Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

KSWS Application Control rules with Digital Certificate FAQ [Kaspersky Security for Windows Server]

Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Alte
svc_kms

svc_kms in Known Problem

0
Known Problem

kesl-supervisor.service: Control process exited, code=exited status=203 [KES for Linux]

Description After successful installation kesl-supervisor.service may refuse to start with the following error: kesl-supervisor.service: Control process exited, code=exited status=203 journalctl -xe command provide more information related this error ***** kesl-supervisor.service: Failed to execute command: Permission denied kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor: 
svc_kms

svc_kms in Known Problem

0
Known Problem

KESL rejects connection from kesl-control, gui or nagent due to non-root write permissions [KES for Linux]

Problem There are several problems with similar causes: 1) KESL postinstall script produces error. Warning: Failed to set up KSN 2) KESL is installed and running. However, the kesl-control command outputs something like that: kesl-control --app-info Connection refused. Invalid user permissions for /var. Only root user should have write access to this path. kesl-control --app-info Could not connect to Kaspersky Endpoint Security 11.2.2 for Linux
svc_kms

svc_kms in Known Problem

0
Known Problem

KES11 audio or video is blocked in messengers [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc. Solution The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
svc_kms

svc_kms in Known Problem

0
Known Problem

KES public and product line versions chart [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Same info can be found here: https://support.kaspersky.com/16010 Starting from version 11.5, some file versions, registry and file system paths may differ from the release version and refer to the product line version. Release full build version Product line version GUID 1
svc_kms

svc_kms in Known Problem

0
Known Problem

KES Processing Error on Google Drive shares [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact KES File Threat Protection sometimes can't check Microsoft office documents from mounted Google Drive shares, therefore generating Processing error events. This issue is caused by an incompatibility between Google Drive VFS driver and KES. There are no plans on making KES compatible with Google Drive. Workaround & Solution As a workaround, add fil
svc_kms

svc_kms in Known Problem

0
Known Problem

KES malware scan task detects viruses in Thunderbird or TheBat! mail base file [KES for Windows]

Description Starting from KES Windows version 12.6, it can parse third-party mail base files, but still can't re-assemble them. Malware scan tasks runs in folders where mail base files for Thunderbird or TheBat! are located and finds threats in old mail items.   Diagnostics After choosing Resolve or setting "Disinfect, delete if disinfection fails" in the KSC task, nothing changes, and another malware scan task anyway finds the same threats.  Workaround and solution Sinc
svc_kms

svc_kms in Known Problem

0
Known Problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
svc_kms

svc_kms in Known Problem

0
Known Problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
svc_kms

svc_kms in Known Problem

0
Known Problem

KES for Windows on KES Cloud installation fails with '(1187/0x0 ("Bad parameter "VerifyCertDate"")' [KES for Windows]

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1  KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

KES for Windows on KES Cloud installation fails [KES for Windows]

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1  KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi
svc_kms

svc_kms in Known Problem

0
Known Problem

KES for Windows 12: printing order is much slower when Device Control component is running [KES for Windows]

Problem Description, Symptoms & Impact In KES 12.0, the way Device Control component works has been changed. See changelog: https://support.kaspersky.com/help/KESWin/12.0/en-US/127969.htm Due to these changes, you may notice that printing order becomes slow after you have upgraded KES to version 12.0 or higher. This delay may be around 30-60s or even 10-15 minutes. When you disable KES, it becomes instant. In some exceptional cases, the delay may be so big that it's impossible to p
svc_kms

svc_kms in Known Problem

0
Known Problem

KES and Windows Defender related questions [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article might be useful in the following cases: If you want to configure multi-vendor security on endpoints, keeping both Kaspersky and Microsoft technologies; If you don't know how to properly configure a Microsoft solution after installing KES; If you're having some issues with the product and the OS after configuring KES and Defender. The differences between the Defender
svc_kms

svc_kms in Known Problem

0
Known Problem

KES and PF installation side effect: HIPS and Firewall rules restored to defaults [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   This article covering the specific effect brought by any PF installation for the following versions: KES 11 and higher Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
svc_kms

svc_kms in Known Problem

0
Known Problem

Information on Trojan.Multi.Accesstr detection [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
svc_kms

svc_kms in Known Problem

0
Known Problem

Info about KES in registry [KES for Windows]

How to check if KES is installed, its state (running or not) and bases version via registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState   More information about these registry keys is available in Online Help: https://support.kaspersky.com/ksc14/3644. Obtaining information from the registry is for familiarization purposes only. KESCLI commands method supported by developers: Managing the application from the command
svc_kms

svc_kms in Known Problem

0
How-to

How to use wildcard in KSWS/KESS exclusions [Kaspersky Security for Windows Server]

KSWS/KESS use * as a wildcard character. There are multiple ways to use it. Examples Masks without paths *.exe - all files with extension *.exe test - all files with name test Masks with absolute paths C:\dir\*.* - all files in folder C:\dir\ and its subfolders C:\dir\*.exe - all files with mask *.exe in folder C:\dir\ and its subfolders C:\dir\test - all files named test in folder C:\dir\ and its subfolders C:\dir\ - all files in fold
svc_kms

svc_kms in How-to

0
How-to

How to use FDE Precheck utility

Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the
Egor Erastov

Egor Erastov in How-to

0
How-to

How to unregister KES from context menu of Explorer [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Sometimes it is required to unregister KES from context menu of Explorer. Follow these steps: Disable self-defense of KES; Open CMD shell as admin; Run commands: regsvr32 /u C:\Program Files (x86)\Kaspersky
svc_kms

svc_kms in How-to

0
How-to

How to uninstall Kaspersky Endpoint Security (KES) with msiexec, using product code/GUID [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) If you are willing to uninstall KES with msiexec (msiexec.exe /x {PRODUCT_CODE/GUID}) then product code/GUID is something you are probably looking for. Here they are: KES product codes Product name Product code/GUID FS6 {1B419
svc_kms

svc_kms in How-to

0
How-to

How to trace when KES doesn't detect malware files in Outlook [KES for Windows]

Step-by-step guide Open Outlook. Go to File → Options → Add-ins. Check add-in options for the KES plugin. Make sure that scan on receive and scan on send are enabled. If problem persists, enable KES tracing. Restart Outlook. Send e-mail with infected .doc file. Send another e-mail with EICAR. Stop traces and send them to the Kaspersky support for further analysis.
svc_kms

svc_kms in How-to

0
How-to

How to test Network Threat Protection (Attack Blocker) [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attac
svc_kms

svc_kms in How-to

0
How-to

How to test KSWS Anti-Cryptor module [Kaspersky Security for Windows Server]

Step-by-step guide Install KSWS and make sure the Anti-Cryptor protection component running and its Work Mode is Active. Install AESCrypt on a remote host. Try to encrypt the files on a network share protected by KSWS.   Enter a password. As encryption starts, Anti-Cryptor detects it and blocks remote user's session. In KSWS 11, by default, the application blocks a host's access to network file resources for 30 minutes. The follow
svc_kms

svc_kms in How-to

0
How-to

How to supervise iOS device with Apple Configurator [KES for Mobile]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. You need a Mac device with macOS 14+ to supervise iOS device log via Apple Configurator Your iOS device will be reset to factory settings during supervising Download Apple configurator via App Store. Run Apple Configurator. Connect your iOS device. Unlock the device and tap Trust. Select your device and click on the Prepare button
svc_kms

svc_kms in How-to

0


×
×
  • Create New...