Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

The operation with application resources is blocked by Self-Defense [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This informational message does not mean that Self-Defense accuses any process of being under malware attack, it proactively blocks certain operations that could pose a potential threat to processes. The number of events depends on the activity of applications that inhabit the system, especially from their periodic acti
svc_kms

svc_kms in Known Problem

2
Known Problem

OS hangs caused by excessive use of file descriptors [KES for Linux]

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous records of /u
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

KESL rejects connection from kesl-control, gui or nagent due to non-root write permissions [KES for Linux]

Problem There are several problems with similar causes: 1) KESL postinstall script produces error. Warning: Failed to set up KSN 2) KESL is installed and running. However, the kesl-control command outputs something like that: kesl-control --app-info Connection refused. Invalid user permissions for /var. Only root user should have write access to this path. kesl-control --app-info Could not connect to Kaspersky Endpoint Security 11.2.2 for Linux
svc_kms

svc_kms in Known Problem

0
Known Problem

KSWS Application Control rules with Digital Certificate FAQ [Kaspersky Security for Windows Server]

Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Alte
svc_kms

svc_kms in Known Problem

0
Known Problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
svc_kms

svc_kms in Known Problem

0
Known Problem

Application startup control rules based on the file's metadata [KES for Windows]

Problem Application category based on the "Metadata" conditions created, but does not work. Solution This is expected behavior, in case the file does not have a digital signature, that can be trusted by local KES on the host in question, or is not known in KSN. Use sigcheck tool to see if the file has a valid digital signature – https://technet.microsoft.com/ru-ru/sysinternals/bb897441.aspx  Use other criteria, to determine the category (for example file hash).
svc_kms

svc_kms in Known Problem

0
Known Problem

Data collection for troubleshooting the KES Bitlocker management error "The policy can not be applied" [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error: Event type: The policy can not be applied. Action: Encryption Reason: The system drive is not compatible with the Microsoft BitLocker encryption. Type of encryption: dis
svc_kms

svc_kms in Known Problem

0
Known Problem

Information on Trojan.Multi.Accesstr detection [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
svc_kms

svc_kms in Known Problem

0
Known Problem

Virus Scan has not been performed for a long time [KES for Windows]

This article describes what is considered a Full Scan, which affects the KSC status "Virus Scan has not been performed for a long time". Scan task area settings There are two ways to set areas for a Scan task. Tasks started with any other settings (including Quick Scan and Critical Area Scan with default settings) will not be considered as a Full Scan.  Primary Kernel Memory Running processes and Startup Objects Disk boot sectors Local disk (logical di
svc_kms

svc_kms in Known Problem

0
Known Problem

Licensing and FDE functionality [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices: FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption). Encryption license is expir
svc_kms

svc_kms in Known Problem

0
Known Problem

About Disk I/O usage optimization option [Kaspersky Security for Windows Server]

In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O. It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there. Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD. Actu
svc_kms

svc_kms in Known Problem

0
Known Problem

KSWS Console removal fails with error 1336 [Kaspersky Security for Windows Server]

While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating :  “There was an error creating a temporary file that is needed to complete
svc_kms

svc_kms in Known Problem

0
Known Problem

About Disk I/O usage optimization option [Kaspersky Security for Windows Server]

In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O. It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there. Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD. Actu
svc_kms

svc_kms in Known Problem

0
Known Problem

FDE implementation best practices [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This is a rough guide for testing FDE prior to implementation in production.   Make sure that the encrypted hosts will be serviced by a healthy KSC infrastructure (backups are performed regularly, no errors in Kaspersky Event log that need to be addressed, healthy database with plenty room for growth, no clo
svc_kms

svc_kms in Known Problem

0
Known Problem

High CPU consumption by KL processes on Windows 10 v1903 and Windows Server v1903 [KES for Windows]

Problem On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too. This is happening because MS security config
svc_kms

svc_kms in Known Problem

0
Known Problem

KES and PF installation side effect: HIPS and Firewall rules restored to defaults [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   This article covering the specific effect brought by any PF installation for the following versions: KES 11 and higher Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
svc_kms

svc_kms in Known Problem

0
Known Problem

KES11 audio or video is blocked in messengers [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc. Solution The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
svc_kms

svc_kms in Known Problem

0
Known Problem

KSWS spawns a lot of PR*.tmp files [Kaspersky Security for Windows Server]

Problem You might notice that large files named like PR*.tmp appear in C:\Windows\Temp. Cause This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted. Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan). Solution In some cases there might be not enough sp
svc_kms

svc_kms in Known Problem

0
Known Problem

Trusted Applications [KES for Mac]

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications. The both filesystem and network activity of which can be ignored by the product increasing performance. Please, however, note that this could be potentially risky.  https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm Problem This article will describe a few ways to configure KES for Mac to exclude some of the software from th
svc_kms

svc_kms in Known Problem

0
Known Problem

HIKVision video monitoring does not work with Web Threat Protection and Web Control enabled [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem 3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0 When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs. The problem occurs because video software does not comply with HTTP RFC.  Use
svc_kms

svc_kms in Known Problem

0
Known Problem

Trusted Applications [KES for Mac]

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications. The both filesystem and network activity of which can be ignored by the product increasing performance. Please, however, note that this could be potentially risky.  https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm Problem This article will describe a few ways to configure KES for Mac to exclude some of the software from th
svc_kms

svc_kms in Known Problem

0
Known Problem

"Some protection components are not running" or "Allow encrypted traffic to be inspected" [KES for Mac]

Problem In some cases KESMac is not able to start protection components: Or, the status "Allow encrypted traffic to be inspected" is not changing: Solution 1) Please get acquainted with the article https://support.kaspersky.com/kis20mac/error/15031#block1; 2) If the article above did not help, try to remove the FireFox user's profiles directory via Terminal: rm -rf ~/Library/Application
svc_kms

svc_kms in Known Problem

0
Known Problem

kesl-supervisor.service: Control process exited, code=exited status=203 [KES for Linux]

Description After successful installation kesl-supervisor.service may refuse to start with the following error: kesl-supervisor.service: Control process exited, code=exited status=203 journalctl -xe command provide more information related this error ***** kesl-supervisor.service: Failed to execute command: Permission denied kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor: 
svc_kms

svc_kms in Known Problem

0
Known Problem

Update task completes successfully but bases remain outdated [Kaspersky Security for Windows Server]

Problem In some cases, it is possible to run a database upgrade task on the KSWS/KICS/KESS host, but despite the upgrade task successfully completing, the databases are still out of date. Solution Most probably product operates in UpdateBlackListOnly mode. This happens in cases when product is activated with activation code and is unable to reach our activation servers. Thus KSWS fails to receive/refresh activation ticket and downloads updates only for Blacklist. Possible way
svc_kms

svc_kms in Known Problem

0
Known Problem

Tray icon appears twice or does not appear at all [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This problem has been observed in KES 11.5, but may apply to other versions as well. Problem Sometimes the KES tray icon behaves unexpectedly: it appears twice or does not appear at all (the icon next to the Windows clock). Solution Reset the tray icons: Open regedit; Go to HKEY
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...