Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem:
You have a new CPU in your managed device and Windows operating system released prior to Windows 10\Windows Server 2016. Start "Find vulnerabilities and required updates" for a managed devices. Task results and Kaspersky Event log on a workstation may indicate a following error:
Windows Update Agent error 80240037 ("The functionality for the operation is not supported.") #1181 (
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple fields in database that are not easy to interpret. For example nIP, nStatus and many others. Most of them are from public view v_akpub_host which is one of the main sources of information about managed computer on KSC. The objective of this article is to help understanding the encoding used, if you want to learn more about public views and specific fields refer to klakdb.chm located in the
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations".
Step-by-step guide
1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC.
2. Login to KSC admin server using admin account and go to KSC admin serve
The problem is in the certificate - it has a 1024 bit long key. While Web Console now works only with 2048 bit long keys.
The customer needs to reissue KSC server certificate to 2048 key length.
What to do -
1. Generate reserve KSC certificate - for example by using command -
klsetsrvcert -t CR -g "dns_name" -o "RsaKeyLen:2048"
where DNS name is DNS name of KSC
2. Wait several days - hosts will connect to KSC and receive reserve cert.
The customer could check on c
Maximum validity of the custom certificate (administration server/web console):
A maximum of 5 years can be stored as the maximum validity for the certificate for the administration server
The maximum validity for the certificate for the web console cannot exceed 397 days
Two different certificates must be used:
After the specified time has expired, a new certificate must be generated manually (at best 90 days in advance) and stored as a replacement certificate. Cli
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Problem
You set up integration with SIEM but no events come up on SIEM side. In some cases there is no incoming traffic to SIEM from KSC server.
Solution
In vast majority of cases the root cause can be located in KSC server trace
Trace example #1
25.01.2017 09:56:56.855 00001320.0000015C L1 KLSPLG: There is no key for SystemM
Description and cautions
That article is describing KSC rel. 13.2 to rel. 14.x SW upgrade procedure.
Prerequisites
KSC 13.2 on MS Windows
S/N
Action
Online-Help
1
Download the KSC 14 Version
2
Take the backup of KSC Administration
There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear.
To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name.
Step-by-step guide
Set up the following server flag:
SrvUseFqdnAsDisplayNames
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
Scenario
Backup task fails indicating corrupted files. Specific file names may vary.
The following error appears in Kaspersky Event Log (file name may vary):
Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required.
Possible root causes
The most common reasons are OS crash and unexpected reb
Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution.
Step-by-step guide
Open NAgent policy.
Network → Connection section.
Open connection profile properties.
Set necessary port after CG address (see screenshot).
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You're using KSC as WSUS server and moving the Windows Update folder to another drive so it won't occupy space on the C drive. However, when you're downloading Windows updates to KSC, the “C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer” folder is increasing its size up to 15.5 GB.
Solution
Here is the procedure:
Make a backup copy of KSC.
Stop KSC service
C
For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution.
Step-by-step guide
To export task execution history, follow these steps:
Open task results window.
In the upper part of the task results window, select problem computer.
Right-click some event in the lower part of the task results window,
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Step-by-step guide
Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.
Specify Splunk Server address and port;
Login into Splunk Management console;
Press Settings → Configure data inputs;
In the o
NOTE: KSC CC is a cloud solution and its IP can be changed.
Run klnagchk utility on connected to target workspace host.
Find KSC CC server address in klnagchk output. It should looks like eXXX.ksc.kaspersky.com.
Use nslookup utility to find the IP address of this server.
In NAgent 15, klmover was updated and now requires NAgent uninstallation password, if it is set in NAgent's policy. Right now the password can't be passed to klmover as an argument, but it can be supplied via echo:
echo <password>|klmover -address <administration server ip>
Because cmd doesn't parse quotes and spaces in echo properly, if klmover is star
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
You change the account of the administration server service via the klsrvswch tool. Note that this is the only way to change the account, manual modification (for example, via services.msc) is not supported.
Then, the you run the Install required updates and fix vulnerabilities task.
As a result, the task is cancelled and updates are not installed.
Diagnostics
The following
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Sometimes it's not clear how KSC assigns Distribution Point (DP) for Managed groups or NLA subnets, and how clients choose DP.
Automatic assignment of distribution points is enabled in Kaspersky Security Center by default. The Administration Server automatically selects the scopes for distribution points, and assigns one or multiple distribution points to each scope depending on how many client
In some cases klakaut traces should be collected for diagnostics.
Step-by-step guide
To do so:
Import klakaut-on_x*.reg file.
Restart klakaut service.
net stop klakaut
net start klakaut
Enable another trace if required.
Reproduce the issue.
Impor
KSC installer generates default passwords for service accounts (automatically created to run KSC service), KIPxeUser and KIScSvc.
Those passwords have 16 characters length, characters are taken randomly so that the password contain 3 out of 4 of the following groups of characters:
Lowercase characters (a – z)
Uppercase characters (A – Z)
Numbers (0-9)
Symbols (~ ! @ # $ % ^ & * - _ + = [ ] { } | \ : ' , . ? / ` ~ " < > ( )
Also the password cann
Description
You may want to allow certain users to do everything, but without giving them access to modify policies, manage users, or assign roles. However, when using default roles provided by KSC, some permissions are either too broad or unchangeable.
Steps to Create the Custom Role:
Open Kaspersky Security Center.
Go to Administration Server Properties → Users Roles.
Click “Add” to create a new role.
Enter a role name (e.g., Rule for Hospitals).
Article applies to KSC13-14.2 versions.
Sometimes you need to keep KSC tracing on for a long period of time to catch the error and there is little disk space left on the system disk.
Step-by-step guide
There is a way to change the default location of $klserver-1093.log file - use klscflag.exe utility"
klscflag.exe -tset -pv "klserver" -l 4 -d O:\Temp
O:\temp can be changed to any existing folder name in file system. Remember to create this folder before run
Problem
After importing a custom certificate instead of a default self-signed one for accessing KSC 13 Web Console, you cannot reach Web Console. When using the default certificate, there is now issue with Web Console.
Solution
There are several causes and solutions for this issue:
You might be using Internet Explorer or any other unsupported browser to access Web Console.
So first we need to check if the browser is supported by KSC. Ref : https://support.kas
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Article applies to KSC13-15.1
Consider the following scenario:
Open KSC MMC console;
Go to Kaspersky licenses;
Select KSC license.
Devices on which the license key is active is zero regardless of fact that this key is assigned as active on KSC Server:
Explanation
In older versions of Kaspersky applications, several license key files were provided to activate
General information on Solarwinds N-Central integration can be found in online help.
Trace logs are not created by this plugin. The integration with Solarwinds is based on PowerShell scripts launched on Solarwinds side. The only diagnostic information that is required in case of problems is the output of these scripts that can be found in SolarWinds UI.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Application registry in KSC contains information about applications that was deleted. Reinstalling Network Agent on a workstation should solve a problem.
This behavior can be caused by per-user applications. You can alter how long network agent will retain information about applications on a managed workstation:
On a managed workstation :
Add a registry key:
[HKEY_LOCAL_MACH
