Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple fields in database that are not easy to interpret. For example nIP, nStatus and many others. Most of them are from public view v_akpub_host which is one of the main sources of information about managed computer on KSC. The objective of this article is to help understanding the encoding used, if you want to learn more about public views and specific fields refer to klakdb.chm located in the
NOTE: KSC CC is a cloud solution and its IP can be changed.
Run klnagchk utility on connected to target workspace host.
Find KSC CC server address in klnagchk output. It should looks like eXXX.ksc.kaspersky.com.
Use nslookup utility to find the IP address of this server.
If there are many outdated entries in Executable files list in computer's properties or on a server, there is a way to bring it up-to-date.
Step-by-step guide
There is a hidden Actualization task that runs at the end of the Inventory task. To use this functionality and quickly update the list of executables, do the following:
Create an Inventory task
Set Inventory scope to either empty or very small folder
Run it
Since the scope of work is small, th
Problem
Sometimes it is necessary to replace the KSN proxy address in products like KSWS, KESS or KES after restoring KSC from backup or when Server moved to new Hardware.
Unfortunately, there are no settings in the policy for this.
Solution
The corresponding option can be found in the properties of Installation packages node in KSC.
See the effects of changing this value:
Note that after changing these settings, you must also rebuil
General information on ConnectWise Manage integration can be found in online help.
Enabling and disabling tracing
You may have to save traces of Kaspersky Security Integration with Autotask, for example, if you contact Technical Support and they ask you to provide the traces for diagnostics and troubleshooting. It is recommended to disable tracing when the issue is resolved, as tracing requires additional resources and additional memory to store trace files. It is also recommended to r
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem Description
Error "Error 1181/0x91 ('System error 0x91 (The directory is not empty.)') occured while deleting directory 'C:\ProgramData\KasperskyLab\adminkit\1103''" when installing Network Agent.
The error can be found on a screenshot.
How To Fix
Make sure that the folder ‘C:\ProgramData\KasperskyLab\adminkit\1103’ actually exists.
If you can navigate to this fo
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
If two different update agents on a PC are assigned in different ways:
To an administration group.
Based on a network location.
Which one will have a higher priority for the PC?
Among the update agents assigned to administration groups, the one assigned to the administration group, that is closest to the target host in the group hierarchy, has the higher priority. If the upd
Description and cautions
You may experience low time to live value set in ICMP network packets sent by klnagents.
The following can be seen in wire shark traffic dump:
Explanation:
There are two modes of distribution point search:
0 - search of the nearest DP using a tool similar to traceroute. It generates a number of ICMP packets to find out the neatest route to DP - this is the default mode.
1 - selection of random DP without sending such amount of ICMP p
RDP connection invoked via KSC console uses hostname to connect to a host - mstsc.exe is invoked with /v hostname parameter.
Edit command line used to invoke mstsc.exe with ip address parameter instead of the hostname:
Open Custom tools → Configure custom tools
Select Remote Desktop, click Modify
Edit Command line text box, it should contain <host_ip> instead of <A>:
Problem
You may run into differences between Application Registry and Incompatible Applications Report when trying to find computers with incompatible applications.
For example, you created Device selection based on an Applications registry criteria, where you specified incompatible application name in Application name field and got a device selection of 12 computers. After that, you open Incompatible Applications Report and only get 3 computers with that software. It is expected, and
Try the following:
1. Check if the Administration Server is configured to use a proxy server on the Kaspersky Security Center server.
2. Try to clear the updates repository. Download the updates once again and check behavior.
If you still have issues, Delete the Download updates repository task and create a fresh task.
To troubleshoot SNMP functionality in KSC specific traces should be collected.
Step-by-step guide
To collect traces:
Download archive
Use trace-5-snmpagt.reg to start trace
Reproduce the issue
Use trace-off-snmpagt.reg to stop trace
Archive files and send to Kaspersky Support.
To minimize network load, stop receiving error messages related to SNMP scan or to comply with security standards, you can disable SNMP scan completely.
Step-by-step guide
On KSC server:
Execute: klscflag.exe -pv klserver -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d
Restart network agent service
net stop klnagent
net start klnagent
In case if you need to disable SNMP scan made by UA/DP, then the command will be slightly different:
klscf
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Article applies to KSC13-15.1
Consider the following scenario:
Open KSC MMC console;
Go to Kaspersky licenses;
Select KSC license.
Devices on which the license key is active is zero regardless of fact that this key is assigned as active on KSC Server:
Explanation
In older versions of Kaspersky applications, several license key files were provided to activate
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
KSC13 introduced a feature that limits the frequent publication of events. In the event that the event storage overflows on the Server, the most common event in the storage is calculated, and such events are blocked when published on hosts.
Problem:
Machines have status "Virus scan wasn't performed for a long time" but the "Virus scan" task was started recently.
Events that oc
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This is a small guide about Chrome Developer tools for collecting logs.
1. Open the Chrome menu and select More tools → Developer tools or press Ctrl+Shift+I.
2. Temporarily ignore the opened sidebar and open KSC Web Console.
3. Sign in using correct credentials. Wait until the page loads. If the loading of the page takes too long, wait a minute before moving on to the
This info applies to KSC12-14.2.
Web Console port can be changed from default port 8080 to 443 or any other port not occupied by the operating system or a third-party application.
1. Open file "C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\server\config.json" with any text editor and type the port you would like to use instead of 8080:
2. Restart all Kaspersky Security Center Web Console services via services.msc to apply changes.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Consider the following scenario:
You have a large local area network 10.36.0.0/16. There is a managed device with the following IP config: IPv4 address: 10.36.35.10 and Subnet Mask: 255.255.255.0. You create a new subnet condition for klnagent connection profile: 10.36.0.0/16.
Actual result:
The connection profile is not applied to the managed device.
The reason of this behavior is equali
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
When running security analyzers on KSC server you may occasionally get warnings about outdated OpenSSL libraries. Normally these vulnerabilities can not be exploited as the OpenSSL library is used in a very specific way.
If vulnerable OpenSSL libraries were found in C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\protcomp then there is actually no way to exploit it. Due to this fact this library is us
General information on Solarwinds N-Central integration can be found in online help.
Trace logs are not created by this plugin. The integration with Solarwinds is based on PowerShell scripts launched on Solarwinds side. The only diagnostic information that is required in case of problems is the output of these scripts that can be found in SolarWinds UI.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem
When you assign KSC as WSUS all hosts are not able to download anything from Microsoft Store. It is a Microsoft's design limitation.
Description
When KSC acts as WSUS group policy (GPO) "DoNotConnectToWindowsUpdateInternetLocations" is applied to the hosts. It is needed to prohibit hosts from downloading updates from the Internet (it is relevant for Windows 10/Server 2016). Such
The ability to modify the ciphers used by the product to communicate with port 13292 published on the Internet is required.
Step-by-step guide
You cannot change the ciphers used on a particular port, but you can change the cipher modes used by the MDM server on all listening ports.To do so, you will need to create a global variable KLTR_ENV_SSL_CIPHER_SUITE and restart Kaspersky Security Center server.
You can familiarize yourself with the format of the values at this link https://w
You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console.
Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed.
Step-by-step guide
Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings.
Enable Versions of PLC projects op
Problem
You install latest Windows Assessment and Deployment Kit (Windows ADK) on the server where KSC is installed, but KSC console still shows message "to deploy OS images, you must install the Windows Assessment and Deployment Kit (Windows ADK) on the device that has KSC installed".
Solution
KSC doesn't see all the needed WADK components being installed. Because Microsoft is always changing components within their installation packages, we recommend to install all utiliti
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Which task is responsible for downloading third party Application updates?
Updates metadata is downloaded by Download Updates to the repository task. Updates themselves are downloaded by Install updates and fix Vulnerability task.
What is a source folder containing the third party application updates on the administration server?
3rd party updates are downloaded into the folder C:\ProgramData\Kasper
