ML-driven threat protection that's effective even without regular updates

Our comprehensive, independently tested solutions are powered by multi-layered, next-generation protection that minimizes the opportunities for threats to reach endpoints while reliably identifying and blocking the ones that do.

Several signature-less components, such as HIPS, Kaspersky Security Network, Behavior Detection and Exploit Prevention, help to detect threats even without frequent updates. Protection is powered by static machine learning for pre-execution stages and dynamic machine learning for post-execution stages. Behavior Detection analyzes process activity in real-time and if it identifies a process as malicious, the issue is flagged, the process terminated and the remediation engine rolls back any changes.

Integration for advanced prevention, detection and response
Kaspersky Endpoint Security for Windows can integrate with Kaspersky Sandbox and Kaspersky EDR Optimum for advanced prevention detection and response capabilities.
Kaspersky EDR Optimum
Kaspersky Endpoint Security for Business can be further boosted with the new Kaspersky EDR Optimum. The result is full visibility and the ability to apply root-cause analysis for a complete understanding of the status of your corporate defenses against advanced threats. Your IT security specialist is provided with the information and insights needed for effective investigation and a fast, accurate response to incidents before any damage can occur – as well as basic threat hunting capabilities (IoC scan).
Kaspersky Sandbox
Kaspersky Sandbox automatically protects against advanced threats designed to bypass endpoint protection. Based on dynamic threat emulation technology, Kaspersky Sandbox uses our best practices in combating complex threats and APT-level attacks, ensuring an automated response across all endpoints.
Lower your cost of ownership
Our mathematical model analyses over 100,000 sample features and uses 10-million logs to 'teach' the behavior models – in one lightweight 2MB client-side package. Our extensive cloud threats database includes 50TB of data and 4 billion+ hashes, all without impacting on your resources or performance.
Each piece of next-generation technology is designed to deliver the fastest reaction times, lowest false positive rate and highest levels of protection, as verified in independent tests. These optimized performance levels use fewer resources and less energy, reducing your TCO.
With the introduction of our new Cloud Mode for protection components, the latest version of Kaspersky Endpoint Security for Windows:
- Halves the installation size, for rapid deployment
- Reduces disk and RAM consumption
- Reduces network load.
Tackle the dangers of browsing – in real-time
In Q3 2018 alone, over 250 million unique URLs were recognized as malicious by Kaspersky technologies. Even a favorite, trusted website or corporate node can be compromised, making everyday operations insecure.
Kaspersky Endpoint Security for Windows is powered by Kaspersky Security Network (KSN), our cloud-assisted threat intelligence network. Millions of globally distributed nodes feed real-world threat intelligence to our systems, ensuring a near real-time response to even the newest emerging or evolving threats – including mass attacks.
KSN adds a further layer of security to the endpoint, enabling rapid, accurate decisions about URL or file safety to be made without requiring full content analysis. Response times are as low as 0.02 seconds - significantly faster than traditional protection methods.
The Web Threat Protection component scans HTTPS traffic to intercept, identify and block the latest threats, including those using encryption to penetrate the system undetected. The und user experience is seamless and uninterrupted.
Substantially reduce your network-based exposure
Network Threat Protection identifies and blocks attacks on your corporate network. It's the component that can prevent infections from spreading through a buffer-overrun attack - when malicious code executes by modifying a process already downloaded in memory. New Network Attack Blocker functionality protects against attacks that exploit vulnerabilities in the ARP protocol in order to spoof a device's MAC address.
Block ransomware, fileless attacks and administrative account takeovers
Cybercriminals use tools and scripts to collect administrator passwords to control infected hosts remotely. They also use legitimate utilities to launch fileless attacks, making it impossible for traditional protection engines to block them. Kaspersky's Behavior Detection protects against new, advanced threats, including ransomware. It does this by detecting and analyzing suspicious activity on workstations, shared folders and file servers, and by using behavior analysis to detect evolving threats – identifying them by their actual behavior rather than their emulated activity at the intrusion prevention stage. If an attack is detected, the malware is blocked and automatic rollback reverses any malicious actions that have already taken place.
Develop and run Open Source applications without risk
Windows Subsystem for Linux (WSL) is a popular subsystem enabling *NIX/Linux applications to run on Windows 10. This subsystem is now protected, with scanning of WSL files, apps and traffic.
Shield common software against zero-day attacks
Kaspersky's Exploit Prevention prevents malware from executing and exploiting software or operating system vulnerabilities. The most targeted applications - including Adobe® Reader, Microsoft® Internet Explorer®, Microsoft® Office®, and Java – are monitored, providing an extra layer of protection against unknown, zero-day threats.
Spot attacks and intrusions more rapidly
Kaspersky Endpoint Security for Windows instances can integrate with Endpoint Detection and Response (EDR) Advanced, serving as its sensors on workstations and servers. This enables large volumes of data to be captured and analyzed onshore, without impacting on user productivity. Advanced threat hunting looks for evidence of intrusion, such as file specimens matching Indicators of Compromise (IoCs).

Management for mixed IT environments

Light-touch control and management for all endpoints from a 'single pane of glass' console – spend less time and resources managing IT assets and security. Define and replicate specific settings and parameters from a universal policy.

Deploy across diverse and air-gapped networks
Unique wizards for easy deployment across the network, with or without Active Directory domain. Deploy and retain endpoint protection even if networks are physically disconnected from the Internet.
Scalable management
Assign different endpoint groups or management tasks to different administrators via the Role-Based Model and customize the management console so that each administrator can only access the tools and data relevant to their responsibilities.
Central console – simplifies administration tasks
Kaspersky Security Center is a central management console that makes it easier for administrators to configure, deploy, update and manage their security. It simplifies the application of group tasks, policies and policy profiles and the generation of reports. Three management options are available:
- The Kaspersky Security Center MMC console
- The Kaspersky Security Center's Web Console
- The Kaspersky Security Center Cloud Console

Encryption and data protection for every business

Secure your data with FIPS 140-2 and Common Criteria: EAL2+ certified encryption, or use built-in Microsoft® BitLocker® management to enable OS-embedded encryption.

Prevent data breaches
Whether it's a stolen laptop or lost storage device, encryption make sensitive data useless to criminals or unauthorized viewers. Kaspersky Endpoint Security for Windows uses the Advanced Encryption Standard (AES) 256 bit algorithm and supports Intel® AES-NI for fast encryption.
Protect data at rest
Full Disk Encryption (FDE) runs on the physical hard drive, making it easy to run an 'encrypt everything at once' strategy without relying on end users to decide which items should be encrypted. Full Disk Encryption enables pre-boot authentication and guarantees a secure, tamper-proof environment external to the operating system – as a trusted authentication layer.
Secure data sharing and backup
Kaspersky's File Level Encryption enables the encryption of data in specific files and folders on any given drive. This allows system administrators to encrypt files automatically, based on attributes such as location and file type – and this encryption can be enforced for information created in any application. Users can also easily create encrypted, self-extracting packages – ensuring that data is protected when stored in backup or shared via removable devices, email, network or the web.
Central management and choice centrally
It's good practice to apply encryption settings under the same policy as anti-malware, device control and other endpoint security settings. This enables the best practice approach of integrated, coherent policies – for example, IT can allow approved USB devices to connect to a laptop, and can also enforce encryption policies to the device. All through the same single console used to manage Kaspersky Endpoint Security.
In the event of password loss or damage to the drive, data can still be recovered and decrypted using a special centrally managed emergency recovery procedure. Built-in Microsoft® BitLocker® management enables OS-embedded encryption, letting you decide which technology to use and control via the single console.
Remote wipe for data safety and compliance
Kaspersky Endpoint Security for Windows 11.2 now allows files and folders to be deleted remotely. Special tasks can be configured in advance and action taken according to a schedule or by timeout, even when not connected to the network. This is especially useful in the following situations:
- A lost device
- Having to remove corporate data for contract employees or BYOD employees using their own PCs for work-related tasks
- Compliance.

Cloud-enabled controls for policy refinement and breach prevention

Host Intrusion Prevention, and centralized web, device and application controls reduce your attack surface and help keep users safe and productive. Kaspersky has its own dedicated Dynamic Allowlisting laboratory, maintaining a constantly monitored and updated database of more than 2.5 billion trusted programs. This database automatically synchronizes with endpoints to simplify routine work for administrators.

For ease of management, powerful endpoint controls are managed from the same console, tightly integrated with Active Directory and next-generation anti-malware protection. This makes setting blanket policies quick and easy.

Control inappropriate resource use
Prevent torrenting use and potential data leaks with web controls. A new web control category – 'Cryptocurrencies and Mining' – lets administrators block various cryptocurrency mining websites on corporate resources in a single click. Administrators can monitor, filter and control which categories of websites employees can access, directly at the endpoint. Those categories are updated with hundreds of new resources every month. Once categories are synchronized with the endpoint, policies are enforced even when the user is not on the corporate network. Flexible policies enable acceptable browsing at certain times of the day, while integration with Active Directory means policies can be applied across the business quickly and easily.
Reduce exposure to attacks
Powered by Dynamic Allowlisting, Application Control significantly reduces your exposure to zero-day attacks by providing total control over what software, including specific versions, is allowed to run. This includes shadow IT scenarios where, for example, employees install non-corporate software or games on a device, putting the corporate network at risk while at the same time being unproductive. BDenylisted applications are blocked, while your approved and trusted applications from the Dynamic Allowlisting database continue to run smoothly.
Automate custom-hardening for each PC
Adaptive Anomaly Control automatically helps apply the highest acceptable level of security for each role in the organization. After first monitoring specific actions and collecting information about the behavior of users and applications, it identifies and learns distinctive patterns of behavior, right down to individual user level. If an application then displays abnormal behavior against this pattern, the application is blocked. All without end users being interrupted.
Regulate access to sensitive data and recording devices
Some applications' activities may be considered high risk – even though the applications themselves are not classed as malicious – and these activities should be controlled.
Our solution restricts application privileges according to assigned trust levels, limiting access to resources like sensitive data. Working in step with local and cloud (KSN) reputations database, Host Intrusion Prevention controls applications and restricts access to critical system resources, audio and video recording devices.
Kaspersky's huge store of default HIPS settings and restrictions for different applications relieve the administrative burden while giving complete control over specific, individual settings.
Stop threats associated with public Wi-Fi or USB devices
To prevent users from connecting to potentially insecure public Wi-Fi networks, you can generate a list of trusted networks based on name, encryption/authentication type, and prevent the creation of a network bridge by blocking a second active network connection.
Disabling a USB port doesn’t necessarily fix your removable device issue, because it can impact on other users’ productivity – for example, being unable to connect a 4G modem. Kaspersky Device Control solves this by enabling a more granular level of control at network connection and device type level. Integration with Kaspersky’s encryption technologies allows you to apply encryption policies to specific drive types, as well as:
- Create rules for allowed devices
- Set read/write permissions for devices
- Log delete/copy operations
- Align device controls with Active Directory users

How to buy

Kaspersky Endpoint Security for Windows is included in: