Description and cautions
The article is giving some use cases examples of KSC API calls to ease one's start using the API. In that KB we are looking at host isolation with KES/KEA scenario.
For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example: 'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"'
Details
Prerequisites
internal use
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Problem:
KSC certificate renewal or replacement is made incorrectly because the option to instantly replace the server certificate is used.
As a result, managed devices loose the connection with KSC and klmover command or re-installation of klnagent is required to restore the connectivity.
Cause:
After the certificate is renewed with "-t C" option, network agent
This article is about Kaspersky Security Center for Windows (KSC for Windows)
In this article we will share the steps on how run a .bat file remotely through Kaspersky Security Center (KSC).
How to execute a batch file on the remote hosts
Create an installation package based on a file
Create a remote installation task for that Installation package
Assign the task to a target hosts and start it
During task execution NAgent will run the file using a 32-bi
Windows
Unpack the archive (add_category.rar) on any device that has access to the Administration Console port of the Administration Server.
Create a text file with needed hashes, by default the script expects it to be sha256.txt in script's working directory.
Edit add_category.cmd with specified KSC username, password, server address, name of the text file with hashes (file should be saved in UTF-8 encoding)
If a category with the specified name already exists, it k
Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution.
Step-by-step guide
Open NAgent policy.
Network → Connection section.
Open connection profile properties.
Set necessary port after CG address (see screenshot).
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Step-by-step guide
Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.
Specify Splunk Server address and port;
Login into Splunk Management console;
Press Settings → Configure data inputs;
In the o
KSC installer generates default passwords for service accounts (automatically created to run KSC service), KIPxeUser and KIScSvc.
Those passwords have 16 characters length, characters are taken randomly so that the password contain 3 out of 4 of the following groups of characters:
Lowercase characters (a – z)
Uppercase characters (A – Z)
Numbers (0-9)
Symbols (~ ! @ # $ % ^ & * - _ + = [ ] { } | \ : ' , . ? / ` ~ " < > ( )
Also the password cann
In some cases klakaut traces should be collected for diagnostics.
Step-by-step guide
To do so:
Import klakaut-on_x*.reg file.
Restart klakaut service.
net stop klakaut
net start klakaut
Enable another trace if required.
Reproduce the issue.
Impor
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You're using KSC as WSUS server and moving the Windows Update folder to another drive so it won't occupy space on the C drive. However, when you're downloading Windows updates to KSC, the “C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer” folder is increasing its size up to 15.5 GB.
Solution
Here is the procedure:
Make a backup copy of KSC.
Stop KSC service
C
Problem
KSC Web Console can be used for monitoring purposes. It is particularly important to have no timeout disconnection errors in this scenario.
To avoid them, the timeout before Web Console disconnects can be increased.
Step-by-step guide
All you have to do is the following:
Edit node.js web server config file located at C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json
Change the following values and restart KSC WC se
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations".
Step-by-step guide
1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC.
2. Login to KSC admin server using admin account and go to KSC admin serve
Maximum validity of the custom certificate (administration server/web console):
A maximum of 5 years can be stored as the maximum validity for the certificate for the administration server
The maximum validity for the certificate for the web console cannot exceed 397 days
Two different certificates must be used:
After the specified time has expired, a new certificate must be generated manually (at best 90 days in advance) and stored as a replacement certificate. Cli
There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear.
To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name.
Step-by-step guide
Set up the following server flag:
SrvUseFqdnAsDisplayNames
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
Article applies to KSC13-14.2 versions.
Sometimes you need to keep KSC tracing on for a long period of time to catch the error and there is little disk space left on the system disk.
Step-by-step guide
There is a way to change the default location of $klserver-1093.log file - use klscflag.exe utility"
klscflag.exe -tset -pv "klserver" -l 4 -d O:\Temp
O:\temp can be changed to any existing folder name in file system. Remember to create this folder before run
Description
You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable.
Steps to Create the Custom Role:
Open Kaspersky Security Center.
Go to Administration Server Properties → Users Roles.
Click “Add” to create a new role.
Enter a role name (e.g., Rule for Hospitals).
For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution.
Step-by-step guide
To export task execution history, follow these steps:
Open task results window.
In the upper part of the task results window, select problem computer.
Right-click some event in the lower part of the task results window,
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
There is no mechanism to replace client root certificate used for iOS MDM via reserve certificate.
That's why replacing the client root certificate used for iOS MDM will cause iOS MDM server to lose synchronization with all devices.
Details of active certificate can be viewed in the properties of iOS MDM server, on the "Certificates' tab.
Step-
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Make sure the network agent of KSCCC has already been implemented:
Download the Network agent installer of KSCCC from the web console.
Click the installer and confirm that it has already has been installed and click OK.
Finding the HDS site which is used by this NA:
Run the klnagchk utility within C:\Program Files (x86)\Kaspersky Lab\NetworkAgent to check the network conn
NOTE: KSC CC is a cloud solution and its IP can be changed.
Run klnagchk utility on connected to target workspace host.
Find KSC CC server address in klnagchk output. It should looks like eXXX.ksc.kaspersky.com.
Use nslookup utility to find the IP address of this server.
If there are many outdated entries in Executable files list in computer's properties or on a server, there is a way to bring it up-to-date.
Step-by-step guide
There is a hidden Actualization task that runs at the end of the Inventory task. To use this functionality and quickly update the list of executables, do the following:
Create an Inventory task
Set Inventory scope to either empty or very small folder
Run it
Since the scope of work is small, th
Problem
Sometimes it is necessary to replace the KSN proxy address in products like KSWS, KESS or KES after restoring KSC from backup or when Server moved to new Hardware.
Unfortunately, there are no settings in the policy for this.
Solution
The corresponding option can be found in the properties of Installation packages node in KSC.
See the effects of changing this value:
Note that after changing these settings, you must also rebuil
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Autotask, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
Description and cautions
You may experience low time to live value set in ICMP network packets sent by klnagents.
The following can be seen in wire shark traffic dump:
Explanation:
There are two modes of distribution point search:
0 - search of the nearest DP using a tool similar to traceroute. It generates a number of ICMP packets to find out the neatest route to DP - this is the default mode.
1 - selection of random DP without sending such amount of ICMP p
RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.
Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname:
Open Custom tools → Configure custom tools
Select Remote Desktop, click Modify
Edit Command line text box, it should contain <host_ip> instead of <A>:
To troubleshoot SNMP functionality in KSC specific traces should be collected.
Step-by-step guide
To collect traces:
Download archive
Use trace-5-snmpagt.reg to start trace
Reproduce the issue
Use trace-off-snmpagt.reg to stop trace
Archive files and send to Kaspersky Support.
