Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

How-to

KSC API use cases examples - host isolation with KES/KEA [KSC for Windows]

Description and cautions The article is giving some use cases examples of KSC API calls to ease one's start using the API. In that KB we are looking at host isolation with KES/KEA scenario. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example:  'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal use
svc_kms

svc_kms in How-to

1
How-to

How to restore a device that was deleted from KSC [Kaspersky Security Center]

If you accidentally deleted a device from KSC, you can either wait until the next sync (15 minutes by default), or run these commands in a cmd started as administrator: cd C:\Program Files (x86)\Kaspersky Lab\NetworkAgent klnagchk.exe -sendhb Or this command, if you deleted a device running linux: sudo /opt/kaspersky/klnagent64/bin/klnagchk -sendhb After that the device should reappear in Unassigned devices.
Stan Shpatar

Stan Shpatar in How-to

0
Known Problem

Failed to install the software module update - Bad Junction [KSC for Windows]

Problem Description, Symptoms & Impact When deploying Auto patches from KSC, installing Network Agent or Kaspersky Endpoint Security, installation fails with bad junction errors. Diagnostics While Auto patch deployments over KSC will directly generate an event in Events section of KSC, manual Network Agent or KES installations will end with Fatal Error message and installation logs will contain information such as below: Application: Kaspersky Security Cent
svc_kms

svc_kms in Known Problem

0
Known Problem

Get error "curl: (58) schannel: Failed to import cert file" when sending a request via KPSN API from Windows client [Kaspersky Private Security Network]

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x8009200
Stan Shpatar

Stan Shpatar in Known Problem

0
How-to

How to set PLC Project Integrity Check task in the KSC Console [KSC for Windows]

You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console. Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed. Step-by-step guide Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings. Enable Versions of PLC projects op
svc_kms

svc_kms in How-to

0
Known Problem

Computer description field is not updated on KSC console

Problem Computer description may stop updating on KSC console. It may be different from what is set on managed PC in computer properties. Solution If computer description field was changed on KSC side manually it will no be updated again. To enable synchronization with local description you have to delete the computer from managed computers group, then from unassigned, and add it back. In case it did not help check that the following services are enabled (set to automatic sta
svc_kms

svc_kms in Known Problem

0
How-to

How to disable SNMP scan on KSC to minimize network load [KSC for Windows]

To minimize network load, stop receiving error messages related to SNMP scan or to comply with security standards, you can disable SNMP scan completely. Step-by-step guide On KSC server:  Execute: klscflag.exe -pv klserver -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d Restart network agent service net stop klnagent net start klnagent In case if you need to disable SNMP scan made by UA/DP, then the command will be slightly different:   klscf
svc_kms

svc_kms in How-to

0
Known Problem

KSC difference between Application Registry and Incompatible Applications Report [KSC for Windows]

Problem You may run into differences between Application Registry and Incompatible Applications Report when trying to find computers with incompatible applications. For example, you created Device selection based on an Applications registry criteria, where you specified incompatible application name in Application name field and got a device selection of 12 computers. After that, you open Incompatible Applications Report and only get 3 computers with that software. It is expected, and
svc_kms

svc_kms in Known Problem

0
How-to

How to configure connection gateway ports [KSC for Windows]

Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution. Step-by-step guide Open NAgent policy. Network → Connection section. Open connection profile properties. Set necessary port after CG address (see screenshot).
svc_kms

svc_kms in How-to

0
Known Problem

Troubleshooting klnagent connection issues by analyzing klnagchk log+openssl verification of TLS traffic [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Klnagchk.exe is usually used to check if the connection between server and NAgent is OK. The expected result is the following: Attempting to connect to Administration Server...OK Attempting to connect to Network Agent...OK Network Agent is running. In case of problem with klnagent service, Kaspersky Network Agent should be re-installed and trace collected.  If there is a probl
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC Distribution Points auto-assignment and selection [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Sometimes it's not clear how KSC assigns Distribution Point (DP) for Managed groups or NLA subnets, and how clients choose DP.  Automatic assignment of distribution points is enabled in Kaspersky Security Center by default. The Administration Server automatically selects the scopes for distribution points, and assigns one or multiple distribution points to each scope depending on how many client
svc_kms

svc_kms in Known Problem

0
How-to

How to run bat files remotely [KSC for Windows]

This article is about Kaspersky Security Center for Windows (KSC for Windows) In this article we will share the steps on how run a .bat file remotely through Kaspersky Security Center (KSC). How to execute a batch file on the remote hosts Create an installation package based on a file Create a remote installation task for that Installation package Assign the task to a target hosts and start it During task execution NAgent will run the file using a 32-bi
svc_kms

svc_kms in How-to

0
How-to

How to collect diagnostic information for ConnectWise Manage integration plugin [KSC for Windows]

General information on ConnectWise Manage integration can be found in online help. Kaspersky Security Integration Service for MSP log To collect diagnostic log for Kaspersky Security Integration Service for MSP you need to take the following steps: Navigate to C:\Program Files\Kaspersky Lab\Kaspersky Security Integration Service for MSP; Open file IntegrationServer.exe.config Set minlevel attribute to "Debug":
svc_kms

svc_kms in How-to

0
How-to

How to collect diagnostic information for ConnectWise Automate (ex-LabTech) integration plugin [KSC for Windows]

General information on ConnectWise Automate integration can be found in online help. LabTech service logs You can access service logs on a LabTech server by launching LabTech Control Center and then navigating to Dashboard → Management → Service Logs. Then select Go To Computer and select LabTech server. To view diagnostic info for managed client hosts you should first refresh the information by clicking Commands → LabTech →Send LabTech Error Log. On both LabTech servers and
svc_kms

svc_kms in How-to

0
Known Problem

KSC OpenSSL protcomp vulnerabilities [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. When running security analyzers on KSC server you may occasionally get warnings about outdated OpenSSL libraries. Normally these vulnerabilities can not be exploited as the OpenSSL library is used in a very specific way. If vulnerable OpenSSL libraries were found in C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\protcomp then there is actually no way to exploit it. Due to this fact this library is us
svc_kms

svc_kms in Known Problem

0
How-to

How to collect diagnostic information for Autotask integration plugin [KSC for Windows]

General information on ConnectWise Manage integration can be found in online help. Enabling and disabling tracing You may have to save traces of Kaspersky Security Integration with Autotask, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
svc_kms

svc_kms in How-to

0
How-to

How to collect diagnostic information for Tigerpaw integration plugin [KSC for Windows]

General information on ConnectWise Manage integration can be found in online help. Enabling and disabling tracing You may have to save traces of Kaspersky Security Integration with Tigerpaw, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
svc_kms

svc_kms in How-to

0
Known Problem

KSC and ROBOT attack [KSC for Windows]

This article explains ROBOT attack, RSA Key Exchange, OpenSSL and KSC. Explanation If you are running security analyzer and it shows that connections on ports 13000 (server-nagent traffic) and 17000 (activation proxy) are suspicious for a ROBOT attack, don't panic. Automatic analysis is not accurate. Run specific diagnostics to make sure that KSC traffic is actually not vulnerable. Examples: https://testssl.sh/ https://github.com/robotattackorg/robot-det
svc_kms

svc_kms in Known Problem

0
How-to

How to use IP address to open RDP connections from KSC console [KSC for Windows]

RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.  Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname: Open Custom tools → Configure custom tools Select Remote Desktop, click Modify Edit Command line text box, it should contain <host_ip> instead of <A>:
svc_kms

svc_kms in How-to

0
Known Problem

KSC backup task fails with System error 0x800703FA [KSC for Windows]

Description Sometimes KSC backup task may fail with the following error: #1181 (-2147023878) System error 0x800703FA (Illegal operation attempted on a registry key that has been marked for deletion.) At first, rebooting the OS may help, but the error may return. Cause The user identity associated with the COM+ application was logged on when the COM+ application was first initialized. If that user logs off, their profile will be unloaded and the COM+ application will no l
svc_kms

svc_kms in Known Problem

0
Known Problem

KSC database fields explained: nIP, nStatus [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. There are multiple fields in database that are not easy to interpret. For example nIP, nStatus and many others. Most of them are from public view v_akpub_host which is one of the main sources of information about managed computer on KSC. The objective of this article is to help understanding the encoding used, if you want to learn more about public views and specific fields refer to klakdb.chm located in the
svc_kms

svc_kms in Known Problem

0
How-to

How to clear executable files list [KSC for Windows]

If there are many outdated entries in Executable files list in computer's properties or on a server, there is a way to bring it up-to-date. Step-by-step guide There is a hidden Actualization task that runs at the end of the Inventory task. To use this functionality and quickly update the list of executables, do the following: Create an Inventory task  Set Inventory scope to either empty or very small folder Run it Since the scope of work is small, th
svc_kms

svc_kms in How-to

0
Known Problem

Microsoft Store gets blocked when KSC is acting as WSUS [KSC for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.   Problem When you assign KSC as WSUS all hosts are not able to download anything from Microsoft Store. It is a Microsoft's design limitation. Description When KSC acts as WSUS group policy (GPO) "DoNotConnectToWindowsUpdateInternetLocations" is applied to the hosts. It is needed to prohibit hosts from downloading updates from the Internet (it is relevant for Windows 10/Server 2016). Such
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...