At the company I am employed with we have an ESI phone system in which we also use their VIP software to manage the phones. The software has a plugin for MS Outlook 07 and Kaspersky has been causing an issue with it.

I have narrowed the problem down to being in Proactive Defense. More specifically I can recreate the problem when Aplication Activity Analyzer and or Registry Guard is enabled. The problem does not occur when Office Guard is Enabled.

The issue is when I, or someone else with the software, opens Outlook we get a SendData error from the VIP add-in. Here is the error message: Click to view attachment

A representative at ESI claims the error code there represents a blocked port, in which VIP checks. If you click ok and then try and open the plugin, VIP will function, though several employees at the office are complaining of the message. Is there any way to resolve this issue?

I forgot to mention, and couldn't find the edit button again. That This is through the Admin Kit 6.0 and the Workstation software that we are experience this problem. With the current updates. Version 6.0.3.837, Signatures released 4/13/09 1:59:43 AM EST.

Hello,

If you found that the proactive defense is responsible for this issue, then I advise you to set it in verbose mode, I mean to enable the log feature in all options of both Application Activity Analyzer and Registry Guard.
Reproduce this issue and then check reports of KAV, there must be an event about somehting which have been blocked. Once you get it, create the corresponding exclusion rules (right-click on the event) to authorize this behavior definitely.

I have been playing with settings for a few days now, what I tried as well was turning PD on, but turning everything off in the settings for the Application Activity Analyzer and Registry Guard. Before I tried playing with settings, nothing I could find was reported. Logging by default for our group policies has logging for everything enabled.

I'm trying to describe it the best I can sorry if I confuse you. I turned PD on, but had all its settings disabled and at one point allowing everything regardless of what it was but the error continued. I'm still a little new to Kaspersky so i'm sorry if I'm not really understanding much of what your saying. I left the office for the day for school so I can't really test right now but will in the morning when i'm back in the office.

How would I go about enabling Verbose mode? Is there any way to get it display an event for everything so I can add them to the excluded programs? I have also tried to add the directory that VIP is in as an excluded directory.

I meant to put the report option to "on".

For Application Acitvity Analyzer:

Click to view attachment

For Registry Guard (for Read, Modify and Delete):

Click to view attachment

Also you can test the compatibility mode (Settings > Service > Check "Compatibility mode"), restart the computer and check if the issue still occurs.

Ok, i'm back at the office now so I can start playing with the settings again. The logs are turned on by default on the group policy though are the logs stored locally or on the server that we use to deploy everything from?

Turning Compatability on did however prevent the message from showing up. Now if running compatability mode, does it decrease the security at all?

Hello,

logs are stored locally in this case.
Enable compatibility mode does not decrease the security level nor the disinfection power, it's just a different way to process some network traffic but KAV will detect threats like before.

Thank you for your help. The problem with the phone system has plagued the company since the rollout of Kaspersky finally having a more reasonable solution rather than turning parts of it off is nice.

Sorry for asking so many questions, this task was given to me and with me having little knowledge of Kaspersky it was a little difficult. I searched for the logs on the local machine and couldn't find them. Where would they be?

From the local interface of KAV, click on "Proactive Defense" module and on the "Statistics" part in the bottom right hand corner.

In the new window opened you will see all events related to detections by this module.