Kaspersky Security Center Community

Kaspersky Security Center

Open Club · 2 members

Save

Followers 0

Kaspersky Security Center Community

A club blog for Kaspersky Security Center

About this blog

View a category
- Categories
- How-to
- Known problem
- Known problem
- Known problem
- FAQ

Entries in this blog

Sort By

How-to

How to restore a device that was deleted from KSC [Kaspersky Security Center]

If you accidentally deleted a device from KSC, you can either wait until the next sync (15 minutes by default), or run these commands in a cmd started as administrator: cd C:\Program Files (x86)\Kaspersky Lab\NetworkAgent klnagchk.exe -sendhb Or this command, if you deleted a device running linux: sudo /opt/kaspersky/klnagent64/bin/klnagchk -sendhb After that the device should reappear in Unassigned devices.

Stan Shpatar in How-to

June 13

Known problem

Issue with encoding of events transferred to SIEM by the KSC [Kaspersky Security Center]

KSC sends events to SIEM in UTF-8 encoding. If the events received from KSC in the SIEM system look unreadable, for example, like this: ï»¿Ð¢Ð¸Ð¿ Ð¿Ñ€Ð¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ: ÐÐµÐ¸Ð·Ð²ÐµÑÑ‚Ð½Ð¾Ðµ Ð¿Ñ€Ð¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ðµ\r\nÐÐ°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ðµ: Ð’Ñ…Ð¾Ð´ÑÑ‰ÐµÐµ\r\nÐŸÑ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»: ICMPv6\r\nÐ¡Ñ‚Ð°Ñ‚ÑƒÑ: Ð Ð°Ð·Ñ€ÐµÑˆÐµÐ½Ð¾\r\nÐ£Ð´Ð°Ð»ÐµÐ½Ð½Ñ‹Ð It is necessary to configure UTF-8 encoding in the SIEM system itself.

Stan Shpatar in Known problem

June 13

Known problem

Install updates and fix vulnerabilities task hangs at 1% [KSC for Windows]

If the Install updates and fix vulnerabilities task hangs at 1%, check permissions for C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer\#WSUS#, KLAdmins group should have Full Control on that directory

Stan Shpatar in Known problem

June 13

Known problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x8009200

Stan Shpatar in Known problem

June 13

How-to

How to collect SNMP component traces

To troubleshoot SNMP functionality in KSC specific traces should be collected. Step-by-step guide To collect traces: Download archive Use trace-5-snmpagt.reg to start trace Reproduce the issue Use trace-off-snmpagt.reg to stop trace Archive files and send to Kaspersky Support.

Egor Erastov in How-to

Tuesday at 11:37 AM

How-to

How to collect Klakaut traces [KSC for Windows]

In some cases klakaut traces should be collected for diagnostics. Step-by-step guide To do so: Import klakaut-on_x*.reg file. Restart klakaut service. net stop klakaut net start klakaut Enable another trace if required. Reproduce the issue. Impor

Egor Erastov in How-to

Tuesday at 11:39 AM

FAQ

KSC service account password generation guidelines

KSC installer generates default passwords for service accounts (automatically created to run KSC service), KIPxeUser and KIScSvc. Those passwords have 16 characters length, characters are taken randomly so that the password contain 3 out of 4 of the following groups of characters: Lowercase characters (a – z) Uppercase characters (A – Z) Numbers (0-9) Symbols (~ ! @ # $ % ^ & * - _ + = [ ] { } | \ : ' , . ? / ` ~ " < > ( ) Also the password cann

Egor Erastov in FAQ

Tuesday at 11:45 AM

Known problem

SIEM intergration - no events: the most frequent reason for error

Problem You set up integration with SIEM but no events come up on SIEM side. In some cases there is no incoming traffic to SIEM from KSC server. Solution In vast majority of cases the root cause can be located in KSC server trace Trace example #1 25.01.2017 09:56:56.855 00001320.0000015C L1 KLSPLG: There is no key for SystemManagement. Trace examp

Egor Erastov in Known problem

Tuesday at 11:46 AM

How-to

How to export events to Splunk

This article is about Kaspersky Security Center for Windows (KSC for Windows) Step-by-step guide Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error. Specify Splunk Server address and port; Login into Splunk Management console; Press Settings → Configure data inputs; In the o

Egor Erastov in How-to

Tuesday at 12:53 PM

How-to

How to export task history

For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution. Step-by-step guide To export task execution history, follow these steps: Open task results window. In the upper part of the task results window, select problem computer. Right-click some event in the lower part of the task results window,

Egor Erastov in How-to

Tuesday at 12:55 PM

Followers 0