Software requirements for the File Anti-Virus component

chardfriendlyAI and Robotics

Oct 16, 2013 (3 years and 7 months ago)

224 views




Page
1

of
5

Kaspersky Security for Virtualization 2.0

Release build number

2.0.0.34


SOFTWARE REQUIREMENTS

Kaspersky Security Center

10 must be installed for Kaspersky Security to work on a corporate LAN.

The computer with installed Kaspersky Security Center Administ
ration Console should have Microsoft .NET
Framework 3.5 or later.

Software requirements for the File Anti
-
Virus component

For the File Anti
-
Virus component to work properly, the VMware virtual infrastructure must meet one of the following
options of softwa
re requirements:



Option 1:



VMware ESXi 5.0 hypervisor, patch 1, build 474610 or later, or

VMware ESXi 4.1 hypervisor, patch
3,

build

433742 or later



VMware vCenter Server

4.1 or VMware vCenter Server

5.0



VMware vShield Endpoint 5.0 or later



VMware vShield
Manager 5.0.0 or later



VMware vShield Endpoint Thin Agent driver. The driver is included in the VMware Tools kit, which is
supplied together with VMware ESXi 5.0 hypervisor, patch 1. The driver must be installed on virtual
machines that are protected by Ka
spersky Security.

When you install the VMware Tools suite, the VMware Devices Drivers

/

VMCI Driver

/

vShield Drivers
component must be installed. When you install the VMware Tools suite with default settings, the VMware
Devices Drivers

/

VMCI Driver

/

vSh
ield Drivers component will not be installed.



Option 2:



VMware ESXi 5.1 hypervisor



VMware vCenter Server 5.1.0 or later



VMware vShield Manager 5.1.2, build 907427 (included in the VMware vCloud Networking and Security
5.1.1 distribution kit)



VMware vShield

Endpoint 5.1.1



VMware vShield Endpoint Thin Agent driver. The driver is included in the VMware Tools kit, which is
supplied together with VMware ESXi 5.1 hypervisor. The driver must be installed on virtual machines
that are protected by Kaspersky Security
.

When you install the VMware Tools suite, the VMware Devices Drivers

/

VMCI Driver

/

vShield Drivers
component must be installed. When you install the VMware Tools suite with default settings, the VMware
Devices Drivers

/

VMCI Driver

/

vShield Drivers com
ponent will not be installed.

Software requirements for the Network Attack Blocker component

For the Network Attack Blocker component to work properly, the VMware virtual infrastructure must meet the
following software requirements:



VMware ESXi 5.1 hypervi
sor



VMware vCenter Server 5.1.0a.



VMware vShield Manager 5.1.2, build 907427 (included in the VMware vCloud Networking and Security
5.1.1 distribution kit)



VMware Distributed Virtual Switch (included in the VMware vSphere 5.1 Enterprise Suite distribution
kit or
the VMware vCloud Suite distribution kit)



VMware Tools 9.0.0 suite, build 782409 or later.

For information on updating VMware Tools, see the application's page in the Knowledge Base
(http://support.kaspersky.com/ksv).




Page
2

of
5

Software requirements for the g
uest operating system of the virtual machine protected by Kaspersky
Security

The File Anti
-
Virus component protects virtual machines with the following guest operating systems:



Desktop operating systems:



Windows Vista (32 bit)



Windows 7 (32
-

or

64
-
bit)



Win
dows XP SP3 or later (32
-

or

64
-
bit)



Server operating systems:



Windows Server 2003 SP2 or later (32
-

or

64
-
bit)



Windows Server 2003 R2 (32
-

or

64
-
bit)



Windows Server 2008 (32
-

or

64
-
bit)



Windows Server 2008 R2 (64 bit)

The Network Attack Blocker component
protects all virtual machines with the VMware Tools 9.0.0 suite (build 582409
or later) installed, regardless of the guest operating system installed on them.


WHAT'S NEW

Kaspersky Security for Virtualization 2.0 offers the following new features:



Network
Attack Blocker is a new component that detects and blocks activity typical of network attacks in the
network traffic of virtual machines.



You can now use Kaspersky Security Network services while protecting and scanning virtual machines.



The application no
w supports the option of licensing by the number of cores used in physical processors on
all VMware ESXi hosts where SVMs are deployed.



It is now possible to convert existing policies and tasks of the previous version of the application (Kaspersky
Security

for Virtualization 1.1 Critical Fix). Conversion creates new policies and tasks that use the settings of
policies and tasks of the previous version of Kaspersky Security.



The versions of images of SVMs deployed in the VMware virtual infrastructure can now

be viewed as a list.



You can now view the list of virtual machines that belong to a KSC cluster. The protection status of each
virtual machine is displayed in the list (protected or not protected).



You can now deploy SVMs on several VMware ESXi hosts at o
nce when installing and updating the File
Anti
-
Virus component.



A new criterion of scan task completion has been added: the full scan task can continue until files on all
SVMs that were active at the time of task launch have been scanned. The custom scan t
ask can continue
until files on all SVMs that were active at the time of task launch and are within the task scope have been
scanned.



It is now possible to save the settings of the connection to VMware vCenter Server in the Administration
Console of Kasper
sky Security Center.


INSTALLATION

The application is installed using the Wizard that is started from the Administration Console of Kaspersky Security
Center (see the
Administrator's Guide to Kaspersky Security for Virtualization 2.0
).


ABOUT THE APPLICATI
ON

Kaspersky Security for Virtualization 2.0 is an integrated solution that protects virtual machines on a VMware ESXi
host against viruses and other computer security threats (hereinafter "viruses and other threats") and network
attacks. Application compo
nents are integrated into the VMware virtual infrastructure using VMware vShield Endpoint
technology and Network Packet Filtering technology from VMware Network Extensibility (NetX). Integration by means
of VMware vShield Endpoint and Network Packet Filter
ing technologies helps to protect virtual machines without the
need to install additional anti
-
virus software on guest operating systems.




Page
3

of
5

Kaspersky Security protects virtual machines with Windows guest operating systems, including server operating
systems.

Kaspersky Security protects virtual machines when they are active and online (not disabled or paused) and if they
have the VMware vShield Endpoint Thin Agent driver installed and enabled.

Kaspersky Security makes it possible to configure the protection of

virtual machines at any level of the hierarchy of
VMware inventory objects: VMware

vCenter Server, Datacenter object, VMware cluster, VMware ESXi host that is
not part of a VMware cluster, resource pool, vApp object, and virtual machine. The application s
upports the protection
of virtual machines during DRS cluster migration in VMware.

Kaspersky Security includes the following components:



File Anti
-
Virus


protects the file system of a virtual machine against infection. The component is launched at
the sta
rtup of Kaspersky Security. It protects the file system of virtual machines and scans their files.



Network Attack Blocker


scans the HTTP and FTP network traffic of virtual machines, detecting and
blocking activity that is typical of network attacks. The
Network Attack Blocker component registers as the
Kaspersky Network Protection service in VMware vShield Manager.

Kaspersky Security features:



Protection
. The application protects the file system of the guest operating system of a virtual machine
(hereinaf
ter also referred to as "virtual machine files"). The application scans all files opened or closed by
the user or a different program on a virtual machine for viruses and other threats.



If the file is free from viruses and other threats, Kaspersky Security

grants access to the file.



If a file is found to contain viruses or other threats, Kaspersky Security performs the action that is
specified in its settings; for example, it deletes or blocks the file.

Kaspersky Security sends information about all events
occurring during the protection of virtual machines to
the Administration Server of Kaspersky Security Center.



Scan
. The application scans virtual machine files for viruses and other threats. Virtual machine files must be
scanned regularly with new anti
-
vi
rus databases to prevent the spread of malicious objects. You can perform
an on
-
demand scan or specify a scan schedule. Kaspersky Security sends information about all events
occurring during scan tasks to the Administration Server of Kaspersky Security Cen
ter.



Network Attack Blocker
. The application scans the network traffic of virtual machines for activity typical of
network attacks. On detecting an attempted network attack targeting a virtual machine, Kaspersky Security
can block the IP address from which

the network attack originated. Kaspersky Security sends information
about all events occurring during the protection of virtual machines against network threats to the
Administration Server of Kaspersky Security Center.



Storing backup copies of files
. The

application allows storing backup copies of files that have been
deleted or modified during disinfection. Backup copies of files are stored in Backup in a special format and
pose no danger. If the disinfected file contains information that becomes fully o
r partially unavailable after
disinfection, you can save the file from its backup copy to the computer on which the Administration Console
of Kaspersky Security Center is installed.



Anti
-
virus database updates
. The application downloads updated anti
-
virus
databases. Updates keep the
virtual machine protected against new viruses and other threats at all times. You can run anti
-
virus database
updates manually or specify an update schedule for anti
-
virus databases.

Kaspersky Security is administered by Kaspers
ky Security Center, which provides centralized administration of
Kaspersky Lab applications.

You can use Kaspersky Security Center to do the following:



Install the application on a VMware virtual infrastructure.



Configure the application settings.



Administ
er the application.



Manage the protection of virtual machines.



Manage scan tasks.



Manage the application keys.



Update anti
-
virus databases of the application.



Handle copies of files in Backup.



Generate application event reports.




Page
4

of
5



Remove the application from

a VMware virtual infrastructure.

Kaspersky Security may require additional configuration due to the specifics of simultaneous operation of the
application and VMware vShield Manager.


KNOWN LIMITATIONS AND ERRORS



An SVM with the Network Attack Blocker com
ponent is always displayed as the attacked client computer in
the network attack report.



The list of virtual machines in the properties of the KSC cluster is not refreshed automatically when a new
virtual machine is added or renamed or the path to this vir
tual machine is changed. See the application page
in the Knowledge Base on how to manually refresh the list of virtual machines
(
http://support.kaspersky.com/ksv
).



To complete the removal of the Network Atta
ck Blocker component, reboot the VMware ESXi hosts from
which virtual machines with the Network Attack Blocker component have been removed.



After VMware vShield Manager has installed an SVM with the Network Attack Blocker component on a
VMware ESXi host, r
eboot all virtual machines on this VMware ESXi host to start protection.



Kaspersky Security is not recommended for scanning network traffic with a network packet length of more
than 4,000 bytes.



The address of the Kaspersky Security Center Administration S
erver and the localization are specified only
when the Network Attack Blocker component is installed and cannot be modified when images of SVMs with
the Network Attack Blocker component are updated.



The application updates the anti
-
virus databases from Kas
persky Security Center Administration Server
storage only. No local folder or public resource can be used as an update source.



Counters for virtual machines are not supported:



The statistics display functionality has not been implemented.



Counters for obje
cts are not supported: number of infected objects, disinfected objects, skipped objects,
objects that have not been disinfected, deleted objects, objects with errors returned during scanning.



Counters for threat types are not supported (statistics on dete
cted threats).



Counters for virtual machines are not supported: number of scanned virtual machines, number of
skipped virtual machines, number of virtual machines waiting for scanning, number of virtual machines
with errors returned during scanning.



The ap
plication does not protect virtual machines if they are disabled or paused (offline).



Information about completed scan tasks in Kaspersky Security Center is available in the history of scan
tasks instead of the report.



The system variables and user variabl
es of Windows cannot be used for configuring exclusions in scan
tasks and protection settings.



The wildcards "*" and "?" are not supported when specifying file extension types.



Automatic distribution of keys via Kaspersky Security Center is not supported.



The application cannot be managed through the command line.



When running scan tasks, the application does not scan network folders. Network folders are scanned when
running the protection feature.



By default, the application does not scan removable devices

when running scan tasks. You can scan
removable devices only by specifying the complete paths to such devices in the scan task settings.



Processing the situation of forced shutdown of a virtual machine and an SVM:



The application does not save the progres
s of the scan tasks in case a protected virtual machine is
disabled or switched to suspend mode. As soon as the virtual machine is enabled (appears online), the
application adds it to the queue of scan tasks.



The application does not save the progress of s
can tasks in case an SVM is disabled or switched to
suspend mode. The next run of the scan tasks is managed by Kaspersky Security Center: the tasks will
be run when the SVM is started, or according to the task run schedule.




Page
5

of
5



The application sets the list of

SVMs before running the scan tasks, and does not refresh the list while
running the tasks. If any new virtual machines appear in VMware virtual infrastructure after starting running
the scan tasks, they will not be scanned.



The functionality of forced fil
e unblocking is not available if the application has blocked access to a file. The
administrator should either add the file to exclusions in the policy settings, or temporarily disable the
protection to take required actions on this file (delete, copy, etc
.)



Due to technology limitations of the VMware vShield Endpoint platform, the application does not work on
VMware clusters in FaultTolerance and does not protect virtual machines running in FaultTolerance mode.
We recommend that you install Kaspersky Endpo
int Security for Windows on virtual machines running in
FaultTolerance mode.



Large
-
sized files (up to a few megabytes) can be slowly saved from copies in Backup to the hard drive of a
computer where Kaspersky Security Center Administration Console is insta
lled.



Files on local drives connected on the protected virtual machine via the RDP protocol can take a long time to
open.



If an SVM has been removed from VMware vCenter Server, but the corresponding registration entry still
remains in VMware vShield Manage
r, the application does not allow removing that entry from VMware
vShield Manager 5.0.1 (there is no such problem in VMware vShield Manager

5.0).



If the
Once

value is selected as the Run by schedule setting in the task run schedule, and the
Run missed
task
s

check box is selected, the task run loops.



The SVM does not shut down automatically when switching the VMware ESXi host to Maintenance Mode or
Stand

By mode; it does not start automatically when switching the VMware ESXi host back from any of
those modes
, either.



In the virus reports, information about files blocked in the course of virtual machine protection appears as
N/A.



The description of a Kaspersky Security key is displayed in Kaspersky Security Center only if it contains
ASCII characters (national

coding symbols).



Events relayed to Kaspersky Security Center from the SVM with the Network Attack Blocker component
installed do not contain the name of this SVM.



SOURCES OF INFORMATION ABOUT THE APPLICATION



Page on the Kaspersky Lab website:
http://www.kaspersky.com/security
-
virtualization
.



Page on Technical Support Service website (Knowledge Base):
http://support.kaspersky.com/ksv
.



Kaspers
ky Lab forum:
http://forum.kaspersky.com
.


© 2013 Kaspersky Lab ZAO All R
ights
R
eserved.