KSC installer generates default passwords for service accounts (automatically created to run KSC service), KIPxeUser and KIScSvc.
Those passwords have 16 characters length, characters are taken randomly so that the password contain 3 out of 4 of the following groups of characters:
Lowercase characters (a – z)
Uppercase characters (A – Z)
Numbers (0-9)
Symbols (~ ! @ # $ % ^ & * - _ + = [ ] { } | \ : ' , . ? / ` ~ " < > ( )
Also the password cann
Description and cautions
The article is giving some use cases examples of KSC API calls to ease one's start using the API. In that KB we are looking at host isolation with KES/KEA scenario.
For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example: 'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"'
Details
Prerequisites
internal use
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
0 - Update completed successfully
1 - All files are up-to-date (No available updates)
Result codes depending on OS type:
Windows
Linux(FreeBSD)
Return code description
-1
255
Co
Article applies to KSC13-14.2 versions.
Sometimes you need to keep KSC tracing on for a long period of time to catch the error and there is little disk space left on the system disk.
Step-by-step guide
There is a way to change the default location of $klserver-1093.log file - use klscflag.exe utility"
klscflag.exe -tset -pv "klserver" -l 4 -d O:\Temp
O:\temp can be changed to any existing folder name in file system. Remember to create this folder before run
RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.
Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname:
Open Custom tools → Configure custom tools
Select Remote Desktop, click Modify
Edit Command line text box, it should contain <host_ip> instead of <A>:
There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear.
To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name.
Step-by-step guide
Set up the following server flag:
SrvUseFqdnAsDisplayNames
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
Description and cautions
You may experience low time to live value set in ICMP network packets sent by klnagents.
The following can be seen in wire shark traffic dump:
Explanation:
There are two modes of distribution point search:
0 - search of the nearest DP using a tool similar to traceroute. It generates a number of ICMP packets to find out the neatest route to DP - this is the default mode.
1 - selection of random DP without sending such amount of ICMP p
You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console.
Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed.
Step-by-step guide
Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings.
Enable Versions of PLC projects op
If you are using the MMC console with different servers, you may want to keep a list of configured servers after upgrading to a new version. Fortunately, this is possible.
Step-by-step guide
Follow these steps before the upgrade.
Save Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\Microsoft\MMC
Upgrade.
Start and close the MMC console.
Remove newly create Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\
This article is about Kaspersky Security Center for Windows (KSC for Windows)
In this article we will share the steps on how run a .bat file remotely through Kaspersky Security Center (KSC).
How to execute a batch file on the remote hosts
Create an installation package based on a file
Create a remote installation task for that Installation package
Assign the task to a target hosts and start it
During task execution NAgent will run the file using a 32-bi
Description
You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable.
Steps to Create the Custom Role:
Open Kaspersky Security Center.
Go to Administration Server Properties → Users Roles.
Click “Add” to create a new role.
Enter a role name (e.g., Rule for Hospitals).
If you accidentally deleted a device from KSC, you can either wait until the next sync (15 minutes by default), or run these commands in a cmd started as administrator:
cd C:\Program Files (x86)\Kaspersky Lab\NetworkAgent
klnagchk.exe -sendhb
Or this command, if you deleted a device running linux:
sudo /opt/kaspersky/klnagent64/bin/klnagchk -sendhb
After that the device should reappear in Unassigned devices.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
There is no mechanism to replace client root certificate used for iOS MDM via reserve certificate.
That's why replacing the client root certificate used for iOS MDM will cause iOS MDM server to lose synchronization with all devices.
Details of active certificate can be viewed in the properties of iOS MDM server, on the "Certificates' tab.
Step-
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Problem:
KSC certificate renewal or replacement is made incorrectly because the option to instantly replace the server certificate is used.
As a result, managed devices loose the connection with KSC and klmover command or re-installation of klnagent is required to restore the connectivity.
Cause:
After the certificate is renewed with "-t C" option, network agent
NOTE: KSC CC is a cloud solution and its IP can be changed.
Run klnagchk utility on connected to target workspace host.
Find KSC CC server address in klnagchk output. It should looks like eXXX.ksc.kaspersky.com.
Use nslookup utility to find the IP address of this server.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You're using KSC as WSUS server and moving the Windows Update folder to another drive so it won't occupy space on the C drive. However, when you're downloading Windows updates to KSC, the “C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer” folder is increasing its size up to 15.5 GB.
Solution
Here is the procedure:
Make a backup copy of KSC.
Stop KSC service
C
The ability to modify the ciphers used by the product to communicate with port 13292 published on the Internet is required.
Step-by-step guide
You cannot change the ciphers used on a particular port, but you can change the cipher modes used by the MDM server on all listening ports.To do so, you will need to create a global variable KLTR_ENV_SSL_CIPHER_SUITE and restart Kaspersky Security Center server.
You can familiarize yourself with the format of the values at this link https://w
Description
If you need to know the name of the standard KSC service account (KL-AK...) that has been created during installation, it is stored in the registry key.
This information can be viewed in the registry, using the following paths:
for 64-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1093\1.0.0.0
for 32-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093\1.0.0.0
this key is called AutoCreatedS
For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution.
Step-by-step guide
To export task execution history, follow these steps:
Open task results window.
In the upper part of the task results window, select problem computer.
Right-click some event in the lower part of the task results window,
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Step-by-step guide
Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.
Specify Splunk Server address and port;
Login into Splunk Management console;
Press Settings → Configure data inputs;
In the o
To minimize network load, stop receiving error messages related to SNMP scan or to comply with security standards, you can disable SNMP scan completely.
Step-by-step guide
On KSC server:
Execute: klscflag.exe -pv klserver -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d
Restart network agent service
net stop klnagent
net start klnagent
In case if you need to disable SNMP scan made by UA/DP, then the command will be slightly different:
klscf
Windows
Unpack the archive (add_category.rar) on any device that has access to the Administration Console port of the Administration Server.
Create a text file with needed hashes, by default the script expects it to be sha256.txt in script's working directory.
Edit add_category.cmd with specified KSC username, password, server address, name of the text file with hashes (file should be saved in UTF-8 encoding)
If a category with the specified name already exists, it k
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations".
Step-by-step guide
1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC.
2. Login to KSC admin server using admin account and go to KSC admin serve
Problem
KSC Web Console can be used for monitoring purposes. It is particularly important to have no timeout disconnection errors in this scenario.
To avoid them, the timeout before Web Console disconnects can be increased.
Step-by-step guide
All you have to do is the following:
Edit node.js web server config file located at C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json
Change the following values and restart KSC WC se
Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution.
Step-by-step guide
Open NAgent policy.
Network → Connection section.
Open connection profile properties.
Set necessary port after CG address (see screenshot).
