Kaspersky Security Center 9.0 Critical Fix 1 (9.0.2825) _________________________________________________________________________ GENERAL DESCRIPTION Kaspersky Security Center is a tool designed for centralized management of comprehensive protection system for enterprise networks. Kaspersky Security Center provides the administrator access to detailed information about the security level of an enterprise network and allows flexible configuration of protection system components. This application version can be used for both the initial setup of Kaspersky Security Center, and updating Kaspersky Administration Kit 8.0 and earlier versions of the application. ------------------------------------------------------------------------- INSTALLING AND UPDATING The following procedure is recommended to upgrade the application: 1) Read this document carefully and determine whether you need this update. 2) Back up Administration Server data using klbackup.exe utility or the Administration Server backup tasks. Please note that complete restoration of the Administration Server data requires saving the Server certificate. 3) Run the installation of Kaspersky Security Center 9.0 Critical Fix 1 (9.0.2825) on a computer with Administration Server installed and update the current Server version. The Administration Server versions are backwards compatible. All data related to the previous version of the Administration Server version is stored after update. 4) Create a task of remote installation of Network Agent 9.0.2825 to corporate computers: a group task or a task for specific computers. Run the task manually or according to a schedule. After the task is completed, Network Agent will be updated on client computers. ------------------------------------------------------------------------- WHAT'S NEW Changes made to version 9.0.2825 (Kaspersky Security Center 9.0 Critical Fix 1) as compared with version 9.0.2786 (Kaspersky Security Center 9.0): - The option of forced category updating and the option to specify a period of forced updating have been added. - The problem with KSN Proxy service halting in case Administration Server is installed on a cluster has been solved. - The option to export lists to text files has been added in dialog boxes of Administration Console. - The display of the equipment registry report in case the MySQL database server is used has been improved. - The error of automatic assignment of update agents has been fixed. - The error of high workload on the CPU from Network Agent and Administration Server has been fixed. - The error of high workload on the CPU when updating Administration Server has been fixed. - The option to select the Windows Updates search mode has been added to the policy properties window of Network Agent. - By default, network poll is disabled for automatically appointed update agents. - The column in public view in the database v_akpub_host.bHasUpadateAgent has been fixed. - The error in Kaspersky Event Log appearing as "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `__ttmp_wus_delete_patch_host_states`" has been fixed. - Administration Server is not blocked when processing the list of vulnerabilities. - The errors in Kaspersky Event Log appearing as "Violation of PRIMARY KEY constraint 'PK__#ftsrch___28005A2F2FC8F19C'." have been fixed. - The error of display of the up-to-date versions of applications in case the MySQL Database Server is used has been fixed. - A number of errors in the update of Kaspersky Administration Kit 8.0 version have been fixed. - Network Agent does not stop running in case incomplete data are received from Windows Update Agent. - Potentially high workload on the SQL server when the option to collect information about Windows updates is enabled and when receiving information about device drivers from Windows Update Agent, has been fixed. - The empty list of Windows updates in localizations other than RU, EN, FR, and DE, has been fixed. - The increasing workload on the disk subsystem of client computers after updating Kaspersky Administration Kit 8.0 when Kaspersky Administration Kit 8.0 provides remote scheduled installation tasks, has been fixed. - The error of display of the progress status of Windows update installation tasks and the error of closure of vulnerabilities after restarting computers have been fixed. - The potential failure in Administration Server's operation after removing an active task of remote installation has been fixed. - The error occurring when running the group task of remote installation on computers connected to the virtual Administration Server if installation packages have been transferred from the master Administration Server instead of being created on the virtual Server, has been fixed. - The option to disable Windows update search has been added for Network Agent. - The potential closure of Network Agent in case data of installed applications are received, has been fixed. - The algorithm used for synchronizing data of incompatible applications between Administration Server and Network Agent. - The error of automatic applying of Network Agent updates on client computers running under virtual Administration Servers, has been fixed. Changes made to the version 9.0.2786 (Kaspersky Security Center 9.0) as opposed to the version 8.0.2134 (Kaspersky Administration Kit 8.0 CF 2): - Functionality of virtual Administration Server has been added. - The Kaspersky Security Center Web-Console component has been added. - The applications control functionality has been added. - The functionality of centralized collection of information about the condition of software on managed computers has been added. - The functionality of centralized applications registry has been expanded. - The functionality of controlling vulnerabilities in applications on managed computers has been added. - Support of Windows Failover Clustering has been added for the Administration Server. - The functionality of updating the description of incompatible applications when creating installation packages for anti-virus applications has been added. - The option of receiving notifications on new versions of corporate applications from Kaspersky Lab and the option of retrieving new versions within the Administration Server update task have been added. - The functionality of synchronizing the structure of Active Directory with that of administration groups has been expanded. - The set of reports and information panels has been expanded. - The mechanism of automatic assignment of update agents has been implemented. - The option of network polling and remote installation of applications using Network Agent has been added. - The user interface of the Administration Console has been reworked. - The option of using connection gateway has been added. A connection gateway can be used to manage client computers that do not have a direct connection to the Administration Server (for example, if client computers are located outside a corporate network while the Administration Server is within one). - A dedicated installer for the Administration Console has been added. A mode of full-text information search via the Administration Console has been implemented. - Support of dynamic mode for Virtual Desktop Infrastructure (VDI) has been implemented. - The function of identifying virtual machines has been implemented: now you can perform the search and set rules for moving computers according to the settings of a virtual machine. - The volume of data transferred from the Administration Server to update agents, has been optimized. - Support of MS SQL 2000 has been discontinued. - The Connection Manager component has been added, which allows setting time intervals for transfer of data from Network Agent to the Server. - The option of managing interactions with Microsoft NAP in the policy of Network Agent has been added. - The option of creating Kaspersky Security Center accounts that are not Windows user accounts, has been added. - The option of excluding selected administration groups from the scope of a task has been added. - A dedicated installer has been developed for the installation of Kaspersky Security Center System Health Validator: its distribution package has been excluded from the application. - The display of computers in administration groups has been optimized. No limit can be set to the number of computers included in a group. ------------------------------------------------------------------------- LIST OF KNOWN ISSUES - The progress status of the Windows Update installation task on managed computers is not refreshed while installing updates. - For the KSN Proxy component, the standard proxy server authentication procedure is only available. - In case Administration Server is installed on the cluster, automatic installation of Administration Server patches cannot be activated. - For Kaspersky Anti-Virus for Windows Servers Enterprise Edition, the first screen of the Policy Creation Wizard and that of the Task Creation Wizard are not displayed. ------------------------------------------------------------------------- ADDITIONAL SOURCES OF INFORMATION You can use the following sources to find information about the application on your own: - page on Kaspersky Lab website: http://www.kaspersky.com/security-center; - page on Technical Support Service website (Knowledge Database): http://support.kaspersky.com/remote_adm; - help system: Full Help; - documentation: Administrator's Guide, Implementation Guide, Getting Started. ------------------------------------------------------------------------- © 2011 Kaspersky Lab ZAO. All Rights Reserved.