https://support.kaspersky.com/kess2
这款看起来不错,占用资源蛮低的。
Kaspersky Embedded Systems Security 2.0 release notesBack to "General Info"2017 Jun 07 ID: 13726
Kaspersky Embedded Systems Security 2.0 was released on June 7, 2017. Full version number is 2.0.0.385. Kaspersky Embedded Systems Security protects a variety of embedded systems under Microsoft Windows OS, including ATM (automated teller machines) and POS (points of sale), against viruses and other computer threats. Kaspersky Embedded Systems Security protects devices with limited RAM (256 MB or more) and limited hard disk space (100 MB or more).
Product descriptionKaspersky Embedded Systems Security uses the following protection technologies: - Real-time file protection (implemented in the Real-Time File Protection task). The application scans files and alternative steams of file systems (NTFS-streams) when a protected computer accesses them. If a file is recognized as infected, the protected computer’s access to that file is restricted.
- On-demand anti-virus scan (implemented in the On-Demand Scan tasks). One-time scan of specified areas for viruses and other computer security threats. The application scans the protected computer’s files, autorun objects and RAM.
- Kaspersky Security Network services integration (implemented in the KSN Usage task). Use of data from Kaspersky Security Network ensures a faster response time by Kaspersky Embedded Systems Security when encountering new types of threats.
- With the user’s consent, the application can use checksums (MD5) of the analyzed files when executing the KSN Usage task. Kaspersky Security Network services integration functionality gets requests for file scanning when the following tasks are being performed: Real-time file protection, On-demand anti-virus scan, Applications Launch Control.
- Application launch control functionality (implemented in the Applications Launch Control task). The application allows or denies the executable files launch, scripts launch, MSI packages launch, driver loading, and DLL modules loading via specified applications launch control rules, KSN conclusions, or according to the Default Deny principle.
- You can create the applications launch control rules both manually and automatically for a computer (by settings the events of a local Applications Launch Control task) and for a group of computers (via Kaspersky Security Center denied launches report).
- Control of external devices connected via USB (implemented in the Device Control task). Kaspersky Embedded Systems Security allows or restricts usage of storage devices connected to a protected computer via USB. External devices control is based on the allowing of rules and the Default Deny principle.
- Rules for the Device Control task are generated automatically based on system data about registered storage devices, or by the Rule Generator for Device Control task.
- Windows Firewall Management (implemented in the Firewall Management task). The application provides a reliable and ergonomic solution for network connection protection via priority interception of the OS firewall settings management.
- Protected system integrity inspection (implemented in the File Integrity Monitor task and the Log Inspection task). Kaspersky Embedded Systems Security checks the integrity of the protected environment based on information about file operations that have been detected in the critical areas, as well as the results of the Windows Event Log analysis.
- Kaspersky Embedded Systems Security alerts the administrator if it detects any patterns of abnormal activity within a protected system that might be evidence of a possible abuse attempt.
- Memory protection against vulnerability exploitations (implemented in the Exploit Prevention component). Kaspersky Embedded Systems Security controls the integrity of protected processes and takes the actions specified to reduce the potential risks and side-effects of vulnerability exploitations.
The Real-Time File Protection and the On-Demand Scan tasks require extra RAM and hard drive resources for the anti-virus databases maintenance. In order for the application to work properly on systems with limited memory resources, you can choose not to install the Real-time file protection and On-demand anti-virus scan components. In this case, computer protection is performed via the Applications Launch Control and the KSN Usage tasks.
What's newKaspersky Embedded Systems Security 2.0 offers the following features: - An added Exploit Prevention component. You can now configure the memory protection settings using common mitigation techniques.
- An added File Integrity Monitor task. You can now specify objects, as well as entire areas, whose integrity you want to monitor.
- An added Log Inspection task. You can now create custom rules for analyzing Windows Event Log, as well as configure settings for the heuristic analyzer to analyze the Windows Event Log.
- An added SIEM Integration feature. You can now configure settings for exporting application logs to external security information and event management systems via the syslog protocol.
- An added USB connections monitoring functionality. Now you can configure notifications about all connections to a protected computer via USB ports for a range of device types.
- A Security Log has been implemented. You can now observe all the events that indicate a possible compromise of a protected system in a single log.
The following features have been improved in Kaspersky Embedded Systems Security 2.0: - The Applications Launch Control component. The algorithm for perceiving the type of an application launched has been improved. Now the application uses a file header that enables a more precise selection of a rule type (Script or Binary) for the subsequent processing of such file launches. Moreover, the procedure for using the component has been simplified by the addition of predefined applications launch control rules to the rules list.
- The Device Control component. You can now add mass storages to a trusted list based on data about devices that are currently connected to a protected computer.
- The Trusted Zone. You can now use more flexible criteria when configuring the trusted list. Now you can define the following trusted criteria: full path, hash sum, or both the full path and the hash sum.
- The configuring of the protection scope and the scan scope. You can now configure the processing of parent container objects when an embedded threat is detected. The application deletes the entire parent container object, if it cannot be modified by the application because of read-only formatting.
- The Windows 10 Redstone 2 operating system is now supported.
Kaspersky Embedded Systems Security 2.0 supports migration from Kaspersky Embedded Systems Security versions 1.1 and 1.1 MR1.
DocumentationAdministrator Guide [.pdf, 2.9 MB]
User Guide [.pdf, 2.5 MB]
DownloadFor Windows: kess2.0.0.385_en.exe [255.5 MB] 
Packages for remote managementApplication Control Plugin: klcfginst.exe [4.6 MB]
|
发表于 2017-11-2 13:35:31
楼主
