Problem
In some cases, it is possible to run a database upgrade task on the KSWS/KICS/KESS host, but despite the upgrade task successfully completing, the databases are still out of date.
Solution
Most probably product operates in UpdateBlackListOnly mode. This happens in cases when product is activated with activation code and is unable to reach our activation servers. Thus KSWS fails to receive/refresh activation ticket and downloads updates only for Blacklist.
Possible way
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0
When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs.
The problem occurs because video software does not comply with HTTP RFC.
Use
Problem
On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too.
This is happening because MS security config
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Version: any KES11.* on any OS
Scenario:
The following error appears during the installation:
Error 27310. Failed to install the directory file for the digital signature
Solution:
1. Run kavremover utility as administrator.
2. Delete KES drivers (if they were not deleted by kavremover) located
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem Description, Symptoms & Impact
KES File Threat Protection sometimes can't check Microsoft office documents from mounted Google Drive shares, therefore generating Processing error events. This issue is caused by an incompatibility between Google Drive VFS driver and KES. There are no plans on making KES compatible with Google Drive.
Workaround & Solution
As a workaround, add fil
Environment/Preconditions
KSC - 12
KSWS - 11.0.1.897
You may find a massive increase in disk usage from the folder report under the Kaspersky folder. The size of the report folder will increase from around 2GB to 12GB, the files in the report folder have random name (like 340a13d9-2a50-4c4e-94d6-82a79d80da4b), which rapidly grows and consumes disk space.
The file can be deleted to resolve the disk space full issue, which itself can cause many issues (can't log in to the server, KS
This error message means that KSWS KSN-Client was unable to reach KSN Cloud servers (in most cases if KSN Proxy is used).
Possible causes of the issue:
Various transport-level issues
KSC Server has been moved to another host with new DNS-name and IP-address
Troubleshooting steps:
Check that KSC is accessible via both its IP address and its hostname
Check that option "Bypass proxy for local addresses" is enabled (KSC server properties > Advanced > C
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This is a rough guide for testing FDE prior to implementation in production.
Make sure that the encrypted hosts will be serviced by a healthy KSC infrastructure (backups are performed regularly, no errors in Kaspersky Event log that need to be addressed, healthy database with plenty room for growth, no clo
Problem
You might notice that large files named like PR*.tmp appear in C:\Windows\Temp.
Cause
This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted.
Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan).
Solution
In some cases there might be not enough sp
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This article covering the specific effect brought by any PF installation for the following versions:
KES 11 and higher
Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
Problem
In some cases KESMac is not able to start protection components:
Or, the status "Allow encrypted traffic to be inspected" is not changing:
Solution
1) Please get acquainted with the article https://support.kaspersky.com/kis20mac/error/15031#block1;
2) If the article above did not help, try to remove the FireFox user's profiles directory via Terminal:
rm -rf ~/Library/Application
Problem
The "Install application remotely" task wizard presents an option to specify an SSH certificate as account credentials, if Linux package is selected for installation.
The wizard does not accept certain certificates and fails to provide informative error messages why this happens.
Examples:
Failed to upload the certificate.
Failed to import the private key of the certificate.
Root cause
KSC 13.2 only accepts PEM certificates, they start with
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
This only applies to KSC 14.2 and below
Problem
Remote installation tasks finishes with uninformative errors:
Setup process error: Unknown error. (126)
Setup process error: Unknown error. (2)
Solution
1. Create 3rd party installation package (Create installation package -> Create an installation package for the specified executable file.)
2. Specify executable file, for example script.sh
3. Locate this package folder in KSC storage, by default %ProgramD
The Application Control component has a category called Browser extensions. There is a known limitation for it in Chrome.
If an extension runs in an already running Chrome process (many of them run as newly started Chrome processes, especially for extension reasons), it cannot be blocked because it is not a newly started process and the extension itself is not an executable. It requires an .exe file to load. An extension that is already running cannot be blocked by application control (it h
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
"Removable disk" Encryption is enabled and the policy applied to the machines, but nothing happens when the client connects USB drive.
Solution
Encryption of the removable drives supports two modes:
Encrypt entire removable drive: based on Kaspersky Full Disk Encryption (FDE), the entir
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error:
Event type: The policy can not be applied.
Action: Encryption
Reason: The system drive is not compatible with the Microsoft BitLocker encryption.
Type of encryption: dis
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices:
FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption).
Encryption license is expir
Problem
Sometimes Anti-Cryptor task in KESL won't be able to launch after the OS is started. This may happen because Anti-Cryptor needs all the protected network resources to be up before KESL service is started. In other words, Samba or NFS services should be started before KESL service.
Solution
To resolve this problem you need to make sure that services start in the correct order.
For Systemd systems:
1. Create a file /etc/systemd/system/kesl.service.d/override.conf
Security administrator can create KSWS Application Control rules based on Digital Certificate.
What does product actually checks and how it is related to the file itself?
First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa.
If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed?
Alte
Problem
If you found out that KSWS installations are somehow corrupted, and you're not able to remove it using conventional means (using misexec and/or appwiz.cpl), please do not use kavremover and/or mszap tools. Do not attempt removing the product manually as our goal is to determine the root cause of the product moving to this inconsistent state.
Solution
Please provide Kaspersky Support with the pertinent GSI log of the affected host and KSWS msi installer logs containing all
Problem
KSWS10 and KSWS11 may have two issues because of the Application Control component:
Can't uninstall KSWS with the error "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run"
Can't run GSI with this error "Unable to unpack the critical file. GsiSharp.bin"
Solution
Disable Application Control and retry uninstallation.
Сollect GSI, if necessary.
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc.
Solution
The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
