Release Notes
Release Notes
================================================================================
Version released: 05.05.2021
Build number: 11.0.1.897
Contents:
* Application description
* What’s new in Kaspersky Security 11.0.1 for Windows Server
* System requirements for Kaspersky Security 11.0.1 for Windows Server
* Migration from previous versions
* Known issues and limitations of Kaspersky Security 11.0.1 for Windows Server
* Contact information and application support
APPLICATION DESCRIPTION
--------------------------------------------------------------------------------
Kaspersky Security for Windows Server is a software solution for protecting
corporate servers and data storage systems. The protection scope available in the
application (servers running Windows, data storage systems) and the set of
functional components depend on the type of the purchased license.
- Self-defense parameters.
In the application settings, you can now enable or disable protection of
application processes from external threats (the option is enabled by default).
When the option is enabled, the application protects its own processes, as well as
the processes of Kaspersky Security Center Network Agent, against interference from
third-party processes.
- Interface optimization.
A new link was added to the main screen of the local Console to open the Trusted
Zone settings window. There is also a separate node for the Exploit Prevention
component in the Real-Time Server Protection section.
- Bug fixes.
The 11.0.1 version of the application comprises the bug fixes made within the
frames of the following critical updates for version 11.0.0: CORE3, CORE4, CORE5,
CORE6.
You can install Kaspersky Security 11.0.1 for Windows Server on terminal servers
running following operating systems:
* Microsoft Remote Desktop Services based on Windows Server 2008 SP2 or later
* Microsoft Remote Desktop Services based on Windows Server 2008 R2
* Microsoft Remote Desktop Services based on Windows Server 2012
* Microsoft Remote Desktop Services based on Windows Server 2012 R2
* Microsoft Remote Desktop Services based on Windows Server 2016
* Microsoft Remote Desktop Services based on Windows Server 2019
* Citrix® XenApp® 6.0, 6.5, 7.0, 7.5 - 7.9, 7.15
* Citrix XenDesktop® 7.0, 7.1, 7.5 - 7.9, 7.15
Kaspersky specialists may offer limited technical support for the application
installed on servers running the Windows Server 2003 family of operating systems,
because Windows Server 2003 operating systems are no longer supported by Microsoft.
MIGRATION FROM PREVIOUS VERSIONS
--------------------------------------------------------------------------------
Migration from previous versions of the application is described in migration.txt.
KNOWN ISSUES AND LIMITATIONS OF KASPERSKY SECURITY 11.0.1 FOR WINDOWS SERVER
--------------------------------------------------------------------------------
Interaction with Kaspersky Endpoint Agent:
- If the Interaction with Kaspersky Endpoint Agent component is selected for
installation, and the server restart is required at the last stage of Kaspersky
Security installation, Kaspersky Endpoint Agent will not be installed on the server
until it is restarted. In this case, Kaspersky Security Installer plans startup of
Kaspersky Endpoint Agent installation in the System Planner.
Traffic Security:
- We do not recommend including the VPN traffic (port 1723) in the protection scope
of the task.
- The Opera Presto Engine web browser reports an attempt to connect using an
untrusted certificate if Kaspersky Security for Windows Server is used to protect
HTTPS traffic.
- IPv6 traffic is not scanned.
- The Traffic Security component is available only on Microsoft Windows Server 2008
R2 and later.
- The application supports only TCP traffic.
- The Administration Server Network Agent detects the Traffic Security component
when attempting to connect to the Administration Server, so we recommend you to
install the Network Agent before deploying the Traffic Security component. If the
component was installed and the Traffic Security task was started before
installation of Network Agent, restart the Traffic Security task.
Firewall Management:
- IPv6 addresses are not supported when the rule usage scope consists of only one
address.
- When starting the Firewall Management task in the operating system's firewall
settings, the following types of rules are automatically deleted: denying rules,
outgoing network traffic control rules.
- The standard Firewall Management policy rules ensure performance of the main
scenarios for interaction of local servers with the Administration Server. To use
the full functionality of Kaspersky Security Center, manually set the rules for
allowing ports. Information about port numbers, protocols, and their functions is
provided in Kaspersky Security Center Knowledge Base (Article ID: 9297).
- The application does not monitor changes to Windows Firewall rules and rule
groups during polling of the Firewall Management task, if these rules and groups
were added to the task settings during installation of the application. To update
the status and presence of such rules, you must restart the Firewall Management
task.
- For Microsoft Windows Server 2008 and later family of operating systems: before
installation of the Firewall Management component, you must start the Windows
Firewall service (started by default).
- For Microsoft Windows Server 2003 family of operating systems: the SharedAccess
service must run for Windows Firewall to work. By default, the service is stopped
and can be started only with Administrator rights. If the Firewall Management
component is started when the SharedAccess service is stopped, the application
displays the component status as inactive: visually, the task is active and
running, but Windows Firewall is not started and the network rules are not applied.
To allow the Firewall Management component to work correctly, start the
SharedAccess service.
Installation:
- During installation of the application, a warning is displayed about the path
being too long if the full path to the installation folder of Kaspersky Security
for Windows Server contains more than 150 characters. The warning does not affect
the installation process: Kaspersky Security for Windows Server installation
completes successfully and the application operates normally.
- Installation of the SNMP Protocol Support component requires the SNMP service on
the protected server.
- To install the SNMP Protocol Support component, restart the SNMP service if this
service is running.
- Kaspersky Security for Windows Server Administration Tools cannot be installed
through Microsoft Active Directory group policies.
- When installing the application on the servers running operating systems with
discontinued support, that are unable to receive regular updates, you must check
for the following root certificates: DigiCert Assured ID Root CA,
DigiCert_High_Assurance_EV_Root_CA, DigiCertAssuredIDRootCA. Absence of these
certificates may cause the application to work incorrectly. We recommend that you
install the specified certificates using any available means. You can find
instructions on how to download and apply up-to-date certificates in the Knowledge
Base (Article ID: 13727).
Licensing:
- The application cannot be activated using a key file specified in the
installation wizard if the key file is located on a disk created using the SUBST
command or the specified path to the key file is a network path.
Updates:
- After installation of critical updates of Kaspersky Security for Windows Server
modules, the Kaspersky Security for Windows Server icon is hidden by default.
Interface:
- In Kaspersky Security for Windows Server Console, filters in the Quarantine,
Backup, System Audit Log, and Task Logs nodes are case sensitive.
- When configuring the protection and scan scope in Kaspersky Security Console, you
can use only one mask in a path and only at the end of the path. Correct mask
examples: "C:\Temp\Temp*", or "C:\Temp\Temp???.doc", or "C:\Temp\Temp*.doc". This
limitation does not apply to the Trusted Zone settings.
Other functions:
- The application partially supports CaseSensitive directories; there are known
scenarios in which CaseSensitive directories are not supported:
- exclusions specified in the settings of protection and scan tasks;
- Trusted Zone exclusions;
- Applications Launch Control rules.
- When using a command line utility, special characters are displayed if the
operating system’s regional settings match the locale of Kaspersky Security for
Windows Server.
- When using the basic authentication on a proxy server, authentication errors may
occur if the user name or password is specified using multibyte encoding.
- When a file is restored from Quarantine or Backup, the file's Encrypted attribute
is not restored.
- A mirror server cannot be used when connecting to a syslog server via UDP.
- The device type may not be recognized when a USB connection event is generated.
In this case, the event will only contain the device GUID.
- Values of Device Instance Path are specified in different formats for the Device
Control component and the USB-connection tracking function.