MarkNN Posted September 9, 2021 Author Share Posted September 9, 2021 Hello,I would like to suggest and talk about specific change to Kaspersky Endpoint Security for Windows, but first it will be useful to lay some background explaining why such change is needed, so it’s necessity and my motivation for writing this post will be better understood. BackgroundOur company is providing services related to integrating, maintaining and securing mission-critical systems in organizations like factories, financial institutions and defence contractors. As any mission-critical system, it must operate uninterrupted as much as possible, must also be patched on a regular basics and generally be well maintained and documented.Back in the days of Windows versions 2000 till 8.1, there was an 10 year support period from Microsoft and that was fine for us, as we were able to configure, tweak and deeply customize both the Operating System and the production software to make them both run as required and expected.However, everything changed with the advent of Windows 10, where the support period was drastically shortened and the disaster of forced updates began. Those who maintain those systems know, that almost every update breaks something - from broken printing, across driver crashing, till data loss (which shifted the premiere of Windows Server 2019).After having a lot of such issues we’ve concluded, that Windows 10 is a no-go for our applications. Even the Enterprise LTSC version has too short period of maintenance for us (which will have only 5 years of support). For such sensitive environments we would have to have a separate team dedicated only to test insider builds, operate separate machines to validate it’s workings in production environments etc. The entire thing is non-sense - in our opinion, today’s software should be supported for more, not less time than it was in the past - due to much greater dependency on it.But, as we need to support Windows based machines, we’ve decided, that all of the workstations will be migrated to recently released Windows Sever 2022. It has 10 years of support, no crapware installed an probably is better tested than client version (as it was even back in the days of XP and Server 2003).There are some tweaks that have to be done to make Windows Server workstation friendly, but this is not a problem. Our tests are practically completed, almost every problem we’ve encountered was solved, so we are almost ready to go.The only thing which stops us now is Kaspersky software, We are using Kaspersky products since year 2007. Almost all of our clients have Kaspersky Endpoint Security Select/Advanced/Total - depending on the size of infrastructure and individual specificity. We are very happy with those programs and don’t want to change them. ProblemThe problem we face is related to the Kaspersky Endpoint Security for Windows. When we install it on Windows Server, then some modules are missing - namely: Web protection, Mail protection and some others.I remember, that older version of KES, when they detected that were installed on Windows Server, changed their branding to Kaspersky Endpoint Security for File Server and workstation-related modules were missing. I believe that same is happening now, with version 11.6. I don’t know what was the motivation for such move at the time of committing to such decision, but I would like to point, that such behaviour is no longer valid.We are not the first case where Windows Server is used as a Workstation - there are guides on the web dating back to the Server 2003 days, which explain how to “convert” the server edition to workstation variant.In those days it was especially for those who wanted to use the NT Kernel v5.2. I’m sure that nowadays - with the arise of short maintenance period, bloatware, forced updates, telemetry etc. - such installations will be more and more common, not only in sensitive environments. To check if availability of workstation-related modules is not limited by technical reasons, I’ve installed the Kaspersky Small Office Security and saw, that all of the modules absent in KES (i.e. Web protection, Mail protection and others) are all present.I’ve also checked other vendors solutions and, for example, ESET has such modules available on Windows Server installation as well. For the record: I know about the existence of Kaspersky Security for Windows Server product, we use it on servers, but it is not appropriate for cases when Windows Server is used as a Workstation, so we are not considering it.We also don’t consider moving to the Kaspersky Small Office Security, as we operate on large installations and the local Administration Console is an absolute must. The whole point of this post is to officially ask you to make the functionality of Kaspersky Endpoint Security for Windows the same on Windows Server, as it is on Windows 10.There is no point to limit it - there are no technical restrictions, license has been bought, the same license applies to KES and KSforWinSrv, so such conjuncture unnecessarily limits user in the area where the software can be used. That makes Kaspersky software less competitive compared to other vendors. Looking forward to hear from you. GreetingsMark Link to comment Share on other sites More sharing options...
MarkNN Posted October 13, 2021 Author Share Posted October 13, 2021 Can I count on statement about the above issue? Mark Link to comment Share on other sites More sharing options...
Diego Moraes Posted October 26, 2021 Share Posted October 26, 2021 Hello, I would like to suggest and talk about specific change to Kaspersky Endpoint Security for Windows, but first it will be useful to lay some background explaining why such change is needed, so it’s necessity and my motivation for writing this post will be better understood. Background Our company is providing services related to integrating, maintaining and securing mission-critical systems in organizations like factories, financial institutions and defence contractors. As any mission-critical system, it must operate uninterrupted as much as possible, must also be patched on a regular basics and generally be well maintained and documented. Back in the days of Windows versions 2000 till 8.1, there was an 10 year support period from Microsoft and that was fine for us, as we were able to configure, tweak and deeply customize both the Operating System and the production software to make them both run as required and expected. However, everything changed with the advent of Windows 10, where the support period was drastically shortened and the disaster of forced updates began. Those who maintain those systems know, that almost every update breaks something - from broken printing, across driver crashing, till data loss (which shifted the premiere of Windows Server 2019). After having a lot of such issues we’ve concluded, that Windows 10 is a no-go for our applications. Even the Enterprise LTSC version has too short period of maintenance for us (which will have only 5 years of support). For such sensitive environments we would have to have a separate team dedicated only to test insider builds, operate separate machines to validate it’s workings in production environments etc. The entire thing is non-sense - in our opinion, today’s software should be supported for more, not less time than it was in the past - due to much greater dependency on it. But, as we need to support Windows based machines, we’ve decided, that all of the workstations will be migrated to recently released Windows Sever 2022. It has 10 years of support, no crapware installed an probably is better tested than client version (as it was even back in the days of XP and Server 2003). There are some tweaks that have to be done to make Windows Server workstation friendly, but this is not a problem. Our tests are practically completed, almost every problem we’ve encountered was solved, so we are almost ready to go. The only thing which stops us now is Kaspersky software, We are using Kaspersky products since year 2007. Almost all of our clients have Kaspersky Endpoint Security Select/Advanced/Total - depending on the size of infrastructure and individual specificity. We are very happy with those programs and don’t want to change them. Problem The problem we face is related to the Kaspersky Endpoint Security for Windows. When we install it on Windows Server, then some modules are missing - namely: Web protection, Mail protection and some others. I remember, that older version of KES, when they detected that were installed on Windows Server, changed their branding to Kaspersky Endpoint Security for File Server and workstation-related modules were missing. I believe that same is happening now, with version 11.6. I don’t know what was the motivation for such move at the time of committing to such decision, but I would like to point, that such behaviour is no longer valid. We are not the first case where Windows Server is used as a Workstation - there are guides on the web dating back to the Server 2003 days, which explain how to “convert” the server edition to workstation variant. In those days it was especially for those who wanted to use the NT Kernel v5.2. I’m sure that nowadays - with the arise of short maintenance period, bloatware, forced updates, telemetry etc. - such installations will be more and more common, not only in sensitive environments. To check if availability of workstation-related modules is not limited by technical reasons, I’ve installed the Kaspersky Small Office Security and saw, that all of the modules absent in KES (i.e. Web protection, Mail protection and others) are all present. I’ve also checked other vendors solutions and, for example, ESET has such modules available on Windows Server installation as well. For the record: I know about the existence of Kaspersky Security for Windows Server product, we use it on servers, but it is not appropriate for cases when Windows Server is used as a Workstation, so we are not considering it. We also don’t consider moving to the Kaspersky Small Office Security, as we operate on large installations and the local Administration Console is an absolute must. The whole point of this post is to officially ask you to make the functionality of Kaspersky Endpoint Security for Windows the same on Windows Server, as it is on Windows 10. There is no point to limit it - there are no technical restrictions, license has been bought, the same license applies to KES and KSforWinSrv, so such conjuncture unnecessarily limits user in the area where the software can be used. That makes Kaspersky software less competitive compared to other vendors. Looking forward to hear from you. Greetings Mark Hello, I think your problems will be solved in version 11.8 which is still in Beta, by the description they will add the missing components for Windows Server as well.https://eap.kaspersky.com/category/386/11-8https://eap.kaspersky.com/topic/3784/what-s-new Link to comment Share on other sites More sharing options...
MarkNN Posted October 26, 2021 Author Share Posted October 26, 2021 That’s fantastic news! Thank you very much for pointing this out to me!I wonder if that change was impacted by this very topic - would be nice to hear from the developers :) As the time passed, we’ve also realised, that this change will be also useful for cases where Windows Server is used as an Terminal Server for people using it as remote workstation - so for example Outlook will be protected and Web/Application Control can applied same as with the Windows 10 scenario. It is especially relevant in the advent of massive increase in numbers of remotely working employees. So we have another strong use-case which supports this decision. I’m really glad that I can start planning new deployments with this in mind - looking forward for version 11.8 (which by the way I HOPE will have some usable skin and not the terrible black-and-ureadable as it is in 11.7). Thank you!Mark Link to comment Share on other sites More sharing options...
Recommended Posts