防止 Kaspersky Embedded Systems Security for Windows 注册表项被更改
防止 Kaspersky Embedded Systems Security for Windows 注册表项被更改
Kaspersky Embedded Systems Security for Windows 会限制对以下注册表分支和注册表项的访问,这些注册表项提供了应用程序驱动程序和服务的加载:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfs]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsgt]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsslp]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klam]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klelaml]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klfltdev]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klramdisk]
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.3\CrashDump]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.3](在 Microsoft Windows 64 位上)
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.3\Trace]
更改这些注册表分支和注册表项的权限仅授予给本地系统 (SYSTEM) 账户。用户和管理员账户被授予只读权限。
防止程序服务部件内存发生更改
为了保护程序服务部件不受第三方进程的影响,Kaspersky Embedded Systems Security for Windows 驱动程序限制对以下可执行文件的访问:
- kavfs.exe
- kavfswp.exe
- kavfswh.exe
- kavfsgt.exe
默认情况下,第三方进程对 Kaspersky Embedded Systems Security for Windows 服务部件内存的访问受到限制。
您可以在 Kaspersky Embedded Systems Security for Windows 控制台的策略属性中和 Kaspersky Embedded Systems Security for Windows 管理插件中启用自我防御功能。
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.