Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

The operation with application resources is blocked by Self-Defense [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This informational message does not mean that Self-Defense accuses any process of being under malware attack, it proactively blocks certain operations that could pose a potential threat to processes. The number of events depends on the activity of applications that inhabit the system, especially from their periodic acti
svc_kms

svc_kms in Known Problem

2
How-to

How to enable KESMac Nagent traces easily [KES for Mac]

Description and cautions The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations. I am offering a bit easier and time-saving approach doing the same. Details All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess: Login under root:
Stan Shpatar

Stan Shpatar in How-to

0
Known Problem

KESL rejects connection from kesl-control, gui or nagent due to non-root write permissions [KES for Linux]

Problem There are several problems with similar causes: 1) KESL postinstall script produces error. Warning: Failed to set up KSN 2) KESL is installed and running. However, the kesl-control command outputs something like that: kesl-control --app-info Connection refused. Invalid user permissions for /var. Only root user should have write access to this path. kesl-control --app-info Could not connect to Kaspersky Endpoint Security 11.2.2 for Linux
svc_kms

svc_kms in Known Problem

0
Service Page

Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials.

The materials provided on the Advice and Solutions (Community Knowledgebase) part of the Forum result from the work of the Kaspersky Customer Support team and Forum community members. They are shared here for ease of use of Kaspersky products, deploying and configuring them. Please remember that using commands or recommendations from the articles without a clear understanding of their purpose may result in errors or system inoperability. Please note that some materials presented are not off
Egor Erastov

Egor Erastov in Service Page

0
How-to

How to use FDE Precheck utility [KES for Windows]

Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the
Egor Erastov

Egor Erastov in How-to

0
How-to

How to modify KES incompatible software list [KES for Windows]

Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials. In case you want to skip automatic uninstallation of a specific software, but do not want to disable incompatible software check completely, you may edit cleaner.cab.  Step-by-step guide Download full KES distributive  Start it and make sure all files were unpacked Navigate to the directory you unpacked kes_win.msi to Find cleaner.cab in case of KES11.9 and older version
Egor Erastov

Egor Erastov in How-to

0
Known Problem

KSWS Error sending the request to KSN 0x80000063 (0x80000500) [Kaspersky Security for Windows Server]

This error message means that KSWS KSN-Client was unable to reach KSN Cloud servers (in most cases if KSN Proxy is used). Possible causes of the issue: Various transport-level issues KSC Server has been moved to another host with new DNS-name and IP-address Troubleshooting steps: Check that KSC is accessible via both its IP address and its hostname Check that option "Bypass proxy for local addresses" is enabled (KSC server properties > Advanced > C
svc_kms

svc_kms in Known Problem

0
How-to

How to collect KES11 traffic dump [KES for Windows]

This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page. In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation.  If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mod
svc_kms

svc_kms in How-to

0
How-to

How to set email notification for KES events [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken). Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected. KES
svc_kms

svc_kms in How-to

0
How-to

How to use wildcard in KSWS/KESS exclusions [Kaspersky Security for Windows Server]

KSWS/KESS use * as a wildcard character. There are multiple ways to use it. Examples Masks without paths *.exe - all files with extension *.exe test - all files with name test Masks with absolute paths C:\dir\*.* - all files in folder C:\dir\ and its subfolders C:\dir\*.exe - all files with mask *.exe in folder C:\dir\ and its subfolders C:\dir\test - all files named test in folder C:\dir\ and its subfolders C:\dir\ - all files in fold
svc_kms

svc_kms in How-to

0
How-to

How to test KSWS Anti-Cryptor module [Kaspersky Security for Windows Server]

Step-by-step guide Install KSWS and make sure the Anti-Cryptor protection component running and its Work Mode is Active. Install AESCrypt on a remote host. Try to encrypt the files on a network share protected by KSWS.   Enter a password. As encryption starts, Anti-Cryptor detects it and blocks remote user's session. In KSWS 11, by default, the application blocks a host's access to network file resources for 30 minutes. The follow
svc_kms

svc_kms in How-to

0
Known Problem

KSWS Application Control rules with Digital Certificate FAQ [Kaspersky Security for Windows Server]

Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Alte
svc_kms

svc_kms in Known Problem

0
Known Problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
svc_kms

svc_kms in Known Problem

0
How-to

How to prohibit security administrator to uninstall KSWS/KESS [Kaspersky Security for Windows Server]

Step-by-step guide Open KSWS policy Navigate to "User rights" section Under "Configure application management section" press "Settings" button In the "Permissions for Kaspersky Security" window press "Advanced" button Select necessary user or group -> press "Edit" button -> press "Show advanced permissions" In the "Permissions Entry for Kaspersky Security" window unselect "Uninstall Kaspersky Security", make sure that Type is set to "Allow"
svc_kms

svc_kms in How-to

0
Known Problem

Application startup control rules based on the file's metadata [KES for Windows]

Problem Application category based on the "Metadata" conditions created, but does not work. Solution This is expected behavior, in case the file does not have a digital signature, that can be trusted by local KES on the host in question, or is not known in KSN. Use sigcheck tool to see if the file has a valid digital signature – https://technet.microsoft.com/ru-ru/sysinternals/bb897441.aspx  Use other criteria, to determine the category (for example file hash).
svc_kms

svc_kms in Known Problem

0
Known Problem

Data collection for troubleshooting the KES Bitlocker management error "The policy can not be applied" [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error: Event type: The policy can not be applied. Action: Encryption Reason: The system drive is not compatible with the Microsoft BitLocker encryption. Type of encryption: dis
svc_kms

svc_kms in Known Problem

0
How-to

How to test Network Threat Protection (Attack Blocker) [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attac
svc_kms

svc_kms in How-to

0
How-to

How to re-register KES plugin for Outlook [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Outlook add-in failure may be related to a KES upgrade. Step-by-step guide As the first step to quickly fix majority of the issues with Outlook add-in, unregister it and register again. Here is how to do it properly: Close Outlook if opened.  Execute
svc_kms

svc_kms in How-to

0
How-to

How to authorize keyboardless device in BadUSB [KES for Windows]

Problem Some devices do not have keyboards, but still are detected with BadUSB. Step-by-step guide In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended. To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization). Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.
svc_kms

svc_kms in How-to

0
Known Problem

Information on Trojan.Multi.Accesstr detection [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
svc_kms

svc_kms in Known Problem

0
Known Problem

Virus Scan has not been performed for a long time [KES for Windows]

This article describes what is considered a Full Scan, which affects the KSC status "Virus Scan has not been performed for a long time". Scan task area settings There are two ways to set areas for a Scan task. Tasks started with any other settings (including Quick Scan and Critical Area Scan with default settings) will not be considered as a Full Scan.  Primary Kernel Memory Running processes and Startup Objects Disk boot sectors Local disk (logical di
svc_kms

svc_kms in Known Problem

0
Known Problem

Licensing and FDE functionality [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices: FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption). Encryption license is expir
svc_kms

svc_kms in Known Problem

0
Known Problem

About Disk I/O usage optimization option [Kaspersky Security for Windows Server]

In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O. It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there. Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD. Actu
svc_kms

svc_kms in Known Problem

0
How-to

How to uninstall Kaspersky Endpoint Security (KES) with msiexec, using product code/GUID [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) If you are willing to uninstall KES with msiexec (msiexec.exe /x {PRODUCT_CODE/GUID}) then product code/GUID is something you are probably looking for. Here they are: KES product codes Product name Product code/GUID FS6 {1B419
svc_kms

svc_kms in How-to

0
Known Problem

KSWS Console removal fails with error 1336 [Kaspersky Security for Windows Server]

While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating :  “There was an error creating a temporary file that is needed to complete
svc_kms

svc_kms in Known Problem

0


×
×
  • Create New...