Question regarding Exchange vulnerability detection

[K1029]

Hello,

 

I have a question regarding the new HAFNIUM vulnerability found in Microsoft Exchange on-premise products.

 

Kaspersky says they detect this virus with Behaviour Detection. However, as far as I can tell - Kaspersky for Windows Server versions 10.1.2 and 11 do not have this module (or atleast not by that name).

 

How does the Windows Server line of anti-virus products detect this?

[Vimaro]

Dear user,

Thanks for your message. Kaspersky Security for Windows Server can protect your servers in different ways. I will mention few of them:

Exploit Prevention: Provides the ability to protect process memory from exploits. This feature is implemented in the Exploit Prevention component. You can change the component's activity status and configure process memory protection settings (https://support.kaspersky.com/KSWS/11/en-US/146653.htm).

KSN: Kaspersky Security Network (also referred to as "KSN") is an infrastructure of online services providing access to Kaspersky's operative knowledge base on the reputation of files, web resources and programs. Kaspersky Security Network allows Kaspersky Security for Windows Server to react very promptly to new threats, improves the performance of several protection components, and reduces the likelihood of false positives (https://support.kaspersky.com/KSWS/11/en-US/146667.htm).

And I’m not mentioning other protection modules (Real-Time Protection, Script Monitoring, etc). If you have Kaspersky Hybrid Cloud Security Enterprise license, you could also use Log Inspection module. It is really helpful to find security events in Kaspersky Security Center from protected servers.

[K1029]

Hi Vimaro,

 

Thanks for your response!

 

Exploit Prevention: Provides the ability to protect process memory from exploits. This feature is implemented in the Exploit Prevention component. You can change the component's activity status and configure process memory protection settings (https://support.kaspersky.com/KSWS/11/en-US/146653.htm).

 

 

So I checked the modules for our servers protected by Kaspersky for Windows Server using our KSC and I can’t even find the “Exploit Prevention” module. Only Real-Time Protection, Anti-Cryptor

 

and Network Threat Protection.

 

Our servers are licensed using Kaspersky Endpoint Security for Business Select edition.

 

Am I missing something?

 

[Vimaro]

Dear user,

Thanks for your reply. Please be sure of use Kaspersky Security for Windows Servers 11 (latest version is 11.0.0.480 - https://support.kaspersky.com/ksws11#downloads). If you are using an active license, you could migrate to newest release without additional charge in your license. Also, you could request technical assistance from your Kaspersky reseller in this installation process.

However, If you need direct assistance from our Kaspersky Specialists in this migration, please contact your Kaspersky reseller asking more details about our Kaspersky Professional Services https://usa.kaspersky.com/enterprise-security/professional-services.

Don’t hesitate to ask additional questions.

[K1029]

Hi Vimaro,

 

Thanks again or your reply. I can confirm we are running the latest version 11.0.0.480

 

I will try contacting my reseller but can you please help me verify whether it is normal behaviour that there is no Exploit Prevention module present when viewing a client with an installed version of Kaspersky Security For Windows Server 11 from KSC?

[Vimaro]

Hi Vimaro,

 

Thanks again or your reply. I can confirm we are running the latest version 11.0.0.480

 

I will try contacting my reseller but can you please help me verify whether it is normal behaviour that there is no Exploit Prevention module present when viewing a client with an installed version of Kaspersky Security For Windows Server 11 from KSC?

Dear user, 

Thanks for your reply. Please check in Kaspersky Security Center, section policies: Kaspersky Security for Windows Server policy, Real-Time Server Protection. 

In Exploit Prevention, Please be sure the tab “Task Management” is set to “Start at application launch” and check box marked. In KSN Usage, check for tabs Service and KSN. Check all marks in that tab. Avoid mark Kaspersky Managed Protection (that is a service not included in license).