Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known problem

KEA SSL Error: WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR [Kaspersky Endpoint Agent]

The article is applicable to KEA 3.x (any cf) as part of [KATA+]EDR solution. 1.1. Problem Some hosts (usually server, eg. Windows Server 2012 R2) will not appear in CN dashboard after being configured using correct settings, including a valid TLS certificate. In the known case, such Endpoint Agents were configured locally using the command line, not via policy; however, we were able to verify that the same configuration led to successful connection on most hosts. During trou
svc_kms

svc_kms in Known problem

0
Known problem

Can't enable KATA two-way authentication (client TLS) in KES policy [KATA/KEDRE]

Problem description: After generating the client certificate on central node and upload it to KES policy, you can get the below error: Enter a crypto-container password to use the certificate. Note: If you are using KEA as a standalone product with KEA policy, you can upload the client certificate properly. Root cause: By default, the cryptographic container is not password-protected. The cryptographic container contains only the certificate file, but not the priva
svc_kms

svc_kms in Known problem

0
Known problem

KATA updater/KSN connection errors if using proxy server on TCP ports (8080, 8090, 8091) [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact It is not possible to use a proxy server for KATA 5.0 and/or KATA 5.1 CN on TCP ports 8080, 8090 or 8091. If you will configure in KATA 5.0/5.1 proxy server connection settings using one of those ports, then such configuration will result in KATA update task failure and KSN connection errors right after those settings will be applied. This happens due to t
svc_kms

svc_kms in Known problem

0
Known problem

KES 12.1 built-in agent "Internal data incompatible with this application" license error [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact When trying to activate KES with valid License for KATA EDR (License contains Licensing object 184), Activation Task results in error "Internal data incompatible with this application". Cause The KATA Built-In KES component EDR (KATA) responsible for integration is not installed on target machine. Diagnostics In KSC -> Applicatio
svc_kms

svc_kms in Known problem

0
Known problem

KATA 4+ SSO problems for users with too many AD groups [KATA/KEDRE]

Problem When user is added to a lot of AD groups, he may be unable to login to web interface of KATA via SSO. Step-by-step guide Modify /etc/opt/kaspersky/apt-swarm/swarm_config.json like this (set buffer_size to 65535 under uwsgi section - it's on bottom of the file)      2.  Execute via SSH  apt-settings-manager get /configuration/web_backend | python -m json.tool > /tmp/web_backend
svc_kms

svc_kms in Known problem

0
Known problem

Sandbox-debug-report larger than 1Gb fails to download from WebUI [KATA Sandbox]

Problem Description, Symptoms & Impact When downloading large collects (sandbox-debug-report) exceeding 1Gb in size, download suddenly fails above 1Gb (at ~1 05x xxx KB). Diagnostics Reproducible in all browsers, is not bound to download speed, dowloaded part size is roughly 1Gb Workaround & Solution Workaround: download sandbox-debug-report using SCP and CLI, see  https://forum.kaspersky.com/topic/how-to-gather-sandbox-debug-report-from-terminal-katakedre-36851/
svc_kms

svc_kms in Known problem

0
Known problem

Certified LENA 3.12 is not updating [Kaspersky Endpoint Agent]

Issue "Databases and modules update task" is configured for hosts with LENA 3.12 installed. Task is executed via KSC. Diagnostics "Activate KEA" task is configured for the hosts with LENA or has been configured and deleted in the past. An update is executed locally, using lenactl works. KLNagent successfully synchronizes with the server. Other installed applications (e.g. KESL) display no synchronization issues. Workaround To fix the issue:
svc_kms

svc_kms in Known problem

0
Known problem

Registry branches that are scanned by the IoC task [Kaspersky Endpoint Agent]

When creating an IoC scan task, only the following registry branches are scanned. <field name="predefined_keypaths" type="wstring" multi-valued="yes" default-value=                '{                   LR"(HKEY_CLASSES_ROOT\htafile)",                   LR"(HKEY_CLASSES_ROOT\batfile)",                   LR"(HKEY_CLASSES_ROOT\exefile)",                   LR"(HKEY_CLASSES_ROOT\comfile)",                   LR"(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa)",           
svc_kms

svc_kms in Known problem

0
Known problem

KATA 4.0: Nessus complains about weak KEX [KATA/KEDRE]

Problem After "Nessus" vulnerability scanning on Central node 4.0 servers, you may see the following: Ports: 22-tcp   Description: The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ss
svc_kms

svc_kms in Known problem

0
Known problem

KATA: KEA tasks FAQ [KATA/KEDRE]

What is the default synchronization period between KEA and CN? Sync period (which is every X minutes) for KEA is configurable in KEA policy. Default synchronization period is 300 sec (5 min). The same period applies to LENA. What is the isolation workflow? In KATA CN creates task for host isolation. KEA receives an 'isolate' command from the Central Node during synchronization . An agent turns on host isolation with exclusions configured in KEA policy. At the
svc_kms

svc_kms in Known problem

0
Known problem

KSMG and KATA 4.0/4.1 integration: private fix [KATA/KEDRE]

KATA 4.0/4.1 is compatible with KSMG 2.0, KSMG 1 and KLMS 8.0.3. Second thing to notice is that KSMG integration has a few bugs on KATA side. Thankfully, all known issues are fixed in a PF, which is recommended for all who integrate KSMG/KLMS and KATA4. KATA4.0 Step-by-step guide Download container with fix. file_name : kata_scanner_35f8753e6d.tar.gz md5 :  2adb09c0bd13dfc03c6a5c8980dde4ff container_name:  kata_scanner container_version:  kata_scanner:35f8753e6
svc_kms

svc_kms in Known problem

0
Known problem

KEA 3.9 -> 3.1x: Upgrade procedure [Kaspersky Endpoint Agent]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. OS restart will be requested If you upgrading KEA above 3.11 version. About This article contains the best way of upgrading KEA 3.9 to the last KEA version avoiding possible known issues. Procedure Disable Password-protection and Self-Defense in KEA policy, lock the settings. Ensure that policy is applied on all devices. Upgrade KEA plug-in on the KSC side. Recreate
svc_kms

svc_kms in Known problem

0
Known problem

KEA on Exchange servers [Kaspersky Endpoint Agent]

This article applies to KEA 3.10+ Problem You need to install KEA on a host running MS Exhange 2013, 2016, 2019 server, and ensure compatibilty. Solution Add the following values into registry (should be done with "Local System" rights): [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment] "EnablePorts"=dword:0000
svc_kms

svc_kms in Known problem

0
Known problem

YARA modules available on KATA CN [KATA/KEDRE]

If you are writing your own rules for YARA engine on Central Node, you may need available modules in YARA and engine version. Engine version is 3.7-3.11 in KATA 3.7.x Engine version is 4.10 in KATA 4.1 and KATA 5.0 Here's the list of modules: tests pe elf math time pe_utils magic hash dotnet dex For more info on modules, please refer to YARA documentation.
svc_kms

svc_kms in Known problem

0
Known problem

KEA core patches [Kaspersky Endpoint Agent]

Problem You may encounter issues with KEA that may include: Excessive resource consumption Freezes, crashes etc. Solution Install the latest available core patch. Adding KEA CF to KEA installation package is not supported and will not work, patches need to be installed separately. To install patch using KSC or locally use the following keys, /qn can be added for silent install as usual How to install patch
svc_kms

svc_kms in Known problem

0
Known problem

No traffic on Dashboard Due to low traffic [Kaspersky Anti Targeted Attack]

Issue After the KATA/Sensor receives traffic, no traffic information is visible on the KATA Dashboard. Cause If the traffic is less than 1 mbps, it will not be shown on the graphs Solution Check by the following. Log in to CN/Sensor's ssh console Execute the command sudo -i iptraf-ng   Select General interface statistics, you can see the real-time traffic information of the network interface However, such low traffic is NOT normal, and if there is no rea
Stan Shpatar

Stan Shpatar in Known problem

0


×
×
  • Create New...