Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

FAQ

Как включить SFTP на KATA Sandbox 7 Astra Linux edition

Проблема При попытке подключиться к песочнице через SFTP, соединение закрывается сразу после ввода пароля Решение В Technical Support Mode отредактировать файл /etc/ssh/sshd_config Строку  ForceCommand /usr/bin/apt-restricted-ssh заменить на  #ForceCommand /usr/bin/apt-restricted-ssh  Строку Subsystem sftp /usr/libexec/openssh/sftp-server заменить на Subsystem sftp /usr/lib/openssh/sftp-server  Сохранить файл (Ctrl+S, Ctrl+X) и перезапустить сервис ss
svc_kms

svc_kms in FAQ

0
Known Problem

YARA modules available on KATA CN [KATA/KEDRE]

If you are writing your own rules for YARA engine on Central Node, you may need available modules in YARA and engine version. Engine version is 3.7-3.11 in KATA 3.7.x Engine version is 4.10 in KATA 4.1 and KATA 5.0 Here's the list of modules: tests pe elf math time pe_utils magic hash dotnet dex For more info on modules, please refer to YARA documentation.
svc_kms

svc_kms in Known Problem

0
Known Problem

Sandbox-debug-report larger than 1Gb fails to download from WebUI [KATA Sandbox]

Problem Description, Symptoms & Impact When downloading large collects (sandbox-debug-report) exceeding 1Gb in size, download suddenly fails above 1Gb (at ~1 05x xxx KB). Diagnostics Reproducible in all browsers, is not bound to download speed, dowloaded part size is roughly 1Gb Workaround & Solution Workaround: download sandbox-debug-report using SCP and CLI, see  https://forum.kaspersky.com/topic/how-to-gather-sandbox-debug-report-from-terminal-katakedre-36851/
svc_kms

svc_kms in Known Problem

0
Known Problem

Registry branches that are scanned by the IoC task [Kaspersky Endpoint Agent]

When creating an IoC scan task, only the following registry branches are scanned. <field name="predefined_keypaths" type="wstring" multi-valued="yes" default-value=                '{                   LR"(HKEY_CLASSES_ROOT\htafile)",                   LR"(HKEY_CLASSES_ROOT\batfile)",                   LR"(HKEY_CLASSES_ROOT\exefile)",                   LR"(HKEY_CLASSES_ROOT\comfile)",                   LR"(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa)",           
svc_kms

svc_kms in Known Problem

0
Info

Processing and display issues after adding KESMac [KATA/KEDRE]

KESMac 12 integration with KATA is ONLY supported in KATA 6.0 and newer. Attempt to connect KESMac 12 to lower versions of KATA will result in processing errors and display issue, as if all agents are inactive. The issue will persist until all KESMac agents are disconnected from the node of the lower version.
Stan Shpatar

Stan Shpatar in Info

0
Known Problem

No traffic on Dashboard Due to low traffic [Kaspersky Anti Targeted Attack]

Issue After the KATA/Sensor receives traffic, no traffic information is visible on the KATA Dashboard. Cause If the traffic is less than 1 mbps, it will not be shown on the graphs Solution Check by the following. Log in to CN/Sensor's ssh console Execute the command sudo -i iptraf-ng   Select General interface statistics, you can see the real-time traffic information of the network interface However, such low traffic is NOT normal, and if there is no rea
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

KSMG and KATA 4.0/4.1 integration: private fix [KATA/KEDRE]

KATA 4.0/4.1 is compatible with KSMG 2.0, KSMG 1 and KLMS 8.0.3. Second thing to notice is that KSMG integration has a few bugs on KATA side. Thankfully, all known issues are fixed in a PF, which is recommended for all who integrate KSMG/KLMS and KATA4. KATA4.0 Step-by-step guide Download container with fix. file_name : kata_scanner_35f8753e6d.tar.gz md5 :  2adb09c0bd13dfc03c6a5c8980dde4ff container_name:  kata_scanner container_version:  kata_scanner:35f8753e6
svc_kms

svc_kms in Known Problem

0
Known Problem

KES 12.1 built-in agent "Internal data incompatible with this application" license error [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact When trying to activate KES with valid License for KATA EDR (License contains Licensing object 184), Activation Task results in error "Internal data incompatible with this application". Cause The KATA Built-In KES component EDR (KATA) responsible for integration is not installed on target machine. Diagnostics In KSC -> Applicatio
svc_kms

svc_kms in Known Problem

0
Known Problem

KEA SSL Error: WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR [Kaspersky Endpoint Agent]

The article is applicable to KEA 3.x (any cf) as part of [KATA+]EDR solution. 1.1. Problem Some hosts (usually server, eg. Windows Server 2012 R2) will not appear in CN dashboard after being configured using correct settings, including a valid TLS certificate. In the known case, such Endpoint Agents were configured locally using the command line, not via policy; however, we were able to verify that the same configuration led to successful connection on most hosts. During trou
svc_kms

svc_kms in Known Problem

0
Known Problem

KEA on Exchange servers [Kaspersky Endpoint Agent]

This article applies to KEA 3.10+ Problem You need to install KEA on a host running MS Exhange 2013, 2016, 2019 server, and ensure compatibilty. Solution Add the following values into registry (should be done with "Local System" rights): [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment] "EnablePorts"=dword:0000
svc_kms

svc_kms in Known Problem

0
Known Problem

KEA core patches [Kaspersky Endpoint Agent]

Problem You may encounter issues with KEA that may include: Excessive resource consumption Freezes, crashes etc. Solution Install the latest available core patch. Adding KEA CF to KEA installation package is not supported and will not work, patches need to be installed separately. To install patch using KSC or locally use the following keys, /qn can be added for silent install as usual How to install patch
svc_kms

svc_kms in Known Problem

0
Known Problem

KEA 3.9 -> 3.1x: Upgrade procedure [Kaspersky Endpoint Agent]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. OS restart will be requested If you upgrading KEA above 3.11 version. About This article contains the best way of upgrading KEA 3.9 to the last KEA version avoiding possible known issues. Procedure Disable Password-protection and Self-Defense in KEA policy, lock the settings. Ensure that policy is applied on all devices. Upgrade KEA plug-in on the KSC side. Recreate
svc_kms

svc_kms in Known Problem

0
Known Problem

KATA: KEA tasks FAQ [KATA/KEDRE]

What is the default synchronization period between KEA and CN? Sync period (which is every X minutes) for KEA is configurable in KEA policy. Default synchronization period is 300 sec (5 min). The same period applies to LENA. What is the isolation workflow? In KATA CN creates task for host isolation. KEA receives an 'isolate' command from the Central Node during synchronization . An agent turns on host isolation with exclusions configured in KEA policy. At the
svc_kms

svc_kms in Known Problem

0
Known Problem

KATA updater/KSN connection errors if using proxy server on TCP ports (8080, 8090, 8091) [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact It is not possible to use a proxy server for KATA 5.0 and/or KATA 5.1 CN on TCP ports 8080, 8090 or 8091. If you will configure in KATA 5.0/5.1 proxy server connection settings using one of those ports, then such configuration will result in KATA update task failure and KSN connection errors right after those settings will be applied. This happens due to t
svc_kms

svc_kms in Known Problem

0
Known Problem

KATA 4+ SSO problems for users with too many AD groups [KATA/KEDRE]

Problem When user is added to a lot of AD groups, he may be unable to login to web interface of KATA via SSO. Step-by-step guide Modify /etc/opt/kaspersky/apt-swarm/swarm_config.json like this (set buffer_size to 65535 under uwsgi section - it's on bottom of the file)      2.  Execute via SSH  apt-settings-manager get /configuration/web_backend | python -m json.tool > /tmp/web_backend
svc_kms

svc_kms in Known Problem

0
Known Problem

KATA 4.0: Nessus complains about weak KEX [KATA/KEDRE]

Problem After "Nessus" vulnerability scanning on Central node 4.0 servers, you may see the following: Ports: 22-tcp   Description: The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ss
svc_kms

svc_kms in Known Problem

0
How-to

How to: Filter KATA IDS traffic

Step-by-step guide KATA 3.7.2 Connect to central node/sensor node which processing SPAN traffic via ssh; Proceed to Technical support mode; Become root with command: Turn on wrapCopy as text # sudo -i Create file /etc/suricata/capture-filter.bpf with line containing traffic filtering conditions (syntax is the same as in tcpdump conditions), below you can see filter for example:   Exa
svc_kms

svc_kms in How-to

0
How-to

How to validate KATA Sandbox VM sizing and resources reservation [KATA/KEDRE]

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VM
svc_kms

svc_kms in How-to

0
How-to

How to validate KATA Sandbox VM sizing and resources reservation [KATA/KEDRE]

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VM
svc_kms

svc_kms in How-to

0
How-to

How to use certificate chain for Web UI [KATA/KEDRE]

You may want to have full certificate chain for KATA Web UI. Here's how to do it. Step-by-step guide Preparing the certificate chain for use in nginx_gateway configuration We start with full certificate chain in familiar form. Please note that certificate chain should contain desired intermediate authorities' public keys. Do not add private key to the chain. First of all, we transfer it to the Central Node. It's recommended to do all further actions on Central Node, as in dif
svc_kms

svc_kms in How-to

0
How-to

How to upgrade password protected KEA with KSC task [Kaspersky Endpoint Agent]

How to upgrade previously installed password protected KEA using KSC remote installation task. Step-by-step guide Edit attached file install_props.json, put there your password for already installed KEA; Put this file to folder on KSC containing files for creation of remote installation package for new KEA version as per screenshots below; Create on KSC package for remote installation; Start remote installation task on KSC.
svc_kms

svc_kms in How-to

0


×
×
  • Create New...