This article is about Kaspersky Security Center for Windows (KSC for Windows)
Problem:
KSC certificate renewal or replacement is made incorrectly because the option to instantly replace the server certificate is used.
As a result, managed devices loose the connection with KSC and klmover command or re-installation of klnagent is required to restore the connectivity.
Cause:
After the certificate is renewed with "-t C" option, network agent
NOTE: KSC CC is a cloud solution and its IP can be changed.
Run klnagchk utility on connected to target workspace host.
Find KSC CC server address in klnagchk output. It should looks like eXXX.ksc.kaspersky.com.
Use nslookup utility to find the IP address of this server.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You're using KSC as WSUS server and moving the Windows Update folder to another drive so it won't occupy space on the C drive. However, when you're downloading Windows updates to KSC, the “C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer” folder is increasing its size up to 15.5 GB.
Solution
Here is the procedure:
Make a backup copy of KSC.
Stop KSC service
C
The ability to modify the ciphers used by the product to communicate with port 13292 published on the Internet is required.
Step-by-step guide
You cannot change the ciphers used on a particular port, but you can change the cipher modes used by the MDM server on all listening ports.To do so, you will need to create a global variable KLTR_ENV_SSL_CIPHER_SUITE and restart Kaspersky Security Center server.
You can familiarize yourself with the format of the values at this link https://w
Description
If you need to know the name of the standard KSC service account (KL-AK...) that has been created during installation, it is stored in the registry key.
This information can be viewed in the registry, using the following paths:
for 64-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1093\1.0.0.0
for 32-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093\1.0.0.0
this key is called AutoCreatedS
For any types of issues with tasks managed by KSC, we require export of task execution history in .txt file. Task execution history is a sequence of events generated by client computer during task execution.
Step-by-step guide
To export task execution history, follow these steps:
Open task results window.
In the upper part of the task results window, select problem computer.
Right-click some event in the lower part of the task results window,
This article is about Kaspersky Security Center for Windows (KSC for Windows)
Step-by-step guide
Make sure that System Management license is installed, otherwise KSC events won't be exported to SIEM. For more information please refer to SIEM integration: the most frequent error.
Specify Splunk Server address and port;
Login into Splunk Management console;
Press Settings → Configure data inputs;
In the o
To minimize network load, stop receiving error messages related to SNMP scan or to comply with security standards, you can disable SNMP scan completely.
Step-by-step guide
On KSC server:
Execute: klscflag.exe -pv klserver -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d
Restart network agent service
net stop klnagent
net start klnagent
In case if you need to disable SNMP scan made by UA/DP, then the command will be slightly different:
klscf
Windows
Unpack the archive (add_category.rar) on any device that has access to the Administration Console port of the Administration Server.
Create a text file with needed hashes, by default the script expects it to be sha256.txt in script's working directory.
Edit add_category.cmd with specified KSC username, password, server address, name of the text file with hashes (file should be saved in UTF-8 encoding)
If a category with the specified name already exists, it k
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations".
Step-by-step guide
1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC.
2. Login to KSC admin server using admin account and go to KSC admin serve
Problem
KSC Web Console can be used for monitoring purposes. It is particularly important to have no timeout disconnection errors in this scenario.
To avoid them, the timeout before Web Console disconnects can be increased.
Step-by-step guide
All you have to do is the following:
Edit node.js web server config file located at C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json
Change the following values and restart KSC WC se
Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution.
Step-by-step guide
Open NAgent policy.
Network → Connection section.
Open connection profile properties.
Set necessary port after CG address (see screenshot).
To troubleshoot SNMP functionality in KSC specific traces should be collected.
Step-by-step guide
To collect traces:
Download archive
Use trace-5-snmpagt.reg to start trace
Reproduce the issue
Use trace-off-snmpagt.reg to stop trace
Archive files and send to Kaspersky Support.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This is a small guide about Chrome Developer tools for collecting logs.
1. Open the Chrome menu and select More tools → Developer tools or press Ctrl+Shift+I.
2. Temporarily ignore the opened sidebar and open KSC Web Console.
3. Sign in using correct credentials. Wait until the page loads. If the loading of the page takes too long, wait a minute before moving on to the
In some cases klakaut traces should be collected for diagnostics.
Step-by-step guide
To do so:
Import klakaut-on_x*.reg file.
Restart klakaut service.
net stop klakaut
net start klakaut
Enable another trace if required.
Reproduce the issue.
Impor
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Tigerpaw, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
General information on Solarwinds N-Central integration can be found in online help.
Trace logs are not created by this plugin. The integration with Solarwinds is based on PowerShell scripts launched on Solarwinds side. The only diagnostic information that is required in case of problems is the output of these scripts that can be found in SolarWinds UI.
General information on ConnectWise Manage integration can be found in online help.
Kaspersky Security Integration Service for MSP log
To collect diagnostic log for Kaspersky Security Integration Service for MSP you need to take the following steps:
Navigate to C:\Program Files\Kaspersky Lab\Kaspersky Security Integration Service for MSP;
Open file IntegrationServer.exe.config
Set minlevel attribute to "Debug":
General information on ConnectWise Automate integration can be found in online help.
LabTech service logs
You can access service logs on a LabTech server by launching LabTech Control Center and then navigating to Dashboard → Management → Service Logs. Then select Go To Computer and select LabTech server.
To view diagnostic info for managed client hosts you should first refresh the information by clicking Commands → LabTech →Send LabTech Error Log. On both LabTech servers and
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Autotask, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
If there are many outdated entries in Executable files list in computer's properties or on a server, there is a way to bring it up-to-date.
Step-by-step guide
There is a hidden Actualization task that runs at the end of the Inventory task. To use this functionality and quickly update the list of executables, do the following:
Create an Inventory task
Set Inventory scope to either empty or very small folder
Run it
Since the scope of work is small, th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Make sure the network agent of KSCCC has already been implemented:
Download the Network agent installer of KSCCC from the web console.
Click the installer and confirm that it has already has been installed and click OK.
Finding the HDS site which is used by this NA:
Run the klnagchk utility within C:\Program Files (x86)\Kaspersky Lab\NetworkAgent to check the network conn
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
In cases when some data is not displayed/shown properly in the MMC administration console, for example, data in the right pane is not displayed properly:
One of the most common reasons of such behavior may be blocked/prohibited execution of JS in the Internet Explorer on the host with the console.
This can be easily identified by the following test:
Step-by-step guide
Star
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
1) Go to Programs and features and find WebConsole
2) Press Change/uninstall
3) Choose Upgrade mode
4) Follow the wizard and you will be able to change port and list of trusted servers.
This info applies to KSC12-14.2.
Web Console port can be changed from default port 8080 to 443 or any other port not occupied by the operating system or a third-party application.
1. Open file "C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json" with any text editor and type the port you would like to use instead of 8080:
2. Restart all Kaspersky Security Center Web Console services via services.msc to apply changes.
