp network attached storages (version 8.2 and higher) from malicious encryption.
- A new Device Control component: now you can generate lists of rules that the application uses to allow or block file transfers with external data storage devices (USB and MTP storage devices, CD/DVD devices).
- A new Exploit Prevention component: now you can configure settings to protect processes from exploits using distributed mitigation techniques.
- A new File Integrity Monitor component: now you can indicate the objects whose integrity you want to monitor.
- A new Log Inspection component: now you can generate log inspection rules for Windows event logs, and configure the use of the heuristic analyzer for Windows event logs.
A new functionality that allows to protect and control Microsoft Windows Server 2016 containers: now you can protect Microsoft Windows Server 2016 containers with the help of the following technologies:
- file threat real-time protection (Kaspersky Security 10.1 for Windows Server must be installed on a host with deployed Microsoft Windows Server 2016 containers);
- Applications Launch Control in a container according to the rule list specified in the Applications Launch Control task (Kaspersky Security 10.1 for Windows Server with the Applications Launch Control component must be installed on a host with deployed Microsoft Windows Server 2016 containers);
- exploit protection of processes, running in the containers (Kaspersky Security 10.1 for Windows Server with the Exploit Prevention component must be installed on a host with deployed Microsoft Windows Server 2016 containers).
- Compact Diagnostic Interface: now you can control the server protection status, review important application status markers and manage the trace and dump files settings without installing the Administration Tools. Compact Diagnostic Interface is installed aong with the Tray Icon component and performs important diagnostic functions of Kaspersky Security 10.1 Console.
- Integration with the Kaspersky Managed Protection services: now you can improve network protection with the around-the-clock analysis services and security event reporting from the Kaspersky Lab experts.
- Integration with the Operations Management Suite.
- Added the ability to integrate with external SIEM systems: now you can configure settings to export application logs to external event aggregation systems using the syslog protocol.
- Added the ability to track USB connections to protected devices: now you can configure settings for notifications about USB connections to protected servers made by various types of devices.
- Security Event Log implemented: now you can view, in a single log, all events logged by application components that indicate the protected system may be compromised.
- A new Firewall Management component: now you can manage Windows Firewall rules through the graphical user interface of Kaspersky Security 10.1 for Windows Server.
- Added the ability to scan USB storage devices: now you can automatically scan storage devices when they are connected to a protected computer.
- Added the ability to password-protect access to application management: now you can also protect Kaspersky Security 10.1 for Windows Server and use a password to limit access to critical operations.
- Added the ability to automatically allow applications to start based on trusted distribution packages: now you can add exclusions for distribution packages in the Applications Launch Control task settings in order to simplify the process of allowing files to start when installing or updating software.
- Simplified the ability to block access to network file resources: now the Anti-Cryptor and Real-Time File Protection components put identifiers for compromised hosts in the Blocked Hosts storage. You can disable the population of Blocked Hosts storage in the protection task settings. You can also view information about all blocked hosts in a centralized list in the Administration Server Console.
- Optimized the ability to generate a list of trusted process rules for the Trusted Zone: now you can exclude a process based on its checksum, only its path, or both its path and checksum. Also, you can add multiple processes to the list of trusted processes simultaneously.
- Simplified and extended the mechanism used to populate lists of rules for application launch control: added the ability to simultaneously use lists of rules configured on local hosts and in a policy, and implemented a way to generate rules based on task events in Kaspersky Security Center.
- The Default Allow mode for the Applications Launch Control task is optimized: now you can use the Applications Launch Control functionality to allow all launches except for the launches of blocked applications.