Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Article applies to KSC13-15.1
Consider the following scenario:
Open KSC MMC console;
Go to Kaspersky licenses;
Select KSC license.
Devices on which the license key is active is zero regardless of fact that this key is assigned as active on KSC Server:
Explanation
In older versions of Kaspersky applications, several license key files were provided to activate
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
There is no mechanism to replace client root certificate used for iOS MDM via reserve certificate.
That's why replacing the client root certificate used for iOS MDM will cause iOS MDM server to lose synchronization with all devices.
Details of active certificate can be viewed in the properties of iOS MDM server, on the "Certificates' tab.
Step-
Problem
KSC Web Console can be used for monitoring purposes. It is particularly important to have no timeout disconnection errors in this scenario.
To avoid them, the timeout before Web Console disconnects can be increased.
Step-by-step guide
All you have to do is the following:
Edit node.js web server config file located at C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json
Change the following values and restart KSC WC se
Problem
Sometimes the problem with events receiving/transferring on KSC (including export to SIEM) may occur. The first thing that you have to check is Kaspersky Event Log. The following warnings may occur:
Warning
Total number of events stored in database (4010532) has exceeded the actual limit of 4000000 event(s). Starting to delete excessive events from the database...
Warning
600 event(s) have been deleted from the database because the limit
Problem
While running Fix vulnerabilities task, the following error can occur:
'Transaction became the database conflict victim: '1205, 'Lock wait timeout exceeded; try restarting transaction' , LastStatement='CALL vapm_arrange_task_updates(119, 0xC89EAD3312227039C9FAC933840D7936)'
Solution
Most possible, the reason of the problem is that you have Fix vulnerabilities task or tasks with a big number of vulnerabilities that should be fixed inside one task. For example, you scro
There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear.
To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name.
Step-by-step guide
Set up the following server flag:
SrvUseFqdnAsDisplayNames
[HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093
Problem
You install latest Windows Assessment and Deployment Kit (Windows ADK) on the server where KSC is installed, but KSC console still shows message "to deploy OS images, you must install the Windows Assessment and Deployment Kit (Windows ADK) on the device that has KSC installed".
Solution
KSC doesn't see all the needed WADK components being installed. Because Microsoft is always changing components within their installation packages, we recommend to install all utiliti
The ability to modify the ciphers used by the product to communicate with port 13292 published on the Internet is required.
Step-by-step guide
You cannot change the ciphers used on a particular port, but you can change the cipher modes used by the MDM server on all listening ports.To do so, you will need to create a global variable KLTR_ENV_SSL_CIPHER_SUITE and restart Kaspersky Security Center server.
You can familiarize yourself with the format of the values at this link https://w
Scenario
Backup task fails indicating corrupted files. Specific file names may vary.
The following error appears in Kaspersky Event Log (file name may vary):
Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required.
Possible root causes
The most common reasons are OS crash and unexpected reb
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
If you open KSC -> Advanced -> Application management -> Software Updates, there is a column Not assigned for installation (new version). Some computers may have this status or Not assigned for installation status. What does it mean?
Installation status Not assigned for installation means that the update is applicable for this host (as a minor upgrade), but there is no patch management tasks
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In cases when some data is not displayed/shown properly in the MMC administration console, for example, data in the right pane is not displayed properly:
One of the most common reasons of such behavior may be blocked/prohibited execution of JS in the Internet Explorer on the host with the console.
This can be easily identified by the following test:
Step-by-step guide
Star
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Application registry in KSC contains information about applications that was deleted. Reinstalling Network Agent on a workstation should solve a problem.
This behavior can be caused by per-user applications. You can alter how long network agent will retain information about applications on a managed workstation:
On a managed workstation :
Add a registry key:
[HKEY_LOCAL_MACH
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem:
You have a new CPU in your managed device and Windows operating system released prior to Windows 10\Windows Server 2016. Start "Find vulnerabilities and required updates" for a managed devices. Task results and Kaspersky Event log on a workstation may indicate a following error:
Windows Update Agent error 80240037 ("The functionality for the operation is not supported.") #1181 (
If you are using the MMC console with different servers, you may want to keep a list of configured servers after upgrading to a new version. Fortunately, this is possible.
Step-by-step guide
Follow these steps before the upgrade.
Save Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\Microsoft\MMC
Upgrade.
Start and close the MMC console.
Remove newly create Kaspersky Security Center XX file from C:\Users\%username%\AppData\Roaming\
General information on Solarwinds N-Central integration can be found in online help.
Trace logs are not created by this plugin. The integration with Solarwinds is based on PowerShell scripts launched on Solarwinds side. The only diagnostic information that is required in case of problems is the output of these scripts that can be found in SolarWinds UI.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
When you assign KSC as WSUS all hosts are not able to download anything from Microsoft Store. It is a Microsoft's design limitation.
Description
When KSC acts as WSUS group policy (GPO) "DoNotConnectToWindowsUpdateInternetLocations" is applied to the hosts. It is needed to prohibit hosts from downloading updates from the Internet (it is relevant for Windows 10/Server 2016). Such
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
1) Go to Programs and features and find WebConsole
2) Press Change/uninstall
3) Choose Upgrade mode
4) Follow the wizard and you will be able to change port and list of trusted servers.
If there are many outdated entries in Executable files list in computer's properties or on a server, there is a way to bring it up-to-date.
Step-by-step guide
There is a hidden Actualization task that runs at the end of the Inventory task. To use this functionality and quickly update the list of executables, do the following:
Create an Inventory task
Set Inventory scope to either empty or very small folder
Run it
Since the scope of work is small, th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple fields in database that are not easy to interpret. For example nIP, nStatus and many others. Most of them are from public view v_akpub_host which is one of the main sources of information about managed computer on KSC. The objective of this article is to help understanding the encoding used, if you want to learn more about public views and specific fields refer to klakdb.chm located in the
Description
Sometimes KSC backup task may fail with the following error:
#1181 (-2147023878) System error 0x800703FA (Illegal operation attempted on a registry key that has been marked for deletion.)
At first, rebooting the OS may help, but the error may return.
Cause
The user identity associated with the COM+ application was logged on when the COM+ application was first initialized. If that user logs off, their profile will be unloaded and the COM+ application will no l
RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.
Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname:
Open Custom tools → Configure custom tools
Select Remote Desktop, click Modify
Edit Command line text box, it should contain <host_ip> instead of <A>:
This article explains ROBOT attack, RSA Key Exchange, OpenSSL and KSC.
Explanation
If you are running security analyzer and it shows that connections on ports 13000 (server-nagent traffic) and 17000 (activation proxy) are suspicious for a ROBOT attack, don't panic.
Automatic analysis is not accurate. Run specific diagnostics to make sure that KSC traffic is actually not vulnerable. Examples:
https://testssl.sh/
https://github.com/robotattackorg/robot-det
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Tigerpaw, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Autotask, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
When running security analyzers on KSC server you may occasionally get warnings about outdated OpenSSL libraries. Normally these vulnerabilities can not be exploited as the OpenSSL library is used in a very specific way.
If vulnerable OpenSSL libraries were found in C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\protcomp then there is actually no way to exploit it. Due to this fact this library is us
