About Kaspersky for Linux

Kaspersky for Linux ("the Kaspersky application" or "the application") is designed to protect devices running Linux® operating systems against various types of threats, network attacks, and scams.

Before you start working with the application, we recommend familiarizing yourself with the basic methods of managing the application.

You can manage the Kaspersky application:

• Using management commands on the command line.
• Using the application interface.

To use the Kaspersky app, you need to have basic knowledge of Alt, RED OS, Ubuntu or Uncom (depending on which of these operating systems is installed on your device). We recommend familiarizing yourself with the official Linux documentation, which will introduce you to the basic principles of managing the operating system:

• Alt
• RED OS
• Ubuntu
• Uncom

The following functional components and tasks of the application provide the main functions of device protection and control:

• File Threat Protection prevents infection of the file system on the user device. The File Threat Protection component starts automatically when the Kaspersky application is launched and scans all files that are opened, saved, and started in real time.

  You can also scan protected devices on demand using the following scan tasks:

  • Malware Scan. The application scans for the presence of malware in file system objects located on local disks of the device, as well as mounted and shared resources, which are accessed via SMB and NFS protocols. You can use this task to perform a full or custom scan of the device.
  • Critical Areas Scan. The application scans boot sectors, startup objects, process memory, and kernel memory.
• Removable Drives Scan. The Removable Drives Scan component allows you to monitor the connection of media to the device in real time and scan removable media with its boot sectors for malware. The Kaspersky application can scan the following removable media: CDs, DVDs, Blu-ray discs, flash drives (including USB modems), external hard drives, and floppy disks.
• Web Threat Protection. The Web Threat Protection component allows you to scan inbound traffic, prevent downloads of malicious files from the Internet, and block phishing, adware, and other malicious websites. The Kaspersky application can scan encrypted connections.
• Behavior Detection. The Behavior Detection component allows you to monitor for any malicious activity from applications in the operating system. When malicious activity is detected, the Kaspersky application can terminate the process of the application that is performing malicious activity.

The Kaspersky application lets you detect infected objects and neutralize threats detected in them. For this, the application can use:

• Application databases to detect and disinfect infected files. During the scan process, the application analyzes each file for the presence of a threat: it compares the file code with the code of a specific threat and looks for possible matches.
• Kaspersky Security Network. The use of data from Kaspersky Security Network ensures faster responses by the Kaspersky application to various threats, improves the performance of some protection components, and reduces the likelihood of false positives.

Before disinfection or removal, the Kaspersky application saves backup copies of files in the Backup located on the device. If after disinfection, you partially or completely lose access to important information in a disinfected file, you can restore the file from the copy.

While performing scan tasks, the Kaspersky application can disinfect and delete files that are protected from modification: files with the 'immutable' and 'append-only' attributes and files in directories with the 'immutable' and 'append-only' attributes. Backup stores copies of these files that were created before disinfection or deletion. You can restore files from backup copies, if necessary. When scan tasks are completed, the 'immutable' and 'append-only' attributes of disinfected files are reset.

The Kaspersky application can operate in Notify-only mode. Notify-only mode is an operation mode for the application in which, if a threat is detected, application components and tasks do not attempt to disinfect or delete malicious objects, deny access or block the activity of applications. Instead, the application only informs the user about the detected threat.

To keep the application up to date, additional application functions are provided:

• Activating the application using an activation code.
• Updating the databases and application modules from Kaspersky update servers or from a user-specified source on schedule and on demand.
• User access control for the application functions according to the user roles.
• Notification of the administrator about events that occurred while the application was running.
• Integrity check of application components using the integrity check tool.

The Kaspersky application is available under a subscription. The application is included in the following subscription plans:

• Kaspersky Standard
• Kaspersky Plus
• Kaspersky Premium

A subscription plan is a subscription option that includes a specific set of applications and their features.

The Kaspersky Premium subscription plan is not available in all regions.

The set of features available in the Kaspersky application does not depend on the selected subscription plan.

In this Help section Distribution kit Hardware and software requirements What's new

Page top