Kaspersky Anti Targeted Attack Platform
7.0
English

Contents

Hardware and software requirements

Software requirements for virtual platforms for installing Kaspersky Anti Targeted Attack Platform

You can deploy the application on the following virtual platforms:

  • VMware ESXi 6.7.0 or 7.0
  • "Brest" 3.3 virtualization software
  • "RED Virtualization" 7.3
  • zVirt Node 4.2

When deploying the application on a VMware ESXI virtual platform, you must install the current update package for the hypervisor.

If you want to deploy the application on the Astra Linux operating system in a VMware ESXI hypervisor, you need to ensure that the server hardware you are using is compatible with the Astra Linux operating system. For a full list of supported server hardware, please refer to the Astra Linux developer website.

When deploying the application on the "Brest", zVirt Node, and "RED Virtualization" virtual platforms, the following limitations apply:

  • If you want to use the Sandbox component on the "Brest" virtual platform, zVirt Node, or "RED Virtualization", you must additionally configure the time for scanning objects using the component to increase the probability of detection. To configure it, please contact Technical Support.
  • High availability deployment of the application is not supported on zVirt Node or "RED Virtualization" virtual platforms.

For the Central Node, Sensor and Sandbox hardware requirements see the Sizing Guide.

Hardware and software requirements for installing the Endpoint Agent component

The hardware and software requirements of the Endpoint Agent component reflect the hardware and software requirements of the applications that act as the Endpoint Agent component, and are described in the documentation of these applications:

Hardware and software requirements for using the web interface of Kaspersky Anti Targeted Attack Platform

One of the following browsers must be installed on the computers in order to configure and manage the application using the web interface:

  • Mozilla Firefox for Linux.
  • Mozilla Firefox for Windows.
  • Google Chrome for Windows.
  • Google Chrome for Linux.
  • Edge (Windows).
  • Safari (Mac).

Minimum screen resolution to use web interface: 1366x768.

See also

What's new

About Kaspersky Threat Intelligence Portal

Distribution kit

Restrictions

In this section

Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Compatibility of Kaspersky Endpoint Agent for Windows versions with EPP applications

Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Compatibility of Kaspersky Endpoint Security for Linux versions with Kaspersky Anti Targeted Attack Platform versions

Compatibility of Kaspersky Endpoint Security for Mac with Kaspersky Anti Targeted Attack Platform versions

Compatibility of KUMA versions with versions of Kaspersky Anti Targeted Attack Platform

Compatibility of XDR versions with versions of Kaspersky Anti Targeted Attack Platform

Compatibility of KPSN versions with versions of Kaspersky Anti Targeted Attack Platform

Compatibility of Kaspersky Anti Targeted Attack Platform with VK Cloud
Page top
[Topic 247120]

Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

The Kaspersky Endpoint Agent application uses predefined settings that determine the impact that it has on the performance of the local computer under scenarios of information retrieval and interaction with the Central Node component.

If the version of Kaspersky Anti Targeted Attack Platform installed on Central Node servers is incompatible with the version of Kaspersky Endpoint Agent installed on computers on the corporate LAN, the functionality of Kaspersky Anti Targeted Attack Platform may be limited.

Information about the compatibility of Kaspersky Endpoint Agent component versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Version of
Kaspersky
Endpoint
Agent

Type
Kaspersky
Endpoint
Agent

Compatibility
with KATA 4.0

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

Endpoint Agent
3.12

Standalone installation

Yes

There are limitations

There are limitations

There are limitations

There are limitations

There are limitations

There are limitations

Endpoint Agent
3.13

Standalone installation

There are limitations

Yes

There are limitations

There are limitations

There are limitations

There are limitations

There are limitations

Endpoint Agent
3.14

Standalone installation

There are limitations

There are limitations

Yes

Yes

Yes

There are limitations

There are limitations

Endpoint Agent
3.15

Standalone installation

No

No

Yes

Yes

Yes

There are limitations

There are limitations

Endpoint Agent
3.16

Standalone installation

No

No

No

No

Yes

Yes

There are limitations

Endpoint Agent
4.0

Standalone installation

No

No

No

No

No

Yes

There are limitations

Limited compatibility of Kaspersky Endpoint Agent for Windows versions with Kaspersky Anti Targeted Attack Platform versions

  • Integration of Kaspersky Endpoint Agent 3.12 with Kaspersky Anti Targeted Attack Platform 4.1.

    The scope of data sent by Kaspersky Endpoint Agent is limited:

    • Scanning autorun points using the Start YARA scan task is not supported.
    • The tasks Get NTFS metafiles, Get process memory dump, Get registry key are not supported.
  • Integration of Kaspersky Endpoint Agent 3.12 with Kaspersky Anti Targeted Attack Platform 5.0–6.1.

    The scope of data sent by Kaspersky Endpoint Agent is limited:

    • Scanning autorun points using the Start YARA scan task is not supported.
    • The following tasks are not supported: Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump.
    • Event information is not transmitted for the Process terminated event.
  • Integration of Kaspersky Endpoint Agent 3.12 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Agent is limited:

    • Scanning autorun points using the Start YARA scan task is not supported.
    • The following tasks are not supported: Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump.
    • Information about the following events is not transmitted: Process terminated, Named pipe, WMI, LDAP, DNS, Process access.
    • For the File modified event, information about the following subtypes is not transmitted: File read, Hard link created, Symbolic link created.
    • For the Registry modified event, information about the following subtypes is not transmitted: Registry key renamed, Registry key saved.
  • Integration of Kaspersky Endpoint Agent 3.13 with Kaspersky Anti Targeted Attack Platform 4.0.

    A server of this Kaspersky Anti Targeted Attack Platform version can receive a limited scope of data from the Kaspersky Endpoint Agent application: Get NTFS metafiles, Get process memory dump, Get registry key tasks cannot be created in the web interface of the application.

  • Integration of Kaspersky Endpoint Agent 3.13 with Kaspersky Anti Targeted Attack Platform 4.1–6.1.

    Kaspersky Endpoint Agent does not support the creation of the following tasks: Get disk image, Get memory dump.

  • Integration of Kaspersky Endpoint Agent 3.14 with Kaspersky Anti Targeted Attack Platform 4.0.

    The server of this Kaspersky Anti Targeted Attack Platform version can receive a limited scope of data from the Kaspersky Endpoint Agent application: creation of Get NTFS metafiles, Get process memory dump, Get registry key, Get disk image, Get memory dump tasks is not available in the web interface of the application.

  • Integration of Kaspersky Endpoint Agent 3.14 with Kaspersky Anti Targeted Attack Platform 4.1.

    A server of this Kaspersky Anti Targeted Attack Platform version can receive a limited scope of data from the Kaspersky Endpoint Agent application: the tasks Get disk image and Get memory dump cannot be created in the web interface of the application.

  • Integration of Kaspersky Endpoint Agent 3.12–4.0 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Agent is limited:

    • Information about the following events is not transmitted: Named pipe, WMI, LDAP, DNS, Process access.
    • For the File modified event, information about the following subtypes is not transmitted: File read, Hard link created, Symbolic link created.
    • For the Registry modified event, information about the following subtypes is not transmitted: Registry key renamed, Registry key saved.
Page top
[Topic 247280]

Compatibility of Kaspersky Endpoint Agent for Windows versions with EPP applications

If you want to use the Kaspersky Endpoint Agent application as the Endpoint Agent component, you can install just the Kaspersky Endpoint Agent, or configure the integration of Kaspersky Endpoint Agent with workstation protection applications (Endpoint Protection Platform, hereinafter also "EPP"), Kaspersky Endpoint Security for Windows, Kaspersky Security for Windows Server, and Kaspersky Security for Virtualization Light Agent. If the integration of applications is configured, Kaspersky Endpoint Agent also sends the information about threats detected by EPP applications and their processing results to the Central Node server.

The integration scenarios described above do not work when Kaspersky Endpoint Agent is installed on a virtual desktop in Virtual Desktop Infrastructure.

Integration of Kaspersky Endpoint Agent with Kaspersky Endpoint Security for Windows and Kaspersky Security for Windows Server requires installing Kaspersky Endpoint Agent as part of those applications.

Compatibility of Kaspersky Endpoint Agent for Windows with versions of Kaspersky Security for Windows Server

You can install the following versions of Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server:

  • Kaspersky Endpoint Agent 3.9 as part of Kaspersky Security 11 for Windows Server.
  • Kaspersky Endpoint Agent 3.10 as part of Kaspersky Security 11.0.1 for Windows Server.

When you install Kaspersky Endpoint Agent as part of Kaspersky Security for Windows Server, the standalone Kaspersky Endpoint Agent of the same or earlier version is removed. If Kaspersky Endpoint Agent installed as part of Kaspersky Security for Windows Server has an earlier version, it will not be installed. In this case, you must first remove the standalone Kaspersky Endpoint Agent application.

If necessary, you can upgrade the Kaspersky Endpoint Agent application that is already installed as part of Kaspersky Security for Windows Server. Integration between compatible versions of the applications is maintained both when Kaspersky Endpoint Agent is upgraded and when Kaspersky Security for Windows Server is upgraded.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Windows Server versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Windows Server versions

Kaspersky Security for Windows Server version

Compatibility with Endpoint Agent 3.8, 3.9, 3.10

Compatibility with Endpoint Agent 3.11, 3.12

Compatibility with Endpoint Agent 3.13, 3.14, 3.15, 3.16
  • KSWS 10.1.2

Yes

No

No
  • KSWS 11

Yes

Yes

No
  • KSWS 11.0.1

No

Yes

There are limitations

When integrating with Kaspersky Endpoint Agent 3.13–3.16, Kaspersky Security for Windows Server does not transmit event information of the AMSI scan event.

For more details about installing Kaspersky Security for Windows Server, see Kaspersky Security for Windows Server Help.

Compatibility of Kaspersky Endpoint Agent for Windows with versions of Kaspersky Endpoint Security for Windows

You can install the following versions of Kaspersky Endpoint Agent (Endpoint Sensors) as part of Kaspersky Endpoint Security for Windows:

  • Kaspersky Endpoint Agent 3.7 or Kaspersky Endpoint Agent (Endpoint Sensors) 3.6.1 as part of Kaspersky Endpoint Security 11.2, 11.3 for Windows.

    Kaspersky Endpoint Agent (Endpoint Sensors) 3.6.1 is not compatible with Kaspersky Anti Targeted Attack Platform version 4.1 or higher.

    Kaspersky Endpoint Agent 3.7 is not compatible with all versions of Kaspersky Anti Targeted Attack Platform.

  • Kaspersky Endpoint Agent 3.9 as part of Kaspersky Endpoint Security 11.4, 11.5.
  • Kaspersky Endpoint Agent 3.10 as part of Kaspersky Endpoint Security 11.6.
  • Kaspersky Endpoint Agent 3.11 as part of Kaspersky Endpoint Security 11.7, 11.8.

When you install Kaspersky Endpoint Agent 3.10 or later as part of Kaspersky Endpoint Security for Windows, the standalone Kaspersky Endpoint Agent application of the same or earlier version is removed. If the separately installed Kaspersky Endpoint Agent has a later version, the application bundled with Kaspersky Endpoint Security for Windows is not installed. In this case, you must first remove the standalone Kaspersky Endpoint Agent application.

If necessary, you can upgrade the Kaspersky Endpoint Agent application that is already installed as part of Kaspersky Endpoint Security for Windows. Integration between compatible versions of the applications is maintained both when Kaspersky Endpoint Agent is upgraded and when Kaspersky Endpoint Security for Windows is upgraded. You can upgrade a previous version of Kaspersky Endpoint Agent to version 3.14 only for Kaspersky Endpoint Agent version 3.7 or higher.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Endpoint Security for Windows versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions with Kaspersky Endpoint Security for Windows versions

Kaspersky Endpoint Security version

Compatibility with Endpoint Agent 3.8, 3.9

Compatibility with Endpoint Agent 3.10, 3.12

Compatibility with Endpoint Agent 3.11

Compatibility with Endpoint Agent 3.13, 3.14, 3.15, 3.16
  • KES 10 SP2 MR2

No

No

No

No
  • KES 10 SP2 MR3/MR4

Yes

No

No

No
  • KES 11.0.0

No

No

No

No
  • KES 11.0.1

Yes

No

No

No
  • KES 11.1
  • KES 11.1.1

Yes

Yes

No

No
  • KES 11.2
  • KES 11.3

Yes

Yes

Yes

No
  • KES 11.4
  • KES 11.5

Yes

Yes

Yes

No
  • KES 11.6
  • KES 11.7
  • KES 11.8

Yes

Yes

Yes

Yes
  • KES version 12.1 or later

No

No

No

No

For more details about installing Kaspersky Endpoint Security, see Kaspersky Endpoint Security for Windows Help.

Compatibility of Kaspersky Endpoint Agent with versions of Kaspersky Security for Virtualization Light Agent

You can configure the integration of separately installed Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent.

Information about the compatibility of Kaspersky Endpoint Agent versions with Kaspersky Security for Virtualization Light Agent versions is listed in the table below.

Compatibility of Kaspersky Endpoint Agent versions and Kaspersky Security for Virtualization Light Agent versions

Kaspersky Security for Virtualization Light Agent version

Compatibility with Endpoint Agent 3.8, 3.9, 3.10

Compatibility with Endpoint Agent 3.12

Compatibility with Endpoint Agent 3.11, 3.13, 3.14

Compatibility with Endpoint Agent 3.15

Compatibility with Endpoint Agent 3.16
  • KSV 5.1 LA

Yes

Yes

No

No

No
  • KSV 5.1.1 LA

Yes

No

No

No

No
  • KSV 5.2 LA

No

Yes

Yes

Yes

Yes
  • KSV 6.0 LA

No

Yes

Yes

Yes

No

Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent installed on a virtual machine generate the same load on the Central Node server as Kaspersky Endpoint Agent and Kaspersky Security for Virtualization Light Agent installed on the host.

For more details about enabling the integration of Kaspersky Endpoint Agent with Kaspersky Security for Virtualization Light Agent, see Kaspersky Security for Virtualization Light Agent Help.

Compatibility of Kaspersky Endpoint Agent with versions of Kaspersky Industrial CyberSecurity for Nodes

You can install Kaspersky Endpoint Agent on a device with Kaspersky Industrial CyberSecurity for Nodes installed. The applications are integrated automatically.

Compatibility of Kaspersky Endpoint Agent versions with versions of Kaspersky Industrial CyberSecurity for Nodes

Kaspersky Industrial CyberSecurity for Nodes version

Compatibility with Endpoint Agent 3.11, 3.12

Compatibility with Endpoint Agent 3.13, 3.14, 3.15

Compatibility with Endpoint Agent 3.16
  • KICS for Nodes 3.0

Yes

Yes

Yes
  • KICS for Nodes 3.1

No

Yes

Yes
  • KICS for Nodes 3.2

No

No

Yes

To integrate with Kaspersky Industrial CyberSecurity for Nodes, the corresponding license key must be installed in the Kaspersky Endpoint Agent.

For detailed information, you can contact your account manager.

Page top
[Topic 247216]

Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

You can use Kaspersky Endpoint Security as the Endpoint Agent component.

Information about the compatibility of Kaspersky Endpoint Security versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

Kaspersky Endpoint Security
version

Compatibility
with KATA 4.0

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

Kaspersky Endpoint Security
12.1, 12.2

No

Yes

Yes

Yes

Yes

No

There are limitations

Kaspersky Endpoint Security
12.3, 12.4

No

Yes

Yes

Yes

Yes

Yes

There are limitations

Kaspersky Endpoint Security
12.5, 12.6

No

No

Yes

Yes

Yes

Yes

There are limitations

Kaspersky Endpoint Security
12.7, 12.8

No

No

There are limitations

There are limitations

There are limitations

There are limitations

Yes

To integrate Kaspersky Endpoint Security 12.1 or later with Kaspersky Anti Targeted Attack Platform, you do not need to install Kaspersky Endpoint Agent.

Starting from version 12.8, Kaspersky Endpoint Security for Windows can be used as the Light Agent for Windows component for the Kaspersky Security for Virtualization application. For more details about the integration, see Kaspersky Security for Virtualization Light Agent Help.

Limited compatibility of Kaspersky Endpoint Security for Windows versions with Kaspersky Anti Targeted Attack Platform versions

  • Integration of Kaspersky Endpoint Security 12.1–12.6 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Information about the following events is not transmitted: DNS, Code injection, Named pipe, WMI, LDAP.
    • For the File modified event, information about the following subtypes is not processed: File read, Hard link created, Symbolic link created.
    • For the Registry modified event, information about the following subtypes is not processed: Registry key renamed, Registry key saved.
    • New fields are not available for the Module loaded and Connection to remote host events.
  • Integration of Kaspersky Endpoint Security 12.7–12.8 with Kaspersky Anti Targeted Attack Platform 5.1–6.1.

    The server of these Kaspersky Anti Targeted Attack Platform versions can receive a limited scope of data from the Kaspersky Endpoint Security application:

    • Information about the following events is not processed: Named pipe, WMI, LDAP, DNS, Code injection.
    • For the File modified event, information about the following subtypes is not processed: File read, Hard link created, Symbolic link created.
    • For the Registry modified event, information about the following subtypes is not processed: Registry key renamed, Registry key saved.
    • New fields are not available for the Module loaded and Connection to remote host events.
Page top
[Topic 246849]

Compatibility of Kaspersky Endpoint Security for Linux versions with Kaspersky Anti Targeted Attack Platform versions

You can use Kaspersky Endpoint Security as the Endpoint Agent component.

Information about the compatibility of Kaspersky Endpoint Security versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Security for Linux versions with Kaspersky Anti Targeted Attack Platform versions

Kaspersky Endpoint Security
version

Compatibility
with KATA 4.0

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

Kaspersky Endpoint Security
11.4

No

No

No

There are limitations

There are limitations

There are limitations

There are limitations

Kaspersky Endpoint Security
12

No

No

There are limitations

There are limitations

There are limitations

There are limitations

There are limitations

Kaspersky Endpoint Security
12.1

No

No

No

There are limitations

There are limitations

There are limitations

There are limitations

Kaspersky Endpoint Security
12.2

No

No

No

No

There are limitations

There are limitations

There are limitations

To integrate Kaspersky Endpoint Security with Kaspersky Anti Targeted Attack Platform, you do not need to install the Kaspersky Endpoint Agent.

Starting from version 12, Kaspersky Endpoint Security for Linux can be used as the Light Agent for Linux component for the Kaspersky Security for Virtualization application. For more details about the integration, see Kaspersky Security for Virtualization Light Agent Help.

When Kaspersky Endpoint Security for Linux is used as the Light Agent for Linux component, the integration of Kaspersky Endpoint Security for Linux with Kaspersky Anti Targeted Attack Platform is retained.

Limited compatibility of Kaspersky Endpoint Security for Linux versions with Kaspersky Anti Targeted Attack Platform versions

  • Integration of Kaspersky Endpoint Security 11.4 with Kaspersky Anti Targeted Attack Platform 5.1–6.1.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Creation of network isolation rules is not supported.
    • Creation of prevention rules is not supported.
    • Searching for indicators of compromise on computers using IOC files is not supported.
    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan.
    • Creation of the following tasks is not supported: Kill process, Get forensics, Start YARA scan, Delete file, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
  • Integration of Kaspersky Endpoint Security 12, 12.1, 12.2 with Kaspersky Anti Targeted Attack Platform 6.0–6.1.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan.
    • Creation of the following tasks is not supported: Get forensics, Start YARA scan, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
  • Integration of Kaspersky Endpoint Security 12.1 with Kaspersky Anti Targeted Attack Platform 5.1.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Creation of prevention rules is not supported.
    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan.
    • Creation of the following tasks is not supported: Get forensics, Get registry key, Get NTFS metafiles, Get process memory dump, Get disk image, Get memory dump, Kill process, Start YARA scan, Manage services, Quarantine file, Restore file from quarantine.
  • Integration of Kaspersky Endpoint Security 11.4 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Creation of network isolation rules is not supported.
    • Creation of prevention rules is not supported.
    • Searching for indicators of compromise on computers using IOC files is not supported.
    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan, Named pipe, WMI, LDAP.
    • Creation of the following tasks is not supported: Kill process, Get forensics, Start YARA scan, Delete file, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
  • Integration of Kaspersky Endpoint Security 12, 12.1, 12.2 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan, Named pipe, WMI, LDAP.
    • Creation of the following tasks is not supported: Get forensics, Start YARA scan, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
Page top
[Topic 247128]

Compatibility of Kaspersky Endpoint Security for Mac with Kaspersky Anti Targeted Attack Platform versions

You can use Kaspersky Endpoint Security for Mac as the Endpoint Agent component.

Information about the compatibility of Kaspersky Endpoint Security for Mac versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of Kaspersky Endpoint Security for Mac with Kaspersky Anti Targeted Attack Platform versions

Kaspersky Endpoint Security
version

Compatibility
with KATA 4.0

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

Kaspersky Endpoint Security
12

No

No

No

No

There are limitations

There are limitations

There are limitations

Kaspersky Endpoint Security
12.1

No

No

No

No

There are limitations

There are limitations

There are limitations

Limited compatibility of Kaspersky Endpoint Security for Mac versions with Kaspersky Anti Targeted Attack Platform versions

  • Integration of Kaspersky Endpoint Security 12–12.1 with Kaspersky Anti Targeted Attack Platform 6.0–6.1.
    • Creation of network isolation rules is not supported.
    • Creation of prevention rules is not supported.
    • Searching for indicators of compromise on computers using IOC files is not supported.
    • Event information is not transmitted for the following events: Process terminated, Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan.
    • Creation of the following tasks is not supported: Kill process, Get forensics, Start YARA scan, Delete file, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
  • Integration of Kaspersky Endpoint Security 12–12.1 with Kaspersky Anti Targeted Attack Platform 7.0.

    The scope of data sent by Kaspersky Endpoint Security is limited:

    • Creation of network isolation rules is not supported.
    • Creation of prevention rules is not supported.
    • Searching for indicators of compromise on computers using IOC files is not supported.
    • Event information is not transmitted for the following events: Module loaded, Connection to remote host, Blocked application (prevention rule), Document blocked, Registry modified, Port listened, Driver loaded, Process: interpreted file run, Process: console interactive input, AMSI scan, DNS, Code injection, Named pipe, WMI, LDAP.
    • Creation of the following tasks is not supported: Kill process, Get forensics, Start YARA scan, Delete file, Quarantine file, Restore file from quarantine, Manage services, Get disk image, Get memory dump.
Page top
[Topic 252759]

Compatibility of KUMA versions with versions of Kaspersky Anti Targeted Attack Platform

You can use KUMA as a SIEM system.

Information about the compatibility of KUMA versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of KUMA versions with versions of Kaspersky Anti Targeted Attack Platform

KUMA
version

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

KUMA 2.0

Yes

Yes

No

No

No

No

KUMA 2.1

No

Yes

Yes

Yes

No

No

KUMA 3.0.2

No

No

No

Yes

Yes

No

KUMA 3.0.3

No

No

No

Yes

Yes

No

KUMA 3.2

No

No

No

Yes

Yes

No

KUMA 3.3

No

No

No

No

No

Yes

KUMA 3.4

No

No

No

No

No

Yes

Page top

[Topic 264169]

Compatibility of XDR versions with versions of Kaspersky Anti Targeted Attack Platform

You can use XDR as a SIEM system.

Information about the compatibility of XDR versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of XDR versions with versions of Kaspersky Anti Targeted Attack Platform

XDR
version

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

XDR
1.0

No

No

Yes

No

No

No

XDR
1.1

No

No

No

Yes

Yes

No

XDR
1.2

No

No

No

No

No

Yes

Page top

[Topic 264174]

Compatibility of KPSN versions with versions of Kaspersky Anti Targeted Attack Platform

You can use Kaspersky Private Security Network (KPSN) instead of Kaspersky Security Network (KSN) to avoid sending your organization's data beyond the corporate LAN.

Information about the compatibility of KPSN versions with Kaspersky Anti Targeted Attack Platform versions is listed in the table below.

Compatibility of KPSN versions with versions of Kaspersky Anti Targeted Attack Platform

KPSN
version

Compatibility
with KATA 4.1

Compatibility
with KATA 5.0

Compatibility
with KATA 5.1

Compatibility
with KATA 6.0

Compatibility
with KATA 6.1

Compatibility
with KATA 7.0

KPSN
3.3

Yes

Yes

Yes

Yes

Yes

No

KPSN
3.4

No

No

No

Yes

Yes

Yes

KPSN
4.0

No

No

No

No

Yes

Yes

Page top

[Topic 264175]

Compatibility of Kaspersky Anti Targeted Attack Platform with VK Cloud

Kaspersky Anti Targeted Attack Platform supports deployment on the VK Cloud platform.

When deploying the application, you can connect Sandbox components to the Central Node component.

The following restrictions apply when deploying Kaspersky Anti Targeted Attack Platform for integration with VK Cloud:

  • Only the KATA functional block is supported.
  • Only the certified version of the application based on Astra Linux is supported.
  • Only the non-high-availability version of the application is supported.
  • You can configure integration only with an external KSMG system. For more details on integration, see KSMG Help.
  • You can use the distributed solution mode only if you are using the KSMG integration.

For the Sandbox component to work, the following requirements must be met:

  • Nested virtualization must be enabled for the virtual machine.
  • The network interface settings must be correctly configured to provide Internet access to objects being processed.

    Windows images can only be activated if the network interface is configured correctly.

  • The network interface used for Internet access of processed objects must be isolated from the local network of your organization.
  • The network interface used by processed objects for Internet access must be connected to a subnet that is not the same as the subnet to which the control interface is connected.
  • We do not recommend using a static public IP address for the network interface that handles Internet access of the objects being processed.
Page top
[Topic 264697]