Kaspersky Security for Virtualization | Light Agent

Kaspersky Security for Virtualization | Light Agent delivers the latest security technologies – in a form that’s optimised to help you achieve high consolidation ratios and boost return on investment from your Microsoft Hyper-V or Citrix Xen virtual servers and / or desktops.

Optimised security for virtual environments

Unmatched combination of protection and ‘virtualisation aware’ technologies
Kaspersky Security for Virtualization | Light Agent combines Kaspersky Lab’s most advanced anti-malware and network protection technologies in a solution that’s been specifically developed for Windows-based virtual environments. Whereas traditional security products require a full security agent to be installed on each virtual machine, Kaspersky Security for Virtualization | Light Agent only requires one dedicated virtual appliance to be installed on each virtual host. Then, each virtual machine only needs a small software agent – called a Light Agent.

Preserves the performance of virtual servers and desktops
Kaspersky Security for Virtualization | Light Agent protects your virtual environment – including virtual servers and virtual desktops – but has no significant impact on hypervisor performance. So you can protect your systems and sensitive corporate data, while also maintaining high consolidation ratios and quality of service for your users.

Reduces the load on your computing resources – so each host can do more
With its unique architecture, Kaspersky Security for Virtualization | Light Agent reduces the load on each virtual host – including the following resources:

  • I / O
  • CPU
  • Memory
  • Storage

Eliminates anti-malware ‘storms’
Because there’s only one dedicated virtual appliance on each virtual host, Kaspersky Security for Virtualization | Light Agent helps to eliminate anti-malware 'Update Storms' and 'Scanning Storms'.

Protection that’s tailored for Microsoft Hyper-V security, Citrix security and VMware security
Kaspersky Security for Virtualization | Light Agent supports native virtualisation technologies within Microsoft Hyper-V, Citrix Xen and VMware.

Flexible licensing options – simplify licences and save you money
Kaspersky Security for Virtualization | Light Agent offers a choice of ‘per virtual machine’ or ‘per core’ licensing – so you can choose the option that’s most cost-effective for your business. For large data centres and IaaS (Infrastructure as a Service) providers, the number of virtual machines will regularly fluctuate – so ‘per core’ licensing can offer benefits.

Security & control technologies for Microsoft Hyper-V security, Citrix Xen security & VMware security

Advanced anti-malware protection
Kaspersky Security for Virtualization | Light Agent delivers on-access and on demand anti-malware protection for your virtual machines. Kaspersky’s Dedicated Security Virtual Appliance combines both signature-based technologies and heuristic analysis – for rigorous protection of file systems on virtual machines, including protection against complex, memory-resident malware.

Automatic Exploit Prevention (AEP)
Kaspersky’s AEP technology defends against malware that exploits vulnerabilities within the operating system and the applications you’re running.

System Watcher
Kaspersky’s System Watcher technology monitors the behaviour of applications that are running on your endpoints. If System Watcher detects suspicious behaviour, the application will be blocked and malicious changes automatically rolled back.

Additional protection for virtual desktop environments
As well as file-level antivirus capabilities, Kaspersky Security for Virtualization | Light Agent also delivers security technologies that are particularly valuable in protecting virtual desktops.

  • Mail Antivirus performs malware scanning for incoming and outgoing mail on the user’s machine
  • Web Antivirus intercepts and blocks the execution of potentially dangerous scripts on web pages
  • Instant Messaging (IM) Antivirus checks incoming files – to help ensure secure use of a range of IM systems

Kaspersky Security Network (KSN)

Kaspersky’s cloud-assisted knowledge base is continually being updated with the latest information about the reputations of files, web resources and software – so Kaspersky Security for Virtualization | Light Agent can react extremely rapidly to zero-day threats.

Flexible control tools
Award-winning endpoint controls – including Application Control, Web Control and Device Control – add a further layer of protection against malware and now make it easy to apply your corporate security policies inside your virtual infrastructure.

Kaspersky’s control technologies are particularly valuable in securing virtual desktop environments.

Application Control
Flexible Application Control tools let you control which applications are allowed to launch on client computers – to help you enforce your security policy and manage the use of computing resources.

You can operate a Default Allow policy – that lets all applications run, with the exception of any programs that are on your blacklist – or you can implement a Default Deny policy that blocks all programs, unless they are on your whitelist of safe applications.

Kaspersky’s Application Control features also include:

  • Application Startup Control – which monitors and controls each user’s attempts to launch applications
  • Application Privilege Control – which registers the activity of software in the operating system, and regulates it according to the rules you set for different groups of software. These rules can control whether an application is allowed to access operating system resources and the user’s personal data.

Web Control

Web Control lets you manage Internet usage – so you can block access to social networks, music, video, non-corporate web email and any websites that contain inappropriate content. You can set different controls for different job roles and choose between applying a total block or just blocking access during specific periods.

Device Control
In addition to specifying which removable devices are granted access to your virtual machines – and which users are allowed to use the devices – you can also set specific periods during which devices are blocked or permitted access. It’s easy to apply device control rules to a range of devices, including removable drives, printers and non-corporate network connections.

Defends your network against attacks

Multi-layer protection for your network
Kaspersky Security for Virtualization | Light Agent protects against external and internal network attacks – including threats that may be hidden in non-transparent virtual traffic. Every virtual machine is protected by host-based network security – including Kaspersky’s HIPS, firewall and Network Attack Blocker technologies.

Host-based Intrusion Prevention System (HIPS) and personal firewall
HIPS – working together with Kaspersky’s two-way firewall – controls both the inbound and outbound traffic on your network. Flexible tools let you control security according to a wide choice of parameters, including settings for an individual port, individual IP addresses or a specific application’s network activity.

Network Attack Blocker
Kaspersky’s Network Attack Blocker technology monitors hypervisor network traffic and checks for the presence of any activities that are typical of network attacks. Upon detection, network attacks are automatically blocked.

Kaspersky’s anti-phishing engine automatically blocks phishing links – so virtual desktop environments are much safer for your users.

Improved protection – versus perimeter-based appliances
For non-transparent virtualisation traffic, Kaspersky’s virtual machine-based security delivers protection that is much closer to the virtual workloads that need to be secured. When compared with perimeter-based security appliances, this method is much more effective against internal network infections – such as the Conficker worm.

Efficient protection that minimises impact on performance

Eliminating unnecessary scans – while maintaining security
Because virtual environments – especially virtual desktop infrastructure – often include many similar virtual machines that each access many identical files, some security products can waste time and resources running multiple scans of the same file. Kaspersky’s Shared Cache feature effectively shares the results of file scans – to help minimise the load on your host machines.

Shared Cache
Whenever a file is accessed on a virtual machine, Kaspersky Security for Virtualization | Light Agent will scan the file – to ensure it’s safe – and then store the verdict in shared cache. If the same file is accessed on another virtual machine – on the same virtual host – Kaspersky Security for Virtualization | Light Agent automatically knows it’s not necessary to perform a further scan. The file will only be scanned again if it is changed or if the user manually requests a scan.

Shared Cache helps to reduce the load on your IT infrastructure – so you can reallocate computing resources for other business tasks.

Because virtual desktop environments include large numbers of similar virtual machines – with many sets of identical files – Shared Cache can significantly reduce the load on your virtual desktop infrastructure.

Fast to configure and easy to manage – for higher uptime and lower costs

Easy to deploy and manage
After the Dedicated Security Virtual Appliance has been installed on the virtual host, the light agents can easily be distributed onto every virtual machine – either manually or according to an automatic routine set up by the administrator.

Different security settings can easily be applied to different groups of virtual machines – so specific security functions can be excluded if they are not relevant to an individual virtual machine or group of machines.

No need to reboot the hypervisor or virtual machines*
During deployment, there’s no need to reboot any machines or put the host into maintenance mode. This helps to maintain user productivity and is essential for any data centre that is committed to delivering ‘five nines’ (99.999%) uptime or better.

*If anti-malware software is already installed on the virtual machine, the virtual machine will have to be rebooted.

One centralised management console – to manage all physical, virtual and mobile devices
Kaspersky Security for Virtualization | Light Agent includes Kaspersky Security Center – Kaspersky’s easy-to-use management interface that lets you configure and control a wide range of Kaspersky security and systems management technologies, via a single console. Kaspersky Security Center gives you a single console for managing security across your:

  • Virtual environments, including:
    • Microsoft Hyper-V
    • Citrix Xen
    • VMware (regardless of whether it’s being protected by Kaspersky Security for Virtualization | Agentless or Kaspersky Security for Virtualization | Light Agent)
  • Physical devices, including:
    • Laptops
    • Desktops
    • Servers
  • Mobile devices, including:
    • Smartphones
    • Tablets

Supports core hypervisor technologies – for Microsoft Hyper-V, Citrix Xen and VMware

Tight integration boosts performance and security
Because Kaspersky Security for Virtualization | Light Agent is tightly integrated with Microsoft Hyper-V, Citrix Xen and VMware, you benefit from optimised performance and support for the core technologies within your chosen hypervisor.

Supported hypervisors and guest operating systems


GUEST OPERATING SYSTEM INSTALLED ON THE VIRTUAL MACHINE Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V Citrix Xen Server 6.0.2 and 6.1 VMware ESXi 5.1 and 5.5
Windows XP Professional SP3 (32-bit) Yes Yes No
Windows XP Professional SP2 (64-bit) Yes No No
Windows 7 Professional / Enterprise / Ultimate SP1 or higher (32-bit / 64-bit) Yes Yes Yes
Windows 8 Pro / Enterprise (32-bit / 64-bit) Yes Yes Yes
Windows Vista Business / Enterprise / Ultimate SP2 (32-bit) Yes No No
Windows Server 2008 R2 Standard / Enterprise SP1 (64-bit) Yes Yes Yes
Windows Server 2008 Standard / Enterprise SP2 (32-bit / 64-bit) Yes Yes Yes
Windows Server 2003 R2 Standard / Enterprise SP2 (32-bit / 64-bit) Yes No Yes
Windows Server 2003 Standard SP2 (32-bit / 64-bit) Yes Yes No
Windows Server 2012 (64-bit) Yes Yes Yes
Windows Small Business Server 2008 Standard (64-bit) Yes No No
Windows Small Business Server 2011 Essentials / Standard (64-bit) Yes No No

© 1997 – 2014 Kaspersky Lab ZAO

All Rights Reserved. Industry-leading Antivirus Software