防止 Kaspersky Embedded Systems Security 注册表项被更改
防止 Kaspersky Embedded Systems Security 注册表项被更改
Kaspersky Embedded Systems Security 会限制对以下注册表分支和注册表项的访问,这些注册表项提供了应用程序驱动程序和服务的加载:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfs]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsgt]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavfsslp]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klam]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klelaml]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klfltdev]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\klramdisk]
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.2\CrashDump]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\ESS\3.2](64 位版本的 Microsoft Windows 上)
- [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\ESS\3.2\Trace]
更改这些注册表分支和注册表项的权限仅授予给本地系统 (SYSTEM) 账户。用户和管理员账户被授予只读权限。
防止程序服务部件内存发生更改
为了保护程序服务部件不受第三方进程的影响,Kaspersky Embedded Systems Security 驱动程序限制对以下可执行文件的访问:
- kavfs.exe
- kavfswp.exe
- kavfswh.exe
- kavfsgt.exe
默认情况下,第三方进程对 Kaspersky Embedded Systems Security 服务部件内存的访问受到限制。
您可以在 Kaspersky Embedded Systems Security 控制台和 Kaspersky Embedded Systems Security 管理插件策略属性中启用自我防御功能。
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.