Endpoint Security for Windows (for workstations and file-servers)
Kaspersky Endpoint Security for Windows combines multi-layered security, encryption, powerful control tools and centralized management for optimized performance and reliable protection against all types of cyber threats, with minimal interruption to workflow.
Kaspersky analysts detect more than 300,000 unique pieces of malware every day – targeted attacks and malware campaigns, exploitation of vulnerabilities in operation systems and applications, phishing and ransomware attacks are all on the increase. By combining industry-leading security technologies, endpoint controls and data encryption in one integrated solution, Kaspersky Endpoint Security for Windows protects your business from known mass malware and advanced threats. And our unique HuMachine™ approach, powered by a combination of big data threat intelligence, machine learning and human expertise, protects your Windows-based endpoints, devices and servers with minimal disruption to your users or IT systems.
A feature-rich application inside Kaspersky Endpoint Security for Business, Kaspersky Endpoint Security for Windows:
- Protects your most valuable business assets – your data and business process continuity
- Delivers end-user convenience – reliable, performance-optimized security with minimal impact on resources
- Ensures business efficiency – easily deployed and managed from the same console as other security components of Kaspersky Endpoint Security for Business
Multi-layered security – maximum user efficiency
Kaspersky Endpoint Security for Windows provides multi-layered protection from every type of threat your business faces. Our proactive security technologies minimize the opportunities for threats to reach endpoints – and reliably identify and block the threats that do. Cloud-based threat intelligence enables rapid response to emerging threats with a minimum of false positives, ensuring uninterrupted workflow.
Delivering next-generation technologies
Kaspersky Lab’s unique HuMachine™ approach is powered by a combination of big data threat intelligence, machine learning and human expertise. By working together, the strength of each individual element is maximized for higher levels of protection.
Using the power of cloud-assisted threat intelligence
Millions of Kaspersky customers worldwide voluntarily provide anonymized threat data from their devices to Kaspersky Security Network (KSN). This cloud-based threat lab gathers and stores massive volumes of malware metadata that enable it to make rapid, accurate decisions about the safety of files and URLs without having to completely analyze their content. This enables instant protection from newly emerged threats.
Detecting suspicious activities*
By detecting and analyzing suspicious activity on workstations, our System Watcher technology helps protect against new threats, including ransomware. In the event of a malware attack, the malware is blocked and any actions it may have taken are rolled back automatically.
* available for workstations only
Protecting against exploits*
Together with our Vulnerability Monitor, Kaspersky Lab’s innovative Automatic Exploit Prevention (AEP) technology helps to ensure malware can’t exploit vulnerabilities within the operating systems or applications that are running on your network. AEP specifically monitors the most frequently targeted applications – including Adobe Reader, Internet Explorer, Microsoft Office, Java and many more – to deliver an extra layer of security monitoring and protection against unknown threats.
* available for workstations only
Protecting the corporate network
Threats targeting corporate networks – including port scanning, denial-of-service attacks and buffer-overrun attacks – are on the increase. The Network Attack Blocker technology within Kaspersky Endpoint Security for Windows monitors and detects malware activities on your corporate network – and lets you configure whether or not you want to block these activities.
Flexible control tools for improved security and increased productivity
Integrated application, web and device controls for workstations allow you to manage applications on your corporate network, control web usage and minimize the risks of malware and data loss. From the control tools feature-set, application startup control is available for Windows-based fileservers.
Whitelisting and blacklisting for application control
There are thousands of new applications on the market, and the number is growing every day. Keeping track of which are potentially dangerous and which aren’t is a challenge. Application controls help protect systems from malicious software by giving administrators total control over the kinds of applications that are allowed to execute on your network.
You can choose between a whitelisting approach or a blacklisting approach. With whitelisting, system administrators can activate a Default Deny policy that blocks all applications – unless they’re on your whitelist. Kaspersky customers can create their own whitelists, adding software to safe lists manually, or include Kaspersky Lab’s categories list. Our in-house whitelisting lab constantly checks applications for security issues, adding them to the categorized database of whitelisted applications (this database includes over 1.3 billion unique files – with 1 million files being added every day).
Kaspersky customers have access to this database for use as is, or to adapt to their specific business requirements. Test mode ensures that no accidental blocking of business-critical applications takes place and there is no unwanted impact on functionality or productivity. These constantly updated databases of safe applications are at the heart of the dynamic whitelisting approach, delivering additional efficiency and security while allowing administrators to get on with other tasks.
Another option is a Default Allow scenario where systems administrators prohibit specified apps and allow everything that is not on the blacklist. Default Allow can restrict/prohibit applications from the blacklist – games, torrent clients and any other potentially risky software from running in your network. System administrators can either create their own lists or use Kaspersky Lab categories to create lists, saving time and ensuring accuracy for your blacklisting strategy.
Controlling application privileges
Some applications’ activities may be considered high risk – even though the applications themselves are not classed as malicious – and these activities should be controlled. Kaspersky’s Application Privilege Control (Host-Based Intrusion Prevention System – HIPS) restricts activities within the system according to the trust level assigned to the application and limits the rights of applications to access certain resources, including system and user files. Access of applications to audio and video recording devices can also be controlled.
Controlling device usage on your network
To manage device usage on your network, Kaspersky’s device controls enable you to set up controls based on time of day, user or type of device. You can align the controls with Active Directory and employ masks to whitelist multiple devices if required. Kaspersky Endpoint Security for Windows also logs all ‘delete and copy’ operations performed on removable drives, and manages user rights for file ‘read and write’ operations on USBs, CDs, DVDs, etc.
Control of online access
Kaspersky’s web control tools let you set up Internet access policies and allow or deny access to certain web resources by content type, resource type or name, or URL and can be aligned with Active Directory to set user based policies.
Data protection for lost or stolen devices with encryption
Kaspersky Endpoint Security for Windows’ encryption capabilities add another level of protection for laptops, tablets, USB sticks and other removable media, keeping your data safe in the event of theft or loss. Microsoft BitLocker management is the encryption option available for servers.
Strong, compliant encryption
Kaspersky Endpoint Security for Business Advanced uses the AES-256 encryption algorithm to deliver strong encryption to protect confidential information. If files or systems are lost or stolen, unauthorized users can’t access the encrypted data. Our encryption is fully FIPS 140-2 compliant.
Full Disk and File-Level Encryption
Full Disk Encryption (FDE) operates on the physical sectors of the disk and makes it easy to run an ‘encrypt everything at once’ strategy. File-Level Encryption (FLE) enables the secure sharing of data across your network. Both encryption modes are available for both hard drives and removable drives. Microsoft BitLocker management enables the use of OS-embedded encryption technology to improve hardware compatibility while minimizing user impact.
Simplified sign-on and smartcard / token support
Single Sign-On is supported, while smartcard / token support enables a two-factor authentication option for encrypted machines for extra security.
Centralized management cuts IT complexity
All security functions for Windows-based endpoints are set up and controlled remotely via Kaspersky Security Center to cut through IT complexity and reduce time spent on managing your IT security. Deploy and manage Kaspersky Endpoint Security for Windows across your corporate network, define specific anti-malware, endpoint controls and data encryption parameters within a single policy and generate and customize a wide range of security reports.
Security that minimizes impact on systems and users
Kaspersky Lab security technologies are designed with a light resource footprint and to have a minimal impact on user experience, ensuring that you don’t sacrifice productivity for security. Constant improvements in performance are validated by independent industry tests.
How to buy
Kaspersky Endpoint Security for Windows is included in:
- Intel Pentium 1 GHz or faster
- 1 GB RAM
- 2 GB of free space on the hard drive
Desktop operating systems
- Microsoft Windows 10 Pro / Enterprise x86 / x64
- Microsoft Windows 8.1 Pro / Enterprise x86 / x64
- Microsoft Windows 8 Pro / Enterprise x86 / x64
- Microsoft Windows 7 Professional / Enterprise / Ultimate x86 / x64 SP1 or later
Server operating systems
- Microsoft Windows Server 2016 х64
- Microsoft Windows Server 2012 R2 Standard х64
- Microsoft Windows Server 2012 Foundation / Standard х64
- Microsoft Small Business Server 2011 Standard х64
- Microsoft Windows Server 2008 R2 Standard / Enterprise х64 SP1 or later
- Microsoft Windows Server 2008 Standard / Enterprise х64 SP2 or later
Version requirements for subscription
- Starting from version 10SP2 Kaspersky Endpoint Security for Windows is also available on subscription with flexible monthly licensing. Please check with your local partner about subscription availability in your country.
Kaspersky Lab's unique combination of big data threat intelligence, machine learning and human expertise enables agile, responsive protection against any kind of threat — with minimal management overheads.
Every 40 seconds, a business is attacked by ransomware. Here's how Kaspersky Lab products can help ensure your business isn't held to ransom.