Jump to content
Update to the Latest Version for Smooth VPN Performance ×
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

Encrypted machine is unable to boot into Windows after FDE [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Version: KES 11.* Scenario: You're unable to boot into encrypted machine after FDE applied due to some problems with preboot agent or operating system.  The the safest and one of the most trivial options to restore the data from encrypted hdd or decrypt it 'in place' is going through KES related ‘challenge-response’ procedure using another (i.e. proxy) machine with KES and FDE installed.
svc_kms

svc_kms in Known Problem

0
Known Problem

Application startup control rules based on the file's metadata [KES for Windows]

Problem Application category based on the "Metadata" conditions created, but does not work. Solution This is expected behavior, in case the file does not have a digital signature, that can be trusted by local KES on the host in question, or is not known in KSN. Use sigcheck tool to see if the file has a valid digital signature – https://technet.microsoft.com/ru-ru/sysinternals/bb897441.aspx  Use other criteria, to determine the category (for example file hash).
svc_kms

svc_kms in Known Problem

0
How-to

How to generate application blocking rules based on SHA256 file without source file [Kaspersky Security for Windows Server]

Description As part of proactive security, you may wish to add sha256 to block the execution of application or malicious applications without having the original source files. This article explains how to perform this action. How To Create a text file containing the sha256 you want to block. Use the AppRulesGenerator.exe app to generate an xml file: Import the generated .xml file into the KSWS policy:
svc_kms

svc_kms in How-to

0
Known Problem

Device Control errors [KES for Windows]

Issue Sometimes Device Control errors in KES may occur. For example, hard drives are wrongly blocked when USB device blocking is enabled, or flash drive blocking is not happening although the policies require to do so. In some cases, the reason for erroneous blocking is that the operating system (OS) is incorrectly identifying the device type. Solution As an example, if the policies prohibit access to flash drives, but this rule does not always work, you can check the followi
svc_kms

svc_kms in Known Problem

0
How-to

How to trace when KES doesn't detect malware files in Outlook [KES for Windows]

Step-by-step guide Open Outlook. Go to File → Options → Add-ins. Check add-in options for the KES plugin. Make sure that scan on receive and scan on send are enabled. If problem persists, enable KES tracing. Restart Outlook. Send e-mail with infected .doc file. Send another e-mail with EICAR. Stop traces and send them to the Kaspersky support for further analysis.
svc_kms

svc_kms in How-to

0
Known Problem

KES for Windows on KES Cloud installation fails [KES for Windows]

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1  KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi
svc_kms

svc_kms in Known Problem

0
Known Problem

VMWare guest BSODs with a driver related stop code after installing or updating KES [KES for Windows]

Description VMWare guest using Kaspersky products hanging or crashing due to driver conflicts between drivers used by VMWare NSX (vnetWFP.sys, previously vnetflt.sys) and Network Threat Protection component. This problem is known to happen with following versions of KES and VMware Tools: KES 11.6 with VMWare Tools 10.0.9 KES 11.6 and 11.7 with VMWare Tools 11.3.5 KES 12 with VMWare Tools 10.1.7 Troubleshooting steps Update VMWare Tools Somet
svc_kms

svc_kms in Known Problem

0
Known Problem

KES and Windows Defender related questions [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article might be useful in the following cases: If you want to configure multi-vendor security on endpoints, keeping both Kaspersky and Microsoft technologies; If you don't know how to properly configure a Microsoft solution after installing KES; If you're having some issues with the product and the OS after configuring KES and Defender. The differences between the Defender
svc_kms

svc_kms in Known Problem

0
How-to

How to configure KESL to use non-default folders [KES for Linux]

Information in this article can be used when there are disk space limitations imposed on the folders used by KESL: /var/opt/kaspersky - default KESL installation folder /tmp - default folder used to store temporary files during the scan /var/opt/kaspersky To move files located in this directory you can create a symbolic link to another folder before installation. Use the following steps: Before installing KESL:
svc_kms

svc_kms in How-to

0
Known Problem

kesl-supervisor.service: Control process exited, code=exited status=203 [KES for Linux]

Description After successful installation kesl-supervisor.service may refuse to start with the following error: kesl-supervisor.service: Control process exited, code=exited status=203 journalctl -xe command provide more information related this error ***** kesl-supervisor.service: Failed to execute command: Permission denied kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor: 
svc_kms

svc_kms in Known Problem

0
Known Problem

KSWS Console removal fails with error 1336 [Kaspersky Security for Windows Server]

While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating :  “There was an error creating a temporary file that is needed to complete
svc_kms

svc_kms in Known Problem

0
Known Problem

OS hangs caused by excessive use of file descriptors [KES for Linux]

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous r
svc_kms

svc_kms in Known Problem

0
Known Problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
svc_kms

svc_kms in Known Problem

0
Known Problem

Information on Trojan.Multi.Accesstr detection [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
svc_kms

svc_kms in Known Problem

0
Known Problem

Update task completes successfully but bases remain outdated [Kaspersky Security for Windows Server]

Problem In some cases, it is possible to run a database upgrade task on the KSWS/KICS/KESS host, but despite the upgrade task successfully completing, the databases are still out of date. Solution Most probably product operates in UpdateBlackListOnly mode. This happens in cases when product is activated with activation code and is unable to reach our activation servers. Thus KSWS fails to receive/refresh activation ticket and downloads updates only for Blacklist. Possible way
svc_kms

svc_kms in Known Problem

0
Known Problem

HIKVision video monitoring does not work with Web Threat Protection and Web Control enabled [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem 3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0 When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs. The problem occurs because video software does not comply with HTTP RFC.  Use
svc_kms

svc_kms in Known Problem

0
How-to

How to re-register KES plugin for Outlook [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Outlook add-in failure may be related to a KES upgrade. Step-by-step guide As the first step to quickly fix majority of the issues with Outlook add-in, unregister it and register again. Here is how to do it properly: Close Outlook if opened.  Execute
svc_kms

svc_kms in How-to

0
How-to

How to let KS4Android update from the KUU [Kaspersky Security for Mobile]

Problem KSC and KS4Android are implemented but KSC is offline and could not access Internet. KUU can be used for updating KS for Android and distribute the update databases. But after running KUU (Kaspersky Update Utility), you cannot find actual KES for Android versions.  Solution AV bases for new KESM versions will appear in KUU UI after running KUU with empty application list.  The KUU settings should look like the following (in order to update the list of supported applic
svc_kms

svc_kms in How-to

0
Known Problem

High CPU consumption by KL processes on Windows 10 v1903 and Windows Server v1903 [KES for Windows]

Problem On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too. This is happening because MS security config
svc_kms

svc_kms in Known Problem

0
Known Problem

KES Processing Error on Google Drive shares [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact KES File Threat Protection sometimes can't check Microsoft office documents from mounted Google Drive shares, therefore generating Processing error events. This issue is caused by an incompatibility between Google Drive VFS driver and KES. There are no plans on making KES compatible with Google Drive. Workaround & Solution As a workaround, add fil
svc_kms

svc_kms in Known Problem

0
Known Problem

Error 27310. Failed to install the directory file for the digital signature [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Version: any KES11.* on any OS Scenario: The following error appears during the installation: Error 27310. Failed to install the directory file for the digital signature  Solution: 1. Run kavremover utility as administrator. 2. Delete KES drivers (if they were not deleted by kavremover) located
svc_kms

svc_kms in Known Problem

0
How-to

How to enable KESMac Nagent traces easily [KES for Mac]

Description and cautions The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations. I am offering a bit easier and time-saving approach doing the same. Details All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess: Login under root:
svc_kms

svc_kms in How-to

0
Known Problem

Report Folder consumes disk space more than 1 GB [Kaspersky Security for Windows Server]

Environment/Preconditions KSC - 12 KSWS - 11.0.1.897 You may find a massive increase in disk usage from the folder report under the Kaspersky folder. The size of the report folder will increase from around 2GB to 12GB, the files in the report folder have random name (like 340a13d9-2a50-4c4e-94d6-82a79d80da4b), which rapidly grows and consumes disk space. The file can be deleted to resolve the disk space full issue, which itself can cause many issues (can't log in to the server, KS
svc_kms

svc_kms in Known Problem

0
Service Page

Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials.

The materials provided on the Advice and Solutions (Community Knowledgebase) part of the Forum result from the work of the Kaspersky Customer Support team and Forum community members. They are shared here for ease of use of Kaspersky products, deploying and configuring them. Please remember that using commands or recommendations from the articles without a clear understanding of their purpose may result in errors or system inoperability. Please note that some materials presented are not off
Egor Erastov

Egor Erastov in Service Page

0


×
×
  • Create New...