Jump to content

About this blog

Entries in this blog

Как включить SFTP на KATA Sandbox 7 Astra Linux edition

Проблема При попытке подключиться к песочнице через SFTP, соединение закрывается сразу после ввода пароля Решение В Technical Support Mode отредактировать файл /etc/ssh/sshd_config Строку  ForceCommand /usr/bin/apt-restricted-ssh заменить на  #ForceCommand /usr/bin/apt-restricted-ssh  Строку Subsystem sftp /usr/libexec/openssh/sftp-server заменить на Subsystem sftp /usr/lib/openssh/sftp-server  Сохранить файл (Ctrl+S, Ctrl+X) и перезапустить сервис ss

svc_kms

svc_kms in FAQ

KEA SSL Error: WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR [Kaspersky Endpoint Agent]

The article is applicable to KEA 3.x (any cf) as part of [KATA+]EDR solution. 1.1. Problem Some hosts (usually server, eg. Windows Server 2012 R2) will not appear in CN dashboard after being configured using correct settings, including a valid TLS certificate. In the known case, such Endpoint Agents were configured locally using the command line, not via policy; however, we were able to verify that the same configuration led to successful connection on most hosts. During trou

svc_kms

svc_kms in Known Problem

How to configure the KATA/EDR Sensor to connect the EDR endpoints for roaming users [KATA/KEDRE]

1.1. Scenario: KATA/EDR CN is deployed on site, and there are some remote users that cannot connect to the internal network, and you want to receive the EDR telemetry from those endpoints and laptops when they are outside the network (considering that you don't have any VPN functionality). You don't want to expose the CN on the internet, so you'd like to use the sensor to relay the telemetry to the CN and have visibility on the endpoints. 1.2. Pre-requisites and configuration step

svc_kms

svc_kms in How-to

How to fix malware interface route misconfiguration issues [KATA/KEDRE]

Description and cautions This article may be useful in certain cases, when you see that virtual machines running on the KATA Sandbox can not access internet using the properly configured malware interface. One can notice the issue based on several symptoms, such as VM activation errors, samples sent to Sandbox for processing not accessing internet, etc... We recommend to use the following article to check if the malware channel works properly on the KATA Sandbox server or not: https://

svc_kms

svc_kms in How-to

How to analyze KATA collect script output [KATA/KEDRE]

Collect script output is a must for most KATA-related issues and questions. Which information? Which file? How to find/interpret? Example   КАТА version and role: CN/PCN/SCN/Sensor /config/apt-va File contains the version and role in human-readable form. Al

Egor Erastov

Egor Erastov in How-to

How to cancel PCN connection request KATA 5.x [KATA/KEDRE]

Don't apply to PCN, it will lead to the disconnection of all SCNs attached and will not restore automatically Problem Description A PCN connection request got stuck in the "Waiting" status and doesn't result in failure. The reboot doesn't help. It can happen if, for example, a SCN IP was specified instead of PCN. Solution Run the following commands as root:

svc_kms

svc_kms in How-to

How to validate KATA Sandbox VM sizing and resources reservation [KATA/KEDRE]

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VM

svc_kms

svc_kms in How-to

How to configure ICAP integration in KATA 6+ [KATA/KEDRE]

Don't forget to install 6.0.1 and 6.0.2 patch, which fixes some bugs in ICAP integration. Description and cautions Since we have new ICAP working modes, presented in KATA 6.0 - https://support.kaspersky.ru/KATA/6.0/en-US/247269.htm , we would like to show you, how to configure such integration on example of squid proxy server. Added ICAP integration with feedback. ICAP integration with feedback can work in two modes: Standa

svc_kms

svc_kms in How-to

How to access apt-history logs on CN without the kata-collect-siem-logs tool [KATA/KEDRE]

Versions Applicable to versions above 5: 5.0, 5.1, 6.0, 6.0.1, etc. You can fancy access log-history logs (former apt-history) directly for convenience purposes or if the kata-collect-siem-logs tool is malfunctioning for some reason. These logs are in gzip, sorted by dates, as files with names in format: /data/volumes/s3proxy/log-history/YYYY-MM-DD-HH-MM-SS, where YYYY-MM-DD-HH-MM-SS is the datetime. basename -a /data/volumes/s3proxy/log-history/2024*

svc_kms

svc_kms in How-to

How to change CN network settings from command line without accessing web UI in KATA 5.+ [KATA/KEDRE]

Versions Applicable to versions later than 5.0, 5.1, 6.0, 6.0.1, etc. Problem There are several cases where the standard method of changing interface network settings via the Web UI is not available, e.g. the Web UI is inaccessible. Solution Become root, save the nodes settings: sudo su console-settings-updater get /deploy/deployment_api/nodes | python3 -m json.

svc_kms

svc_kms in How-to

How to install KATA 6.0 Ubuntu edition in KVM environment [KATA/KEDRE]

Description Here's how to install KATA 6.0 Ubuntu edition in KVM environment - https://support.kaspersky.ru/KATA/6.0/en-US/265697.htm In the example below we use RHEL 9.3, installed as VM in VMware Workstation Pro 17.0 Step-by-step guide First, you have to install QEMU/KVM , all steps are described HERE Then install from Software application Virtual Machine Manager, here it's 4.1.0 version.              After successful installation just op

svc_kms

svc_kms in How-to

How to integrate KATA with KPSN reputation database [KATA/KEDRE]

Scenario: KATA/EDR CN is integrated with the KPSN server, and you want to enrich the KPSN reputation database with the detections from the sandbox server. You can integrate a KATA Platform Central node with the KPSN reputation database and automatically populate it with information about the files that the sandbox technology finds to be dangerous and highly important. Pre-requisites: To configure sending checksums of the files detected by the sandbox technology to KPSN, you will n

svc_kms

svc_kms in How-to

How to change {admin} password on KATA 5.1 central node [KATA/KEDRE]

Description and cautions One may need to change the admin account's password (the account used for SSH login). KATA 5.0 For KATA 5.0 this article is not applicable. No option to change Local Administrator/ Cluster Administrator in pseudo-graphic menu available by default in 5.0 See https://forum.kaspersky.com/topic/how-to-reset-kata-web-administrator-password-in-kata-50-katakedre-36844/ Details In case of standalone Central node: Login to the web-i

svc_kms

svc_kms in How-to

How to mount an NFS share for backups storage in KATA 5.x [KATA/KEDRE]

Problem In previous versions of KATA it was possible to mount an NFS share to copy backups to. In KATA 5.x only CIFS share mounts are available out-of the box. Error root@1.srv.node1.node.dyn.kata:/home/admin# mount -t nfs 10.225.62.41:/mnt/NFS/KXDR /mnt/nfs mount: /mnt/nfs: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.

svc_kms

svc_kms in How-to

Can't enable KATA two-way authentication (client TLS) in KES policy [KATA/KEDRE]

Problem description: After generating the client certificate on central node and upload it to KES policy, you can get the below error: Enter a crypto-container password to use the certificate. Note: If you are using KEA as a standalone product with KEA policy, you can upload the client certificate properly. Root cause: By default, the cryptographic container is not password-protected. The cryptographic container contains only the certificate file, but not the priva

svc_kms

svc_kms in Known Problem

How to exclude protocol from SPAN traffic in KATA 5.x CN with Sensor role [KATA/KEDRE]

Issue In KATA 4.1, when Central Node was used as Sensor, it was possible to access Traffic Capture and disable protocol, e.g SMTP. CN-Sensor - https://support.kaspersky.com/help/KATA/4.1/en-US/199500.htm Standalone Sensor - https://support.kaspersky.com/help/KATA/4.1/en-US/199500_1.htm In KATA 5.0, this possibility is missing from docs and from CN and only available on Standalone Sensor:   Solution Workaround is to use CLI and access pre

svc_kms

svc_kms in How-to

KATA updater/KSN connection errors if using proxy server on TCP ports (8080, 8090, 8091) [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact It is not possible to use a proxy server for KATA 5.0 and/or KATA 5.1 CN on TCP ports 8080, 8090 or 8091. If you will configure in KATA 5.0/5.1 proxy server connection settings using one of those ports, then such configuration will result in KATA update task failure and KSN connection errors right after those settings will be applied. This happens due to t

svc_kms

svc_kms in Known Problem

How to change KATA SB Web Certificate [KATA/KEDRE]

Here's how to change web UI certificate for KATA SB.  Create backup of original files with same rights as it was before (you can check them with ll /etc/nginx/ssl command) cp -p /etc/nginx/ssl/server.crt /etc/nginx/ssl/server.crt.orig   cp -p /etc/nginx/ssl/server.key  /etc/nginx/ssl/server.key.orig Rep

svc_kms

svc_kms in How-to

KES 12.1 built-in agent "Internal data incompatible with this application" license error [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact When trying to activate KES with valid License for KATA EDR (License contains Licensing object 184), Activation Task results in error "Internal data incompatible with this application". Cause The KATA Built-In KES component EDR (KATA) responsible for integration is not installed on target machine. Diagnostics In KSC -> Applicatio

svc_kms

svc_kms in Known Problem

How to cancel PCN connection request KATA 5.x [KATA/KEDRE]

Don't apply to PCN, it will lead to the disconnection of all SCNs attached and will not restore automatically Problem Description A PCN connection request got stuck in the "Waiting" status and doesn't result in failure. The reboot doesn't help. It can happen if, for example, a SCN IP was specified instead of PCN. Solution Run the following commands as root:

svc_kms

svc_kms in How-to

How to validate KATA Sandbox VM sizing and resources reservation [KATA/KEDRE]

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VM

svc_kms

svc_kms in How-to

How to burn KATA ISO on USB drive [KATA/KEDRE]

Description and cautions This is short article about how to burn KATA ISO on USB drive. For KATA 4.0/4.1 you need 8Gb USD drive, for 5.0/5.1 - 16Gb at least. 3d party solutions are involved, therefore success is not guaranteed. Ventoy is more preferable working method.   Details Download latest Rufus release or Ventoy, how to use Ventoy described here or Balena http:// https://etcher.balena.io/ [Rufus part] Open it and select respective KATA IS

svc_kms

svc_kms in How-to

How to reset KATA web Administrator password in KATA 5.0 [KATA/KEDRE]

Problem No option to change Local Administrator/Cluster Administrator in pseudo-graphic menu available by default . Solution a) Upgrade to 5.1 b) Follow steps: Download an archive with WHL packets. Upload it to KATA CN to /tmp/change_password.zip Extract (we have no unzip shipped by default): echo -e "import zipfile\nwith zipfile.ZipFile('/tmp/change_p

svc_kms

svc_kms in How-to

How to remove KSN connection error on web [KATA/KEDRE]

Description and cautions KSN connection error on KATA web may appear. Details It could be fixed unless you don't have permanent KSN errors, you have to check it in ksn_proxy.log DEBUG level. Key word is ErrCount. If you don't see Errcount: 0 in log, then you don't have access to our KSN servers which are:  *.ksn.kaspersky-labs.com ksn-*.kaspersky-labs.com ds.kaspersky.com        2. In order to fix this web error do as below For KATA 4.0/4.1

svc_kms

svc_kms in How-to



×
×
  • Create New...