Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

How-to

How to change installed components for built-in KEA [Kaspersky Endpoint Agent]

Problem If you install standalone Kaspersky Endpoint Agent, both KSC installation package and local installer provide option to choose, which KEA components to install: However, when KEA is installed in built-in scenario, bundled with KES or KSWS, you don't get to choose and KEA is installed in default configuration, with all the components. There's a way to select installed KEA components even for built-in scenarios. Using install_props.json for changing installed comp
svc_kms

svc_kms in How-to

0
How-to

How to change Docker network settings in KATA [KATA/KEDRE]

Please use caution when following the steps. This article is applicable to KATA 3.7.2 and KATA 4.0/4.1 In KATA 3.7, EDR stack is based on microservice architecture, it utilizes Docker Swarm. Containers have their own internal networking, which may cause issues in infrastructure, if the same networks are already used. Docker uses 4 different networks: Name Subnet br
svc_kms

svc_kms in How-to

0
How-to

How to monitor KATA system health [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. How to monitor KATA system health such as CPU, HDD, Memory usage, services status and etc? How to output this information? Locally, monitoring product operation and component health can be done in KATA dashboard. CPU, memory or similar metrics can be viewed using built-in Linux tools in support mode. Available remote monitoring options are: Using SNMP Hearbeats in SIEM integration
svc_kms

svc_kms in How-to

0
Known Problem

Certified LENA 3.12 is not updating [Kaspersky Endpoint Agent]

Issue "Databases and modules update task" is configured for hosts with LENA 3.12 installed. Task is executed via KSC. Diagnostics "Activate KEA" task is configured for the hosts with LENA or has been configured and deleted in the past. An update is executed locally, using lenactl works. KLNagent successfully synchronizes with the server. Other installed applications (e.g. KESL) display no synchronization issues. Workaround To fix the issue:
svc_kms

svc_kms in Known Problem

0
Known Problem

KEA on Exchange servers [Kaspersky Endpoint Agent]

This article applies to KEA 3.10+ Problem You need to install KEA on a host running MS Exhange 2013, 2016, 2019 server, and ensure compatibilty. Solution Add the following values into registry (should be done with "Local System" rights): [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment] "EnablePorts"=dword:0000
svc_kms

svc_kms in Known Problem

0
How-to

How to disable mandatory amount of VM images KATA SB 4.1/5.0 [KATA/KEDRE]

You may not want to use all 3 or 4 (depends on settings at web set) VMs in KATA 4.1/5.0 SB. If one of the VM images is not installed, there will be SB self-diagnostics error at the KATA web-interface. Usually it's WinXP image that gets excluded. This article is applicable only to KATA 4.1/5.0 Images names for 4.1: CentOS7_x64, WinXP, Win7_x64, Win10_x64 Images names for 5.0: Astra_x64, CentOS7_x64, WinXP, Win7_x64, Win10_x64 KATA
svc_kms

svc_kms in How-to

0
Known Problem

KSMG and KATA 4.0/4.1 integration: private fix [KATA/KEDRE]

KATA 4.0/4.1 is compatible with KSMG 2.0, KSMG 1 and KLMS 8.0.3. Second thing to notice is that KSMG integration has a few bugs on KATA side. Thankfully, all known issues are fixed in a PF, which is recommended for all who integrate KSMG/KLMS and KATA4. KATA4.0 Step-by-step guide Download container with fix. file_name : kata_scanner_35f8753e6d.tar.gz md5 :  2adb09c0bd13dfc03c6a5c8980dde4ff container_name:  kata_scanner container_version:  kata_scanner:35f8753e6
svc_kms

svc_kms in Known Problem

0
How-to

How to force KATA Sandbox selfcheck [KATA/KEDRE]

For KATA 3.7.2 You can force run Sandbox Healthcheck instead of waiting for 30 minutes' timeout.  Step-by-step guide Log into Sandbox Server via ssh. To run checker, first you need to delete /var/tmp/sbtest file: rm /var/tmp/sbtest Then run checker and wait until it finishes:
svc_kms

svc_kms in How-to

0
How-to

How to install patches on password-protected KEA [Kaspersky Endpoint Agent]

As the first step of troubleshooting of KEA, we recommend installing the latest core patch. However, sometimes such installation will fail. There are two popular causes of this: EULA is not accepted; KEA installation is protected with a password. This guide addresses both of these issues. # in Password Symbol Due to limitations in KSC, when creating a custom package for remote deployment in KSC, or editing package configuration file (.kpd) directly,
svc_kms

svc_kms in How-to

0
Known Problem

KEA core patches [Kaspersky Endpoint Agent]

Problem You may encounter issues with KEA that may include: Excessive resource consumption Freezes, crashes etc. Solution Install the latest available core patch. Adding KEA CF to KEA installation package is not supported and will not work, patches need to be installed separately. To install patch using KSC or locally use the following keys, /qn can be added for silent install as usual How to install patch
svc_kms

svc_kms in Known Problem

0
Known Problem

KATA 4.0: Nessus complains about weak KEX [KATA/KEDRE]

Problem After "Nessus" vulnerability scanning on Central node 4.0 servers, you may see the following: Ports: 22-tcp   Description: The remote SSH server is configured to allow key exchange algorithms which are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ss
svc_kms

svc_kms in Known Problem

0
How-to

How to collect LENA troubleshooting information [Kaspersky Endpoint Agent for Linux]

This article applies to Endpoint Agent for Linux. To collect LENA debug or ANY traces, please follow this guide. Default traces location is '/var/log/kaspersky/epagent/'. Default dumps location is '/tmp/agentdumps' Public collect.sh script was updated to collect LENA-related information and gather these folder as well. How to: enable LENA ANY traces For KATA-EDR (on-premises) customers to tune LENA performance by exclusions, ANY level logs are required. To enable ANY log
svc_kms

svc_kms in How-to

0
Known Problem

KATA: KEA tasks FAQ [KATA/KEDRE]

What is the default synchronization period between KEA and CN? Sync period (which is every X minutes) for KEA is configurable in KEA policy. Default synchronization period is 300 sec (5 min). The same period applies to LENA. What is the isolation workflow? In KATA CN creates task for host isolation. KEA receives an 'isolate' command from the Central Node during synchronization . An agent turns on host isolation with exclusions configured in KEA policy. At the
svc_kms

svc_kms in Known Problem

0
How-to

How to purge inactive devices [KATA/KEDRE]

KATA doesn't have auto removal for inactive agents, and also it doesn't have support for VDI scenarios yet. So if you have many VDI clients in use, they will quickly fill up the license. Step-by-step guide KATA 3.7.2 You can set up cron task to remove clients periodically, for example, this code will remove clients older than 3 days sudo -u kluser psql antiapt -c "delete from agent_status where last_packet_ti
svc_kms

svc_kms in How-to

0
Known Problem

KATA 4+ SSO problems for users with too many AD groups [KATA/KEDRE]

Problem When user is added to a lot of AD groups, he may be unable to login to web interface of KATA via SSO. Step-by-step guide Modify /etc/opt/kaspersky/apt-swarm/swarm_config.json like this (set buffer_size to 65535 under uwsgi section - it's on bottom of the file)      2.  Execute via SSH  apt-settings-manager get /configuration/web_backend | python -m json.tool > /tmp/web_backend
svc_kms

svc_kms in Known Problem

0
Known Problem

No traffic on Dashboard Due to low traffic [Kaspersky Anti Targeted Attack]

Issue After the KATA/Sensor receives traffic, no traffic information is visible on the KATA Dashboard. Cause If the traffic is less than 1 mbps, it will not be shown on the graphs Solution Check by the following. Log in to CN/Sensor's ssh console Execute the command sudo -i iptraf-ng   Select General interface statistics, you can see the real-time traffic information of the network interface However, such low traffic is NOT normal, and if there is no rea
Stan Shpatar

Stan Shpatar in Known Problem

0
How-to

How to enable TX capturing in KATA [KATA/KEDRE]

Sometimes one may need to enable transmitted traffic capturing in KATA (in example, for local testing of Suricata detections). Here's how to do it. Instructions for KATA 3.7.* In file /etc/modprobe.d/pf_ring.conf set enable_tx_capture=1. File should look like this: options pf_ring enable_tx_capture=1 min_num_slots=16384
svc_kms

svc_kms in How-to

0
Info

Processing and display issues after adding KESMac [KATA/KEDRE]

KESMac 12 integration with KATA is ONLY supported in KATA 6.0 and newer. Attempt to connect KESMac 12 to lower versions of KATA will result in processing errors and display issue, as if all agents are inactive. The issue will persist until all KESMac agents are disconnected from the node of the lower version.
Stan Shpatar

Stan Shpatar in Info

0
How-to

How to upgrade password protected KEA with KSC task [Kaspersky Endpoint Agent]

How to upgrade previously installed password protected KEA using KSC remote installation task. Step-by-step guide Edit attached file install_props.json, put there your password for already installed KEA; Put this file to folder on KSC containing files for creation of remote installation package for new KEA version as per screenshots below; Create on KSC package for remote installation; Start remote installation task on KSC.
svc_kms

svc_kms in How-to

0
How-to

How to replace pinned TLS Certificate [KATA/KEDRE]

KATA / EDR is using only one certificate for all connections (like WebServer and Client Connections). When you plan to replace it, do it in an early stage of deployment. If you want to replace the TLS certificate, you will need to: Reauthorize mail sensors (KSMG, KLMS) on Central Node. Reconfigure connection of Central Node, PCN and SCN to Sandbox. Reconfigure Endpoint Agent traffic redirection to Sensor and trusted connection with Endpoint Agent. Upload a new c
svc_kms

svc_kms in How-to

0
How-to

How to copy files to/from KATA [KATA/KEDRE]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. We suggest free and lightweight client, part of Putty: pscp. Step-by-step guide You can download pscp.exe for Windows from official site. Navigate to the folder with pscp.exe and start cmd or powershell there To copy files to KATA, run the following command: .\pscp.exe -scp <path to loc
svc_kms

svc_kms in How-to

0


×
×
  • Create New...