Professional Documents
Culture Documents
Release Notes
Release Notes
================================================================================
Version released: 30.08.2020
Build number: 11.0.0.480
Contents:
* Application description
* What’s new in Kaspersky Security 11 for Windows Server
* System requirements for Kaspersky Security 11 for Windows Server
* Migration from previous versions
* Known issues and limitations
* Contact information and application support
APPLICATION DESCRIPTION
--------------------------------------------------------------------------------
Kaspersky Security for Windows Server is a software solution for protecting
corporate servers and data storage systems. The protection scope available in the
application (servers running Windows, data storage systems) and the set of
functional components depend on the type of the purchased license.
You can install Kaspersky Security 11 for Windows Server on terminal servers
running following operating systems:
* Windows 2008 Server Microsoft Remote Desktop Services
* Windows 2008 Server R2 Microsoft Remote Desktop Services
* Windows 2012 Server Microsoft Remote Desktop Services
* Windows 2012 Server R2 Microsoft Remote Desktop Services
* Windows 2016 Server Microsoft Remote Desktop Services
* Windows 2019 Server
* Citrix® XenApp® 6.0, 6.5, 7.0, 7.5 - 7.9, 7.15
* Citrix XenDesktop® 7.0, 7.1, 7.5 - 7.9, 7.15
Kaspersky specialists may offer limited technical support for the application
installed on servers running the Windows Server 2003 family of operating systems,
because Windows Server 2003 operating systems are no longer supported by Microsoft.
Traffic Security:
- We do not recommend including the VPN traffic (port 1723) in the protection scope
of the task.
- The Opera Presto Engine web browser reports an attempt to connect using an
untrusted certificate if Kaspersky Security for Windows Server is used to protect
HTTPS traffic.
- IPv6 traffic is not scanned.
- The Traffic Security component is available only on Microsoft Windows Server 2008
R2 and later.
- The application supports only TCP traffic.
- The Administration Server Network Agent detects the Traffic Security component
when attempting to connect to the Administration Server, so we recommend you to
install the Network Agent before deploying the Traffic Security component. If the
component was installed and the Traffic Security task was started before
installation of Network Agent, restart the Traffic Security task.
Firewall Management:
- IPv6 addresses are not supported when the rule usage scope consists of only one
address.
- When starting the Firewall Management task in the operating system's firewall
settings, the following types of rules are automatically deleted: denying rules,
outgoing network traffic control rules.
- The standard Firewall Management policy rules ensure performance of the main
scenarios for interaction of local servers with the Administration Server. To use
the full functionality of Kaspersky Security Center, manually set the rules for
allowing ports. Information about port numbers, protocols, and their functions is
provided in Kaspersky Security Center Knowledge Base (Article ID: 9297).
- The application does not monitor changes to Windows Firewall rules and rule
groups during polling of the Firewall Management task, if these rules and groups
were added to the task settings during installation of the application. To update
the status and presence of such rules, you must restart the Firewall Management
task.
- For Microsoft Windows Server 2008 and later family of operating systems: before
installation of the Firewall Management component, you must start the Windows
Firewall service (started by default).
- For Microsoft Windows Server 2003 family of operating systems: the SharedAccess
service must run for Windows Firewall to work. By default, the service is stopped
and can be started only with Administrator rights. If the Firewall Management
component is started when the SharedAccess service is stopped, the application
displays the component status as inactive: visually, the task is active and
running, but Windows Firewall is not started and the network rules are not applied.
To allow the Firewall Management component to work correctly, start the
SharedAccess service.
Installation:
- During installation of the application, a warning is displayed about the path
being too long if the full path to the installation folder of Kaspersky Security
for Windows Server contains more than 150 characters. The warning does not affect
the installation process: Kaspersky Security for Windows Server installation
completes successfully and the application operates normally.
- Installation of the SNMP Protocol Support component requires the SNMP service on
the protected server.
- To install the SNMP Protocol Support component, restart the SNMP service if this
service is running.
- Kaspersky Security for Windows Server Administration Tools cannot be installed
through Microsoft Active Directory group policies.
- When installing the application on the servers running operating systems with
discontinued support, that are unable to receive regular updates, you must check
for the following root certificates: DigiCert Assured ID Root CA,
DigiCert_High_Assurance_EV_Root_CA, DigiCertAssuredIDRootCA. Absence of these
certificates may cause the application to work incorrectly. We recommend that you
install the specified certificates using any available means. You can find
instructions on how to download and apply up-to-date certificates in the Knowledge
Base (Article ID: 13727).
Licensing:
- The application cannot be activated using a key file specified in the
installation wizard if the key file is located on a disk created using the SUBST
command or the specified path to the key file is a network path.
Updates:
- After installation of critical updates of Kaspersky Security for Windows Server
modules, the Kaspersky Security for Windows Server icon is hidden by default.
Interface:
- In Kaspersky Security for Windows Server Console, filters in the Quarantine,
Backup, System Audit Log, and Task Logs nodes are case sensitive.
- When configuring the protection and scan scope in Kaspersky Security Console, you
can use only one mask in a path and only at the end of the path. Correct mask
examples: "C:\Temp\Temp*", or "C:\Temp\Temp???.doc", or "C:\Temp\Temp*.doc". This
limitation does not apply to the Trusted Zone settings.
Other functions:
- The application partially supports CaseSensitive directories; there are known
scenarios in which CaseSensitive directories are not supported:
- exclusions specified in the settings of protection and scan tasks;
- Trusted Zone exclusions;
- Applications Launch Control rules.
- When using a command line utility, special characters are displayed if the
operating system’s regional settings match the locale of Kaspersky Security for
Windows Server.
- When using the basic authentication on a proxy server, authentication errors may
occur if the user name or password is specified using multibyte encoding.
- When a file is restored from Quarantine or Backup, the file's Encrypted attribute
is not restored.
- A mirror server cannot be used when connecting to a syslog server via UDP.
- The device type may not be recognized when a USB connection event is generated.
In this case, the event will only contain the device GUID.
- Values of Device Instance Path are specified in different formats for the Device
Control component and the USB-connection tracking function.